search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rubber-stamped by Brady Eidson.
[webbrowser.git] / BugsSite / votes.cgi
blobd1a9de0c91e8a77e5903d374bb7345a05a03a780
1 #!/usr/bin/env perl -wT
2 # -*- Mode: perl; indent-tabs-mode: nil -*-
3 #
4 # The contents of this file are subject to the Mozilla Public
5 # License Version 1.1 (the "License"); you may not use this file
6 # except in compliance with the License. You may obtain a copy of
7 # the License at http://www.mozilla.org/MPL/
8 #
9 # Software distributed under the License is distributed on an "AS
10 # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11 # implied. See the License for the specific language governing
12 # rights and limitations under the License.
13 #
14 # The Original Code is the Bugzilla Bug Tracking System.
15 #
16 # The Initial Developer of the Original Code is Netscape Communications
17 # Corporation. Portions created by Netscape are
18 # Copyright (C) 1998 Netscape Communications Corporation. All
19 # Rights Reserved.
20 #
21 # Contributor(s): Terry Weissman <terry@mozilla.org>
22 # Stephan Niemz <st.n@gmx.net>
23 # Christopher Aillon <christopher@aillon.com>
24 # Gervase Markham <gerv@gerv.net>
25 # Frédéric Buclin <LpSolit@gmail.com>
26
27 use strict;
28 use lib qw(. lib);
29
30 use Bugzilla;
31 use Bugzilla::Constants;
32 use Bugzilla::Util;
33 use Bugzilla::Error;
34 use Bugzilla::Bug;
35 use Bugzilla::User;
36 use Bugzilla::Product;
37
38 use List::Util qw(min);
39
40 my $cgi = Bugzilla->cgi;
41 local our $vars = {};
42
43 # If the action is show_bug, you need a bug_id.
44 # If the action is show_user, you can supply a userid to show the votes for
45 # another user, otherwise you see your own.
46 # If the action is vote, your votes are set to those encoded in the URL as
47 # <bug_id>=<votes>.
48 #
49 # If no action is defined, we default to show_bug if a bug_id is given,
50 # otherwise to show_user.
51 my $bug_id = $cgi->param('bug_id');
52 my $action = $cgi->param('action') || ($bug_id ? "show_bug" : "show_user");
53
54 if ($action eq "show_bug" ||
55 ($action eq "show_user" && defined $cgi->param('user')))
56 {
57 Bugzilla->login();
58 }
59 else {
60 Bugzilla->login(LOGIN_REQUIRED);
61 }
62
63 ################################################################################
64 # Begin Data/Security Validation
65 ################################################################################
66
67 # Make sure the bug ID is a positive integer representing an existing
68 # bug that the user is authorized to access.
69
70 ValidateBugID($bug_id) if defined $bug_id;
71
72 ################################################################################
73 # End Data/Security Validation
74 ################################################################################
75
76 if ($action eq "show_bug") {
77 show_bug($bug_id);
78 }
79 elsif ($action eq "show_user") {
80 show_user($bug_id);
81 }
82 elsif ($action eq "vote") {
83 record_votes() if Bugzilla->params->{'usevotes'};
84 show_user($bug_id);
85 }
86 else {
87 ThrowCodeError("unknown_action", {action => $action});
88 }
89
90 exit;
91
92 # Display the names of all the people voting for this one bug.
93 sub show_bug {
94 my ($bug_id) = @_;
95 my $cgi = Bugzilla->cgi;
96 my $dbh = Bugzilla->dbh;
97 my $template = Bugzilla->template;
98
99 ThrowCodeError("missing_bug_id") unless defined $bug_id;
100
101 $vars->{'bug_id'} = $bug_id;
102 $vars->{'users'} =
103 $dbh->selectall_arrayref('SELECT profiles.login_name, votes.vote_count
104 FROM votes
105 INNER JOIN profiles
106 ON profiles.userid = votes.who
107 WHERE votes.bug_id = ?',
108 {'Slice' => {}}, $bug_id);
109
110 print $cgi->header();
111 $template->process("bug/votes/list-for-bug.html.tmpl", $vars)
112 || ThrowTemplateError($template->error());
113 }
114
115 # Display all the votes for a particular user. If it's the user
116 # doing the viewing, give them the option to edit them too.
117 sub show_user {
118 my ($bug_id) = @_;
119 my $cgi = Bugzilla->cgi;
120 my $dbh = Bugzilla->dbh;
121 my $user = Bugzilla->user;
122 my $template = Bugzilla->template;
123
124 # If a bug_id is given, and we're editing, we'll add it to the votes list.
