Patch by Joe Robins <jmrobins@tgix.com> -- allow automatic definition

defparams.pl

@@ -20,7 +20,7 @@
 # Contributor(s): Terry Weissman <terry@mozilla.org>
 #                 Dawn Endico <endico@mozilla.org>
 #                 Dan Mosedale <dmose@mozilla.org>
-
+#                 Joe Robins <jmrobins@tgix.com>
 
 # This file defines all the parameters that we have a GUI to edit within
 # Bugzilla.
@@ -158,6 +158,18 @@ DefParam("usequip",
 	"b",
 	1);
 
+# Added parameter - JMR, 2/16/00
+DefParam("usebuggroups",
+         "If this is on, Bugzilla will associate a bug group with each product in the database, and use it for querying bugs.",
+         "b",
+         0); 
+
+# Added parameter - JMR, 2/16/00
+DefParam("usebuggroupsentry",
+         "If this is on, Bugzilla will use product bug groups to restrict who can enter bugs.  Requires usebuggroups to be on as well.",
+         "b",
+         0); 
+
 DefParam("shadowdb",
          "If non-empty, then this is the name of another database in which Bugzilla will keep a shadow read-only copy of everything.  This is done so that long slow read-only operations can be used against this db, and not lock up things for everyone else.  Turning on this parameter will create the given database; be careful not to use the name of an existing database with useful data in it!",
          "t",

enter_bug.cgi

@@ -19,6 +19,7 @@
 # 
 # Contributor(s): Terry Weissman <terry@mozilla.org>
 #                 Dave Miller <dave@intrec.com>
+#                 Joe Robins <jmrobins@tgix.com>
 
 
 ########################################################################
@@ -48,6 +49,15 @@ sub sillyness {
     $zz = @::legal_severity;
 }
 
+# I've moved the call to confirm_login up to here, since if we're using bug
+# groups to restrict bug entry, we need to know who the user is right from
+# the start.  If that parameter is turned off, there's still no harm done in
+# doing it now instead of a bit later.  -JMR, 2/18/00
+# Except that it will cause people without cookies enabled to have to log
+# in an extra time.  Only do it here if we really need to.  -terry, 3/10/00
+if (Param("usebuggroupsentry")) {
+    confirm_login();
+}
 
 if (!defined $::FORM{'product'}) {
     GetVersionTable();
@@ -59,6 +69,14 @@ if (!defined $::FORM{'product'}) {
             # to allow people to specify that product here.
             next;
         }
+        if(Param("usebuggroupsentry")
+           && GroupExists($p)
+           && !UserInGroup($p)) {
+          # If we're using bug groups to restrict entry on products, and
+          # this product has a bug group, and the user is not in that
+          # group, we don't want to include that product in this list.
+          next;
+        }
         push(@prodlist, $p);
     }
     if (1 != @prodlist) {
@@ -75,6 +93,14 @@ if (!defined $::FORM{'product'}) {
                 # to allow people to specify that product here.
                 next;
             }
+            if(Param("usebuggroupsentry")
+               && GroupExists($p)
+               && !UserInGroup($p)) {
+                # If we're using bug groups to restrict entry on products, and
+                # this product has a bug group, and the user is not in that
+                # group, we don't want to include that product in this list.
+                next;
+            }
             print "<tr><th align=right valign=top><a href=\"enter_bug.cgi?product=" . url_quote($p) . "\">$p</a>:</th>\n";
             if (defined $::proddesc{$p}) {
                 print "<td valign=top>$::proddesc{$p}</td>\n";
@@ -221,6 +247,40 @@ my $component_popup = make_popup('component', $::components{$product},
 
 PutHeader ("Enter Bug","Enter Bug","This page lets you enter a new bug into Bugzilla.");
 
