aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'request.cgi')
-rwxr-xr-xrequest.cgi475
1 files changed, 242 insertions, 233 deletions
diff --git a/request.cgi b/request.cgi
index 347cb7a44..989e5356d 100755
--- a/request.cgi
+++ b/request.cgi
@@ -23,51 +23,53 @@ use Bugzilla::Component;
# Make sure the user is logged in.
my $user = Bugzilla->login();
-my $cgi = Bugzilla->cgi;
+my $cgi = Bugzilla->cgi;
+
# Force the script to run against the shadow DB. We already validated credentials.
Bugzilla->switch_to_shadow_db;
my $template = Bugzilla->template;
-my $action = $cgi->param('action') || '';
-my $format = $template->get_format('request/queue',
- scalar($cgi->param('format')),
- scalar($cgi->param('ctype')));
+my $action = $cgi->param('action') || '';
+my $format = $template->get_format(
+ 'request/queue',
+ scalar($cgi->param('format')),
+ scalar($cgi->param('ctype'))
+);
$cgi->set_dated_content_disp("inline", "requests", $format->{extension});
print $cgi->header($format->{'ctype'});
my $fields;
$fields->{'requester'}->{'type'} = 'single';
+
# If the user doesn't restrict their search to requests from the wind
# (requestee ne '-'), include the requestee for completion.
-unless (defined $cgi->param('requestee')
- && $cgi->param('requestee') eq '-')
-{
- $fields->{'requestee'}->{'type'} = 'single';
+unless (defined $cgi->param('requestee') && $cgi->param('requestee') eq '-') {
+ $fields->{'requestee'}->{'type'} = 'single';
}
Bugzilla::User::match_field($fields);
if ($action eq 'queue') {
- queue($format);
+ queue($format);
}
else {
- my $flagtypes = get_flag_types();
- my @types = ('all', @$flagtypes);
-
- my $vars = {};
- $vars->{'types'} = \@types;
- $vars->{'requests'} = {};
-
- my %components;
- foreach my $prod (@{$user->get_selectable_products}) {
- foreach my $comp (@{$prod->components}) {
- $components{$comp->name} = 1;
- }
+ my $flagtypes = get_flag_types();
+ my @types = ('all', @$flagtypes);
+
+ my $vars = {};
+ $vars->{'types'} = \@types;
+ $vars->{'requests'} = {};
+
+ my %components;
+ foreach my $prod (@{$user->get_selectable_products}) {
+ foreach my $comp (@{$prod->components}) {
+ $components{$comp->name} = 1;
}
- $vars->{'components'} = [ sort { $a cmp $b } keys %components ];
+ }
+ $vars->{'components'} = [sort { $a cmp $b } keys %components];
- $template->process($format->{'template'}, $vars)
- || ThrowTemplateError($template->error());
+ $template->process($format->{'template'}, $vars)
+ || ThrowTemplateError($template->error());
}
exit;
@@ -76,18 +78,19 @@ exit;
################################################################################
sub queue {
- my $format = shift;
- my $cgi = Bugzilla->cgi;
- my $dbh = Bugzilla->dbh;
- my $template = Bugzilla->template;
- my $user = Bugzilla->user;
- my $userid = $user->id;
- my $vars = {};
-
- my $status = validateStatus($cgi->param('status'));
- my $form_group = validateGroup($cgi->param('group'));
-
- my $query =
+ my $format = shift;
+ my $cgi = Bugzilla->cgi;
+ my $dbh = Bugzilla->dbh;
+ my $template = Bugzilla->template;
+ my $user = Bugzilla->user;
+ my $userid = $user->id;
+ my $vars = {};
+
+ my $status = validateStatus($cgi->param('status'));
+ my $form_group = validateGroup($cgi->param('group'));
+
+ my $query =
+
# Select columns describing each flag, the bug/attachment on which
# it has been set, who set it, and of whom they are requesting it.
" SELECT flags.id, flagtypes.name,
@@ -98,6 +101,7 @@ sub queue {
requesters.realname, requesters.login_name,
requestees.realname, requestees.login_name, COUNT(privs.group_id),
" . $dbh->sql_date_format('flags.modification_date', '%Y.%m.%d %H:%i') .
