Commit 9e7ad08c authored by Simon Green's avatar Simon Green

Bug 452525 - Allow the option of "OR" groups ("any of the groups" instead of "all of the groups")

r=gerv, a=sgreen
parent 8465c056
...@@ -196,6 +196,9 @@ sub update_params { ...@@ -196,6 +196,9 @@ sub update_params {
$param->{'utf8'} = 1 if $new_install; $param->{'utf8'} = 1 if $new_install;
# Bug 452525: OR based groups are on by default for new installations
$param->{'or_groups'} = 1 if $new_install;
# --- REMOVE OLD PARAMS --- # --- REMOVE OLD PARAMS ---
my %oldparams; my %oldparams;
......
...@@ -83,6 +83,12 @@ sub get_param_list { ...@@ -83,6 +83,12 @@ sub get_param_list {
name => 'strict_isolation', name => 'strict_isolation',
type => 'b', type => 'b',
default => 0 default => 0
},
{
name => 'or_groups',
type => 'b',
default => 0
} ); } );
return @param_list; return @param_list;
} }
......
...@@ -1228,9 +1228,12 @@ sub _standard_joins { ...@@ -1228,9 +1228,12 @@ sub _standard_joins {
push(@joins, $security_join); push(@joins, $security_join);
if ($user->id) { if ($user->id) {
$security_join->{extra} = # See also _standard_joins for the other half of the below statement
["NOT (" . $user->groups_in_sql('security_map.group_id') . ")"]; if (!Bugzilla->params->{'or_groups'}) {
$security_join->{extra} =
["NOT (" . $user->groups_in_sql('security_map.group_id') . ")"];
}
my $security_cc_join = { my $security_cc_join = {
table => 'cc', table => 'cc',
as => 'security_cc', as => 'security_cc',
...@@ -1304,10 +1307,17 @@ sub _standard_where { ...@@ -1304,10 +1307,17 @@ sub _standard_where {
# until their group controls are set. So if a bug has a NULL creation_ts, # until their group controls are set. So if a bug has a NULL creation_ts,
# it shouldn't show up in searches at all. # it shouldn't show up in searches at all.
my @where = ('bugs.creation_ts IS NOT NULL'); my @where = ('bugs.creation_ts IS NOT NULL');
my $security_term = 'security_map.group_id IS NULL';
my $user = $self->_user; my $user = $self->_user;
my $security_term = '';
# See also _standard_joins for the other half of the below statement
if (Bugzilla->params->{'or_groups'}) {
$security_term .= " (security_map.group_id IS NULL OR security_map.group_id IN (" . $user->groups_as_string . "))";
}
else {
$security_term = 'security_map.group_id IS NULL';
}
if ($user->id) { if ($user->id) {
my $userid = $user->id; my $userid = $user->id;
# This indentation makes the resulting SQL more readable. # This indentation makes the resulting SQL more readable.
......
...@@ -118,20 +118,27 @@ sub queue { ...@@ -118,20 +118,27 @@ sub queue {
ON bugs.product_id = products.id ON bugs.product_id = products.id
INNER JOIN components INNER JOIN components
ON bugs.component_id = components.id ON bugs.component_id = components.id
LEFT JOIN bug_group_map AS bgmap
ON bgmap.bug_id = bugs.bug_id
AND bgmap.group_id NOT IN (" .
$user->groups_as_string . ")
LEFT JOIN bug_group_map AS privs LEFT JOIN bug_group_map AS privs
ON privs.bug_id = bugs.bug_id ON privs.bug_id = bugs.bug_id
LEFT JOIN cc AS ccmap LEFT JOIN cc AS ccmap
ON ccmap.who = $userid ON ccmap.who = $userid
AND ccmap.bug_id = bugs.bug_id AND ccmap.bug_id = bugs.bug_id
" . LEFT JOIN bug_group_map AS bgmap
ON bgmap.bug_id = bugs.bug_id
";
if (Bugzilla->params->{or_groups}) {
$query .= " AND bgmap.group_id IN (" . $user->groups_as_string . ")";
$query .= " WHERE (privs.group_id IS NULL OR bgmap.group_id IS NOT NULL OR";
}
else {
$query .= " AND bgmap.group_id NOT IN (" . $user->groups_as_string . ")";
$query .= " WHERE (bgmap.group_id IS NULL OR";
}
# Weed out bug the user does not have access to # Weed out bug the user does not have access to
" WHERE ((bgmap.group_id IS NULL) OR $query .=
(ccmap.who IS NOT NULL AND cclist_accessible = 1) OR " (ccmap.who IS NOT NULL AND cclist_accessible = 1) OR
(bugs.reporter = $userid AND bugs.reporter_accessible = 1) OR (bugs.reporter = $userid AND bugs.reporter_accessible = 1) OR
(bugs.assigned_to = $userid) " . (bugs.assigned_to = $userid) " .
