quips.cgi 4.44 KB
Newer Older
1
#!/usr/bin/perl -wT
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Owen Taylor <otaylor@redhat.com>
22
#                 Gervase Markham <gerv@gerv.net>
23
#                 David Fallon <davef@tetsubo.com>
24
#                 Tobias Burnus <burnus@net-b.de>
25 26

use strict;
27

28 29
use lib qw(.);

30
use Bugzilla;
31
use Bugzilla::Constants;
32 33 34
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
35

36
my $user = Bugzilla->login(LOGIN_REQUIRED);
37

38
my $cgi = Bugzilla->cgi;
39
my $dbh = Bugzilla->dbh;
40 41
my $template = Bugzilla->template;
my $vars = {};
42

43
my $action = $cgi->param('action') || "";
44

45
if ($action eq "show") {
46
    # Read in the entire quip list
47 48
    my $quipsref = $dbh->selectall_arrayref(
                       "SELECT quipid, userid, quip, approved FROM quips");
49 50 51

    my $quips;
    my @quipids;
52 53
    foreach my $quipref (@$quipsref) {
        my ($quipid, $userid, $quip, $approved) = @$quipref;
54 55
        $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip, 
                             'approved' => $approved};
56 57 58 59
        push(@quipids, $quipid);
    }

    my $users;
60
    my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
61
    foreach my $quipid (@quipids) {
62
        my $userid = $quips->{$quipid}{'userid'};
63
        if ($userid && not defined $users->{$userid}) {
64
            ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
65 66 67 68 69
        }
    }
    $vars->{'quipids'} = \@quipids;
    $vars->{'quips'} = $quips;
    $vars->{'users'} = $users;
70
    $vars->{'show_quips'} = 1;
71 72
}

73
if ($action eq "add") {
74
    (Bugzilla->params->{'quip_list_entry_control'} eq "closed") &&
75 76
      ThrowUserError("no_new_quips");

77
    # Add the quip 
78
    my $approved = (Bugzilla->params->{'quip_list_entry_control'} eq "open")
79
                   || Bugzilla->user->in_group('admin') || 0;
80
    my $comment = $cgi->param("quip");
81
    $comment || ThrowUserError("need_quip");
82
    trick_taint($comment); # Used in a placeholder below
83

84
    $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
85
             undef, ($user->id, $comment, $approved));
86 87 88 89

    $vars->{'added_quip'} = $comment;
}

90 91
if ($action eq 'approve') {
    # Read in the entire quip list
92 93
    my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");
    
94
    my %quips;
95 96
    foreach my $quipref (@$quipsref) {
        my ($quipid, $approved) = @$quipref;
97 98 99 100 101 102
        $quips{$quipid} = $approved;
    }

    my @approved;
    my @unapproved;
    foreach my $quipid (keys %quips) {
103
       my $form = $cgi->param('quipid_'.$quipid) ? 1 : 0;
104 105 106 107 108
       if($quips{$quipid} ne $form) {
           if($form) { push(@approved, $quipid); }
           else { push(@unapproved, $quipid); }
       }
    }
109
    $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
110
            join(",", @approved) . ")") if($#approved > -1);
111
    $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
112 113 114 115 116
            join(",", @unapproved) . ")") if($#unapproved > -1);
    $vars->{ 'approved' }   = \@approved;
    $vars->{ 'unapproved' } = \@unapproved;
}

117
if ($action eq "delete") {
118
    Bugzilla->user->in_group("admin")
119 120 121
      || ThrowUserError("auth_failure", {group  => "admin",
                                         action => "delete",
                                         object => "quips"});
122
    my $quipid = $cgi->param("quipid");
123 124 125
    ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; 
    $quipid = $1;

126 127 128 129
    ($vars->{'deleted_quip'}) = $dbh->selectrow_array(
                                    "SELECT quip FROM quips WHERE quipid = ?",
                                    undef, $quipid);
    $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
130 131
}

132
print $cgi->header();
133 134
$template->process("list/quips.html.tmpl", $vars)
  || ThrowTemplateError($template->error());