+
# Use the flags and flagtypes tables for information about the flags,
# the bugs and attachments tables for target info, the profiles tables
# for setter and requestee info, the products/components tables
@@ -129,204 +133,207 @@ sub queue {
ON bgmap.bug_id = bugs.bug_id
";
- if (Bugzilla->params->{or_groups}) {
- $query .= " AND bgmap.group_id IN (" . $user->groups_as_string . ")";
- $query .= " WHERE (privs.group_id IS NULL OR bgmap.group_id IS NOT NULL OR";
- }
- else {
- $query .= " AND bgmap.group_id NOT IN (" . $user->groups_as_string . ")";
- $query .= " WHERE (bgmap.group_id IS NULL OR";
- }
-
- # Weed out bug the user does not have access to
- $query .=
- " (ccmap.who IS NOT NULL AND cclist_accessible = 1) OR
+ if (Bugzilla->params->{or_groups}) {
+ $query .= " AND bgmap.group_id IN (" . $user->groups_as_string . ")";
+ $query .= " WHERE (privs.group_id IS NULL OR bgmap.group_id IS NOT NULL OR";
+ }
+ else {
+ $query .= " AND bgmap.group_id NOT IN (" . $user->groups_as_string . ")";
+ $query .= " WHERE (bgmap.group_id IS NULL OR";
+ }
+
+ # Weed out bug the user does not have access to
+ $query .= " (ccmap.who IS NOT NULL AND cclist_accessible = 1) OR
(bugs.reporter = $userid AND bugs.reporter_accessible = 1) OR
- (bugs.assigned_to = $userid) " .
- (Bugzilla->params->{'useqacontact'} ? "OR
- (bugs.qa_contact = $userid))" : ")");
-
- unless ($user->is_insider) {
- $query .= " AND (attachments.attach_id IS NULL
+ (bugs.assigned_to = $userid) " . (
+ Bugzilla->params->{'useqacontact'}
+ ? "OR
+ (bugs.qa_contact = $userid))"
+ : ")"
+ );
+
+ unless ($user->is_insider) {
+ $query .= " AND (attachments.attach_id IS NULL
OR attachments.isprivate = 0
OR attachments.submitter_id = $userid)";
+ }
+
+ # Limit query to pending requests.
+ $query .= " AND flags.status = '?' " unless $status;
+
+ # The set of criteria by which we filter records to display in the queue.
+ my @criteria = ();
+
+ # A list of columns to exclude from the report because the report conditions
+ # limit the data being displayed to exact matches for those columns.
+ # In other words, if we are only displaying "pending" , we don't
+ # need to display a "status" column in the report because the value for that
+ # column will always be the same.
+ my @excluded_columns = ();
+ my $do_union = $cgi->param('do_union');
+
+ # Filter results by exact email address of requester or requestee.
+ if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
+ my $requester = $dbh->quote($cgi->param('requester'));
+ trick_taint($requester); # Quoted above
+ push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
+ push(@excluded_columns, 'requester') unless $do_union;
+ }
+ if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
+ if ($cgi->param('requestee') ne "-") {
+ my $requestee = $dbh->quote($cgi->param('requestee'));
+ trick_taint($requestee); # Quoted above
+ push(@criteria, $dbh->sql_istrcmp('requestees.login_name', $requestee));
}
-
- # Limit query to pending requests.
- $query .= " AND flags.status = '?' " unless $status;
-
- # The set of criteria by which we filter records to display in the queue.
- my @criteria = ();
-
- # A list of columns to exclude from the report because the report conditions
- # limit the data being displayed to exact matches for those columns.
- # In other words, if we are only displaying "pending" , we don't
- # need to display a "status" column in the report because the value for that
- # column will always be the same.
- my @excluded_columns = ();
- my $do_union = $cgi->param('do_union');
-
- # Filter results by exact email address of requester or requestee.
