aboutsummaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorwurblzap%gmail.com <>2006-07-14 03:07:57 +0000
committerwurblzap%gmail.com <>2006-07-14 03:07:57 +0000
commitf0c7611262b3948e72e8a18a036569a78f3b51f2 (patch)
tree54b0e146d4f8fd3c466002728261c895d7709034 /userprefs.cgi
parent09495a118b165d60d17780a8623318c19d6ffae6 (diff)
downloadbugs-f0c7611262b3948e72e8a18a036569a78f3b51f2.tar
bugs-f0c7611262b3948e72e8a18a036569a78f3b51f2.tar.gz
bugs-f0c7611262b3948e72e8a18a036569a78f3b51f2.tar.bz2
bugs-f0c7611262b3948e72e8a18a036569a78f3b51f2.tar.xz
bugs-f0c7611262b3948e72e8a18a036569a78f3b51f2.zip
Bug 69000: Permit a stored query to be marked "shared" and accessible by other users.
Patch by Marc Schumann <wurblzap@gmail.com>, r=vladd, a=myk
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi124
1 files changed, 114 insertions, 10 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index 15ca800b1..688a437fd 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -351,11 +351,12 @@ sub DoPermissions {
my ($nam, $desc) = @$group;
push(@has_bits, {"desc" => $desc, "name" => $nam});
}
- $groups = $dbh->selectall_arrayref(
- "SELECT DISTINCT name, description FROM groups ORDER BY name");
+ $groups = $dbh->selectall_arrayref('SELECT DISTINCT id, name, description
+ FROM groups
+ ORDER BY name');
foreach my $group (@$groups) {
- my ($nam, $desc) = @$group;
- if ($user->can_bless($nam)) {
+ my ($group_id, $nam, $desc) = @$group;
+ if ($user->can_bless($group_id)) {
push(@set_bits, {"desc" => $desc, "name" => $nam});
}
}
@@ -370,6 +371,7 @@ sub DoPermissions {
sub DoSavedSearches {
# 2004-12-13 - colin.ogilvie@gmail.com, bug 274397
# Need to work around the possibly missing query_format=advanced
+ my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
my @queries = @{$user->queries};
@@ -391,6 +393,12 @@ sub DoSavedSearches {
push @newqueries, $q;
}
$vars->{'queries'} = \@newqueries;
+ if ($user->queryshare_groups_as_string) {
+ $vars->{'queryshare_groups'} = $dbh->selectall_arrayref(
+ 'SELECT id, name FROM groups WHERE id IN ' .
+ '(' . $user->queryshare_groups_as_string .')',
+ {'Slice' => {}});
+ }
}
sub SaveSavedSearches {
@@ -398,18 +406,114 @@ sub SaveSavedSearches {
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
+ # We'll need this in a loop, so do the call once.
+ my $user_id = $user->id;
+
my @queries = @{$user->queries};
- my $sth = $dbh->prepare("UPDATE namedqueries SET linkinfooter = ?
- WHERE userid = ?
- AND name = ?");
+ my $sth_check_nl = $dbh->prepare('SELECT COUNT(*)
+ FROM namedqueries_link_in_footer
+ WHERE namedquery_id = ?
+ AND user_id = ?');
+ my $sth_insert_nl = $dbh->prepare('INSERT INTO namedqueries_link_in_footer
+ (namedquery_id, user_id)
+ VALUES (?, ?)');
+ my $sth_delete_nl = $dbh->prepare('DELETE FROM namedqueries_link_in_footer
+ WHERE namedquery_id = ?
+ AND user_id = ?');
+ my $sth_check_ngm = $dbh->prepare('SELECT COUNT(*)
+ FROM namedquery_group_map
+ WHERE namedquery_id = ?');
+ my $sth_insert_ngm = $dbh->prepare('INSERT INTO namedquery_group_map
+ (namedquery_id, group_id)
+ VALUES (?, ?)');
+ my $sth_update_ngm = $dbh->prepare('UPDATE namedquery_group_map
+ SET group_id = ?
