2003-03-27 03:07:02 +03:00
|
|
|
#!/usr/bin/perl -wT
|
2002-09-28 22:42:54 +04:00
|
|
|
# -*- Mode: perl; indent-tabs-mode: nil -*-
|
|
|
|
#
|
|
|
|
# The contents of this file are subject to the Mozilla Public
|
|
|
|
# License Version 1.1 (the "License"); you may not use this file
|
|
|
|
# except in compliance with the License. You may obtain a copy of
|
|
|
|
# the License at http://www.mozilla.org/MPL/
|
|
|
|
#
|
|
|
|
# Software distributed under the License is distributed on an "AS
|
|
|
|
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
|
|
# implied. See the License for the specific language governing
|
|
|
|
# rights and limitations under the License.
|
|
|
|
#
|
|
|
|
# The Original Code is the Bugzilla Bug Tracking System.
|
|
|
|
#
|
|
|
|
# The Initial Developer of the Original Code is Netscape Communications
|
|
|
|
# Corporation. Portions created by Netscape are
|
|
|
|
# Copyright (C) 1998 Netscape Communications Corporation. All
|
|
|
|
# Rights Reserved.
|
|
|
|
#
|
|
|
|
# Contributor(s): Myk Melez <myk@mozilla.org>
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
# Script Initialization
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
# Make it harder for us to do dangerous things in Perl.
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
# Include the Bugzilla CGI and general utility library.
|
|
|
|
use lib qw(.);
|
|
|
|
require "CGI.pl";
|
|
|
|
|
|
|
|
# Use Bugzilla's Request module which contains utilities for handling requests.
|
|
|
|
use Bugzilla::Flag;
|
|
|
|
use Bugzilla::FlagType;
|
|
|
|
|
|
|
|
# use Bugzilla's User module which contains utilities for handling users.
|
|
|
|
use Bugzilla::User;
|
|
|
|
|
|
|
|
use vars qw($template $vars @legal_product @legal_components %components);
|
|
|
|
|
|
|
|
# Make sure the user is logged in.
|
2004-03-27 06:51:44 +03:00
|
|
|
Bugzilla->login();
|
2002-09-28 22:42:54 +04:00
|
|
|
|
|
|
|
################################################################################
|
|
|
|
# Main Body Execution
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
queue();
|
|
|
|
exit;
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
# Functions
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
sub queue {
|
2004-03-06 11:54:17 +03:00
|
|
|
my $cgi = Bugzilla->cgi;
|
|
|
|
|
|
|
|
validateStatus($cgi->param('status'));
|
|
|
|
validateGroup($cgi->param('group'));
|
2002-09-28 22:42:54 +04:00
|
|
|
|
|
|
|
my $attach_join_clause = "flags.attach_id = attachments.attach_id";
|
|
|
|
if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) {
|
2002-11-07 07:49:19 +03:00
|
|
|
$attach_join_clause .= " AND attachments.isprivate < 1";
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
my $query =
|
|
|
|
# Select columns describing each flag, the bug/attachment on which
|
|
|
|
# it has been set, who set it, and of whom they are requesting it.
|
|
|
|
" SELECT flags.id, flagtypes.name,
|
|
|
|
flags.status,
|
|
|
|
flags.bug_id, bugs.short_desc,
|
|
|
|
products.name, components.name,
|
|
|
|
flags.attach_id, attachments.description,
|
|
|
|
requesters.realname, requesters.login_name,
|
|
|
|
requestees.realname, requestees.login_name,
|
2002-11-27 19:00:44 +03:00
|
|
|
DATE_FORMAT(flags.creation_date,'%Y.%m.%d %H:%i'),
|
2002-09-28 22:42:54 +04:00
|
|
|
" .
|
|
|
|
# Select columns that help us weed out secure bugs to which the user
|
|
|
|
# should not have access.
|
|
|
|
" COUNT(DISTINCT ugmap.group_id) AS cntuseringroups,
|
|
|
|
COUNT(DISTINCT bgmap.group_id) AS cntbugingroups,
|
2004-07-03 04:26:29 +04:00
|
|
|
((COUNT(DISTINCT ccmap.who) AND cclist_accessible = 1)
|
|
|
|
OR ((bugs.reporter = $::userid) AND bugs.reporter_accessible = 1)
|
2002-09-28 22:42:54 +04:00
|
|
|
OR bugs.assigned_to = $::userid ) AS canseeanyway
|
|
|
|
" .
