<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968"><title>6.4.&#160;Customizing Who Can Change What</title><link rel="stylesheet" type="text/css" href="../../style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><meta name="keywords" content="Bugzilla, Guide, installation, FAQ, administration, integration, MySQL, Mozilla, webtools"><link rel="home" href="index.html" title="The Bugzilla Guide - 4.4.12 Release"><link rel="up" href="customization.html" title="Chapter&#160;6.&#160;Customizing Bugzilla"><link rel="prev" href="cust-templates.html" title="6.3.&#160;Template Customization"><link rel="next" href="integration.html" title="6.5.&#160;Integrating Bugzilla with Third-Party Tools"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.4.&#160;Customizing Who Can Change What</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="cust-templates.html">Prev</a>&#160;</td><th width="60%" align="center">Chapter&#160;6.&#160;Customizing Bugzilla</th><td width="20%" align="right">&#160;<a accesskey="n" href="integration.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cust-change-permissions"></a>6.4.&#160;Customizing Who Can Change What</h2></div></div></div><div class="warning" style="margin-left: 1em; margin-right: 1em"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="../images/warning.gif"></td><th align="left"></th></tr><tr><td align="left" valign="top"><p>
        This feature should be considered experimental; the Bugzilla code you
        will be changing is not stable, and could change or move between 
        versions. Be aware that if you make modifications as outlined here, 
        you may have
        to re-make them or port them if Bugzilla changes internally between
        versions, and you upgrade.
      </p></td></tr></table></div><p>
      Companies often have rules about which employees, or classes of employees,
      are allowed to change certain things in the bug system. For example, 
      only the bug's designated QA Contact may be allowed to VERIFY the bug.
      Bugzilla has been
      designed to make it easy for you to write your own custom rules to define
      who is allowed to make what sorts of value transition.
    </p><p>
     By default, assignees, QA owners and users
     with <span class="emphasis"><em>editbugs</em></span> privileges can edit all fields of bugs, 
     except group restrictions (unless they are members of the groups they 
     are trying to change). Bug reporters also have the ability to edit some 
     fields, but in a more restrictive manner. Other users, without 
     <span class="emphasis"><em>editbugs</em></span> privileges, cannot edit 
     bugs, except to comment and add themselves to the CC list.
    </p><p>
      For maximum flexibility, customizing this means editing Bugzilla's Perl 
      code. This gives the administrator complete control over exactly who is
      allowed to do what. The relevant method is called
      <code class="filename">check_can_change_field()</code>,
      and is found in <code class="filename">Bug.pm</code> in your
      Bugzilla/ directory. If you open that file and search for
      <span class="quote">&#8220;<span class="quote">sub check_can_change_field</span>&#8221;</span>, you'll find it.
    </p><p>
      This function has been carefully commented to allow you to see exactly
      how it works, and give you an idea of how to make changes to it.
      Certain marked sections should not be changed - these are
      the <span class="quote">&#8220;<span class="quote">plumbing</span>&#8221;</span> which makes the rest of the function work.
      In between those sections, you'll find snippets of code like:
      </p><pre class="programlisting">    # Allow the assignee to change anything.
    if ($ownerid eq $whoid) {
        return 1;
    }</pre><p>
      It's fairly obvious what this piece of code does.
    </p><p>
      So, how does one go about changing this function? Well, simple changes
      can be made just by removing pieces - for example, if you wanted to 
      prevent any user adding a comment to a bug, just remove the lines marked
      <span class="quote">&#8220;<span class="quote">Allow anyone to change comments.</span>&#8221;</span> If you don't want the
      Reporter to have any special rights on bugs they have filed, just
      remove the entire section that deals with the Reporter.
    </p><p>
      More complex customizations are not much harder. Basically, you add
      a check in the right place in the function, i.e. after all the variables
      you are using have been set up. So, don't look at $ownerid before 
      $ownerid has been obtained from the database. You can either add a
      positive check, which returns 1 (allow) if certain conditions are true,
      or a negative check, which returns 0 (deny.) E.g.:
      </p><pre class="programlisting">    if ($field eq "qacontact") {
        if (Bugzilla-&gt;user-&gt;in_group("quality_assurance")) {
            return 1;
        } 
        else {
            return 0;
        }
    }</pre><p>
      This says that only users in the group "quality_assurance" can change
      the QA Contact field of a bug.
    </p><p>
      Getting more weird:
      </p><pre class="programlisting">    if (($field eq "priority") &amp;&amp;
        (Bugzilla-&gt;user-&gt;email =~ /.*\@example\.com$/))
    {
        if ($oldvalue eq "P1") {
            return 1;
        } 
        else {
            return 0;
        }
    }</pre><p>
      This says that if the user is trying to change the priority field,
      and their email address is @example.com, they can only do so if the
      old value of the field was "P1". Not very useful, but illustrative.
    </p><div class="warning" style="margin-left: 1em; margin-right: 1em"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="../images/warning.gif"></td><th align="left"></th></tr><tr><td align="left" valign="top"><p>
        If you are modifying <code class="filename">process_bug.cgi</code> in any
        way, do not change the code that is bounded by DO_NOT_CHANGE blocks.
        Doing so could compromise security, or cause your installation to
        stop working entirely.
      </p></td></tr></table></div><p>
      For a list of possible field names, look at the bugs table in the 
      database. If you need help writing custom rules for your organization,
      ask in the newsgroup.
    </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="cust-templates.html">Prev</a>&#160;</td><td width="20%" align="center"><a accesskey="u" href="customization.html">Up</a></td><td width="40%" align="right">&#160;<a accesskey="n" href="integration.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.3.&#160;Template Customization&#160;</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">&#160;6.5.&#160;Integrating Bugzilla with Third-Party Tools</td></tr></table></div></body></html>