- if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
- my $requester = $dbh->quote($cgi->param('requester'));
- trick_taint($requester); # Quoted above
- push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
- push(@excluded_columns, 'requester') unless $do_union;
+ else {
+ push(@criteria, "flags.requestee_id IS NULL");
}
- if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
- if ($cgi->param('requestee') ne "-") {
- my $requestee = $dbh->quote($cgi->param('requestee'));
- trick_taint($requestee); # Quoted above
- push(@criteria, $dbh->sql_istrcmp('requestees.login_name', $requestee));
- }
- else {
- push(@criteria, "flags.requestee_id IS NULL");
- }
- push(@excluded_columns, 'requestee') unless $do_union;
+ push(@excluded_columns, 'requestee') unless $do_union;
+ }
+
+ # If the user wants requester = foo OR requestee = bar, we have to join
+ # these criteria separately as all other criteria use AND.
+ if (@criteria == 2 && $do_union) {
+ my $union = join(' OR ', @criteria);
+ @criteria = ("($union)");
+ }
+
+ # Filter requests by status: "pending", "granted", "denied", "all"
+ # (which means any), or "fulfilled" (which means "granted" or "denied").
+ if ($status) {
+ if ($status eq "+-") {
+ push(@criteria, "flags.status IN ('+', '-')");
+ push(@excluded_columns, 'status');
}
-
- # If the user wants requester = foo OR requestee = bar, we have to join
- # these criteria separately as all other criteria use AND.
- if (@criteria == 2 && $do_union) {
- my $union = join(' OR ', @criteria);
- @criteria = ("($union)");
+ elsif ($status ne "all") {
+ push(@criteria, "flags.status = '$status'");
+ push(@excluded_columns, 'status');
}
-
- # Filter requests by status: "pending", "granted", "denied", "all"
- # (which means any), or "fulfilled" (which means "granted" or "denied").
- if ($status) {
- if ($status eq "+-") {
- push(@criteria, "flags.status IN ('+', '-')");
- push(@excluded_columns, 'status');
- }
- elsif ($status ne "all") {
- push(@criteria, "flags.status = '$status'");
- push(@excluded_columns, 'status');
- }
+ }
+
+ # Filter results by exact product or component.
+ if (defined $cgi->param('product') && $cgi->param('product') ne "") {
+ my $product = Bugzilla::Product->check(scalar $cgi->param('product'));
+ push(@criteria, "bugs.product_id = " . $product->id);
+ push(@excluded_columns, 'product');
+ if (defined $cgi->param('component') && $cgi->param('component') ne "") {
+ my $component = Bugzilla::Component->check(
+ {product => $product, name => scalar $cgi->param('component')});
+ push(@criteria, "bugs.component_id = " . $component->id);
+ push(@excluded_columns, 'component');
}
+ }
- # Filter results by exact product or component.
- if (defined $cgi->param('product') && $cgi->param('product') ne "") {
- my $product = Bugzilla::Product->check(scalar $cgi->param('product'));
- push(@criteria, "bugs.product_id = " . $product->id);
- push(@excluded_columns, 'product');
- if (defined $cgi->param('component') && $cgi->param('component') ne "") {
- my $component = Bugzilla::Component->check({ product => $product,
- name => scalar $cgi->param('component') });
- push(@criteria, "bugs.component_id = " . $component->id);
- push(@excluded_columns, 'component');
- }
- }
+ # Filter results by flag types.
+ my $form_type = $cgi->param('type');
+ if (defined $form_type && !grep($form_type eq $_, ("", "all"))) {
- # Filter results by flag types.
- my $form_type = $cgi->param('type');
- if (defined $form_type && !grep($form_type eq $_, ("", "all"))) {
- # Check if any matching types are for attachments. If not, don't show
- # the attachment column in the report.
- my $has_attachment_type =
- Bugzilla::FlagType::count({ 'name' => $form_type,
- 'target_type' => 'attachment' });
-
- if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
-
- my $quoted_form_type = $dbh->quote($form_type);
- trick_taint($quoted_form_type); # Already SQL quoted
- push(@criteria, "flagtypes.name = " . $quoted_form_type);
- push(@excluded_columns, 'type');
- }
+ # Check if any matching types are for attachments. If not, don't show
+ # the attachment column in the report.
+ my $has_attachment_type = Bugzilla::FlagType::count(
+ {'name' => $form_type, 'target_type' => 'attachment'});
+
+ if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
+
+ my $quoted_form_type = $dbh->quote($form_type);
+ trick_taint($quoted_form_type); # Already SQL quoted
+ push(@criteria, "flagtypes.name = " . $quoted_form_type);
+ push(@excluded_columns, 'type');
+ }
- $query .= ' AND ' . join(' AND ', @criteria) if scalar(@criteria);
+ $query .= ' AND ' . join(' AND ', @criteria) if scalar(@criteria);
- # Group the records by flag ID so we don't get multiple rows of data
- # for each flag. This is only necessary because of the code that
- # removes flags on bugs the user is unauthorized to access.
