404 lines
16 KiB
Perl
Executable File
404 lines
16 KiB
Perl
Executable File
#!/usr/bin/perl -T
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
#
|
|
# This Source Code Form is "Incompatible With Secondary Licenses", as
|
|
# defined by the Mozilla Public License, v. 2.0.
|
|
|
|
################################################################################
|
|
# Script Initialization
|
|
################################################################################
|
|
|
|
use 5.10.1;
|
|
use strict;
|
|
use warnings;
|
|
|
|
use lib qw(. lib);
|
|
|
|
use Bugzilla;
|
|
use Bugzilla::Constants;
|
|
use Bugzilla::Util;
|
|
use Bugzilla::Error;
|
|
use Bugzilla::User;
|
|
use Bugzilla::Group;
|
|
use Bugzilla::Token;
|
|
use Bugzilla::Whine::Schedule;
|
|
use Bugzilla::Whine::Query;
|
|
use Bugzilla::Whine;
|
|
|
|
use DateTime;
|
|
|
|
# require the user to have logged in
|
|
my $user = Bugzilla->login(LOGIN_REQUIRED);
|
|
|
|
###############################################################################
|
|
# Main Body Execution
|
|
###############################################################################
|
|
|
|
my $cgi = Bugzilla->cgi;
|
|
my $template = Bugzilla->template;
|
|
my $vars = {};
|
|
my $dbh = Bugzilla->dbh;
|
|
|
|
my $userid = $user->id;
|
|
my $token = $cgi->param('token');
|
|
my $sth; # database statement handle
|
|
|
|
# $events is a hash ref of Bugzilla::Whine objects keyed by event id,
|
|
# that stores the active user's events.
|
|
#
|
|
# Eventually, it winds up with:
|
|
# 'queries' - array ref containing hashes of:
|
|
# 'name' - the name of the saved query
|
|
# 'title' - The title line for the search results table
|
|
# 'sort' - Numeric sort ID
|
|
# 'id' - row ID for the query entry
|
|
# 'onemailperbug' - whether a single message must be sent for each
|
|
# result.
|
|
# 'schedule' - array ref containing hashes of:
|
|
# 'day' - Day or range of days this schedule will be run
|
|
# 'time' - time or interval to run
|
|
# 'mailto_type' - MAILTO_USER or MAILTO_GROUP
|
|
# 'mailto' - person/group who will receive the results
|
|
# 'id' - row ID for the schedule
|
|
my $events = get_events($userid);
|
|
|
|
# First see if this user may use whines
|
|
$user->in_group('bz_canusewhines')
|
|
|| ThrowUserError("auth_failure", {group => "bz_canusewhines",
|
|
action => "schedule",
|
|
object => "reports"});
|
|
|
|
# May this user send mail to other users?
|
|
my $can_mail_others = $user->in_group('bz_canusewhineatothers');
|
|
|
|
# If the form was submitted, we need to look for what needs to be added or
|
|
# removed, then what was altered.
|
|
|
|
if ($cgi->param('update')) {
|
|
check_token_data($token, 'edit_whine');
|
|
|
|
if ($cgi->param("add_event")) {
|
|
# we create a new event
|
|
$sth = $dbh->prepare("INSERT INTO whine_events " .
|
|
"(owner_userid) " .
|
|
"VALUES (?)");
|
|
$sth->execute($userid);
|
|
}
|
|
else {
|
|
for my $eventid (keys %{$events}) {
|
|
# delete an entire event
|
|
if ($cgi->param("remove_event_$eventid")) {
|
|
# We need to make sure these belong to the same user,
|
|
# otherwise we could simply delete whatever matched that ID.
|
|
#
|
|
# schedules
|
|
my $schedules = Bugzilla::Whine::Schedule->match({ eventid => $eventid });
|
|
$sth = $dbh->prepare("DELETE FROM whine_schedules "
|
|
. "WHERE id=?");
|
|
foreach my $schedule (@$schedules) {
|
|
$sth->execute($schedule->id);
|
|
}
|
|
|
|
# queries
|
|
$sth = $dbh->prepare("SELECT whine_queries.id " .
|
|
"FROM whine_queries " .
