#!/usr/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil; cperl-indent-level: 4 -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Albert Ting
#
# Contributor(s): Albert Ting <alt@sonic.net>
#                 Max Kanat-Alexander <mkanat@kerio.com>
#
# Direct any questions on this source code to mozilla.org

use strict;
use lib ".";

use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Config;

my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};

# TestClassification:  just returns if the specified classification does exist
# CheckClassification: same check, optionally  emit an error text

sub TestClassification ($) {
    my $cl = shift;
    my $dbh = Bugzilla->dbh;

    trick_taint($cl);
    # does the classification exist?
    my $sth = $dbh->prepare("SELECT name
                             FROM classifications
                             WHERE name=?");
    $sth->execute($cl);
    my @row = $sth->fetchrow_array();
    return $row[0];
}

sub CheckClassification ($) {
    my $cl = shift;

    unless ($cl) {
        ThrowUserError("classification_not_specified");
    }
    if (! TestClassification($cl)) {
        ThrowUserError("classification_doesnt_exist", { name => $cl });
    }
}

sub LoadTemplate ($) {
    my $action = shift;

    $action =~ /(\w+)/;
    $action = $1;
    print $cgi->header();
    $template->process("admin/classifications/$action.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
}

#
# Preliminary checks:
#

Bugzilla->login(LOGIN_REQUIRED);

print $cgi->header();

exists Bugzilla->user->groups->{'editclassifications'}
  || ThrowUserError("auth_failure", {group  => "editclassifications",
                                     action => "edit",
                                     object => "classifications"});

ThrowUserError("auth_classification_not_enabled") unless Param("useclassification");

#
# often used variables
#
my $action = trim($cgi->param('action') || '');
my $classification = trim($cgi->param('classification') || '');
trick_taint($classification);
$vars->{'classification'} = $classification;

#
# action='' -> Show nice list of classifications
#

unless ($action) {
    my @classifications;
    # left join is tricky
    #   - must select "classifications" fields if you want a REAL value
    #   - must use "count(products.classification_id)" if you want a true
    #     count.  If you use count(classifications.id), it will return 1 for NULL
    #   - must use "group by classifications.id" instead of
    #     products.classification_id. Otherwise it won't look for all
    #     classification ids, just the ones used by the products.
    my $sth = $dbh->prepare("SELECT classifications.id,classifications.name,
                                    classifications.description,
                                    COUNT(classification_id) as total
                             FROM classifications
                             LEFT JOIN products ON classifications.id=products.classification_id
                             GROUP BY classifications.id
                             ORDER BY name");
    $sth->execute();
    while (my ($id,$classification,$description,$total) = $sth->fetchrow_array()) {
        my $cl = {};
        $cl->{'id'} = $id;
        $cl->{'classification'} = $classification;
        $cl->{'description'} = $description if (defined $description);
        $cl->{'total'} = $total;

        push(@classifications, $cl);
    }

    $vars->{'classifications'} = \@classifications;
    LoadTemplate("select");
}

#
# action='add' -> present form for parameters for new classification
#
# (next action will be 'new')
#

if ($action eq 'add') {
    LoadTemplate($action);
}

#
# action='new' -> add classification entered in the 'action=add' screen
#

if ($action eq 'new') {
    if (TestClassification($classification)) {
        ThrowUserError("classification_already_exists", { name => $classification });
    }
    my $description = trim($cgi->param('description')  || '');
    trick_taint($description);

    # Add the new classification.
    my $sth = $dbh->prepare("INSERT INTO classifications (name,description)
                            VALUES (?,?)");
    $sth->execute($classification,$description);

    # Make versioncache flush
    unlink "data/versioncache";

    LoadTemplate($action);
}

#
# action='del' -> ask if user really wants to delete
#
# (next action would be 'delete')
#

if ($action eq 'del') {
    CheckClassification($classification);
    my $sth;

    # display some data about the classification
    $sth = $dbh->prepare("SELECT id, description
                          FROM classifications
                          WHERE name=?");
    $sth->execute($classification);
    my ($classification_id, $description) = $sth->fetchrow_array();

    ThrowUserError("classification_not_deletable") if ($classification_id eq "1");

    $sth = $dbh->prepare("SELECT name
                          FROM products
                          WHERE classification_id=$classification_id");
    $sth->execute();
    ThrowUserError("classification_has_products") if ($sth->fetchrow_array());

    $vars->{'description'} = $description if (defined $description);

    LoadTemplate($action);
}

#
# action='delete' -> really delete the classification
#

if ($action eq 'delete') {
    CheckClassification($classification);

    my $sth;
    my $classification_id = get_classification_id($classification);

    if ($classification_id == 1) {
        ThrowUserError("cant_delete_default_classification", { name => $classification });
    }

    # lock the tables before we start to change everything:
    $dbh->bz_lock_tables('classifications WRITE', 'products WRITE');

    # delete
    $sth = $dbh->prepare("DELETE FROM classifications WHERE id=?");
    $sth->execute($classification_id);

    # update products just in case
    $sth = $dbh->prepare("UPDATE products 
                          SET classification_id=1
                          WHERE classification_id=?");
    $sth->execute($classification_id);