- $query .= ' ' . $dbh->sql_group_by('flags.id',
- 'flagtypes.name, flags.status, flags.bug_id, bugs.short_desc,
+ # Group the records by flag ID so we don't get multiple rows of data
+ # for each flag. This is only necessary because of the code that
+ # removes flags on bugs the user is unauthorized to access.
+ $query .= ' ' . $dbh->sql_group_by(
+ 'flags.id', 'flagtypes.name, flags.status, flags.bug_id, bugs.short_desc,
products.name, components.name, flags.attach_id,
attachments.description, requesters.realname,
requesters.login_name, requestees.realname,
requestees.login_name, flags.modification_date,
cclist_accessible, bugs.reporter, bugs.reporter_accessible,
- bugs.assigned_to');
-
- # Group the records, in other words order them by the group column
- # so the loop in the display template can break them up into separate
- # tables every time the value in the group column changes.
-
- $form_group ||= "requestee";
- if ($form_group eq "requester") {
- $query .= " ORDER BY requesters.realname, requesters.login_name";
- }
- elsif ($form_group eq "requestee") {
- $query .= " ORDER BY requestees.realname, requestees.login_name";
- }
- elsif ($form_group eq "category") {
- $query .= " ORDER BY products.name, components.name";
- }
- elsif ($form_group eq "type") {
- $query .= " ORDER BY flagtypes.name";
- }
-
- # Order the records (within each group).
- $query .= " , flags.modification_date";
-
- # Pass the query to the template for use when debugging this script.
- $vars->{'query'} = $query;
- $vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
-
- my $results = $dbh->selectall_arrayref($query);
- my @requests = ();
- foreach my $result (@$results) {
- my @data = @$result;
- my $request = {
- 'id' => $data[0] ,
- 'type' => $data[1] ,
- 'status' => $data[2] ,
- 'bug_id' => $data[3] ,
- 'bug_summary' => $data[4] ,
- 'category' => "$data[5]: $data[6]" ,
- 'attach_id' => $data[7] ,
- 'attach_summary' => $data[8] ,
- 'requester' => ($data[9] ? "$data[9] <$data[10]>" : $data[10]) ,
- 'requestee' => ($data[11] ? "$data[11] <$data[12]>" : $data[12]) ,
- 'restricted' => $data[13] ? 1 : 0,
- 'created' => $data[14]
- };
- push(@requests, $request);
- }
-
- # Get a list of request type names to use in the filter form.
- my @types = ("all");
- my $flagtypes = get_flag_types();
- push(@types, @$flagtypes);
-
- $vars->{'excluded_columns'} = \@excluded_columns;
- $vars->{'group_field'} = $form_group;
- $vars->{'requests'} = \@requests;
- $vars->{'types'} = \@types;
-
- # This code is needed to populate the Product and Component select fields.
- my ($products, %components);
- if (Bugzilla->params->{useclassification}) {
- foreach my $class (@{$user->get_selectable_classifications}) {
- push @$products, @{$user->get_selectable_products($class->id)};
- }
- }
- else {
- $products = $user->get_selectable_products;
+ bugs.assigned_to'
+ );
+
+ # Group the records, in other words order them by the group column
+ # so the loop in the display template can break them up into separate
+ # tables every time the value in the group column changes.
+
+ $form_group ||= "requestee";
+ if ($form_group eq "requester") {
+ $query .= " ORDER BY requesters.realname, requesters.login_name";
+ }
+ elsif ($form_group eq "requestee") {
+ $query .= " ORDER BY requestees.realname, requestees.login_name";
+ }
+ elsif ($form_group eq "category") {
+ $query .= " ORDER BY products.name, components.name";
+ }
+ elsif ($form_group eq "type") {
+ $query .= " ORDER BY flagtypes.name";
+ }
+
+ # Order the records (within each group).
+ $query .= " , flags.modification_date";
+
+ # Pass the query to the template for use when debugging this script.