|
|
"LEFT JOIN whine_events " .
|
|
"ON whine_events.id = " .
|
|
"whine_queries.eventid " .
|
|
"WHERE whine_events.id = ? " .
|
|
"AND whine_events.owner_userid = ?");
|
|
$sth->execute($eventid, $userid);
|
|
my @ids = @{$sth->fetchall_arrayref};
|
|
$sth = $dbh->prepare("DELETE FROM whine_queries " .
|
|
"WHERE id=?");
|
|
for (@ids) {
|
|
my $delete_id = $_->[0];
|
|
$sth->execute($delete_id);
|
|
}
|
|
|
|
# events
|
|
$sth = $dbh->prepare("DELETE FROM whine_events " .
|
|
"WHERE id=? AND owner_userid=?");
|
|
$sth->execute($eventid, $userid);
|
|
}
|
|
else {
|
|
# check the subject, body and mailifnobugs for changes
|
|
my $subject = ($cgi->param("event_${eventid}_subject") or '');
|
|
my $body = ($cgi->param("event_${eventid}_body") or '');
|
|
my $mailifnobugs = $cgi->param("event_${eventid}_mailifnobugs") ? 1 : 0;
|
|
|
|
trick_taint($subject) if $subject;
|
|
trick_taint($body) if $body;
|
|
|
|
if ( ($subject ne $events->{$eventid}->subject)
|
|
|| ($mailifnobugs != $events->{$eventid}->mail_if_no_bugs)
|
|
|| ($body ne $events->{$eventid}->body) ) {
|
|
|
|
$sth = $dbh->prepare("UPDATE whine_events " .
|
|
"SET subject=?, body=?, mailifnobugs=? " .
|
|
"WHERE id=?");
|
|
$sth->execute($subject, $body, $mailifnobugs, $eventid);
|
|
}
|
|
|
|
# add a schedule
|
|
if ($cgi->param("add_schedule_$eventid")) {
|
|
# the schedule table must be locked before altering
|
|
$sth = $dbh->prepare("INSERT INTO whine_schedules " .
|
|
"(eventid, mailto_type, mailto, " .
|
|
"run_day, run_time) " .
|
|
"VALUES (?, ?, ?, 'Sun', 2)");
|
|
$sth->execute($eventid, MAILTO_USER, $userid);
|
|
}
|
|
# add a query
|
|
elsif ($cgi->param("add_query_$eventid")) {
|
|
$sth = $dbh->prepare("INSERT INTO whine_queries "
|
|
. "(eventid) "
|
|
. "VALUES (?)");
|
|
$sth->execute($eventid);
|
|
}
|
|
}
|
|
|
|
# now check all of the schedules and queries to see if they need
|
|
# to be altered or deleted
|
|
|
|
# Check schedules for changes
|
|
my $schedules = Bugzilla::Whine::Schedule->match({ eventid => $eventid });
|
|
my @scheduleids = ();
|
|
foreach my $schedule (@$schedules) {
|
|
push @scheduleids, $schedule->id;
|
|
}
|
|
|
|
# we need to double-check all of the user IDs in mailto to make
|
|
# sure they exist
|
|
my $arglist = {}; # args for match_field
|
|
for my $sid (@scheduleids) {
|
|
if ($cgi->param("mailto_type_$sid") == MAILTO_USER) {
|
|
$arglist->{"mailto_$sid"} = {
|
|
'type' => 'single',
|
|
};
|
|
}
|
|
}
|
|
if (scalar %{$arglist}) {
|
|
Bugzilla::User::match_field($arglist);
|
|
}
|
|
|
|
for my $sid (@scheduleids) {
|
|
if ($cgi->param("remove_schedule_$sid")) {
|
|
# having the assignee id in here is a security failsafe
|
|
$sth = $dbh->prepare("SELECT whine_schedules.id " .
|
|
"FROM whine_schedules " .
|
|
"LEFT JOIN whine_events " .
|
|
"ON whine_events.id = " .
|
|
"whine_schedules.eventid " .
|
|
"WHERE whine_events.owner_userid=? " .
