aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla/User.pm
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/User.pm')
-rw-r--r--Bugzilla/User.pm194
1 files changed, 88 insertions, 106 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 75a4fcf1d..59324383f 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1124,57 +1124,15 @@ sub match {
return \@users;
}
-# match_field() is a CGI wrapper for the match() function.
-#
-# Here's what it does:
-#
-# 1. Accepts a list of fields along with whether they may take multiple values
-# 2. Takes the values of those fields from the first parameter, a $cgi object
-# and passes them to match()
-# 3. Checks the results of the match and displays confirmation or failure
-# messages as appropriate.
-#
-# The confirmation screen functions the same way as verify-new-product and
-# confirm-duplicate, by rolling all of the state information into a
-# form which is passed back, but in this case the searched fields are
-# replaced with the search results.
-#
-# The act of displaying the confirmation or failure messages means it must
-# throw a template and terminate. When confirmation is sent, all of the
-# searchable fields have been replaced by exact fields and the calling script
-# is executed as normal.
-#
-# You also have the choice of *never* displaying the confirmation screen.
-# In this case, match_field will return one of the three USER_MATCH
-# constants described in the POD docs. To make match_field behave this
-# way, pass in MATCH_SKIP_CONFIRM as the third argument.
-#
-# match_field must be called early in a script, before anything external is
-# done with the form data.
-#
-# In order to do a simple match without dealing with templates, confirmation,
-# or globals, simply calling Bugzilla::User::match instead will be
-# sufficient.
-
-# How to call it:
-#
-# Bugzilla::User::match_field($cgi, {
-# 'field_name' => { 'type' => fieldtype },
-# 'field_name2' => { 'type' => fieldtype },
-# [...]
-# });
-#
-# fieldtype can be either 'single' or 'multi'.
-#
-
sub match_field {
- my $cgi = shift; # CGI object to look up fields in
my $fields = shift; # arguments as a hash
+ my $data = shift || Bugzilla->input_params; # hash to look up fields in
my $behavior = shift || 0; # A constant that tells us how to act
my $matches = {}; # the values sent to the template
my $matchsuccess = 1; # did the match fail?
my $need_confirm = 0; # whether to display confirmation screen
my $match_multiple = 0; # whether we ever matched more than one user
+ my @non_conclusive_fields; # fields which don't have a unique user.
my $params = Bugzilla->params;
@@ -1192,7 +1150,8 @@ sub match_field {
$expanded_fields->{$field_pattern} = $fields->{$field_pattern};
}
else {
- my @field_names = grep(/$field_pattern/, $cgi->param());
+ my @field_names = grep(/$field_pattern/, keys %$data);
+
foreach my $field_name (@field_names) {
$expanded_fields->{$field_name} =
{ type => $fields->{$field_pattern}->{'type'} };
@@ -1218,7 +1177,7 @@ sub match_field {
# No need to look for a valid requestee if the flag(type)
# has been deleted (may occur in race conditions).
delete $expanded_fields->{$field_name};
- $cgi->delete($field_name);
+ delete $data->{$field_name};
}
}
}
@@ -1227,35 +1186,19 @@ sub match_field {
$fields = $expanded_fields;
for my $field (keys %{$fields}) {
+ #Concatenate login names, so that we have a common way to handle them.
+ my $raw_field;
+ if (ref $data->{$field}) {
+ $raw_field = join(" ", @{$data->{$field}});
+ }
+ else {
+ $raw_field = $data->{$field};
+ }
+ $raw_field = clean_text($raw_field || '');
- # Tolerate fields that do not exist.
- #
- # This is so that fields like qa_contact can be specified in the code
- # and it won't break if the CGI object does not know about them.
- #
- # It has the side-effect that if a bad field name is passed it will be
- # quietly ignored rather than raising a code error.
-
- next if !defined $cgi->param($field);
-
- # We need to move the query to $raw_field, where it will be split up,
- # modified by the search, and put back into the CGI environment
- # incrementally.
-
- my $raw_field = join(" ", $cgi->param($field));
-
- # When we add back in values later, it matters that we delete
- # the field here, and not set it to '', so that we will add
- # things to an empty list, and not to a list containing one
- # empty string.
- # If the field accepts only one match (type eq "single") and
- # no match or more than one match is found for this field,
- # we will set it back to '' so that the field remains defined
- # outside this function (it was if we came here; else we would
- # have returned earlier above).
- # If the field accepts several matches (type eq "multi") and no match
- # is found, we leave this field undefined (= empty array).
- $cgi->delete($field);
+ # Tolerate fields that do not exist (in case you specify
+ # e.g. the QA contact, and it's currently not in use).
