[bugzilla-gnome-org-extensions] Protect traces that are on private comments.
- From: Krzesimir Nowak <krnowak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [bugzilla-gnome-org-extensions] Protect traces that are on private comments.
- Date: Thu, 20 Nov 2014 22:14:07 +0000 (UTC)
commit e1013ffd5442ca1ffe284fbde3ea504e55555d10
Author: Max Kanat-Alexander <mkanat everythingsolved com>
Date: Sat Aug 8 13:14:48 2009 -0500
Protect traces that are on private comments.
lib/TraceParser/Hooks.pm | 32 ++++++++++++++------
lib/TraceParser/Trace.pm | 38 ++++++++++++++++++++++--
template/en/global/user-error-errors.html.tmpl | 8 ++++-
3 files changed, 64 insertions(+), 14 deletions(-)
---
diff --git a/lib/TraceParser/Hooks.pm b/lib/TraceParser/Hooks.pm
index dc9ece5..887c2fa 100644
--- a/lib/TraceParser/Hooks.pm
+++ b/lib/TraceParser/Hooks.pm
@@ -245,7 +245,7 @@ sub _page_trace {
my $trace_id = $cgi->param('trace_id');
my $trace = TraceParser::Trace->check({ id => $trace_id });
- $trace->bug->check_is_visible;
+ $trace->check_is_visible;
my $action = $cgi->param('action') || '';
if ($action eq 'update') {
@@ -277,7 +277,8 @@ sub _page_trace {
my $grouped = $by_product{$type};
foreach my $trace (@$traces) {
my $product = $trace->bug->product;
- next if !Bugzilla->user->can_see_product($product);
+ next if (!Bugzilla->user->can_see_product($product)
+ or $trace->is_hidden);
$grouped->{$product} ||= [];
push(@{ $grouped->{$product} }, $trace);
}
@@ -295,16 +296,27 @@ sub _page_popular_traces {
my $limit = Bugzilla->cgi->param('limit') || DEFAULT_POPULAR_LIMIT;
detaint_natural($limit);
my $dbh = Bugzilla->dbh;
+
+ # insidergroup protections. This unfortunately makes the page
+ # slower for users who aren't in the insidergroup.
+ my ($extra_from, $extra_where) = ('', '');
+ if (Bugzilla->params->{insidergroup} and !Bugzilla->user->is_insider) {
+ $extra_from = 'INNER JOIN longdescs ON trace.comment_id ='
+ . ' longdescs.comment_id';
+ $extra_where = "AND longdescs.isprivate = 0"
+ }
+
my %trace_count = @{ $dbh->selectcol_arrayref(
- 'SELECT MAX(id), COUNT(*) AS trace_count
- FROM trace WHERE short_hash IS NOT NULL
- GROUP BY short_hash ORDER BY trace_count DESC '
+ "SELECT MAX(id), COUNT(*) AS trace_count
+ FROM trace $extra_from
+ WHERE short_hash IS NOT NULL $extra_where
+ GROUP BY short_hash ORDER BY trace_count DESC "
. $dbh->sql_limit('?'), {Columns=>[1,2]}, $limit) };
-
- my @traces = map { new TraceParser::Trace($_) } (keys %trace_count);
- @traces = reverse sort { $trace_count{$a->id} <=> $trace_count{$b->id} }
- @traces;
- $vars->{traces} = \ traces;
+
+ my $traces = TraceParser::Trace->new_from_list([keys %trace_count]);
+ @$traces = reverse sort { $trace_count{$a->id} <=> $trace_count{$b->id} }
+ @$traces;
+ $vars->{traces} = $traces;
$vars->{trace_count} = \%trace_count;
}
diff --git a/lib/TraceParser/Trace.pm b/lib/TraceParser/Trace.pm
index 735f87c..755c65b 100644
--- a/lib/TraceParser/Trace.pm
+++ b/lib/TraceParser/Trace.pm
@@ -93,11 +93,16 @@ sub _do_list_select {
if (@$objects > 1) {
my $dbh = Bugzilla->dbh;
my @trace_ids = map { $_->id } @$objects;
- my %bug_ids = @{ $dbh->selectcol_arrayref(
- 'SELECT trace.id, longdescs.bug_id
+ my $comment_info = $dbh->selectall_arrayref(
+ 'SELECT trace.id AS id, longdescs.bug_id AS bug_id,
+ longdescs.isprivate AS isprivate
FROM trace INNER JOIN longdescs
ON trace.comment_id = longdescs.comment_id
- WHERE id IN(' . join(',', @trace_ids) . ')', {Columns=>[1,2]}) };
+ WHERE trace.id IN(' . join(',', @trace_ids) . ')', {Slice=>{}});
+
+ my %bug_ids = map { $_->{id} => $_->{bug_id} } @$comment_info;
+ my %private = map { $_->{id} => $_->{isprivate} } @$comment_info;
+
my %unique_ids = map { $bug_ids{$_} => 1 } (keys %bug_ids);
my $bugs = Bugzilla::Bug->new_from_list([values %bug_ids]);
@@ -118,6 +123,7 @@ sub _do_list_select {
foreach my $trace (@$objects) {
my $bug_id = $bug_ids{$trace->id};
$trace->{bug} = $bug_map{$bug_id};
+ $trace->{comment_is_private} = $private{$trace->id};
}
}
return $objects;
@@ -224,6 +230,15 @@ sub bug {
return $self->{bug};
}
+sub comment_is_private {
+ my $self = shift;
+ return $self->{comment_is_private} if exists $self->{comment_is_private};
+ $self->{comment_is_private} = Bugzilla->dbh->selectrow_array(
+ 'SELECT isprivate FROM longdescs WHERE comment_id = ?',
+ undef, $self->id);
+ return $self->{comment_is_private};
+}
+
sub crash_thread {
my ($invocant, $st) = @_;
$st ||= $invocant->stack;
@@ -240,6 +255,23 @@ sub identical_traces {
return $self->{identical_traces};
}
+sub is_hidden {
+ my $self = shift;
+ if ($self->comment_is_private and !Bugzilla->user->is_insider) {
+ return 1;
+ }
+ return 0;
+}
+
+sub check_is_visible {
+ my $self = shift;
+ $self->bug->check_is_visible;
+ if ($self->is_hidden) {
+ ThrowUserError('traceparser_comment_private',
+ { trace_id => $self->id, bug_id => $self->bug->id });
+ }
+}
+
sub must_dup_to {
my $self = shift;
my $id = $self->identical_dup_id || $self->similar_dup_id;
diff --git a/template/en/global/user-error-errors.html.tmpl b/template/en/global/user-error-errors.html.tmpl
index 8fc273a..547a21a 100644
--- a/template/en/global/user-error-errors.html.tmpl
+++ b/template/en/global/user-error-errors.html.tmpl
@@ -1,4 +1,10 @@
-[% IF error == "traceparser_dup_to" %]
+[% IF error == "traceparser_comment_private" %]
+ [% title = "Trace Is Private" %]
+ Trace [% trace_id FILTER html %] is on a private comment on
+ [%+ terms.bug %] [%+ bug_id FILTER html %] that you do not
+ have access to.
+
+[% ELSIF error == "traceparser_dup_to" %]
[% title = "Stack Trace Is a Duplicate" %]
Thank you for submitting your crash. This crash is a duplicate of
[%+ "$terms.bug $dup_to.id" FILTER bug_link(dup_to) %].
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