|
|
"AND whine_schedules.id =?");
|
|
$sth->execute($userid, $sid);
|
|
|
|
my @ids = @{$sth->fetchall_arrayref};
|
|
for (@ids) {
|
|
$sth = $dbh->prepare("DELETE FROM whine_schedules " .
|
|
"WHERE id=?");
|
|
$sth->execute($_->[0]);
|
|
}
|
|
}
|
|
else {
|
|
my $o_day = $cgi->param("orig_day_$sid") || '';
|
|
my $day = $cgi->param("day_$sid") || '';
|
|
my $o_time = $cgi->param("orig_time_$sid") || 0;
|
|
my $time = $cgi->param("time_$sid") || 0;
|
|
my $o_mailto = $cgi->param("orig_mailto_$sid") || '';
|
|
my $mailto = $cgi->param("mailto_$sid") || '';
|
|
my $o_mailto_type = $cgi->param("orig_mailto_type_$sid") || 0;
|
|
my $mailto_type = $cgi->param("mailto_type_$sid") || 0;
|
|
|
|
my $mailto_id = $userid;
|
|
|
|
# get an id for the mailto address
|
|
if ($can_mail_others && $mailto) {
|
|
if ($mailto_type == MAILTO_USER) {
|
|
$mailto_id = login_to_id($mailto);
|
|
}
|
|
elsif ($mailto_type == MAILTO_GROUP) {
|
|
# The group name is used in a placeholder.
|
|
trick_taint($mailto);
|
|
$mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user))
|
|
|| ThrowUserError('invalid_group_name', { name => $mailto });
|
|
}
|
|
else {
|
|
# bad value, so it will just mail to the whine
|
|
# owner. $mailto_id was already set above.
|
|
$mailto_type = MAILTO_USER;
|
|
}
|
|
}
|
|
|
|
detaint_natural($mailto_type);
|
|
|
|
if ( ($o_day ne $day) ||
|
|
($o_time ne $time) ||
|
|
($o_mailto ne $mailto) ||
|
|
($o_mailto_type != $mailto_type) ){
|
|
|
|
trick_taint($day);
|
|
trick_taint($time);
|
|
|
|
# the schedule table must be locked
|
|
$sth = $dbh->prepare("UPDATE whine_schedules " .
|
|
"SET run_day=?, run_time=?, " .
|
|
"mailto_type=?, mailto=?, " .
|
|
"run_next=NULL " .
|
|
"WHERE id=?");
|
|
$sth->execute($day, $time, $mailto_type,
|
|
$mailto_id, $sid);
|
|
}
|
|
}
|
|
}
|
|
|
|
# Check queries for changes
|
|
my $queries = Bugzilla::Whine::Query->match({ eventid => $eventid });
|
|
for my $query (@$queries) {
|
|
my $qid = $query->id;
|
|
if ($cgi->param("remove_query_$qid")) {
|
|
|
|
$sth = $dbh->prepare("SELECT whine_queries.id " .
|
|
"FROM whine_queries " .
|
|
"LEFT JOIN whine_events " .
|
|
"ON whine_events.id = " .
|
|
"whine_queries.eventid " .
|
|
"WHERE whine_events.owner_userid=? " .
|
|
"AND whine_queries.id =?");
|
|
$sth->execute($userid, $qid);
|
|
|
|
for (@{$sth->fetchall_arrayref}) {
|
|
$sth = $dbh->prepare("DELETE FROM whine_queries " .
|
|
"WHERE id=?");
|
|
$sth->execute($_->[0]);
|
|
}
|
|
}
|
|
else {
|
|
my $o_sort = $cgi->param("orig_query_sort_$qid") || 0;
|
|
my $sort = $cgi->param("query_sort_$qid") || 0;
|
|
my $o_queryname = $cgi->param("orig_query_name_$qid") || '';
|
|
my $queryname = $cgi->param("query_name_$qid") || '';
|
|
my $o_title = $cgi->param("orig_query_title_$qid") || '';
|
|
my $title = $cgi->param("query_title_$qid") || '';
|
|
my $o_onemailperbug =
|
|
$cgi->param("orig_query_onemailperbug_$qid") || 0;
|
|
my $onemailperbug =
|
|
$cgi->param("query_onemailperbug_$qid") ? 1 : 0;
|
|
|
|
if ( ($o_sort != $sort) ||
|
|
($o_queryname ne $queryname) ||
|
|
($o_onemailperbug != $onemailperbug) ||
|
|
($o_title ne $title) ){
|
|
|
|
detaint_natural($sort);
|
|
trick_taint($queryname);
|
|
trick_taint($title);
|
|
|
|
$sth = $dbh->prepare("UPDATE whine_queries " .