125 $bug_id ||= "";
126
127 my $name = $cgi->param('user') || $user->login;
128 my $who = login_to_id($name, THROW_ERROR);
129 my $userid = $user->id;
130
131 my $canedit = (Bugzilla->params->{'usevotes'} && $userid == $who) ? 1 : 0;
132
133 $dbh->bz_start_transaction();
134
135 if ($canedit && $bug_id) {
136 # Make sure there is an entry for this bug
137 # in the vote table, just so that things display right.
138 my $has_votes = $dbh->selectrow_array('SELECT vote_count FROM votes
139 WHERE bug_id = ? AND who = ?',
140 undef, ($bug_id, $who));
141 if (!$has_votes) {
142 $dbh->do('INSERT INTO votes (who, bug_id, vote_count)
143 VALUES (?, ?, 0)', undef, ($who, $bug_id));
144 }
145 }
146
147 my @all_bug_ids;
148 my @products;
149 my $products = $user->get_selectable_products;
150 # Read the votes data for this user for each product.
151 foreach my $product (@$products) {
152 next unless ($product->votes_per_user > 0);
153
154 my @bugs;
155 my @bug_ids;
156 my $total = 0;
157 my $onevoteonly = 0;
158
159 my $vote_list =
160 $dbh->selectall_arrayref('SELECT votes.bug_id, votes.vote_count,
161 bugs.short_desc
162 FROM votes
163 INNER JOIN bugs
164 ON votes.bug_id = bugs.bug_id
165 WHERE votes.who = ?
166 AND bugs.product_id = ?
167 ORDER BY votes.bug_id',
168 undef, ($who, $product->id));
169
170 foreach (@$vote_list) {
171 my ($id, $count, $summary) = @$_;
172 $total += $count;
173
174 # Next if user can't see this bug. So, the totals will be correct
175 # and they can see there are votes 'missing', but not on what bug
176 # they are. This seems a reasonable compromise; the alternative is
177 # to lie in the totals.
178 next if !$user->can_see_bug($id);
179
180 push (@bugs, { id => $id,
181 summary => $summary,
182 count => $count });
183 push (@bug_ids, $id);
184 push (@all_bug_ids, $id);
185 }
186
187 $onevoteonly = 1 if (min($product->votes_per_user,
188 $product->max_votes_per_bug) == 1);
189
190 # Only add the product for display if there are any bugs in it.
191 if ($#bugs > -1) {
192 push (@products, { name => $product->name,
193 bugs => \@bugs,
194 bug_ids => \@bug_ids,
195 onevoteonly => $onevoteonly,
196 total => $total,
197 maxvotes => $product->votes_per_user,
198 maxperbug => $product->max_votes_per_bug });
199 }
200 }
201
202 $dbh->do('DELETE FROM votes WHERE vote_count <= 0');
203 $dbh->bz_commit_transaction();
204
205 $vars->{'canedit'} = $canedit;
206 $vars->{'voting_user'} = { "login" => $name };
207 $vars->{'products'} = \@products;
208 $vars->{'bug_id'} = $bug_id;
209 $vars->{'all_bug_ids'} = \@all_bug_ids;
210
211 print $cgi->header();
212 $template->process("bug/votes/list-for-user.html.tmpl", $vars)
213 || ThrowTemplateError($template->error());
214 }
215
216 # Update the user's votes in the database.
217 sub record_votes {
218 ############################################################################
219 # Begin Data/Security Validation
220 ############################################################################
221
222 my $cgi = Bugzilla->cgi;
223 my $dbh = Bugzilla->dbh;
224 my $template = Bugzilla->template;
225
226 # Build a list of bug IDs for which votes have been submitted. Votes
227 # are submitted in form fields in which the field names are the bug
228 # IDs and the field values are the number of votes.
229
230 my @buglist = grep {/^[1-9][0-9]*$/} $cgi->param();
231
232 # If no bugs are in the buglist, let's make sure the user gets notified
233 # that their votes will get nuked if they continue.
234 if (scalar(@buglist) == 0) {
235 if (!defined $cgi->param('delete_all_votes')) {
236 print $cgi->header();
237 $template->process("bug/votes/delete-all.html.tmpl", $vars)
238 || ThrowTemplateError($template->error());
239 exit();
240 }
241 elsif ($cgi->param('delete_all_votes') == 0) {
242 print $cgi->redirect("votes.cgi");
243 exit();
244 }
245 }
246
247 # Call ValidateBugID on each bug ID to make sure it is a positive
248 # integer representing an existing bug that the user is authorized
249 # to access, and make sure the number of votes submitted is also
250 # a non-negative integer (a series of digits not preceded by a
251 # minus sign).