|
|
|
|
# Use the flags and flagtypes tables for information about the flags,
|
|
|
|
# the bugs and attachments tables for target info, the profiles tables
|
|
|
|
# for setter and requestee info, the products/components tables
|
|
|
|
# so we can display product and component names, and the bug_group_map
|
|
|
|
# and user_group_map tables to help us weed out secure bugs to which
|
|
|
|
# the user should not have access.
|
|
|
|
" FROM flags
|
|
|
|
LEFT JOIN attachments ON ($attach_join_clause),
|
|
|
|
flagtypes,
|
|
|
|
profiles AS requesters
|
|
|
|
LEFT JOIN profiles AS requestees
|
|
|
|
ON flags.requestee_id = requestees.userid,
|
|
|
|
bugs
|
|
|
|
LEFT JOIN products ON bugs.product_id = products.id
|
|
|
|
LEFT JOIN components ON bugs.component_id = components.id
|
|
|
|
LEFT JOIN bug_group_map AS bgmap
|
|
|
|
ON bgmap.bug_id = bugs.bug_id
|
|
|
|
LEFT JOIN user_group_map AS ugmap
|
|
|
|
ON bgmap.group_id = ugmap.group_id
|
|
|
|
AND ugmap.user_id = $::userid
|
|
|
|
AND ugmap.isbless = 0
|
|
|
|
LEFT JOIN cc AS ccmap
|
|
|
|
ON ccmap.who = $::userid AND ccmap.bug_id = bugs.bug_id
|
|
|
|
" .
|
|
|
|
# All of these are inner join clauses. Actual match criteria are added
|
|
|
|
# in the code below.
|
|
|
|
" WHERE flags.type_id = flagtypes.id
|
|
|
|
AND flags.setter_id = requesters.userid
|
|
|
|
AND flags.bug_id = bugs.bug_id
|
|
|
|
";
|
|
|
|
|
2004-07-06 11:08:02 +04:00
|
|
|
# Non-deleted flags only
|
|
|
|
$query .= " AND flags.is_active = 1 ";
|
|
|
|
|
2002-11-19 07:52:54 +03:00
|
|
|
# Limit query to pending requests.
|
2004-03-06 11:54:17 +03:00
|
|
|
$query .= " AND flags.status = '?' " unless $cgi->param('status');
|
2002-11-19 07:52:54 +03:00
|
|
|
|
|
|
|
# The set of criteria by which we filter records to display in the queue.
|
|
|
|
my @criteria = ();
|
|
|
|
|
2002-09-28 22:42:54 +04:00
|
|
|
# A list of columns to exclude from the report because the report conditions
|
|
|
|
# limit the data being displayed to exact matches for those columns.
|
|
|
|
# In other words, if we are only displaying "pending" , we don't
|
|
|
|
# need to display a "status" column in the report because the value for that
|
|
|
|
# column will always be the same.
|
|
|
|
my @excluded_columns = ();
|
|
|
|
|
|
|
|
# Filter requests by status: "pending", "granted", "denied", "all"
|
|
|
|
# (which means any), or "fulfilled" (which means "granted" or "denied").
|
2004-03-06 11:54:17 +03:00
|
|
|
if ($cgi->param('status')) {
|
|
|
|
if ($cgi->param('status') eq "+-") {
|
2002-11-19 07:52:54 +03:00
|
|
|
push(@criteria, "flags.status IN ('+', '-')");
|
2004-03-06 11:54:17 +03:00
|
|
|
push(@excluded_columns, 'status') unless $cgi->param('do_union');
|
2002-11-19 07:52:54 +03:00
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
elsif ($cgi->param('status') ne "all") {
|
|
|
|
push(@criteria, "flags.status = '" . $cgi->param('status') . "'");
|
|
|
|
push(@excluded_columns, 'status') unless $cgi->param('do_union');
|
2002-11-19 07:52:54 +03:00
|
|
|
}
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
# Filter results by exact email address of requester or requestee.
|
2004-03-06 11:54:17 +03:00
|
|
|
if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
|
|
|
|
push(@criteria, "requesters.login_name = " . SqlQuote($cgi->param('requester')));
|
|
|
|
push(@excluded_columns, 'requester') unless $cgi->param('do_union');
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
|
|
|
|
push(@criteria, "requestees.login_name = " .
