зеркало из https://github.com/mozilla/pjs.git
Prevent access to product information from environments
This commit is contained in:
Родитель
951fef2398
Коммит
9983b9be9a
|
@ -651,10 +651,8 @@ Returns true if the logged in user has rights to edit this environment.
|
|||
|
||||
sub canedit {
|
||||
my $self = shift;
|
||||
return UserInGroup('managetestplans')
|
||||
|| UserInGroup('edittestcases')
|
||||
|| UserInGroup('runtests');
|
||||
}
|
||||
return 1 if Bugzilla->user->in_group('Testers');
|
||||
return 1 if Bugzilla->user->can_see_product($self->product->name);}
|
||||
|
||||
=head2 canview
|
||||
|
||||
|
@ -664,9 +662,8 @@ Returns true if the logged in user has rights to view this environment.
|
|||
|
||||
sub canview {
|
||||
my $self = shift;
|
||||
return UserInGroup('managetestplans')
|
||||
|| UserInGroup('edittestcases')
|
||||
|| UserInGroup('runtests');
|
||||
return 1 if Bugzilla->user->in_group('Testers');
|
||||
return 1 if Bugzilla->user->can_see_product($self->product->name);
|
||||
}
|
||||
|
||||
=head2 candelete
|
||||
|
|
|
@ -44,6 +44,7 @@ use Bugzilla::Error;
|
|||
use Bugzilla::Config;
|
||||
use Bugzilla::User;
|
||||
use Bugzilla::Constants;
|
||||
use Bugzilla::Testopia::Product;
|
||||
|
||||
###############################
|
||||
#### Initialization ####
|
||||
|
@ -487,8 +488,17 @@ sub obliterate {
|
|||
|
||||
}
|
||||
|
||||
sub canedit {
|
||||
my $self = shift;
|
||||
return 1 if Bugzilla->user->in_group('Testers');
|
||||
my $product = Bugzilla::Testopia::Product->new($self->product_id);
|
||||
return 1 if Bugzilla->user->can_see_product($product->name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub candelete {
|
||||
my $self = shift;
|
||||
return 0 unless $self->canedit;
|
||||
my $dbh = Bugzilla->dbh;
|
||||
my $used = $dbh->selectrow_array(
|
||||
"SELECT 1 FROM test_environment_map AS tem
|
||||
|
|
|
@ -45,6 +45,7 @@ use strict;
|
|||
use Bugzilla::Util;
|
||||
use Bugzilla::Error;
|
||||
use Bugzilla::User;
|
||||
use Bugzilla::Testopia::Product;
|
||||
use JSON;
|
||||
|
||||
###############################
|
||||
|
@ -431,8 +432,17 @@ sub obliterate {
|
|||
return 1;
|
||||
}
|
||||
|
||||
sub canedit {
|
||||
my $self = shift;
|
||||
return 1 if Bugzilla->user->in_group('Testers');
|
||||
my $product = Bugzilla::Testopia::Product->new($self->product_id);
|
||||
return 1 if Bugzilla->user->can_see_product($product->name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub candelete {
|
||||
my $self = shift;
|
||||
return 0 unless $self->canedit;
|
||||
my $dbh = Bugzilla->dbh;
|
||||
my $used = $dbh->selectrow_array("SELECT 1 FROM test_environment_map
|
||||
WHERE element_id = ?",
|
||||
|
|
|
@ -45,6 +45,8 @@ use strict;
|
|||
use Bugzilla::Util;
|
||||
use Bugzilla::Error;
|
||||
use Bugzilla::User;
|
||||
use Bugzilla::Testopia::Environment::Element;
|
||||
|
||||
###############################
|
||||
#### Initialization ####
|
||||
###############################
|
||||
|
@ -332,8 +334,17 @@ sub obliterate {
|
|||
|
||||
}
|
||||
|
||||
sub canedit {
|
||||
my $self = shift;
|
||||
return 1 if Bugzilla->user->in_group('Testers');
|
||||
my $element = Bugzilla::Testopia::Environment::Element->new($self->element_id);
|
||||
return 1 if $element->canedit;
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub candelete {
|
||||
my $self = shift;
|
||||
return 0 unless $self->canedit;
|
||||
my $dbh = Bugzilla->dbh;
|
||||
my $used = $dbh->selectrow_array("SELECT 1 FROM test_environment_map
|
||||
WHERE property_id = ?",
|
||||
|
|
|
@ -18,6 +18,8 @@
|
|||
# Contributor(s): Greg Hendricks <ghendricks@novell.com>
|
||||
#%]
|
||||
|
||||
[% IF user.login %]
|
||||
|
||||
[% IF plan_id %]
|
||||
[% plan_id = plan_id %]
