Prevent access to product information from environments

This commit is contained in:
ghendricks%novell.com 2007-02-07 21:13:50 +00:00
Родитель 951fef2398
Коммит 9983b9be9a
8 изменённых файлов: 86 добавлений и 25 удалений

Просмотреть файл

@ -651,10 +651,8 @@ Returns true if the logged in user has rights to edit this environment.
sub canedit {
my $self = shift;
return UserInGroup('managetestplans')
|| UserInGroup('edittestcases')
|| UserInGroup('runtests');
}
return 1 if Bugzilla->user->in_group('Testers');
return 1 if Bugzilla->user->can_see_product($self->product->name);}
=head2 canview
@ -664,9 +662,8 @@ Returns true if the logged in user has rights to view this environment.
sub canview {
my $self = shift;
return UserInGroup('managetestplans')
|| UserInGroup('edittestcases')
|| UserInGroup('runtests');
return 1 if Bugzilla->user->in_group('Testers');
return 1 if Bugzilla->user->can_see_product($self->product->name);
}
=head2 candelete

Просмотреть файл

@ -44,6 +44,7 @@ use Bugzilla::Error;
use Bugzilla::Config;
use Bugzilla::User;
use Bugzilla::Constants;
use Bugzilla::Testopia::Product;
###############################
#### Initialization ####
@ -487,8 +488,17 @@ sub obliterate {
}
sub canedit {
my $self = shift;
return 1 if Bugzilla->user->in_group('Testers');
my $product = Bugzilla::Testopia::Product->new($self->product_id);
return 1 if Bugzilla->user->can_see_product($product->name);
return 0;
}
sub candelete {
my $self = shift;
return 0 unless $self->canedit;
my $dbh = Bugzilla->dbh;
my $used = $dbh->selectrow_array(
"SELECT 1 FROM test_environment_map AS tem

Просмотреть файл

@ -45,6 +45,7 @@ use strict;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
use Bugzilla::Testopia::Product;
use JSON;
###############################
@ -431,8 +432,17 @@ sub obliterate {
return 1;
}
sub canedit {
my $self = shift;
return 1 if Bugzilla->user->in_group('Testers');
my $product = Bugzilla::Testopia::Product->new($self->product_id);
return 1 if Bugzilla->user->can_see_product($product->name);
return 0;
}
sub candelete {
my $self = shift;
return 0 unless $self->canedit;
my $dbh = Bugzilla->dbh;
my $used = $dbh->selectrow_array("SELECT 1 FROM test_environment_map
WHERE element_id = ?",

Просмотреть файл

@ -45,6 +45,8 @@ use strict;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
use Bugzilla::Testopia::Environment::Element;
###############################
#### Initialization ####
###############################
@ -332,8 +334,17 @@ sub obliterate {
}
sub canedit {
my $self = shift;
return 1 if Bugzilla->user->in_group('Testers');
my $element = Bugzilla::Testopia::Environment::Element->new($self->element_id);
return 1 if $element->canedit;
return 0;
}
sub candelete {
my $self = shift;
return 0 unless $self->canedit;
my $dbh = Bugzilla->dbh;
my $used = $dbh->selectrow_array("SELECT 1 FROM test_environment_map
WHERE property_id = ?",

Просмотреть файл

@ -18,6 +18,8 @@
# Contributor(s): Greg Hendricks <ghendricks@novell.com>
#%]
[% IF user.login %]
[% IF plan_id %]
[% plan_id = plan_id %]
[% ELSIF plan %]
@ -36,7 +38,6 @@
<div class="links">
<a href="tr_query.cgi">Search</a>&nbsp;|&nbsp;
<a href="tr_query.cgi?report=1">Reports</a>&nbsp;|&nbsp;
[% IF user.login %]
<a href="tr_new_plan.cgi">New Plan</a>&nbsp;|&nbsp;
<a href="tr_new_case.cgi?plan_id=[% plan_id FILTER none %]">New Case</a>&nbsp;|&nbsp;
<a href="tr_new_run.cgi?plan_id=[% plan_id FILTER none %]&case_status_id=2">New Run</a>&nbsp;|&nbsp;
@ -45,26 +46,25 @@
[% IF UserInGroup('admin') %]
<a href="tr_admin.cgi">Admin</a>&nbsp;|&nbsp;
[% END %]
[% END %]
<a href="testopia/doc/Manual.pdf" target="_blank">Help</a>
<br />
[% IF user.login %]
<br>
<a href="tr_list_runs.cgi?current_tab=run&run_status=0">Current Runs</a>&nbsp;|&nbsp;
<a href="tr_list_plans.cgi?current_tab=plan&name_type=allwordssubstr&name=&plan_text_type=allwordssubstr&plan_text=&tag_type=allwords&tags=&author_type=exact&author=[% user.login FILTER url_quote %]&plan_id=">My Plans</a>&nbsp;|&nbsp;
<a href="tr_list_cases.cgi?current_tab=case&summary_type=allwordssubstr&summary=&tcaction_type=allwordssubstr&tcaction=&tceffect_type=allwordssubstr&tceffect=&script_type=allwordssubstr&script=&requirement_type=allwordssubstr&requirement=&tag_type=allwords&tags=&author_type=exact&author=&default_tester_type=substring&default_tester=[% user.login FILTER url_quote %]&case_id=&plan_id=">My Cases</a>&nbsp;|&nbsp;
<a href="tr_list_runs.cgi?current_tab=run&summary_type=allwordssubstr&summary=&notes_type=allwordssubstr&notes=&environment_type=allwordssubstr&environment=&tag_type=allwords&tag=&manager_type=substring&manager=[% user.login FILTER url_quote %]&run_id=&plan_id=&assignee_type=substr&assignee=[% user.login FILTER url_quote %]">My Runs</a>
[% END %]&nbsp;|&nbsp;
<form action="tr_quicksearch.cgi">
<input name="query" size="25" />
<input type="submit" value="Find" />
<input name="query" size="25" /><input type="submit" value="Find" />
</form>
</div>
[% IF user.login %]
<div class="links">
<b>Testopia Saved Searches:</b>
<br>
</div>
<div id="links-saved" class="leadcopy">
<div class="label">
Testopia<br>Saved Searches:
</div>
[% FOREACH query = user.testopia_queries %]
<a href="[% query.query %]">[% query.name FILTER html %]</a>[% '&nbsp;|&nbsp;' UNLESS loop.last %]
[% END %]
</div>
[% END %]
</div>
[% END %]