|
|
|
|
SqlQuote($cgi->param('requestee')));
|
|
|
|
push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
# Filter results by exact product or component.
|
2004-03-06 11:54:17 +03:00
|
|
|
if (defined $cgi->param('product') && $cgi->param('product') ne "") {
|
|
|
|
my $product_id = get_product_id($cgi->param('product'));
|
2002-09-28 22:42:54 +04:00
|
|
|
if ($product_id) {
|
2002-11-19 07:52:54 +03:00
|
|
|
push(@criteria, "bugs.product_id = $product_id");
|
2004-03-06 11:54:17 +03:00
|
|
|
push(@excluded_columns, 'product') unless $cgi->param('do_union');
|
|
|
|
if (defined $cgi->param('component') && $cgi->param('component') ne "") {
|
|
|
|
my $component_id = get_component_id($product_id, $cgi->param('component'));
|
2002-09-28 22:42:54 +04:00
|
|
|
if ($component_id) {
|
2002-11-19 07:52:54 +03:00
|
|
|
push(@criteria, "bugs.component_id = $component_id");
|
2004-03-06 11:54:17 +03:00
|
|
|
push(@excluded_columns, 'component') unless $cgi->param('do_union');
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
else { ThrowCodeError("unknown_component", { component => $cgi->param('component') }) }
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
else { ThrowCodeError("unknown_product", { product => $cgi->param('product') }) }
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
# Filter results by flag types.
|
2004-03-06 11:54:17 +03:00
|
|
|
my $form_type = $cgi->param('type');
|
|
|
|
if (defined $form_type && !grep($form_type eq $_, ("", "all"))) {
|
2002-09-28 22:42:54 +04:00
|
|
|
# Check if any matching types are for attachments. If not, don't show
|
|
|
|
# the attachment column in the report.
|
2004-03-06 11:54:17 +03:00
|
|
|
my $types = Bugzilla::FlagType::match({ 'name' => $form_type });
|
2002-09-28 22:42:54 +04:00
|
|
|
my $has_attachment_type = 0;
|
|
|
|
foreach my $type (@$types) {
|
|
|
|
if ($type->{'target_type'} eq "attachment") {
|
|
|
|
$has_attachment_type = 1;
|
|
|
|
last;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
|
|
|
|
|
2004-03-06 11:54:17 +03:00
|
|
|
push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
|
|
|
|
push(@excluded_columns, 'type') unless $cgi->param('do_union');
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|
2002-11-19 07:52:54 +03:00
|
|
|
# Add the criteria to the query. We do an intersection by default
|
|
|
|
# but do a union if the "do_union" URL parameter (for which there is no UI
|
|
|
|
# because it's an advanced feature that people won't usually want) is true.
|
2004-03-06 11:54:17 +03:00
|
|
|
my $and_or = $cgi->param('do_union') ? " OR " : " AND ";
|
2002-11-19 07:52:54 +03:00
|
|
|
$query .= " AND (" . join($and_or, @criteria) . ") " if scalar(@criteria);
|
|
|
|
|
2002-09-28 22:42:54 +04:00
|
|
|
# Group the records by flag ID so we don't get multiple rows of data
|
|
|
|
# for each flag. This is only necessary because of the code that
|
|
|
|
# removes flags on bugs the user is unauthorized to access.
|
|
|
|
$query .= " GROUP BY flags.id " .
|
|
|
|
"HAVING cntuseringroups = cntbugingroups OR canseeanyway ";
|
|
|
|
|
|
|
|
# Group the records, in other words order them by the group column
|
|
|
|
# so the loop in the display template can break them up into separate
|
|
|
|
# tables every time the value in the group column changes.
|
2004-03-06 11:54:17 +03:00
|
|
|
|
|
|
|
my $form_group = $cgi->param('group');
|
|
|
|
$form_group ||= "requestee";
|
|
|
|
if ($form_group eq "requester") {
|
2002-09-28 22:42:54 +04:00
|
|
|
$query .= " ORDER BY requesters.realname, requesters.login_name";
|
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
elsif ($form_group eq "requestee") {
|
2002-09-28 22:42:54 +04:00
|
|
|
$query .= " ORDER BY requestees.realname, requestees.login_name";
|
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
elsif ($form_group eq "category") {
|
2002-09-28 22:42:54 +04:00
|
|
|
$query .= " ORDER BY products.name, components.name";
|
|
|
|
}
|
2004-03-06 11:54:17 +03:00
|
|
|
elsif ($form_group eq "type") {
|
2002-09-28 22:42:54 +04:00
|
|
|
$query .= " ORDER BY flagtypes.name";