+# Modified, -JMR, 2/24,00
+# If the usebuggroupsentry parameter is set, we need to check and make sure
+# that the user has permission to enter a bug against this product.
+if(Param("usebuggroupsentry")) {
+  if(!UserInGroup($product)) {
+    print "<H1>Permission denied.</H1>\n";
+    print "Sorry; you do not have the permissions necessary to enter\n";
+    print "a bug against this product.\n";
+    print "<P>\n";
+    PutFooter();
+    exit;
+  }
+}
+
+# Modified, -JMR, 2/18/00
+# I'm putting in a select box in order to select whether to restrict this bug to
+# the product's bug group or not, if the usebuggroups parameter is set, and if
+# this product has a bug group.  This box will default to selected, but can be
+# turned off if this bug should be world-viewable for some reason.
+#
+# To do this, I need to (1) get the bit and description for the bug group from
+# the database, (2) insert the select box in the giant print statements below,
+# and (3) update post_bug.cgi to process the additional input field.
+
+# First we get the bit and description for the group.
+my $group_bit=0;
+my $group_desc;
+if(Param("usebuggroups") && GroupExists($product)) {
+    SendSQL("select bit, description from groups ".
+            "where name = ".SqlQuote($product)." ".
+            "and isbuggroup != 0");
+    ($group_bit, $group_desc) = FetchSQLData();
+}
+
 print "
 <FORM METHOD=POST ACTION=\"post_bug.cgi\">
 <INPUT TYPE=HIDDEN NAME=reporter VALUE=\"$::COOKIE{'Bugzilla_login'}\">
@@ -327,7 +387,36 @@ print "
     <td colspan=5><TEXTAREA WRAP=HARD NAME=comment ROWS=10 COLS=80>" .
     value_quote(formvalue('comment')) .
     "</TEXTAREA><BR></td>
-  </tr>
+  </tr>";
+# In between the Description field and the Submit buttons, we'll put in the
+# select box for the bug group, if necessary.
+# Rather than waste time with another Param check and another database access,
+# $group_bit will only have a non-zero value if we're using bug groups and have
+# one for this product, so I'll check on that instead here.  -JMR, 2/18/00
+if($group_bit) {
+  # In addition, we need to handle the possibility that we're coming from
+  # a bookmark template.  We'll simply check if we've got a parameter called
+  # groupset passed with a value other than the current bit.  If so, then we're
+  # coming from a template, and we don't have group_bit set, so turn it off.
+  my $check0 = (formvalue("groupset",$group_bit) == $group_bit) ? "" : " SELECTED";
+  my $check1 = ($check0 eq "") ? " SELECTED" : "";
+  print "
+  <tr>
+    <td align=right><B>Access:</td>
+    <td colspan=5>
+      <select name=\"groupset\">
+        <option value=0$check0>
+          People not in the \"$group_desc\" group can see this bug
+        </option>
+        <option value=$group_bit$check1>
+          Only people in the \"$group_desc\" group can see this bug
+        </option>
+      </select>
+    </td>
+  </tr>"
+}
+
+print "
   <tr>
    <td></td><td colspan=5>
 ";

globals.pl

@@ -30,7 +30,6 @@ use strict;
 sub globals_pl_sillyness {
     my $zz;
     $zz = @main::chooseone;
-    $zz = @main::db_errstr;
     $zz = @main::default_column_list;
     $zz = $main::defaultqueryname;
     $zz = @main::dontchange;
@@ -498,7 +497,10 @@ sub InsertNewUser {
     my $groupset = "0";
     while (MoreSQLData()) {
         my @row = FetchSQLData();
-        if ($username =~ m/$row[1]/) {
+	# Modified -Joe Robins, 2/17/00
+	# Making this case insensitive, since usernames are email addresses,
+	# and could be any case.
+        if ($username =~ m/$row[1]/i) {
             $groupset .= "+ $row[0]"; # Silly hack to let MySQL do the math,
                                       # not Perl, since we're dealing with 64
                                       # bit ints here, and I don't *think* Perl
@@ -681,6 +683,13 @@ sub UserInGroup {
     return 0;
 }
 
+sub GroupExists {
+    my ($groupname) = (@_);
+    ConnectToDatabase();
+    SendSQL("select count(*) from groups where name=" . SqlQuote($groupname));
+    my $count = FetchOneColumn();
+    return $count;
+}
 
 # Determines if the given bug_status string represents an "Opened" bug.  This
 # routine ought to be paramaterizable somehow, as people tend to introduce

post_bug.cgi

@@ -20,6 +20,7 @@
 #
 # Contributor(s): Terry Weissman <terry@mozilla.org>
 #                 Dan Mosedale <dmose@mozilla.org>
+#                 Joe Robins <jmrobins@tgix.com>
 
 use diagnostics;
 use strict;
@@ -67,6 +68,19 @@ PutHeader("Posting Bug -- Please wait", "Posting Bug", "One moment please...");
 umask 0;
 ConnectToDatabase();
 
+my $product = $::FORM{'product'};
+
+if(Param("usebuggroupsentry") && GroupExists($product)) {
+  if(!UserInGroup($product)) {
+    print "<H1>Permission denied.</H1>\n";
+    print "Sorry; you do not have the permissions necessary to enter\n";
+    print "a bug against this product.\n";
+    print "<P>\n";
+    PutFooter();
+    exit;
+  }
+}
+
 if (!defined $::FORM{'component'} || $::FORM{'component'} eq "") {
     PuntTryAgain("You must choose a component that corresponds to this bug. " .
                  "If necessary, just guess.");
@@ -104,7 +118,11 @@ if (Param("useqacontact")) {
     }
 }
 
-
+# If we're using bug groups, we need to include the groupset in the list of
+# fields.  -JMR, 2/18/00
+if(Param("usebuggroups")) {
+  push(@bug_fields, "groupset");
+}
 
 if (exists $::FORM{'bug_status'}) {
     if (!UserInGroup("canedit") && !UserInGroup("canconfirm")) {
@@ -121,7 +139,6 @@ if (!exists $::FORM{'bug_status'}) {
     }
 }
 
-
 if ( Param("strictvaluechecks") ) {
     GetVersionTable();  
     CheckFormField(\%::FORM, 'reporter');