+ $vars->{'query'} = $query;
+ $vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
+
+ my $results = $dbh->selectall_arrayref($query);
+ my @requests = ();
+ foreach my $result (@$results) {
+ my @data = @$result;
+ my $request = {
+ 'id' => $data[0],
+ 'type' => $data[1],
+ 'status' => $data[2],
+ 'bug_id' => $data[3],
+ 'bug_summary' => $data[4],
+ 'category' => "$data[5]: $data[6]",
+ 'attach_id' => $data[7],
+ 'attach_summary' => $data[8],
+ 'requester' => ($data[9] ? "$data[9] <$data[10]>" : $data[10]),
+ 'requestee' => ($data[11] ? "$data[11] <$data[12]>" : $data[12]),
+ 'restricted' => $data[13] ? 1 : 0,
+ 'created' => $data[14]
+ };
+ push(@requests, $request);
+ }
+
+ # Get a list of request type names to use in the filter form.
+ my @types = ("all");
+ my $flagtypes = get_flag_types();
+ push(@types, @$flagtypes);
+
+ $vars->{'excluded_columns'} = \@excluded_columns;
+ $vars->{'group_field'} = $form_group;
+ $vars->{'requests'} = \@requests;
+ $vars->{'types'} = \@types;
+
+ # This code is needed to populate the Product and Component select fields.
+ my ($products, %components);
+ if (Bugzilla->params->{useclassification}) {
+ foreach my $class (@{$user->get_selectable_classifications}) {
+ push @$products, @{$user->get_selectable_products($class->id)};
}
-
- foreach my $product (@$products) {
- $components{$_->name} = 1 foreach @{$product->components};
- }
- $vars->{'products'} = $products;
- $vars->{'components'} = [ sort keys %components ];
-
- $vars->{'urlquerypart'} = $cgi->canonicalise_query('ctype');
-
- # Generate and return the UI (HTML page) from the appropriate template.
- $template->process($format->{'template'}, $vars)
- || ThrowTemplateError($template->error());
+ }
+ else {
+ $products = $user->get_selectable_products;
+ }
+
+ foreach my $product (@$products) {
+ $components{$_->name} = 1 foreach @{$product->components};
+ }
+ $vars->{'products'} = $products;
+ $vars->{'components'} = [sort keys %components];
+
+ $vars->{'urlquerypart'} = $cgi->canonicalise_query('ctype');
+
+ # Generate and return the UI (HTML page) from the appropriate template.
+ $template->process($format->{'template'}, $vars)
+ || ThrowTemplateError($template->error());
}
################################################################################
@@ -334,33 +341,35 @@ sub queue {
################################################################################
sub validateStatus {
- my $status = shift;
- return if !defined $status;
+ my $status = shift;
+ return if !defined $status;
- grep($status eq $_, qw(? +- + - all))
- || ThrowUserError("flag_status_invalid", { status => $status });
- trick_taint($status);
- return $status;
+ grep($status eq $_, qw(? +- + - all))
+ || ThrowUserError("flag_status_invalid", {status => $status});
+ trick_taint($status);
+ return $status;
}
sub validateGroup {
- my $group = shift;
- return if !defined $group;
+ my $group = shift;
+ return if !defined $group;
- grep($group eq $_, qw(requester requestee category type))
- || ThrowUserError("request_queue_group_invalid", { group => $group });
- trick_taint($group);
- return $group;
+ grep($group eq $_, qw(requester requestee category type))
+ || ThrowUserError("request_queue_group_invalid", {group => $group});
+ trick_taint($group);
+ return $group;
}
# Returns all flag types which have at least one flag of this type.
# If a flag type is inactive but still has flags, we want it.
sub get_flag_types {
- my $dbh = Bugzilla->dbh;
- my $flag_types = $dbh->selectcol_arrayref('SELECT DISTINCT name
+ my $dbh = Bugzilla->dbh;
+ my $flag_types = $dbh->selectcol_arrayref(
+ 'SELECT DISTINCT name
FROM flagtypes
WHERE flagtypes.id IN
(SELECT DISTINCT type_id FROM flags)
- ORDER BY name');
- return $flag_types;
+ ORDER BY name'
+ );
+ return $flag_types;
}