Bug 351332: Move Group validation into Bugzilla::Bug from post_bug.cgi

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave

Bug 351332: Move Group validation into Bugzilla::Bug from post_bug.cgi
1a4d88f3 · mkanat%bugzilla.org · 38703b61 · 1a4d88f3 · 1a4d88f3 · 1a4d88f3
Commit 1a4d88f3 authored Sep 10, 2006 by mkanat%bugzilla.org
Show whitespace changes
Inline Side-by-side

Showing with 56 additions and 74 deletions

Bug.pm Bugzilla/Bug.pm +46 -0

post_bug.cgi post_bug.cgi +8 -72

code-error.html.tmpl template/en/default/global/code-error.html.tmpl +2 -2

No files found.
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -521,6 +521,52 @@ sub _check_estimated_time {
    return $_[0]->_check_time($_[1], 'estimated_time');
 }
+sub _check_groups {
+    my ($invocant, $product, $group_ids) = @_;
+    my $user = Bugzilla->user;
+    my %add_groups;
+    my $controls = $product->group_controls;
+    foreach my $id (@$group_ids) {
+        my $group = new Bugzilla::Group($id)
+            || ThrowUserError("invalid_group_ID");
+        # This can only happen if somebody hacked the enter_bug form.
+        ThrowCodeError("inactive_group", { name => $group->name })
+            unless $group->is_active;
+        my $membercontrol = $controls->{$id}
+                            && $controls->{$id}->{membercontrol};
+        my $othercontrol  = $controls->{$id} 
+                            && $controls->{$id}->{othercontrol};
+        my $permit = ($membercontrol && $user->in_group($group->name))
+                     || $othercontrol;
+        $add_groups{$id} = 1 if $permit;
+    }
+    foreach my $id (keys %$controls) {
+        next unless $controls->{$id}->{isactive};
+        my $membercontrol = $controls->{$id}->{membercontrol} || 0;
+        my $othercontrol  = $controls->{$id}->{othercontrol}  || 0;
+        # Add groups required
+        if ($membercontrol == CONTROLMAPMANDATORY
+            || ($othercontrol == CONTROLMAPMANDATORY
+                && !$user->in_group_id($id))) 
+        {
+            # User had no option, bug needs to be in this group.
+            $add_groups{$id} = 1;
+        }
+    }
+    my @add_groups = keys %add_groups;
+    return \@add_groups;
+}
 sub _check_keywords {
    my ($invocant, $keyword_string) = @_;
    $keyword_string = trim($keyword_string);

--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -49,22 +49,6 @@ my $template = Bugzilla->template;
 my $vars = {};
 ######################################################################
-# Subroutines
-######################################################################
-# Determines whether or not a group is active by checking
-# the "isactive" column for the group in the "groups" table.
-# Note: This function selects groups by id rather than by name.
-sub GroupIsActive {
-    my ($group_id) = @_;
-    $group_id ||= 0;
-    detaint_natural($group_id);
-    my ($is_active) = Bugzilla->dbh->selectrow_array(
-        "SELECT isactive FROM groups WHERE id = ?", undef, $group_id);
-    return $is_active;
-}
-######################################################################
 # Main Script
 ######################################################################
@@ -154,62 +138,14 @@ my ($depends_on_ids, $blocks_ids) = Bugzilla::Bug->_check_dependencies(
 # get current time
 my $timestamp = $dbh->selectrow_array(q{SELECT NOW()});
-# Groups
+# Group Validation
-my @groupstoadd = ();
+my @selected_groups;
-my $sth_othercontrol = $dbh->prepare(q{SELECT othercontrol
+foreach my $group (grep(/^bit-\d+$/, $cgi->param())) {
-                                         FROM group_control_map
+    $group =~ /^bit-(\d+)$/;
-                                        WHERE group_id = ?
+    push(@selected_groups, $1);
-                                          AND product_id = ?});
-foreach my $b (grep(/^bit-\d*$/, $cgi->param())) {
-    if ($cgi->param($b)) {
-        my $v = substr($b, 4);
-        detaint_natural($v)
-          || ThrowUserError("invalid_group_ID");
-        if (!GroupIsActive($v)) {
-            # Prevent the user from adding the bug to an inactive group.
-            # Should only happen if there is a bug in Bugzilla or the user
-            # hacked the "enter bug" form since otherwise the UI 
-            # for adding the bug to the group won't appear on that form.
-            $vars->{'bit'} = $v;
-            ThrowCodeError("inactive_group");
-        }
-        my ($permit) = $user->in_group_id($v);
-        if (!$permit) {
-            my $othercontrol = $dbh->selectrow_array($sth_othercontrol, 
-                                                     undef, ($v, $product->id));
-            $permit = (($othercontrol == CONTROLMAPSHOWN)
-                       || ($othercontrol == CONTROLMAPDEFAULT));
-        }
-        if ($permit) {
-            push(@groupstoadd, $v)
-        }
-    }
 }
-my $groups = $dbh->selectall_arrayref(q{
+my @add_groups = @{Bugzilla::Bug->_check_groups($product, \@selected_groups)};
-                 SELECT DISTINCT groups.id, groups.name, membercontrol,
-                                 othercontrol, description
-                            FROM groups
-                       LEFT JOIN group_control_map 
-                              ON group_id = id
-                             AND product_id = ?
-                           WHERE isbuggroup != 0
-                             AND isactive != 0
-                        ORDER BY description}, undef, $product->id);
-foreach my $group (@$groups) {
-    my ($id, $groupname, $membercontrol, $othercontrol) = @$group;
-    $membercontrol ||= 0;
-    $othercontrol ||= 0;
-    # Add groups required
-    if (($membercontrol == CONTROLMAPMANDATORY)
-       || (($othercontrol == CONTROLMAPMANDATORY) 
-            && (!Bugzilla->user->in_group($groupname)))) {
-        # User had no option, bug needs to be in this group.
-        push(@groupstoadd, $id)
-    }
-}
 # Include custom fields editable on bug creation.
 my @custom_bug_fields = Bugzilla->get_fields(
@@ -269,8 +205,8 @@ my $id = $bug->bug_id;
 # Add the group restrictions
 my $sth_addgroup = $dbh->prepare(q{
            INSERT INTO bug_group_map (bug_id, group_id) VALUES (?, ?)});
-foreach my $grouptoadd (@groupstoadd) {
+foreach my $group_id (@add_groups) {
-    $sth_addgroup->execute($id, $grouptoadd);
+    $sth_addgroup->execute($id, $group_id);
 }
 # Add the initial comment, allowing for the fact that it may be private

--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -152,8 +152,8 @@
    A legal [% field FILTER html %] was not set.
  [% ELSIF error == "inactive_group" %]
-    Attempted to add [% terms.bug %] to an inactive group, identified by the bit
+    Attempted to add [% terms.bug %] to the '[% name FILTER html %]'
-    '[% bit FILTER html %]'.
+    group, which is not used for bugs.
  [% ELSIF error == "invalid_attach_id_to_obsolete" %]
     The attachment number of one of the attachments you wanted to obsolete,