|
|
"SET sortkey=?, " .
|
|
"query_name=?, " .
|
|
"title=?, " .
|
|
"onemailperbug=? " .
|
|
"WHERE id=?");
|
|
$sth->execute($sort, $queryname, $title,
|
|
$onemailperbug, $qid);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
delete_token($token);
|
|
}
|
|
|
|
$vars->{'mail_others'} = $can_mail_others;
|
|
|
|
# Return the appropriate HTTP response headers.
|
|
print $cgi->header();
|
|
|
|
# Get events again, to cover any updates that were made
|
|
$events = get_events($userid);
|
|
|
|
# Here is the data layout as sent to the template:
|
|
#
|
|
# events
|
|
# event_id #
|
|
# schedule
|
|
# day
|
|
# time
|
|
# mailto
|
|
# queries
|
|
# name
|
|
# title
|
|
# sort
|
|
#
|
|
# build the whine list by event id
|
|
for my $event_id (keys %{$events}) {
|
|
$events->{$event_id}->{'schedule'} = [];
|
|
$events->{$event_id}->{'queries'} = [];
|
|
|
|
# schedules
|
|
my $schedules = Bugzilla::Whine::Schedule->match({ eventid => $event_id });
|
|
foreach my $schedule (@$schedules) {
|
|
my $mailto_type = $schedule->mailto_is_group ? MAILTO_GROUP
|
|
: MAILTO_USER;
|
|
my $mailto = '';
|
|
if ($mailto_type == MAILTO_USER) {
|
|
$mailto = $schedule->mailto->login;
|
|
}
|
|
elsif ($mailto_type == MAILTO_GROUP) {
|
|
$mailto = $schedule->mailto->name;
|
|
}
|
|
|
|
push @{$events->{$event_id}->{'schedule'}},
|
|
{
|
|
'day' => $schedule->run_day,
|
|
'time' => $schedule->run_time,
|
|
'mailto_type' => $mailto_type,
|
|
'mailto' => $mailto,
|
|
'id' => $schedule->id,
|
|
};
|
|
}
|
|
|
|
# queries
|
|
my $queries = Bugzilla::Whine::Query->match({ eventid => $event_id });
|
|
for my $query (@$queries) {
|
|
push @{$events->{$event_id}->{'queries'}},
|
|
{
|
|
'name' => $query->name,
|
|
'title' => $query->title,
|
|
'sort' => $query->sortkey,
|
|
'id' => $query->id,
|
|
'onemailperbug' => $query->one_email_per_bug,
|
|
};
|
|
}
|
|
}
|
|
|
|
$vars->{'events'} = $events;
|
|
|
|
# get the available queries
|
|
$sth = $dbh->prepare("SELECT name FROM namedqueries WHERE userid=?");
|
|
$sth->execute($userid);
|
|
|
|
$vars->{'available_queries'} = [];
|
|
while (my ($query) = $sth->fetchrow_array) {
|
|
push @{$vars->{'available_queries'}}, $query;
|
|
}
|
|
$vars->{'token'} = issue_session_token('edit_whine');
|
|
$vars->{'local_timezone'} = Bugzilla->local_timezone->short_name_for_datetime(DateTime->now());
|
|
|
|
$template->process("whine/schedule.html.tmpl", $vars)
|
|
|| ThrowTemplateError($template->error());
|
|
|
|
# get_events takes a userid and returns a hash of
|
|
# Bugzilla::Whine objects keyed by event ID.
|
|
sub get_events {
|
|
my $userid = shift;
|
|
my $event_rows = Bugzilla::Whine->match({ owner_userid => $userid });
|
|
my %events = map { $_->{id} => $_ } @$event_rows;
|
|
|
|
return \%events;
|
|
}
|