From e6feb1bd062bc9e38dacca7ac6ff2eaad2a81b48 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 6 Jun 2005 02:56:20 +0000
Subject: [PATCH] r239: Most of the custom bug field permissions are worked out
 now. The only thing left to figure out is how we do the showreport.php
 permissions.

---
 admin/usergroup.php     | 56 ++++++++++++++++++++++++++++++++++++++++-
 docs/schema_changes.sql | 10 +++++++-
 includes/functions.php  | 18 +++++++++++--
 showreport.php          | 28 ++++++++++++---------
 4 files changed, 96 insertions(+), 16 deletions(-)

diff --git a/admin/usergroup.php b/admin/usergroup.php
index c7a63c3..ab9046c 100755
--- a/admin/usergroup.php
+++ b/admin/usergroup.php
@@ -134,7 +134,32 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit')
 			$admin->row_yesno(phrase("permissions_$setting"), "perm[$setting]", ($usergroup['permissions'] & $_PERMISSION["$setting"]));
 		}
 	}
-
+	
+	$admin->table_end();
+		
+	// custom field permissions
+	$admin->table_start();
+	$admin->table_head('Custom Field Permissions');
+	
+	if ($edit)
+	{
+		$perms = $db->query("SELECT fieldid, mask FROM " . TABLE_PREFIX . "bugfieldpermission WHERE usergroupid = $usergroup[usergroupid]");
+		while ($perm = $db->fetch_array($perms))
+		{
+			$permissions["$perm[fieldid]"] = $perm['mask'];
+		}
+	}
+	
+	$fields = $db->query("SELECT fieldid, shortname, name FROM " . TABLE_PREFIX . "bugfield ORDER BY fieldid");
+	while ($field = $db->fetch_array($fields))
+	{
+		unset($listitem);
+		$admin->list_item('No Permission', 0, $permissions["$field[fieldid]"] == 0);
+		$admin->list_item('Can View Field', 1, $permissions["$field[fieldid]"] == 1);
+		$admin->list_item('Can View, Edit Field', 2, $permissions["$field[fieldid]"] == 2);
+		$admin->row_list($field['name'], "custom[$field[fieldid]]");
+	}
+	
 	$admin->table_end();
 	
 	// Submit
@@ -166,8 +191,23 @@ if ($_POST['do'] == 'insert')
 		)"
 	);
 	
+	$ugroupid = $db->insert_id();
+	
 	build_usergroups();
 	
+	foreach ($_POST['custom'] AS $fieldid => $mask)
+	{
+		$values[] = "$ugroupid, " . intval($fieldid) . ", " . intval($mask);
+	}
+	
+	$db->query("
+		INSERT INTO " . TABLE_PREFIX . "bugfieldpermission
+			(usergroupid, fieldid, mask)
+		VALUES
+			(" . implode("\n\t\t\t", $values) . "
+		)"
+	);
+	
 	$admin->redirect('usergroup.php?do=modify');
 }
 
@@ -193,6 +233,20 @@ if ($_POST['do'] == 'update')
 	build_usergroups();
 	build_assignedto();
 	
+	$ugroupid = intval($bugsys->in['usergroupid']);
+	foreach ($_POST['custom'] AS $fieldid => $mask)
+	{
+		$values[] = "$ugroupid, " . intval($fieldid) . ", " . intval($mask);
+	}
+	
+	$db->query("
+		REPLACE INTO " . TABLE_PREFIX . "bugfieldpermission
+			(usergroupid, fieldid, mask)
+		VALUES
+			(" . implode("),\n\t\t\t(", $values) . ")"
+	);
+
+	
 	$admin->redirect('usergroup.php?do=modify');
 }
 
diff --git a/docs/schema_changes.sql b/docs/schema_changes.sql
index c5aac84..85854bd 100644
--- a/docs/schema_changes.sql
+++ b/docs/schema_changes.sql
@@ -58,4 +58,12 @@ ALTER TABLE `bug` ADD `hiddenlastposttime` INT(10) UNSIGNED NOT NULL, ADD `hidde
 
 ALTER TABLE `bug` ADD `duplicateof` INT(10) UNSIGNED NOT NULL AFTER `assignedto`, ADD `dependency` MEDIUMTEXT NOT NULL AFTER `duplicateof`;
 