    $dbh->bz_unlock_tables();

    unlink "data/versioncache";

    LoadTemplate($action);
}

#
# action='edit' -> present the edit classifications from
#
# (next action would be 'update')
#

if ($action eq 'edit') {
    CheckClassification($classification);

    my @products = ();
    my $has_products = 0;
    my $sth;
    

    # get data of classification
    $sth = $dbh->prepare("SELECT id,description
                          FROM classifications
                          WHERE name=?");
    $sth->execute($classification);
    my ($classification_id,$description) = $sth->fetchrow_array();
    $vars->{'description'} = $description if (defined $description);

    $sth = $dbh->prepare("SELECT name,description
                          FROM products
                          WHERE classification_id=?
                          ORDER BY name");
    $sth->execute($classification_id);
    while ( my ($product, $prod_description) = $sth->fetchrow_array()) {
        my $prod = {};
        $has_products = 1;
        $prod->{'name'} = $product;
        $prod->{'description'} = $prod_description if (defined $prod_description);
        push(@products, $prod);
    }
    $vars->{'products'} = \@products if ($has_products);

    LoadTemplate($action);
}

#
# action='update' -> update the classification
#

if ($action eq 'update') {
    my $classificationold   = trim($cgi->param('classificationold')   || '');
    my $description         = trim($cgi->param('description')         || '');
    my $descriptionold      = trim($cgi->param('descriptionold')      || '');
    my $checkvotes = 0;
    my $sth;

    CheckClassification($classificationold);

    my $classification_id = get_classification_id($classificationold);
    trick_taint($description);

    # Note that we got the $classification_id using $classificationold
    # above so it will remain static even after we rename the
    # classification in the database.

    $dbh->bz_lock_tables('classifications WRITE');

    if ($description ne $descriptionold) {
        $sth = $dbh->prepare("UPDATE classifications
                              SET description=?
                              WHERE id=?");
        $sth->execute($description,$classification_id);
        $vars->{'updated_description'} = 1;
    }

    if ($classification ne $classificationold) {
        unless ($classification) {
            $dbh->bz_unlock_tables(UNLOCK_ABORT);
            ThrowUserError("classification_not_specified")
        }
        
        if (TestClassification($classification)) {
            $dbh->bz_unlock_tables(UNLOCK_ABORT);
            ThrowUserError("classification_already_exists", { name => $classification });
        }
        $sth = $dbh->prepare("UPDATE classifications
                              SET name=? WHERE id=?");
        $sth->execute($classification,$classification_id);
        $vars->{'updated_classification'} = 1;
    }
    $dbh->bz_unlock_tables();

    unlink "data/versioncache";
    LoadTemplate($action);
}

#
# action='reclassify' -> reclassify products for the classification
#

if ($action eq 'reclassify') {
    CheckClassification($classification);
    my $sth;

    # display some data about the classification
    $sth = $dbh->prepare("SELECT id, description
                          FROM classifications
                          WHERE name=?");
    $sth->execute($classification);
    my ($classification_id, $description) = $sth->fetchrow_array();

    $vars->{'description'} = $description if (defined $description);

    $sth = $dbh->prepare("UPDATE products
                          SET classification_id=?
                          WHERE name=?");
    if (defined $cgi->param('add_products')) {
        if (defined $cgi->param('prodlist')) {
            foreach my $prod ($cgi->param("prodlist")) {
                trick_taint($prod);
                $sth->execute($classification_id,$prod);
            }
        }
    } elsif (defined $cgi->param('remove_products')) {
        if (defined $cgi->param('myprodlist')) {
            foreach my $prod ($cgi->param("myprodlist")) {
                trick_taint($prod);
                $sth->execute(1,$prod);
            }
        }
    } elsif (defined $cgi->param('migrate_products')) {
        if (defined $cgi->param('clprodlist')) {
            foreach my $prod ($cgi->param("clprodlist")) {
                trick_taint($prod);
                $sth->execute($classification_id,$prod);
            }
        }
    }

    my @selected_products = ();
    my @class_products = ();

    $sth = $dbh->prepare("SELECT classifications.id,
                                 products.name,
                                 classifications.name,
                                 classifications.id > 1 as unknown
                           FROM products,classifications
                           WHERE classifications.id=products.classification_id
                           ORDER BY unknown, products.name, classifications.name");
    $sth->execute();
    while ( my ($clid, $name, $clname) = $sth->fetchrow_array() ) {
        if ($clid == $classification_id) {
            push(@selected_products,$name);
        } else {
            my $cl = {};
            if ($clid == 1) {
                $cl->{'name'} = "[$clname] $name";
            } else {
                $cl->{'name'} = "$name [$clname]";
            }
            $cl->{'value'} = $name;
            push(@class_products,$cl);
        }
    }
    $vars->{'selected_products'} = \@selected_products;
    $vars->{'class_products'} = \@class_products;

    LoadTemplate($action);
}

#
# No valid action found
#

ThrowCodeError("action_unrecognized", $vars);