#!/usr/bin/perl -T # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # # This Source Code Form is "Incompatible With Secondary Licenses", as # defined by the Mozilla Public License, v. 2.0. # Glossary: # series: An individual, defined set of data plotted over time. # data set: What a series is called in the UI. # line: A set of one or more series, to be summed and drawn as a single # line when the series is plotted. # chart: A set of lines # # So when you select rows in the UI, you are selecting one or more lines, not # series. # Generic Charting TODO: # # JS-less chart creation - hard. # Broken image on error or no data - need to do much better. # Centralise permission checking, so Bugzilla->user->in_group('editbugs') # not scattered everywhere. # User documentation :-) # # Bonus: # Offer subscription when you get a "series already exists" error? use 5.10.1; use strict; use warnings; use lib qw(. lib); use Bugzilla; use Bugzilla::Constants; use Bugzilla::CGI; use Bugzilla::Error; use Bugzilla::Util; use Bugzilla::Chart; use Bugzilla::Series; use Bugzilla::Token; # For most scripts we don't make $cgi and $template global variables. But # when preparing Bugzilla for mod_perl, this script used these # variables in so many subroutines that it was easier to just # make them globals. local our $cgi = Bugzilla->cgi; local our $template = Bugzilla->template; local our $vars = {}; my $dbh = Bugzilla->dbh; my $user = Bugzilla->login(LOGIN_REQUIRED); if (!Bugzilla->feature('new_charts')) { ThrowUserError('feature_disabled', { feature => 'new_charts' }); } # Go back to query.cgi if we are adding a boolean chart parameter. if (grep(/^cmd-/, $cgi->param())) { my $params = $cgi->canonicalise_query("format", "ctype", "action"); print $cgi->redirect("query.cgi?format=" . $cgi->param('query_format') . ($params ? "&$params" : "")); exit; } my $action = $cgi->param('action'); my $series_id = $cgi->param('series_id'); $vars->{'doc_section'} = 'using/reports-and-charts.html#charts'; # Because some actions are chosen by buttons, we can't encode them as the value # of the action param, because that value is localization-dependent. So, we # encode it in the name, as "action-". Some params even contain the # series_id they apply to (e.g. subscribe, unsubscribe). my @actions = grep(/^action-/, $cgi->param()); if ($actions[0] && $actions[0] =~ /^action-([^\d]+)(\d*)$/) { $action = $1; $series_id = $2 if $2; } $action ||= "assemble"; # Go to buglist.cgi if we are doing a search. if ($action eq "search") { my $params = $cgi->canonicalise_query("format", "ctype", "action"); print $cgi->redirect("buglist.cgi" . ($params ? "?$params" : "")); exit; } $user->in_group(Bugzilla->params->{"chartgroup"}) || ThrowUserError("auth_failure", {group => Bugzilla->params->{"chartgroup"}, action => "use", object => "charts"}); # Only admins may create public queries $user->in_group('admin') || $cgi->delete('public'); if ($cgi->param('debug') && Bugzilla->params->{debug_group} && Bugzilla->user->in_group(Bugzilla->params->{debug_group}) ) { $vars->{'debug'} = 1; } # All these actions relate to chart construction. if ($action =~ /^(assemble|add|remove|sum|subscribe|unsubscribe)$/) { # These two need to be done before the creation of the Chart object, so # that the changes they make will be reflected in it. if ($action =~ /^subscribe|unsubscribe$/) { detaint_natural($series_id) || ThrowCodeError("invalid_series_id"); my $series = new Bugzilla::Series($series_id); $series->$action($user->id); } my $chart = new Bugzilla::Chart($cgi); if ($action =~ /^remove|sum$/) { $chart->$action(getSelectedLines()); } elsif ($action eq "add") { my @series_ids = getAndValidateSeriesIDs(); $chart->add(@series_ids); } view($chart); } elsif ($action eq "plot") { plot(); } elsif ($action eq "wrap") { # For CSV "wrap", we go straight to "plot". if ($cgi->param('ctype') && $cgi->param('ctype') eq "csv") { plot(); } else { wrap(); } } elsif ($action eq "create") { assertCanCreate($cgi); my $token = $cgi->param('token'); check_hash_token($token, ['create-series']); my $series = new Bugzilla::Series($cgi); ThrowUserError("series_already_exists", {'series' => $series}) if $series->existsInDatabase; $series->writeToDatabase(); $vars->{'message'} = "series_created"; $vars->{'series'} = $series; my $chart = new Bugzilla::Chart($cgi); view($chart); } elsif ($action eq "edit") { my $series = assertCanEdit($series_id); edit($series); } elsif ($action eq "alter") { my $series = assertCanEdit($series_id); my $token = $cgi->param('token'); check_hash_token($token, [$series->id, $series->name]); # XXX - This should be replaced by $series->set_foo() methods. $series = new Bugzilla::Series($cgi); # We need to check if there is _another_ series in the database with # our (potentially new) name. So we call existsInDatabase() to see if # the return value is us or some other series we need to avoid stomping # on. my $id_of_series_in_db = $series->existsInDatabase(); if (defined($id_of_series_in_db) && $id_of_series_in_db != $series->{'series_id'}) { ThrowUserError("series_already_exists", {'series' => $series}); } $series->writeToDatabase(); $vars->{'changes_saved'} = 1; edit($series); } elsif ($action eq "confirm-delete") { $vars->{'series'} = assertCanEdit($series_id); print $cgi->header(); $template->process("reports/delete-series.html.tmpl", $vars) || ThrowTemplateError($template->error()); } elsif ($action eq "delete") { my $series = assertCanEdit($series_id); my $token = $cgi->param('token'); check_hash_token($token, [$series->id, $series->name]); $dbh->bz_start_transaction(); $series->remove_from_db(); # Remove (sub)categories which no longer have any series. foreach my $cat (qw(category subcategory)) { my $is_used = $dbh->selectrow_array("SELECT COUNT(*) FROM series WHERE $cat = ?", undef, $series->{"${cat}_id"}); if (!