(Bugzilla->params->{'useqacontact'} ? "OR (Bugzilla->params->{'useqacontact'} ? "OR
......
...@@ -37,13 +37,20 @@ ...@@ -37,13 +37,20 @@
usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _ usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _
"specific groups?", "specific groups?",
strict_isolation => "Don't allow users to be assigned to, " _ strict_isolation => "Don't allow users to be assigned to, " _
"be qa-contacts on, " _ "be qa-contacts on, " _
"be added to CC list, " _ "be added to CC list, " _
"or make or remove dependencies " _ "or make or remove dependencies " _
"involving any bug that is in a product on which that " _ "involving any bug that is in a product on which that " _
"user is forbidden to edit.", "user is forbidden to edit.",
or_groups => "Define the visibility of a $terms.bug which is in multiple " _
"groups. If this is on (recommended), a user only needs to " _
"be a member of one of the $terms.bug's groups in order to " _
"view it. If it is off, a user needs to be a member of all " _
"the $terms.bug's groups. Note that in either case, if the " _
"user has a role on the $terms.bug (e.g. reporter) that may " _
"also affect their permissions."
} }
%] %]
...@@ -129,15 +129,17 @@ product. ...@@ -129,15 +129,17 @@ product.
</p> </p>
<p> <p>
If any group has <b>Entry</b> selected, then this product will If any group has <b>Entry</b> selected, then this product will
restrict [% terms.bug %] entry to only those users who are members of all the restrict [% terms.bug %] entry to only those users who are members of
groups with entry selected. [%+ IF Param('or_groups') %]at least one of[% ELSE %]all[% END %] the groups
with entry selected.
</p> </p>
<p> <p>
If any group has <b>Canedit</b> selected, then this product If any group has <b>Canedit</b> selected, then this product
will be read-only for any users who are not members of all of will be read-only for any users who are not members of
the groups with Canedit selected. ONLY users who are members of [%+ IF Param('or_groups') %]one[% ELSE %]all[% END %] of the groups with
all the canedit groups will be able to edit. This is an additional Canedit selected. ONLY users who are members of
restriction that further restricts what can be edited by a user. [%+ IF Param('or_groups') %]at least one of[% ELSE %]all[% END %] the canedit groups
will be able to edit. This is an additional restriction that further restricts what can be edited by a user.
</p> </p>
<p> <p>
The following settings control let you choose privileges on a <b>per-product basis</b>. The following settings control let you choose privileges on a <b>per-product basis</b>.
......
...@@ -634,7 +634,7 @@ TUI_hide_default('attachment_text_field'); ...@@ -634,7 +634,7 @@ TUI_hide_default('attachment_text_field');
<td colspan="3"> <td colspan="3">
<br> <br>
<strong> <strong>
Only users in all of the selected groups can view this Only users in [%+ IF Param('or_groups') %]at least one[% ELSE %]all[% END %] of the selected groups can view this
[%+ terms.bug %]: [%+ terms.bug %]:
</strong> </strong>
<br> <br>
......
...@@ -651,8 +651,9 @@ ...@@ -651,8 +651,9 @@
[% IF NOT emitted_description %] [% IF NOT emitted_description %]
[% emitted_description = 1 %] [% emitted_description = 1 %]
<div id="bz_restrict_group_visibility_help"> <div id="bz_restrict_group_visibility_help">
<b>Only users in all of the selected groups can view this <b>Only users in
[%+ terms.bug %]:</b> [%+ IF Param('or_groups') %]at least one[% ELSE %]all[% END %]
of the selected groups can view this [% terms.bug %]:</b>
<p class="instructions"> <p class="instructions">
Unchecking all boxes makes this a more public [% terms.bug %]. Unchecking all boxes makes this a more public [% terms.bug %].
</p> </p>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment