Bug 364284: User::get_selectable_products() can return wrong data if…

Bug 364284: User::get_selectable_products() can return wrong data if $classification_id is passed - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=bkor a=justdave

Bug 364284: User::get_selectable_products() can return wrong data if…
1a40b1fe · lpsolit%gmail.com · 504a510d · 1a40b1fe
Commit 1a40b1fe authored Dec 22, 2006 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 29 deletions

User.pm Bugzilla/User.pm +22 -29

No files found.
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -628,39 +628,32 @@ sub can_see_product {

 sub get_selectable_products {
    my $self = shift;
-    my $classification_id = shift;
+    my $class_id = shift;
+    my $class_restricted = Bugzilla->params->{'useclassification'} && $class_id;
+
+    if (!defined $self->{selectable_products}) {
+        my $query = "SELECT id " .
+                    "  FROM products " .
+                 "LEFT JOIN group_control_map " .
+                    "    ON group_control_map.product_id = products.id ";
+        if (Bugzilla->params->{'useentrygroupdefault'}) {
+            $query .= " AND group_control_map.entry != 0 ";
+        } else {
+            $query .= " AND group_control_map.membercontrol = " . CONTROLMAPMANDATORY;
+        }
+        $query .= "     AND group_id NOT IN(" . $self->groups_as_string . ") " .
+                  "   WHERE group_id IS NULL " .
+                  "ORDER BY name";

-    if (defined $self->{selectable_products}) {
-        return $self->{selectable_products};
+        my $prod_ids = Bugzilla->dbh->selectcol_arrayref($query);
+        $self->{selectable_products} = Bugzilla::Product->new_from_list($prod_ids);
    }

-    my $dbh = Bugzilla->dbh;
-    my @params = ();
-
-    my $query = "SELECT id " .
-                "FROM products " .
-                "LEFT JOIN group_control_map " .
-                "ON group_control_map.product_id = products.id ";
-    if (Bugzilla->params->{'useentrygroupdefault'}) {
-        $query .= "AND group_control_map.entry != 0 ";
-    } else {
-        $query .= "AND group_control_map.membercontrol = " .
-                  CONTROLMAPMANDATORY . " ";
+    # Restrict the list of products to those being in the classification, if any.
+    if ($class_restricted) {
+        return [grep {$_->classification_id == $class_id} @{$self->{selectable_products}}];
    }
-    $query .= "AND group_id NOT IN(" . 
-               $self->groups_as_string . ") " .
-              "WHERE group_id IS NULL ";
-
-    if (Bugzilla->params->{'useclassification'} && $classification_id) {
-        $query .= "AND classification_id = ? ";
-        detaint_natural($classification_id);
-        push(@params, $classification_id);
-    }
-
-    $query .= "ORDER BY name";
-
-    my $prod_ids = $dbh->selectcol_arrayref($query, undef, @params);
-    $self->{selectable_products} = Bugzilla::Product->new_from_list($prod_ids);
+    # If we come here, then we want all selectable products.
    return $self->{selectable_products};
 }