|
||||
[% ELSIF plan %]
|
||||
|
@ -36,7 +38,6 @@
|
|||
<div class="links">
|
||||
<a href="tr_query.cgi">Search</a> |
|
||||
<a href="tr_query.cgi?report=1">Reports</a> |
|
||||
[% IF user.login %]
|
||||
<a href="tr_new_plan.cgi">New Plan</a> |
|
||||
<a href="tr_new_case.cgi?plan_id=[% plan_id FILTER none %]">New Case</a> |
|
||||
<a href="tr_new_run.cgi?plan_id=[% plan_id FILTER none %]&case_status_id=2">New Run</a> |
|
||||
|
@ -45,26 +46,25 @@
|
|||
[% IF UserInGroup('admin') %]
|
||||
<a href="tr_admin.cgi">Admin</a> |
|
||||
[% END %]
|
||||
[% END %]
|
||||
<a href="testopia/doc/Manual.pdf" target="_blank">Help</a>
|
||||
<br />
|
||||
[% IF user.login %]
|
||||
<br>
|
||||
<a href="tr_list_runs.cgi?current_tab=run&run_status=0">Current Runs</a> |
|
||||
<a href="tr_list_plans.cgi?current_tab=plan&name_type=allwordssubstr&name=&plan_text_type=allwordssubstr&plan_text=&tag_type=allwords&tags=&author_type=exact&author=[% user.login FILTER url_quote %]&plan_id=">My Plans</a> |
|
||||
<a href="tr_list_cases.cgi?current_tab=case&summary_type=allwordssubstr&summary=&tcaction_type=allwordssubstr&tcaction=&tceffect_type=allwordssubstr&tceffect=&script_type=allwordssubstr&script=&requirement_type=allwordssubstr&requirement=&tag_type=allwords&tags=&author_type=exact&author=&default_tester_type=substring&default_tester=[% user.login FILTER url_quote %]&case_id=&plan_id=">My Cases</a> |
|
||||
<a href="tr_list_runs.cgi?current_tab=run&summary_type=allwordssubstr&summary=¬es_type=allwordssubstr¬es=&environment_type=allwordssubstr&environment=&tag_type=allwords&tag=&manager_type=substring&manager=[% user.login FILTER url_quote %]&run_id=&plan_id=&assignee_type=substr&assignee=[% user.login FILTER url_quote %]">My Runs</a>
|
||||
[% END %] |
|
||||
|
||||
<form action="tr_quicksearch.cgi">
|
||||
<input name="query" size="25" />
|
||||
<input type="submit" value="Find" />
|
||||
<input name="query" size="25" /><input type="submit" value="Find" />
|
||||
</form>
|
||||
</div>
|
||||
[% IF user.login %]
|
||||
<div class="links">
|
||||
<b>Testopia Saved Searches:</b>
|
||||
<br>
|
||||
</div>
|
||||
<div id="links-saved" class="leadcopy">
|
||||
<div class="label">
|
||||
Testopia<br>Saved Searches:
|
||||
</div>
|
||||
[% FOREACH query = user.testopia_queries %]
|
||||
<a href="[% query.query %]">[% query.name FILTER html %]</a>[% ' | ' UNLESS loop.last %]
|
||||
[% END %]
|
||||
</div>
|
||||
[% END %]
|
||||
</div>
|
||||
[% END %]
|
|
@ -3,6 +3,9 @@
|
|||
<hr />
|
||||
<a name="testopia" />
|
||||
<table width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||
<tr>
|
||||
<th colspan="2">Testopia Version 1.2</th>
|
||||
</tr>
|
||||
<tr valign="TOP">
|
||||
<td width="128">
|
||||
<p><img
|
||||
|
@ -12,10 +15,15 @@
|
|||
</td>
|
||||
<td>
|
||||
<p><b>Testopia</b> choices:</p>
|
||||
<p><a href="tr_list_runs.cgi?current_tab=run&run_status=0">Do some testing</a><br>
|
||||
[% IF user.login %]
|
||||
<p>
|
||||
<a href="tr_list_runs.cgi?current_tab=run&run_status=0">Do some testing</a><br>
|
||||
<a href="tr_query.cgi?current_tab=plan">Manage test plans</a><br>
|
||||
<a href="tr_query.cgi?current_tab=case">Search existing test cases</a><br>
|
||||
<a href="tr_admin_environment.cgi">Manage run environments</a></p>
|
||||
[% ELSE %]
|
||||
You must login to Bugzilla to see Testopia features
|
||||
[% END %]
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
@ -150,6 +150,8 @@ elsif($action eq 'removeNode'){
|
|||
elsif ($action eq 'getcategories'){
|
||||
my $product_id = $cgi->param('product_id');
|
||||
detaint_natural($product_id);
|
||||
my $product = Bugzilla::Testtopia::Product->new($product_id);
|
||||
exit unless Bugzilla->user->can_see_product($product->name);