+ next unless ($raw_field && $raw_field ne '');
my @queries = ();
@@ -1263,11 +1206,9 @@ sub match_field {
# into @queries, or in the case of fields which only accept single
# entries, we simply use the verbatim text.
- $raw_field =~ s/^\s+|\s+$//sg; # trim leading/trailing space
-
# single field
if ($fields->{$field}->{'type'} eq 'single') {
- @queries = ($raw_field) unless $raw_field =~ /^\s*$/;
+ @queries = ($raw_field);
# multi-field
}
@@ -1288,35 +1229,22 @@ sub match_field {
$limit = $params->{'maxusermatches'} + 1;
}
+ my @logins;
for my $query (@queries) {
-
my $users = match(
$query, # match string
$limit, # match limit
1 # exclude_disabled
);
- # skip confirmation for exact matches
- if ((scalar(@{$users}) == 1)
- && (lc(@{$users}[0]->login) eq lc($query)))
-
- {
- $cgi->append(-name=>$field,
- -values=>[@{$users}[0]->login]);
-
- next;
- }
-
- $matches->{$field}->{$query}->{'users'} = $users;
- $matches->{$field}->{$query}->{'status'} = 'success';
-
# here is where it checks for multiple matches
-
if (scalar(@{$users}) == 1) { # exactly one match
+ push(@logins, @{$users}[0]->login);
- $cgi->append(-name=>$field,
- -values=>[@{$users}[0]->login]);
+ # skip confirmation for exact matches
+ next if (lc(@{$users}[0]->login) eq lc($query));
+ $matches->{$field}->{$query}->{'status'} = 'success';
$need_confirm = 1 if $params->{'confirmuniqueusermatch'};
}
@@ -1324,6 +1252,7 @@ sub match_field {
&& ($params->{'maxusermatches'} != 1)) {
$need_confirm = 1;
$match_multiple = 1;
+ push(@non_conclusive_fields, $field);
if (($params->{'maxusermatches'})
&& (scalar(@{$users}) > $params->{'maxusermatches'}))
@@ -1331,23 +1260,31 @@ sub match_field {
$matches->{$field}->{$query}->{'status'} = 'trunc';
pop @{$users}; # take the last one out
}
+ else {
+ $matches->{$field}->{$query}->{'status'} = 'success';
+ }
}
else {
# everything else fails
$matchsuccess = 0; # fail
+ push(@non_conclusive_fields, $field);
$matches->{$field}->{$query}->{'status'} = 'fail';
$need_confirm = 1; # confirmation screen shows failures
}
+
+ $matches->{$field}->{$query}->{'users'} = $users;
}
- # Above, we deleted the field before adding matches. If no match
- # or more than one match has been found for a field expecting only
- # one match (type eq "single"), we set it back to '' so
- # that the caller of this function can still check whether this
+
+ # If no match or more than one match has been found for a field
+ # expecting only one match (type eq "single"), we set it back to ''
+ # so that the caller of this function can still check whether this
# field was defined or not (and it was if we came here).
- if (!defined $cgi->param($field)
- && $fields->{$field}->{'type'} eq 'single') {
- $cgi->param($field, '');
+ if ($fields->{$field}->{'type'} eq 'single') {
+ $data->{$field} = $logins[0] || '';
+ }
+ else {
+ $data->{$field} = \@logins;
}
}
@@ -1363,22 +1300,24 @@ sub match_field {
}
# Skip confirmation if we were told to, or if we don't need to confirm.
- return $retval if ($behavior == MATCH_SKIP_CONFIRM || !$need_confirm);
+ if ($behavior == MATCH_SKIP_CONFIRM || !$need_confirm) {
+ return wantarray ? ($retval, \@non_conclusive_fields) : $retval;
+ }
my $template = Bugzilla->template;
+ my $cgi = Bugzilla->cgi;
my $vars = {};
- $vars->{'script'} = Bugzilla->cgi->url(-relative => 1); # for self-referencing URLs
+ $vars->{'script'} = $cgi->url(-relative => 1); # for self-referencing URLs
$vars->{'fields'} = $fields; # fields being matched
$vars->{'matches'} = $matches; # matches that were made
$vars->{'matchsuccess'} = $matchsuccess; # continue or fail
$vars->{'matchmultiple'} = $match_multiple;
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("global/confirm-user-match.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -2296,6 +2235,49 @@ Untaints C<$passwd1> if successful.
If a second password is passed in, this function also verifies that
the two passwords match.
+=item C<match_field($data, $fields, $behavior)>
+
+=over
+
+=item B<Description>
+
+Wrapper for the C<match()> function.
+
+=item B<Params>
+
+=over
+
+=item C<$fields> - A hashref with field names as keys and a hash as values.
+Each hash is of the form { 'type' => 'single|multi' }, which specifies
+whether the field can take a single login name only or several.
+
+=item C<$data> (optional) - A hashref with field names as keys and field values
+as values. If undefined, C<Bugzilla-E<gt>input_params> is used.
+
+=item C<$behavior> (optional) - If set to C<MATCH_SKIP_CONFIRM>, no confirmation
+screen is displayed. In that case, the fields which don't match a unique user
+are left undefined. If not set, a confirmation screen is displayed if at
+least one field doesn't match any login name or match more than one.
+
+=back
+
+=item B<Returns>
+
+If the third parameter is set to C<MATCH_SKIP_CONFIRM>, the function returns
+either C<USER_MATCH_SUCCESS> if all fields can be set unambiguously,
+C<USER_MATCH_FAILED> if at least one field doesn't match any user account,
+or C<USER_MATCH_MULTIPLE> if some fields match more than one user account.
+
+If the third parameter is not set, then if all fields could be set
+unambiguously, nothing is returned, else a confirmation page is displayed.
+
+=item B<Note>
+
+This function must be called early in a script, before anything external
+is done with the data.
+
+=back
+
=back
=head1 SEE ALSO