-DROP TABLE IF EXISTS `templateset`;
\ No newline at end of file
+DROP TABLE IF EXISTS `templateset`;
+
+CREATE TABLE `bugfieldpermission` (
+  `permissionid` INT(10) UNSIGNED NOT NULL, 
+  `usergroupid` INT(10) UNSIGNED NOT NULL, 
+  `fieldid` INT(10) UNSIGNED NOT NULL, 
+  `mask` INT(5) UNSIGNED NOT NULL,
+  PRIMARY KEY (`permissionid`, `fieldid`)
+);
\ No newline at end of file
diff --git a/includes/functions.php b/includes/functions.php
index 09894d6..271898b 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -333,7 +333,14 @@ function construct_custom_fields($bug = array())
 	if (!is_array($fields))
 	{
 		$fields = array();
-		$fields_fetch = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "bugfield");
+		$fields_fetch = $bugsys->db->query("
+			SELECT bugfield.*
+			FROM " . TABLE_PREFIX . "bugfield AS bugfield
+			LEFT JOIN " . TABLE_PREFIX . "bugfieldpermission AS permission
+				ON (bugfield.fieldid = permission.fieldid)
+			WHERE permission.mask = 2
+			AND permission.usergroupid = {$bugsys->userinfo['usergroupid']}"
+		);
 		while ($field = $bugsys->db->fetch_array($fields_fetch))
 		{
 			$fields["$field[fieldid]"] = $field;
@@ -402,7 +409,14 @@ function process_custom_fields($bugid, $inputdata = array())
 		$inputdata =& $bugsys->in;
 	}
 	
-	$fields = $bugsys->db->query("SELECT * FROM " . TABLE_PREFIX . "bugfield");
+	$fields = $bugsys->db->query("
+		SELECT bugfield.*
+		FROM " . TABLE_PREFIX . "bugfield AS bugfield
+		LEFT JOIN " . TABLE_PREFIX . "bugfieldpermission AS permission
+			ON (bugfield.fieldid = permission.fieldid)
+		WHERE permission.mask = 2
+		AND permission.usergroupid = {$bugsys->userinfo['usergroupid']}"
+	);
 	while ($field = $bugsys->db->fetch_array($fields))
 	{
 		if ($field['type'] == 'input_checkbox')
diff --git a/showreport.php b/showreport.php
index dbaffc8..fa4e285 100644
--- a/showreport.php
+++ b/showreport.php
@@ -84,7 +84,14 @@ if ($bug['dependency'])
 // custom fields
 $customfields = '';
 
-$allfields = $db->query("SELECT * FROM " . TABLE_PREFIX . "bugfield");
+$allfields = $db->query("
+	SELECT bugfield.*
+	FROM " . TABLE_PREFIX . "bugfield AS bugfield
+	LEFT JOIN " . TABLE_PREFIX . "bugfieldpermission AS permission
+		ON (bugfield.fieldid = permission.fieldid)
+	WHERE permission.mask <> 0
+	AND permission.usergroupid = {$bugsys->userinfo['usergroupid']}"
+);
 while ($field = $db->fetch_array($allfields))
 {
 	$fieldlist["$field[shortname]"] = $field;
@@ -92,23 +99,20 @@ while ($field = $db->fetch_array($allfields))
 
 $fieldvalues = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugvaluefill WHERE bugid = $bug[bugid]");
 
-foreach ($fieldvalues AS $shortname => $value)
+foreach ($fieldlist AS $shortname => $field)
 {
-	if ($shortname == 'bugid')
-	{
-		continue;
-	}
-	
-	$field =& $fieldlist["$shortname"];
-	
 	$customfields .= "<div><strong>$field[name]:</strong> ";
 	
-	if (is_null($value))
+	if (is_null($fieldvalues["$shortname"]))
 	{
 		$value = $field['defaultvalue'];
 	}
+	else
+	{
+		$value = $fieldvalues["$shortname"];
+	}
 	
-	if ($field['type'] == 'input_text' OR $field['type'] == 'textarea' OR $field['type'] == 'select_single')
+	if ($field['type'] == 'input_text' OR $field['type'] == 'select_single')
 	{
 		$customfields .= $value;
 	}
@@ -116,7 +120,7 @@ foreach ($fieldvalues AS $shortname => $value)
 	{
 		$customfields .= (($value) ? 'True' : 'False');
 	}
-	$customfields .= "</div>\n\n";
+	$customfeilds .= "</div>\n\n";
 }
 
 // -------------------------------------------------------------------
-- 
2.22.5