Просмотреть файл

@ -3,6 +3,9 @@
<hr />
<a name="testopia" />
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<th colspan="2">Testopia Version 1.2</th>
</tr>
<tr valign="TOP">
<td width="128">
<p><img
@ -12,10 +15,15 @@
</td>
<td>
<p><b>Testopia</b> choices:</p>
<p><a href="tr_list_runs.cgi?current_tab=run&run_status=0">Do some testing</a><br>
[% IF user.login %]
<p>
<a href="tr_list_runs.cgi?current_tab=run&run_status=0">Do some testing</a><br>
<a href="tr_query.cgi?current_tab=plan">Manage test plans</a><br>
<a href="tr_query.cgi?current_tab=case">Search existing test cases</a><br>
<a href="tr_admin_environment.cgi">Manage run environments</a></p>
[% ELSE %]
You must login to Bugzilla to see Testopia features
[% END %]
</td>
</tr>
</table>

Просмотреть файл

@ -150,6 +150,8 @@ elsif($action eq 'removeNode'){
elsif ($action eq 'getcategories'){
my $product_id = $cgi->param('product_id');
detaint_natural($product_id);
my $product = Bugzilla::Testtopia::Product->new($product_id);
exit unless Bugzilla->user->can_see_product($product->name);
my $cat = Bugzilla::Testopia::Environment::Category({});
my $categories = $cat->get_element_categories_by_product($product_id);
my $ret;
@ -219,24 +221,28 @@ sub display{
sub get_products{
my ($class_id) = (@_);
my $class = Bugzilla::Testopia::Classification->new($class_id);
return unless scalar(grep {$class->id eq $class_id} @{Bugzilla->user->get_selectable_classifications});
print $class->products_to_json;
}
sub get_categories{
my ($product_id) = (@_);
my $category = Bugzilla::Testopia::Environment::Category->new({});
return unless $category->canedit;
print $category->product_categories_to_json($product_id);
}
sub get_category_element{
my ($id) = (@_);
my $category = Bugzilla::Testopia::Environment::Category->new($id);
return unless $category->canedit;
print $category->elements_to_json;
}
sub get_element_children {
my ($id) = (@_);
my $element = Bugzilla::Testopia::Environment::Element->new($id);
return unless $element->canedit;
print $element->children_to_json;
}
@ -254,6 +260,7 @@ sub edit_category{
my ($id) = (@_);
my $category = Bugzilla::Testopia::Environment::Category->new($id);
my $product = Bugzilla::Testopia::Product->new($category->product_id());
return unless Bugzilla->user->can_see_product($product->name);
$category->{'name'} =~ s/<span style='color:blue'>|<\/span>//g;
$vars->{'category'} = $category;
@ -268,6 +275,7 @@ sub edit_element{
my $element = Bugzilla::Testopia::Environment::Element->new($id);
my $category = Bugzilla::Testopia::Environment::Category->new($element->env_category_id());
my $product = Bugzilla::Testopia::Product->new($category->product_id());
return unless $category->canedit;
$element->{'name'} =~ s/<span style='color:blue'>|<\/span>//g;
$vars->{'element'} = $element;
@ -289,6 +297,7 @@ sub edit_property{
my ($id) = (@_);
my $property = Bugzilla::Testopia::Environment::Property->new($id);
my $element = Bugzilla::Testopia::Environment::Element->new($property->element_id());
return unless $element->canedit;
my $cat_id = $element->env_category_id();
my $elmnts = Bugzilla::Testopia::Environment::Category->new($cat_id)->get_elements_by_category();
@ -303,6 +312,7 @@ sub edit_validexp{
$id =~ /^(\d+)~/;
my $property = Bugzilla::Testopia::Environment::Property->new($1);
return unless $property->canedit;
my @expressions = split /\|/, $property->validexp();
@ -320,6 +330,7 @@ sub do_edit_category{
my $product_id = $cgi->param('product');
my ($id) = (@_);
my $category = Bugzilla::Testopia::Environment::Category->new($id);
return unless $category->canedit;
trick_taint($name);
detaint_natural($product_id);
@ -354,6 +365,7 @@ sub do_edit_element{
#
my $element = Bugzilla::Testopia::Environment::Element->new($id);
return unless $element->canedit;
my $cat_id = $cgi->param('categoryCombo');
my $parent_id = $cgi->param('elementCombo');
@ -393,6 +405,7 @@ sub do_edit_property{
my $name = $cgi->param('name');
my $element_id = $cgi->param('element');
my $property = Bugzilla::Testopia::Environment::Property->new($id);
return unless $property->canedit;
trick_taint($name);
detaint_natural($element_id);
@ -418,6 +431,7 @@ sub do_edit_validexp{
my ($id) = (@_);
my $property = Bugzilla::Testopia::Environment::Property->new($id);
return unless $property->canedit;
my @expressions = $cgi->param('valid_exp');
my $exp;
@ -439,6 +453,8 @@ sub add_category{
my ($id) = (@_);
my $category = Bugzilla::Testopia::Environment::Category->new({});
my $product = Bugzilla::Testopia::Product->new($id);
return unless Bugzilla->user->can_see_product($product->name);
$category->{'product_id'} = $id;
$category->{'name'} = 'New category ' . $category->new_category_count;

