editclassifications.cgi 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321
  1. #!/usr/bin/env perl -wT
  2. # -*- Mode: perl; indent-tabs-mode: nil; cperl-indent-level: 4 -*-
  3. #
  4. # The contents of this file are subject to the Mozilla Public
  5. # License Version 1.1 (the "License"); you may not use this file
  6. # except in compliance with the License. You may obtain a copy of
  7. # the License at http://www.mozilla.org/MPL/
  8. #
  9. # Software distributed under the License is distributed on an "AS
  10. # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
  11. # implied. See the License for the specific language governing
  12. # rights and limitations under the License.
  13. #
  14. # The Original Code is the Bugzilla Bug Tracking System.
  15. #
  16. # The Initial Developer of the Original Code is Albert Ting
  17. #
  18. # Contributor(s): Albert Ting <alt@sonic.net>
  19. # Max Kanat-Alexander <mkanat@bugzilla.org>
  20. # Frédéric Buclin <LpSolit@gmail.com>
  21. use strict;
  22. use lib qw(. lib);
  23. use Bugzilla;
  24. use Bugzilla::Constants;
  25. use Bugzilla::Util;
  26. use Bugzilla::Error;
  27. use Bugzilla::Classification;
  28. use Bugzilla::Token;
  29. my $dbh = Bugzilla->dbh;
  30. my $cgi = Bugzilla->cgi;
  31. my $template = Bugzilla->template;
  32. local our $vars = {};
  33. sub LoadTemplate {
  34. my $action = shift;
  35. my $cgi = Bugzilla->cgi;
  36. my $template = Bugzilla->template;
  37. $vars->{'classifications'} = [Bugzilla::Classification::get_all_classifications()]
  38. if ($action eq 'select');
  39. # There is currently only one section about classifications,
  40. # so all pages point to it. Let's define it here.
  41. $vars->{'doc_section'} = 'classifications.html';
  42. $action =~ /(\w+)/;
  43. $action = $1;
  44. print $cgi->header();
  45. $template->process("admin/classifications/$action.html.tmpl", $vars)
  46. || ThrowTemplateError($template->error());
  47. exit;
  48. }
  49. #
  50. # Preliminary checks:
  51. #
  52. Bugzilla->login(LOGIN_REQUIRED);
  53. print $cgi->header();
  54. exists Bugzilla->user->groups->{'editclassifications'}
  55. || ThrowUserError("auth_failure", {group => "editclassifications",
  56. action => "edit",
  57. object => "classifications"});
  58. ThrowUserError("auth_classification_not_enabled")
  59. unless Bugzilla->params->{"useclassification"};
  60. #
  61. # often used variables
  62. #
  63. my $action = trim($cgi->param('action') || '');
  64. my $class_name = trim($cgi->param('classification') || '');
  65. my $token = $cgi->param('token');
  66. #
  67. # action='' -> Show nice list of classifications
  68. #
  69. LoadTemplate('select') unless $action;
  70. #
  71. # action='add' -> present form for parameters for new classification
  72. #
  73. # (next action will be 'new')
  74. #
  75. if ($action eq 'add') {
  76. $vars->{'token'} = issue_session_token('add_classification');
  77. LoadTemplate($action);
  78. }
  79. #
  80. # action='new' -> add classification entered in the 'action=add' screen
  81. #
  82. if ($action eq 'new') {
  83. check_token_data($token, 'add_classification');
  84. $class_name || ThrowUserError("classification_not_specified");
  85. my $classification =
  86. new Bugzilla::Classification({name => $class_name});
  87. if ($classification) {
  88. ThrowUserError("classification_already_exists",
  89. { name => $classification->name });
  90. }
  91. my $description = trim($cgi->param('description') || '');
  92. my $sortkey = trim($cgi->param('sortkey') || 0);
  93. my $stored_sortkey = $sortkey;
  94. detaint_natural($sortkey)
  95. || ThrowUserError('classification_invalid_sortkey', {'name' => $class_name,
  96. 'sortkey' => $stored_sortkey});
  97. trick_taint($description);
  98. trick_taint($class_name);
  99. # Add the new classification.
