]> src.bluestatic.org Git - bugdar.git/blob - showreport.php
r1105: Major update of permission checking
[bugdar.git] / showreport.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar [#]version[#]
5 || # Copyright ©2002-[#]year[#] Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version [#]gpl[#] of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'showreport',
24 'showreport_attachment',
25 'showreport_comment',
26 'quicksearch',
27 'bugfield_static_text'
28 );
29
30 define('SVN', '$Id$');
31
32 $focus['showreport'] = 'focus';
33
34 require_once('./global.php');
35 require_once('./includes/functions_product.php');
36
37 $bugid = $bugsys->input_clean('bugid', TYPE_UINT);
38
39 // ###################################################################
40
41 if (empty($bugid) OR $_REQUEST['do'] == 'quicksearch')
42 {
43 if (!empty($bugid))
44 {
45 if ($db->query_first("SELECT bugid FROM " . TABLE_PREFIX . "bug WHERE bugid = $bugid"))
46 {
47 header("Location: showreport.php?bugid=$bugid");
48 exit;
49 }
50 else
51 {
52 $error = $lang->getlex('error_invalid_id');
53 }
54 }
55
56 eval('$template->flush("' . $template->fetch('quicksearch') . '");');
57 exit;
58 }
59
60 // ###################################################################
61
62 // -------------------------------------------------------------------
63 // get the report
64 $bug = $db->query_first("
65 SELECT bugvaluefill.*, bug.*, user.email, user.displayname, user.showemail
66 FROM " . TABLE_PREFIX . "bug AS bug
67 LEFT JOIN " . TABLE_PREFIX . "user AS user
68 ON (bug.userid = user.userid)
69 LEFT JOIN " . TABLE_PREFIX . "bugvaluefill AS bugvaluefill
70 ON (bug.bugid = bugvaluefill.bugid)
71 WHERE bug.bugid = $bugid"
72 );
73
74 if (!can_perform('canviewbugs', $bug['product']))
75 {
76 $message->error_permission();
77 }
78
79 $show['edit'] = ((can_perform('caneditown', $bug['product']) AND $bugsys->userinfo['userid'] == $bug['userid'] AND $bug['userid'] != 0) OR (can_perform('caneditother', $bug['product']) AND $bugsys->userinfo['userid'] != $bug['userid']));
80 $show['delete'] = can_perform('candeletedata', $bug['product']);
81
82 if (!is_array($bug))
83 {
84 $message->error($lang->getlex('error_invalid_id'));
85 }
86
87 if (!check_bug_permissions($bug))
88 {
89 $message->error_permission();
90 }
91
92 // ###################################################################
93 // edit display
94 if ($show['edit'])
95 {
96 $select['severity'] = construct_datastore_select('severity', 'severity', 'severityid', $bug['severity']);
97
98 $show['changestatus'] = (can_perform('canchangestatus', $bug['product']) ? true : false);
99 if (can_perform('canchangestatus', $bug['product']))
100 {
101 $select['priority'] = construct_datastore_select('priority', 'priority', 'priorityid', $bug['priority']);
102 $select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']);
103 $select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']);
104 }
105 else
106 {
107 $bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
108 $bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
109 $bug['severity'] = $bugsys->datastore['severity']["$bug[severity]"]['severity'];
110 $bug['priority'] = $bugsys->datastore['priority']["$bug[priority]"]['priority'];
111 }
112
113 $show['assign'] = (can_perform('canassign', $bug['product']) ? true : false);
114 if (can_perform('canassign', $bug['product']) AND is_array($bugsys->datastore['assignto']))
115 {
116 foreach ($bugsys->datastore['assignto'] AS $dev)
117 {
118 $value = $dev['userid'];
119 $selected = (($dev['userid'] == $bug['assignedto']) ? true : false);
120 $label = construct_user_display($dev, false);
121 eval('$select[dev] .= "' . $template->fetch('selectoption') . '";');
122 }
123 }
124
125 $pcv_select = construct_pcv_select('canviewbugs', "p$bug[product]c$bug[component]v$bug[version]");
126
127 if ($bug['duplicateof'])
128 {
129 $duplicate = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $bug[duplicateof]");
130 }
131
132 if ($bug['dependency'])
133 {
134 $depends = array();
135 $dependencies = $db->query("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid IN ($bug[dependency])");
136 while ($dependency = $db->fetch_array($dependencies))
137 {
138 $depends[] = "<a href=\"showreport.php?bugid=$dependency[bugid]\" title=\"$dependency[summary]\">$dependency[bugid]</a>";