Просмотреть файл

@ -41,7 +41,6 @@ use Data::Dumper;
use JSON;
Bugzilla->login(LOGIN_REQUIRED);
Bugzilla->batch(1);
my $cgi = Bugzilla->cgi;
@ -59,6 +58,8 @@ unless ($env_id || $action){
exit;
}
Bugzilla->batch(1);
if ($action eq 'delete'){
my $env = Bugzilla::Testopia::Environment->new($env_id);
ThrowUserError('testopia-no-delete', {'object' => 'Environment'}) unless $env->candelete;
@ -77,8 +78,6 @@ elsif ($action eq 'do_delete'){
display_list();
}
####################
### Ajax Actions ###
####################
@ -116,6 +115,7 @@ elsif ($action eq 'edit'){
elsif ($action eq 'getChildren'){
my $json = new JSON;
print STDERR $cgi->param('data');
my $data = $json->jsonToObj($cgi->param('data'));
my $node = $data->{'node'};
@ -229,6 +229,8 @@ else {
sub display {
detaint_natural($env_id);
my $env = Bugzilla::Testopia::Environment->new($env_id);
ThrowUserError('testopia-permission-denied', {object => 'Environment'}) unless $env->canedit;
if(!defined($env)){
my $env = Bugzilla::Testopia::Environment->new({'environment_id' => 0});
ThrowUserError("testopia-read-only", {'object' => 'Environment'}) unless $env->canedit;
@ -263,11 +265,14 @@ sub display {
sub get_products{
my ($class_id) = (@_);
my $class = Bugzilla::Testopia::Classification->new($class_id);
return unless scalar(grep {$class->id eq $class_id} @{Bugzilla->user->get_selectable_classifications});
print $class->products_to_json(1);
}
sub get_categories{
my ($product_id) = (@_);
my $product = Bugzilla::Testopia::Product->new($product_id);
return unless Bugzilla->user->can_see_product($product->name);
my $category = Bugzilla::Testopia::Environment::Category->new({});
print $category->product_categories_to_json($product_id,1);
}
@ -275,6 +280,7 @@ sub get_categories{
sub get_category_element_json {
my ($id) = (@_);
my $category = Bugzilla::Testopia::Environment::Category->new($id);
return unless $category->canedit;
my $fish = $category->elements_to_json("TRUE");
print $fish;
}
@ -282,17 +288,20 @@ sub get_category_element_json {
sub get_element_children {
my ($id) = (@_);
my $element = Bugzilla::Testopia::Environment::Element->new($id);
return unless $element->canedit;
print $element->children_to_json(1);
}
sub get_env_elements {
my ($id) = (@_);
my $env = Bugzilla::Testopia::Environment->new($id);
return unless $env->canedit;
print $env->elements_to_json(1);
}
sub get_validexp_json {
my ($id,$env_id) = (@_);
my $property = Bugzilla::Testopia::Environment::Property->new($id);
return unless $property->canedit;
print $property->valid_exp_to_json(1,$env_id);
}