|
||||
my $cat = Bugzilla::Testopia::Environment::Category({});
|
||||
my $categories = $cat->get_element_categories_by_product($product_id);
|
||||
my $ret;
|
||||
|
@ -219,24 +221,28 @@ sub display{
|
|||
sub get_products{
|
||||
my ($class_id) = (@_);
|
||||
my $class = Bugzilla::Testopia::Classification->new($class_id);
|
||||
return unless scalar(grep {$class->id eq $class_id} @{Bugzilla->user->get_selectable_classifications});
|
||||
print $class->products_to_json;
|
||||
}
|
||||
|
||||
sub get_categories{
|
||||
my ($product_id) = (@_);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new({});
|
||||
return unless $category->canedit;
|
||||
print $category->product_categories_to_json($product_id);
|
||||
}
|
||||
|
||||
sub get_category_element{
|
||||
my ($id) = (@_);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new($id);
|
||||
return unless $category->canedit;
|
||||
print $category->elements_to_json;
|
||||
}
|
||||
|
||||
sub get_element_children {
|
||||
my ($id) = (@_);
|
||||
my $element = Bugzilla::Testopia::Environment::Element->new($id);
|
||||
return unless $element->canedit;
|
||||
print $element->children_to_json;
|
||||
}
|
||||
|
||||
|
@ -254,6 +260,7 @@ sub edit_category{
|
|||
my ($id) = (@_);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new($id);
|
||||
my $product = Bugzilla::Testopia::Product->new($category->product_id());
|
||||
return unless Bugzilla->user->can_see_product($product->name);
|
||||
$category->{'name'} =~ s/<span style='color:blue'>|<\/span>//g;
|
||||
|
||||
$vars->{'category'} = $category;
|
||||
|
@ -268,6 +275,7 @@ sub edit_element{
|
|||
my $element = Bugzilla::Testopia::Environment::Element->new($id);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new($element->env_category_id());
|
||||
my $product = Bugzilla::Testopia::Product->new($category->product_id());
|
||||
return unless $category->canedit;
|
||||
$element->{'name'} =~ s/<span style='color:blue'>|<\/span>//g;
|
||||
|
||||
$vars->{'element'} = $element;
|
||||
|
@ -289,6 +297,7 @@ sub edit_property{
|
|||
my ($id) = (@_);
|
||||
my $property = Bugzilla::Testopia::Environment::Property->new($id);
|
||||
my $element = Bugzilla::Testopia::Environment::Element->new($property->element_id());
|
||||
return unless $element->canedit;
|
||||
my $cat_id = $element->env_category_id();
|
||||
my $elmnts = Bugzilla::Testopia::Environment::Category->new($cat_id)->get_elements_by_category();
|
||||
|
||||
|
@ -303,6 +312,7 @@ sub edit_validexp{
|
|||
$id =~ /^(\d+)~/;
|
||||
|
||||
my $property = Bugzilla::Testopia::Environment::Property->new($1);
|
||||
return unless $property->canedit;
|
||||
|
||||
my @expressions = split /\|/, $property->validexp();
|
||||
|
||||
|
@ -320,6 +330,7 @@ sub do_edit_category{
|
|||
my $product_id = $cgi->param('product');
|
||||
my ($id) = (@_);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new($id);
|
||||
return unless $category->canedit;
|
||||
|
||||
trick_taint($name);
|
||||
detaint_natural($product_id);
|
||||
|
@ -354,6 +365,7 @@ sub do_edit_element{
|
|||
#
|
||||
|
||||
my $element = Bugzilla::Testopia::Environment::Element->new($id);
|
||||
return unless $element->canedit;
|
||||
|
||||
my $cat_id = $cgi->param('categoryCombo');
|
||||
my $parent_id = $cgi->param('elementCombo');
|
||||
|
@ -393,6 +405,7 @@ sub do_edit_property{
|
|||
my $name = $cgi->param('name');
|
||||
my $element_id = $cgi->param('element');
|
||||
my $property = Bugzilla::Testopia::Environment::Property->new($id);
|
||||
return unless $property->canedit;
|
||||
|
||||
trick_taint($name);
|
||||
detaint_natural($element_id);
|
||||
|
@ -418,6 +431,7 @@ sub do_edit_validexp{
|
|||
my ($id) = (@_);
|
||||
|
||||