|
|
|
|
}
|
|
|
|
|
|
|
|
# Order the records (within each group).
|
|
|
|
$query .= " , flags.creation_date";
|
|
|
|
|
|
|
|
# Pass the query to the template for use when debugging this script.
|
|
|
|
$vars->{'query'} = $query;
|
2004-03-06 11:54:17 +03:00
|
|
|
$vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
|
2002-09-28 22:42:54 +04:00
|
|
|
|
|
|
|
SendSQL($query);
|
|
|
|
my @requests = ();
|
|
|
|
while (MoreSQLData()) {
|
|
|
|
my @data = FetchSQLData();
|
|
|
|
my $request = {
|
|
|
|
'id' => $data[0] ,
|
|
|
|
'type' => $data[1] ,
|
|
|
|
'status' => $data[2] ,
|
|
|
|
'bug_id' => $data[3] ,
|
|
|
|
'bug_summary' => $data[4] ,
|
|
|
|
'category' => "$data[5]: $data[6]" ,
|
|
|
|
'attach_id' => $data[7] ,
|
|
|
|
'attach_summary' => $data[8] ,
|
|
|
|
'requester' => ($data[9] ? "$data[9] <$data[10]>" : $data[10]) ,
|
|
|
|
'requestee' => ($data[11] ? "$data[11] <$data[12]>" : $data[12]) ,
|
|
|
|
'created' => $data[13]
|
|
|
|
};
|
|
|
|
push(@requests, $request);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Get a list of request type names to use in the filter form.
|
|
|
|
my @types = ("all");
|
|
|
|
SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
|
|
|
|
push(@types, FetchOneColumn()) while MoreSQLData();
|
|
|
|
|
|
|
|
# products and components and the function used to modify the components
|
|
|
|
# menu when the products menu changes; used by the template to populate
|
|
|
|
# the menus and keep the components menu consistent with the products menu
|
|
|
|
GetVersionTable();
|
2002-12-10 17:17:05 +03:00
|
|
|
my $selectable = GetSelectableProductHash();
|
|
|
|
$vars->{'products'} = $selectable->{legal_products};
|
|
|
|
$vars->{'components'} = $selectable->{legal_components};
|
|
|
|
$vars->{'components_by_product'} = $selectable->{components};
|
2002-09-28 22:42:54 +04:00
|
|
|
|
|
|
|
$vars->{'excluded_columns'} = \@excluded_columns;
|
2004-03-06 11:54:17 +03:00
|
|
|
$vars->{'group_field'} = $form_group;
|
2002-09-28 22:42:54 +04:00
|
|
|
$vars->{'requests'} = \@requests;
|
|
|
|
$vars->{'types'} = \@types;
|
|
|
|
|
|
|
|
# Return the appropriate HTTP response headers.
|
2003-05-05 05:15:38 +04:00
|
|
|
print Bugzilla->cgi->header();
|
2002-09-28 22:42:54 +04:00
|
|
|
|
|
|
|
# Generate and return the UI (HTML page) from the appropriate template.
|
|
|
|
$template->process("request/queue.html.tmpl", $vars)
|
|
|
|
|| ThrowTemplateError($template->error());
|
|
|
|
}
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
# Data Validation / Security Authorization
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
sub validateStatus {
|
2004-03-06 11:54:17 +03:00
|
|
|
my $status = $_[0];
|
|
|
|
return if !defined $status;
|
2002-09-28 22:42:54 +04:00
|
|
|
|
2004-03-06 11:54:17 +03:00
|
|
|
grep($status eq $_, qw(? +- + - all))
|
2003-09-14 10:05:23 +04:00
|
|
|
|| ThrowCodeError("flag_status_invalid",
|
2004-03-06 11:54:17 +03:00
|
|
|
{ status => $status });
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
sub validateGroup {
|
2004-03-06 11:54:17 +03:00
|
|
|
my $group = $_[0];
|
|
|
|
return if !defined $group;
|
2002-09-28 22:42:54 +04:00
|
|
|
|
2004-03-06 11:54:17 +03:00
|
|
|
grep($group eq $_, qw(requester requestee category type))
|
2002-09-28 22:42:54 +04:00
|
|
|
|| ThrowCodeError("request_queue_group_invalid",
|
2004-03-06 11:54:17 +03:00
|
|
|
{ group => $group });
|
2002-09-28 22:42:54 +04:00
|
|
|
}
|
|
|
|
|