252 my %votes;
253 foreach my $id (@buglist) {
254 ValidateBugID($id);
255 $votes{$id} = $cgi->param($id);
256 detaint_natural($votes{$id})
257 || ThrowUserError("votes_must_be_nonnegative");
258 }
259
260 ############################################################################
261 # End Data/Security Validation
262 ############################################################################
263 my $who = Bugzilla->user->id;
264
265 # If the user is voting for bugs, make sure they aren't overstuffing
266 # the ballot box.
267 if (scalar(@buglist)) {
268 my %prodcount;
269 my %products;
270 # XXX - We really need a $bug->product() method.
271 foreach my $bug_id (@buglist) {
272 my $bug = new Bugzilla::Bug($bug_id);
273 my $prod = $bug->product;
274 $products{$prod} ||= new Bugzilla::Product({name => $prod});
275 $prodcount{$prod} ||= 0;
276 $prodcount{$prod} += $votes{$bug_id};
277
278 # Make sure we haven't broken the votes-per-bug limit
279 ($votes{$bug_id} <= $products{$prod}->max_votes_per_bug)
280 || ThrowUserError("too_many_votes_for_bug",
281 {max => $products{$prod}->max_votes_per_bug,
282 product => $prod,
283 votes => $votes{$bug_id}});
284 }
285
286 # Make sure we haven't broken the votes-per-product limit
287 foreach my $prod (keys(%prodcount)) {
288 ($prodcount{$prod} <= $products{$prod}->votes_per_user)
289 || ThrowUserError("too_many_votes_for_product",
290 {max => $products{$prod}->votes_per_user,
291 product => $prod,
292 votes => $prodcount{$prod}});
293 }
294 }
295
296 # Update the user's votes in the database. If the user did not submit
297 # any votes, they may be using a form with checkboxes to remove all their
298 # votes (checkboxes are not submitted along with other form data when
299 # they are not checked, and Bugzilla uses them to represent single votes
300 # for products that only allow one vote per bug). In that case, we still
301 # need to clear the user's votes from the database.
302 my %affected;
303 $dbh->bz_start_transaction();
304
305 # Take note of, and delete the user's old votes from the database.
306 my $bug_list = $dbh->selectcol_arrayref('SELECT bug_id FROM votes
307 WHERE who = ?', undef, $who);
308
309 foreach my $id (@$bug_list) {
310 $affected{$id} = 1;
311 }
312 $dbh->do('DELETE FROM votes WHERE who = ?', undef, $who);
313
314 my $sth_insertVotes = $dbh->prepare('INSERT INTO votes (who, bug_id, vote_count)
315 VALUES (?, ?, ?)');
316 # Insert the new values in their place
317 foreach my $id (@buglist) {
318 if ($votes{$id} > 0) {
319 $sth_insertVotes->execute($who, $id, $votes{$id});
320 }
321 $affected{$id} = 1;
322 }
323
324 # Update the cached values in the bugs table
325 print $cgi->header();
326 my @updated_bugs = ();
327
328 my $sth_getVotes = $dbh->prepare("SELECT SUM(vote_count) FROM votes
329 WHERE bug_id = ?");
330
331 my $sth_updateVotes = $dbh->prepare("UPDATE bugs SET votes = ?
332 WHERE bug_id = ?");
333
334 foreach my $id (keys %affected) {
335 $sth_getVotes->execute($id);
336 my $v = $sth_getVotes->fetchrow_array || 0;
337 $sth_updateVotes->execute($v, $id);
338
339 my $confirmed = CheckIfVotedConfirmed($id, $who);
340 push (@updated_bugs, $id) if $confirmed;
341 }
342 $dbh->bz_commit_transaction();
343
344 $vars->{'type'} = "votes";
345 $vars->{'mailrecipients'} = { 'changer' => Bugzilla->user->login };
346 $vars->{'title_tag'} = 'change_votes';
347
348 foreach my $bug_id (@updated_bugs) {
349 $vars->{'id'} = $bug_id;
350 $template->process("bug/process/results.html.tmpl", $vars)
351 || ThrowTemplateError($template->error());
352 # Set header_done to 1 only after the first bug.
353 $vars->{'header_done'} = 1;
354 }
355 $vars->{'votes_recorded'} = 1;
356 }
Experimental WebKit port