139 }
140 $dependencies = implode(' ', $depends);
141 }
142
143 $select['autoactions'] = '';
144 $show['autoactions'] = false;
145 if (is_array($bugsys->datastore['autoaction']))
146 {
147 foreach ($bugsys->datastore['autoaction'] AS $action)
148 {
149 $label = $action['name'];
150 $value = $action['actionid'];
151 $selected = false;
152 eval('$select[autoaction] .= "' . $template->fetch('selectoption') . '";');
153 $show['autoactions'] = true;
154 }
155 if ($show['autoactions'])
156 {
157 $label = '';
158 $value = 0;
159 $selected = true;
160 eval('$select[autoaction] = "' . $template->fetch('selectoption') . '" . $select[autoaction];');
161 }
162 }
163 }
164
165 // ###################################################################
166 // non-edit display
167 else
168 {
169 // -------------------------------------------------------------------
170 // prep display
171 $bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
172 $bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
173 $bug['severity'] = $bugsys->datastore['severity']["$bug[severity]"]['severity'];
174 $bug['priority'] = $bugsys->datastore['priority']["$bug[priority]"]['priority'];
175
176 $assigninfo = $bugsys->datastore['assignto']["$bug[assignedto]"];
177 $bug['assigninfo'] = ((is_array($assigninfo)) ? construct_user_display($assigninfo) : '');
178
179 $duplicateof = $db->query_first("SELECT bugid, summary FROM " . TABLE_PREFIX . "bug WHERE bugid = $bug[duplicateof]");
180
181 $dupelist = array();
182 $duplicates = $db->query("SELECT bugid, summary FROM " . TABLE_PREFIX . "bug WHERE duplicateof = $bug[bugid]");
183 while ($duplicate = $db->fetch_array($duplicates))
184 {
185 $dupelist[] = "<a href=\"showreport.php?bugid=$duplicate[bugid]\" target=\"_blank\">$duplicate[summary]</a>";
186 }
187 $dupelist = implode(', ', $dupelist);
188
189 if ($bug['dependency'])
190 {
191 $depends = array();
192 $dependencies = $db->query("SELECT bugid, summary FROM " . TABLE_PREFIX . "bug WHERE bugid IN ($bug[dependency])");
193 while ($dependency = $db->fetch_array($dependencies))
194 {
195 $depends[] = "<a href=\"showreport.php?bugid=$dependency[bugid]\" title=\"$dependency[summary]\" target=\"_blank\">$dependency[bugid]</a>";
196 }
197 $dependencies = implode(' ', $depends);
198 }
199 }
200
201 // ###################################################################
202 // global display items
203
204 $show['subscribe'] = can_perform('cansubscribe', $bug['product']);
205
206 $favorite = (bool)$db->query_first("SELECT * FROM " . TABLE_PREFIX . "favorite WHERE bugid = $bug[bugid] AND userid = " . $bugsys->userinfo['userid']);
207 $favoritetext = ($favorite ? _('Remove from Favorites') : _('Add to Favorites'));
208
209 $bug['userinfo'] = construct_user_display($bug);
210 $bug['datetime'] = $datef->format($bugsys->options['dateformat'], $bug['dateline']);
211 $bug['product'] = $bugsys->datastore['product']["$bug[product]"]['title'];
212 $bug['component'] = ($bug['component'] ? $bugsys->datastore['product']["$bug[component]"]['title'] : '');
213 $bug['version'] = $bugsys->datastore['version']["$bug[version]"]['version'];
214
215 // ###################################################################
216 // custom field output
217
218 $fields = construct_custom_fields($bug);
219 $i = 0;
220 foreach ($fields AS $field)
221 {
222 if ($i % 2 == 0)
223 {
224 $customfields['left'] .= $field;
225 }
226 else
227 {
228 $customfields['right'] .= $field;
229 }
230 $i++;
231 }
232
233 // ###################################################################
234 // other elements
235
236 // -------------------------------------------------------------------
237 // hilight
238 $words = explode(' ', $bugsys->in['hilight']);
239 foreach ($words AS $word)
240 {
241 if (trim($word))
242 {
243 $word = preg_quote($bugsys->unsanitize($word));
244 $hilight[] = $temp = trim(preg_replace('#[^0-9a-zA-Z_ ]#', '', $word));
245 }
246 }
247
248 // -------------------------------------------------------------------
249 // attachments
250 $show['getattachments'] = ((can_perform('cangetattach', $bug['product']) OR can_perform('caneditattach', $bug['product'])) ? true : false);
251 $show['putattachments'] = ((can_perform('canputattach', $bug['product']) OR can_perform('caneditattach', $bug['product'])) ? true : false);