+ WHERE namedquery_id = ?');
+ my $sth_delete_ngm = $dbh->prepare('DELETE FROM namedquery_group_map
+ WHERE namedquery_id = ?');
+ my $sth_direct_group_members =
+ $dbh->prepare('SELECT user_id
+ FROM user_group_map
+ WHERE group_id = ?
+ AND isbless = ' . GROUP_MEMBERSHIP . '
+ AND grant_type = ' . GRANT_DIRECT);
foreach my $q (@queries) {
- my $linkinfooter =
- defined($cgi->param("linkinfooter_$q->{'name'}")) ? 1 : 0;
- $sth->execute($linkinfooter, $user->id, $q->{'name'});
+ # Update namedqueries_link_in_footer.
+ $sth_check_nl->execute($q->{'id'}, $user_id);
+ my ($link_in_footer_entries) = $sth_check_nl->fetchrow_array();
+ if (defined($cgi->param("link_in_footer_$q->{'id'}"))) {
+ if ($link_in_footer_entries == 0) {
+ $sth_insert_nl->execute($q->{'id'}, $user_id);
+ }
+ }
+ else {
+ if ($link_in_footer_entries > 0) {
+ $sth_delete_nl->execute($q->{'id'}, $user_id);
+ }
+ }
+
+ # For user's own queries, update namedquery_group_map.
+ if ($q->{'userid'} == $user_id) {
+ my ($group_id, $group_map_entries);
+ if ($user->in_group(Bugzilla->params->{'querysharegroup'})) {
+ $sth_check_ngm->execute($q->{'id'});
+ ($group_map_entries) = $sth_check_ngm->fetchrow_array();
+ $group_id = $cgi->param("share_$q->{'id'}") || '';
+ }
+ if ($group_id) {
+ if (grep(/^\Q$group_id\E$/, @{$user->queryshare_groups()})) {
+ # $group_id is now definitely a valid ID of a group the
+ # user can see, so we can trick_taint.
+ trick_taint($group_id);
+ if ($group_map_entries == 0) {
+ $sth_insert_ngm->execute($q->{'id'}, $group_id);
+ }
+ else {
+ $sth_update_ngm->execute($group_id, $q->{'id'});
+ }
+
+ # If we're sharing our query with a group we can bless,
+ # we're subscribing direct group members to our search
+ # automatically. Otherwise, the group members need to
+ # opt in. This behaviour is deemed most likely to fit
+ # users' needs.
+ if ($user->can_bless($group_id)) {
+ $sth_direct_group_members->execute($group_id);
+ my $user_id;
+ while ($user_id =
+ $sth_direct_group_members->fetchrow_array()) {
+ next if $user_id == $user->id;
+
+ $sth_check_nl->execute($q->{'id'}, $user_id);
+ my ($already_shown_in_footer) =
+ $sth_check_nl->fetchrow_array();
+ if (! $already_shown_in_footer) {
+ $sth_insert_nl->execute($q->{'id'}, $user_id);
+ }
+ }
+ }
+ }
+ else {
+ # In the unlikely case somebody removed visibility to the
+ # group in the meantime, don't modify sharing.
+ }
+ }
+ else {
+ if ($group_map_entries > 0) {
+ $sth_delete_ngm->execute($q->{'id'});
+ }
+
+ # Don't remove namedqueries_link_in_footer entries for users
+ # subscribing to the shared query. The idea is that they will
+ # probably want to be subscribers again should the sharing
+ # user choose to share the query again.
+ }
+ }
}
$user->flush_queries_cache;
+ # Update profiles.mybugslink.
my $showmybugslink = defined($cgi->param("showmybugslink")) ? 1 : 0;
$dbh->do("UPDATE profiles SET mybugslink = ? WHERE userid = ?",
undef, ($showmybugslink, $user->id));