  100. $dbh->do("INSERT INTO classifications (name, description, sortkey)
  101. VALUES (?, ?, ?)", undef, ($class_name, $description, $sortkey));
  102. delete_token($token);
  103. $vars->{'message'} = 'classification_created';
  104. $vars->{'classification'} = new Bugzilla::Classification({name => $class_name});
  105. $vars->{'classifications'} = [Bugzilla::Classification::get_all_classifications];
  106. $vars->{'token'} = issue_session_token('reclassify_classifications');
  107. LoadTemplate('reclassify');
  108. }
  109. #
  110. # action='del' -> ask if user really wants to delete
  111. #
  112. # (next action would be 'delete')
  113. #
  114. if ($action eq 'del') {
  115. my $classification =
  116. Bugzilla::Classification::check_classification($class_name);
  117. if ($classification->id == 1) {
  118. ThrowUserError("classification_not_deletable");
  119. }
  120. if ($classification->product_count()) {
  121. ThrowUserError("classification_has_products");
  122. }
  123. $vars->{'classification'} = $classification;
  124. $vars->{'token'} = issue_session_token('delete_classification');
  125. LoadTemplate($action);
  126. }
  127. #
  128. # action='delete' -> really delete the classification
  129. #
  130. if ($action eq 'delete') {
  131. check_token_data($token, 'delete_classification');
  132. my $classification =
  133. Bugzilla::Classification::check_classification($class_name);
  134. if ($classification->id == 1) {
  135. ThrowUserError("classification_not_deletable");
  136. }
  137. # lock the tables before we start to change everything:
  138. $dbh->bz_start_transaction();
  139. # update products just in case
  140. $dbh->do("UPDATE products SET classification_id = 1
  141. WHERE classification_id = ?", undef, $classification->id);
  142. # delete
  143. $dbh->do("DELETE FROM classifications WHERE id = ?", undef,
  144. $classification->id);
  145. $dbh->bz_commit_transaction();
  146. $vars->{'message'} = 'classification_deleted';
  147. $vars->{'classification'} = $class_name;
  148. delete_token($token);
  149. LoadTemplate('select');
  150. }
  151. #
  152. # action='edit' -> present the edit classifications from
  153. #
  154. # (next action would be 'update')
  155. #
  156. if ($action eq 'edit') {
  157. my $classification =
  158. Bugzilla::Classification::check_classification($class_name);
  159. $vars->{'classification'} = $classification;
  160. $vars->{'token'} = issue_session_token('edit_classification');
  161. LoadTemplate($action);
  162. }
  163. #
  164. # action='update' -> update the classification
  165. #
  166. if ($action eq 'update') {
  167. check_token_data($token, 'edit_classification');
  168. $class_name || ThrowUserError("classification_not_specified");
  169. my $class_old_name = trim($cgi->param('classificationold') || '');
  170. my $class_old =
  171. Bugzilla::Classification::check_classification($class_old_name);
  172. my $description = trim($cgi->param('description') || '');
  173. my $sortkey = trim($cgi->param('sortkey') || 0);
  174. my $stored_sortkey = $sortkey;
  175. detaint_natural($sortkey)
  176. || ThrowUserError('classification_invalid_sortkey', {'name' => $class_old->name,
  177. 'sortkey' => $stored_sortkey});
  178. $dbh->bz_start_transaction();
  179. if ($class_name ne $class_old->name) {
  180. my $class = new Bugzilla::Classification({name => $class_name});
  181. if ($class) {
  182. ThrowUserError("classification_already_exists",
  183. { name => $class->name });
  184. }
  185. trick_taint($class_name);
  186. $dbh->do("UPDATE classifications SET name = ? WHERE id = ?",
  187. undef, ($class_name, $class_old->id));
  188. $vars->{'updated_classification'} = 1;
  189. }
  190. if ($description ne $class_old->description) {
  191. trick_taint($description);
  192. $dbh->do("UPDATE classifications SET description = ?
  193. WHERE id = ?", undef,
  194. ($description, $class_old->id));
  195. $vars->{'updated_description'} = 1;
  196. }
  197. if ($sortkey ne $class_old->sortkey) {
  198. $dbh->do("UPDATE classifications SET sortkey = ?
  199. WHERE id = ?", undef,
  200. ($sortkey, $class_old->id));
  201. $vars->{'updated_sortkey'} = 1;
  202. }
  203. $dbh->bz_commit_transaction();
  204. $vars->{'message'} = 'classification_updated';
  205. $vars->{'classification'} = $class_name;
  206. delete_token($token);
  207. LoadTemplate('select');
  208. }
  209. #
  210. # action='reclassify' -> reclassify products for the classification
  211. #
  212. if ($action eq 'reclassify') {
  213. my $classification =
  214. Bugzilla::Classification::check_classification($class_name);
  215. my $sth = $dbh->prepare("UPDATE products SET classification_id = ?
  216. WHERE name = ?");
  217. if (defined $cgi->param('add_products')) {
  218. check_token_data($token, 'reclassify_classifications');
  219. if (defined $cgi->param('prodlist')) {
  220. foreach my $prod ($cgi->param("prodlist")) {
  221. trick_taint($prod);
  222. $sth->execute($classification->id, $prod);
  223. }
  224. }
  225. delete_token($token);
  226. } elsif (defined $cgi->param('remove_products')) {
  227. check_token_data($token, 'reclassify_classifications');
  228. if (defined $cgi->param('myprodlist')) {
  229. foreach my $prod ($cgi->param("myprodlist")) {
  230. trick_taint($prod);
  231. $sth->execute(1,$prod);
  232. }
  233. }
  234. delete_token($token);
  235. }
  236. my @classifications =
  237. Bugzilla::Classification::get_all_classifications;
  238. $vars->{'classifications'} = \@classifications;
  239. $vars->{'classification'} = $classification;
  240. $vars->{'token'} = issue_session_token('reclassify_classifications');
  241. LoadTemplate($action);
  242. }
  243. #
  244. # No valid action found
  245. #
  246. ThrowCodeError("action_unrecognized", {action => $action});