252 $show['attachments'] = ($show['getattachments'] OR $show['putattachments']) ? true : false;
253
254 if ($show['getattachments'] OR $show['putattachments'])
255 {
256 $attachments_fetch = $db->query("
257 SELECT attachment.attachmentid, attachment.filename,
258 attachment.description, attachment.dateline,
259 attachment.userid, attachment.obsolete, user.email,
260 user.showemail, user.displayname
261 FROM " . TABLE_PREFIX . "attachment AS attachment
262 LEFT JOIN " . TABLE_PREFIX . "user AS user
263 ON (attachment.userid = user.userid)
264 WHERE attachment.bugid = $bug[bugid]
265 ORDER BY attachment.dateline"
266 );
267
268 $attaches = false;
269 while ($attachment = $db->fetch_array($attachments_fetch))
270 {
271 $attaches = true;
272 $show['editattach'] = ((can_perform('caneditattach', $bug['product']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['product']))) ? true : false);
273 $attachment['date'] = $datef->format($bugsys->options['dateformat'], $attachment['dateline']);
274 $attachment['user'] = construct_user_display($attachment, false);
275 eval('$attachments .= "' . $template->fetch('showreport_attachment') . '";');
276 }
277
278 $show['attachments'] = (!$show['putattachments'] AND !$attaches) ? false : true;
279 }
280
281 // -------------------------------------------------------------------
282 // votes
283
284 $vote = $db->query_first("SELECT *, FIND_IN_SET(" . $bugsys->userinfo['userid'] . ", userids) AS uservote FROM " . TABLE_PREFIX . "vote WHERE bugid = $bug[bugid]");
285
286 $vote['total'] = $vote['votefor'] + $vote['voteagainst'];
287 if ($vote['total'] != 0)
288 {
289 $vote['forpercent'] = round($vote['votefor'] / $vote['total'], 3) * 100;
290 $vote['againstpercent'] = round($vote['voteagainst'] / $vote['total'], 3) * 100;
291 }
292 else
293 {
294 $vote['forpercent'] = 0;
295 $vote['againstpercent'] = 0;
296 }
297
298 $show['vote'] = ((can_perform('canvote', $bug['product']) AND !$vote['uservote']) ? true : false);
299
300 // -------------------------------------------------------------------
301 // get comments
302 $comments_fetch = $db->query("
303 SELECT comment.*, user.email, user.showemail, user.displayname
304 FROM " . TABLE_PREFIX . "comment AS comment
305 LEFT JOIN " . TABLE_PREFIX . "user AS user
306 ON (comment.userid = user.userid)
307 WHERE comment.bugid = $bug[bugid]" . (!can_perform('canviewhidden', $bug['product']) ? "
308 AND !hidden" : '') . "
309 ORDER BY comment.dateline ASC"
310 );
311 while ($comment = $db->fetch_array($comments_fetch))
312 {
313 $comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
314 $comment['postby'] = construct_user_display($comment);
315 $show['editcomment'] = ((can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid']));
316
317 $bugsys->debug('can edit own replies: ' . (int)(can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']));
318 $bugsys->debug('can edit other replies:' . (int)(can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid']));
319 $bugsys->debug('$show[editcomment]: ' . $show['editcomment']);
320
321 if (is_array($hilight))
322 {
323 foreach ($hilight AS $id => $find)
324 {
325 $find = "#($find)#i";
326 $replace = "<span style=\"background-color: yellow; font-weight: bold; color: red;\">\\1</span>";
327 $comment['comment_parsed'] = preg_replace($find, $replace, $comment['comment_parsed']);
328 }
329 }
330
331 eval('$comments .= "' . $template->fetch('showreport_comment') . '";');
332 }
333
334 $show['newreply'] = (can_perform('canpostcomments', $bug['product']) ? true : false);
335
336 $bug['summary_title'] = $bug['summary'];
337 if (is_array($hilight) AND !$show['edit'])
338 {
339 foreach ($hilight AS $id => $find)
340 {
341 $find = "#($find)#i";
342 $replace = "<span style=\"background-color: yellow; font-weight: bold; color: red;\">\\1</span>";
343 $bug['summary'] = preg_replace($find, $replace, $bug['summary']);
344 }
345 }
346
347 eval('$template->flush("' . $template->fetch('showreport') . '");');
348
349 /*=====================================================================*\
350 || ###################################################################
351 || # $HeadURL$
352 || # $Id$
353 || ###################################################################
354 \*=====================================================================*/
355 ?>