$is_used) { $dbh->do('DELETE FROM series_categories WHERE id = ?', undef, $series->{"${cat}_id"}); } } $dbh->bz_commit_transaction(); $vars->{'message'} = "series_deleted"; $vars->{'series'} = $series; view(); } elsif ($action eq "convert_search") { my $saved_search = $cgi->param('series_from_search') || ''; my ($query) = grep { $_->name eq $saved_search } @{ $user->queries }; my $url = ''; if ($query) { my $params = new Bugzilla::CGI($query->edit_link); # These two parameters conflict with the one below. $url = $params->canonicalise_query('format', 'query_format'); $url = '&' . html_quote($url); } print $cgi->redirect(-location => correct_urlbase() . "query.cgi?format=create-series$url"); } else { ThrowUserError('unknown_action', {action => $action}); } exit; # Find any selected series and return either the first or all of them. sub getAndValidateSeriesIDs { my @series_ids = grep(/^\d+$/, $cgi->param("name")); return wantarray ? @series_ids : $series_ids[0]; } # Return a list of IDs of all the lines selected in the UI. sub getSelectedLines { my @ids = map { /^select(\d+)$/ ? $1 : () } $cgi->param(); return @ids; } # Check if the user is the owner of series_id or is an admin. sub assertCanEdit { my $series_id = shift; my $user = Bugzilla->user; my $series = new Bugzilla::Series($series_id) || ThrowCodeError('invalid_series_id'); if (!$user->in_group('admin') && $series->{creator_id} != $user->id) { ThrowUserError('illegal_series_edit'); } return $series; } # Check if the user is permitted to create this series with these parameters. sub assertCanCreate { my ($cgi) = shift; my $user = Bugzilla->user; $user->in_group("editbugs") || ThrowUserError("illegal_series_creation"); # Check permission for frequency my $min_freq = 7; if ($cgi->param('frequency') < $min_freq && !$user->in_group("admin")) { ThrowUserError("illegal_frequency", { 'minimum' => $min_freq }); } } sub validateWidthAndHeight { $vars->{'width'} = $cgi->param('width'); $vars->{'height'} = $cgi->param('height'); if (defined($vars->{'width'})) { (detaint_natural($vars->{'width'}) && $vars->{'width'} > 0) || ThrowUserError("invalid_dimensions"); } if (defined($vars->{'height'})) { (detaint_natural($vars->{'height'}) && $vars->{'height'} > 0) || ThrowUserError("invalid_dimensions"); } # The equivalent of 2000 square seems like a very reasonable maximum size. # This is merely meant to prevent accidental or deliberate DOS, and should # have no effect in practice. if ($vars->{'width'} && $vars->{'height'}) { (($vars->{'width'} * $vars->{'height'}) <= 4000000) || ThrowUserError("chart_too_large"); } } sub edit { my $series = shift; $vars->{'category'} = Bugzilla::Chart::getVisibleSeries(); $vars->{'default'} = $series; $vars->{'message'} = 'series_updated' if $vars->{'changes_saved'}; print $cgi->header(); $template->process("reports/edit-series.html.tmpl", $vars) || ThrowTemplateError($template->error()); } sub plot { validateWidthAndHeight(); $vars->{'chart'} = new Bugzilla::Chart($cgi); my $format = $template->get_format("reports/chart", "", scalar($cgi->param('ctype'))); $format->{'ctype'} = 'text/html' if $cgi->param('debug'); $cgi->set_dated_content_disp('inline', 'chart', $format->{extension}); print $cgi->header($format->{'ctype'}); disable_utf8() if ($format->{'ctype'} =~ /^image\//); # Debugging PNGs is a pain; we need to be able to see the error messages if (exists $vars->{'debug'}) { # Bug 1439260 - if we're using debug mode, always use the HTML template # which has proper filters in it. Debug forces an HTML content type # anyway, and can cause XSS if we're not filtering the output. $format = $template->get_format("reports/chart", "", "html"); $vars->{'debug_dump'} = $vars->{'chart'}->dump(); } print $cgi->header($format->{'ctype'}); disable_utf8() if ($format->{'ctype'} =~ /^image\//); $template->process($format->{'template'}, $vars) || ThrowTemplateError($template->error()); } sub wrap { validateWidthAndHeight(); # We create a Chart object so we can validate the parameters my $chart = new Bugzilla::Chart($cgi); $vars->{'time'} = localtime(time()); $vars->{'imagebase'} = $cgi->canonicalise_query( "action", "action-wrap", "ctype", "format", "width", "height"); print $cgi->header(); $template->process("reports/chart.html.tmpl", $vars) || ThrowTemplateError($template->error()); } sub view { my $chart = shift; # Set defaults foreach my $field ('category', 'subcategory', 'name', 'ctype') { $vars->{'default'}{$field} = $cgi->param($field) || 0; } # Pass the state object to the display UI. $vars->{'chart'} = $chart; $vars->{'category'} = Bugzilla::Chart::getVisibleSeries(); print $cgi->header(); # If we have having problems with bad data, we can set debug=1 to dump # the data structure. if (exists $vars->{'debug'}) { $vars->{'debug_dump'} = $chart->dump(); } $template->process("reports/create-chart.html.tmpl", $vars) || ThrowTemplateError($template->error()); }