my $property = Bugzilla::Testopia::Environment::Property->new($id);
|
||||
return unless $property->canedit;
|
||||
my @expressions = $cgi->param('valid_exp');
|
||||
|
||||
my $exp;
|
||||
|
@ -439,6 +453,8 @@ sub add_category{
|
|||
my ($id) = (@_);
|
||||
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new({});
|
||||
my $product = Bugzilla::Testopia::Product->new($id);
|
||||
return unless Bugzilla->user->can_see_product($product->name);
|
||||
$category->{'product_id'} = $id;
|
||||
$category->{'name'} = 'New category ' . $category->new_category_count;
|
||||
|
||||
|
|
|
@ -41,7 +41,6 @@ use Data::Dumper;
|
|||
use JSON;
|
||||
|
||||
Bugzilla->login(LOGIN_REQUIRED);
|
||||
Bugzilla->batch(1);
|
||||
|
||||
my $cgi = Bugzilla->cgi;
|
||||
|
||||
|
@ -59,6 +58,8 @@ unless ($env_id || $action){
|
|||
exit;
|
||||
}
|
||||
|
||||
Bugzilla->batch(1);
|
||||
|
||||
if ($action eq 'delete'){
|
||||
my $env = Bugzilla::Testopia::Environment->new($env_id);
|
||||
ThrowUserError('testopia-no-delete', {'object' => 'Environment'}) unless $env->candelete;
|
||||
|
@ -77,8 +78,6 @@ elsif ($action eq 'do_delete'){
|
|||
display_list();
|
||||
}
|
||||
|
||||
|
||||
|
||||
####################
|
||||
### Ajax Actions ###
|
||||
####################
|
||||
|
@ -116,6 +115,7 @@ elsif ($action eq 'edit'){
|
|||
|
||||
elsif ($action eq 'getChildren'){
|
||||
my $json = new JSON;
|
||||
print STDERR $cgi->param('data');
|
||||
my $data = $json->jsonToObj($cgi->param('data'));
|
||||
|
||||
my $node = $data->{'node'};
|
||||
|
@ -229,6 +229,8 @@ else {
|
|||
sub display {
|
||||
detaint_natural($env_id);
|
||||
my $env = Bugzilla::Testopia::Environment->new($env_id);
|
||||
ThrowUserError('testopia-permission-denied', {object => 'Environment'}) unless $env->canedit;
|
||||
|
||||
if(!defined($env)){
|
||||
my $env = Bugzilla::Testopia::Environment->new({'environment_id' => 0});
|
||||
ThrowUserError("testopia-read-only", {'object' => 'Environment'}) unless $env->canedit;
|
||||
|
@ -263,11 +265,14 @@ sub display {
|
|||
sub get_products{
|
||||
my ($class_id) = (@_);
|
||||
my $class = Bugzilla::Testopia::Classification->new($class_id);
|
||||
return unless scalar(grep {$class->id eq $class_id} @{Bugzilla->user->get_selectable_classifications});
|
||||
print $class->products_to_json(1);
|
||||
}
|
||||
|
||||
sub get_categories{
|
||||
my ($product_id) = (@_);
|
||||
my $product = Bugzilla::Testopia::Product->new($product_id);
|
||||
return unless Bugzilla->user->can_see_product($product->name);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new({});
|
||||
print $category->product_categories_to_json($product_id,1);
|
||||
}
|
||||
|
@ -275,6 +280,7 @@ sub get_categories{
|
|||
sub get_category_element_json {
|
||||
my ($id) = (@_);
|
||||
my $category = Bugzilla::Testopia::Environment::Category->new($id);
|
||||
return unless $category->canedit;
|
||||
my $fish = $category->elements_to_json("TRUE");
|
||||
print $fish;
|
||||
}
|
||||
|
@ -282,17 +288,20 @@ sub get_category_element_json {
|
|||
sub get_element_children {
|
||||
my ($id) = (@_);
|
||||
my $element = Bugzilla::Testopia::Environment::Element->new($id);
|
||||
return unless $element->canedit;
|
||||
print $element->children_to_json(1);
|
||||
}
|
||||
|
||||
sub get_env_elements {
|
||||
my ($id) = (@_);
|
||||
my $env = Bugzilla::Testopia::Environment->new($id);
|
||||
return unless $env->canedit;
|
||||
print $env->elements_to_json(1);
|
||||
}
|
||||
|
||||
sub get_validexp_json {
|
||||
my ($id,$env_id) = (@_);
|
||||
my $property = Bugzilla::Testopia::Environment::Property->new($id);
|
||||
return unless $property->canedit;
|
||||
print $property->valid_exp_to_json(1,$env_id);
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче