From 2ee4db53e5577719c8fbfe04a5535150bb2a512b Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sun, 29 May 2005 20:44:21 +0000
Subject: [PATCH] r206: Allow bugs to be hidden for security reasons or if they
 want to look deleted.

---
 admin/usergroup.php              | 1 +
 docs/schema_changes.sql          | 4 +++-
 editcomment.php                  | 5 +++++
 editreport.php                   | 8 +++++++-
 includes/init.php                | 3 ++-
 index.php                        | 3 ++-
 showhistory.php                  | 5 +++++
 showreport.php                   | 7 ++++++-
 templates/default/SHOWREPORT.tpl | 2 ++
 templates/default/editreport.tpl | 1 +
 10 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/admin/usergroup.php b/admin/usergroup.php
index b763027..5b4efa0 100755
--- a/admin/usergroup.php
+++ b/admin/usergroup.php
@@ -97,6 +97,7 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit')
 	$permissions = array(
 		'general' => array(
 			'canviewbugs',
+			'canviewhiddenbugs',
 			'cansearch',
 			'cansubscribe',
 			'canbeassignedto'),
diff --git a/docs/schema_changes.sql b/docs/schema_changes.sql
index df7f777..90efbcb 100644
--- a/docs/schema_changes.sql
+++ b/docs/schema_changes.sql
@@ -48,4 +48,6 @@ CREATE TABLE `bugfield` (
 CREATE TABLE `bugvaluefill` (
   `bugid` INT(10) UNSIGNED NOT NULL,
   PRIMARY KEY (`bugid`)
-);
\ No newline at end of file
+);
+
+ALTER TABLE `bug` ADD `hidden` INT(2) UNSIGNED NOT NULL AFTER `assignedto`;
\ No newline at end of file
diff --git a/editcomment.php b/editcomment.php
index 42f53fd..d94a3c2 100644
--- a/editcomment.php
+++ b/editcomment.php
@@ -36,6 +36,11 @@ if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['us
 	$message->error_permission();
 }
 
+if ($bug['hidden'] AND !can_perform('canviewhiddenbugs'))
+{
+	$message->error_permissison();
+}
+
 // ###################################################################
 
 if (empty($_REQUEST['do']))
diff --git a/editreport.php b/editreport.php
index 113f408..6d492d2 100644
--- a/editreport.php
+++ b/editreport.php
@@ -37,6 +37,11 @@ if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['u
 	$message->error_permission();
 }
 
+if ($bug['hidden'] AND !can_perform('canviewhiddenbugs'))
+{
+	$message->error_permission();
+}
+
 // setup logging
 require_once('./includes/class_history.php');
 $log = new History();
@@ -94,7 +99,8 @@ if ($_POST['do'] == 'update')
 			assignedto = " . intval($bugsys->in['assignedto']) . ",
 			productid = " . $pcv['product'] . ",
 			componentid = " . $pcv['component'] . ",
-			versionid = " . $pcv['version'] . "
+			versionid = " . $pcv['version'] . ",
+			hidden = " . intval($bugsys->in['hidden']) . "
 		WHERE bugid = $bug[bugid]"
 	);
 	
diff --git a/includes/init.php b/includes/init.php
index 02a352a..04dc26d 100755
--- a/includes/init.php
+++ b/includes/init.php
@@ -187,7 +187,8 @@ $_PERMISSION = array(
 	'canadmintools'		=> 262144, // can use admin tools
 	'canadminfields'	=> 524288, // can admin custom bug fields
 	'canbeassignedto'	=> 1048576, // can be assigned bugs,
-	'caneditattach'		=> 2097152 // can edit attachments
+	'caneditattach'		=> 2097152, // can edit attachments
+	'canviewhiddenbugs'	=> 4194304 // can see hidden bugs
 );
 
 foreach ($_PERMISSION AS $name => $maskvalue)
diff --git a/index.php b/index.php
index de6c012..15f1615 100644
--- a/index.php
+++ b/index.php
@@ -32,7 +32,8 @@ $bugs_fetch = $db->query("
 	LEFT JOIN user AS user1
 		ON (bug.userid = user1.userid)
 	LEFT JOIN user AS user2
-		ON (bug.lastpostby = user2.userid)
+		ON (bug.lastpostby = user2.userid)" . ((!can_perform('canviewhiddenbugs')) ? "
+	WHERE !hidden" : "") . "
 	ORDER BY bug.lastposttime DESC"
 );
 
diff --git a/showhistory.php b/showhistory.php
index f3f8ec4..665d315 100644
--- a/showhistory.php
+++ b/showhistory.php
@@ -24,6 +24,11 @@ if (!$bug)
 	$message->error('alert: bad bug');
 }
 
+if ($bug['hidden'] AND !can_perform('canviewhiddenbugs'))
+{
+	$message->error_permission();
+}
+
 // ###################################################################
 
 $logs_fetch = $db->query("
diff --git a/showreport.php b/showreport.php
index 50406a0..d5b12a3 100644
--- a/showreport.php
+++ b/showreport.php
@@ -38,7 +38,12 @@ $bug = $db->query_first("
 if (!is_array($bug))
 {
 	$message->error('alert: bad bug');
-}	
+}
+
+if ($bug['hidden'] AND !can_perform('canviewhiddenbugs'))
+{
+	$message->error_permission();
+}
 
 // -------------------------------------------------------------------
 // prep display
diff --git a/templates/default/SHOWREPORT.tpl b/templates/default/SHOWREPORT.tpl
index 3f10ff4..d66e025 100644
--- a/templates/default/SHOWREPORT.tpl
+++ b/templates/default/SHOWREPORT.tpl
@@ -1,3 +1,5 @@
+<if condition="$bug['hidden']"><div><strong style="color: red">This bug is hidden!</strong></div></if>
+
 <div><strong>Bug ID:</strong> $bug[bugid]</div>
 <div><strong>Reported by:</strong> $bug[userinfo]</div>
 <div><strong>Product:</strong> $bug[product] <if condition="$bug['componentid']">/ <strong>Component:</strong> $bug[component]</if> / <strong>Version:</strong> $bug[version]</div>
diff --git a/templates/default/editreport.tpl b/templates/default/editreport.tpl
index 2851d76..16c6ecd 100644
--- a/templates/default/editreport.tpl
+++ b/templates/default/editreport.tpl
@@ -3,6 +3,7 @@
 <input type="hidden" name="bugid" value="$bug[bugid]" />
 
 <div><strong>Bug ID:</strong> $bug[bugid]</div>
+<div><strong<if condition="$bug['hidden']"> style="color: red"</if>>Hidden:</strong> <input type="checkbox" name="hidden" value="1"<if condition="$bug['hidden']"> checked="checked"</if> /></div>
 <div><strong>Summary/Title:</strong> <input type="text" name="summary" size="25" value="$bug[summary]" /></div>
 <div><strong>Severity:</strong> <select name="severity">$select[severity]</select></div>
 
-- 
2.22.5