diff options
author | karl%kornel.name <> | 2005-11-05 01:11:27 +0100 |
---|---|---|
committer | karl%kornel.name <> | 2005-11-05 01:11:27 +0100 |
commit | 1afe548f9e830bcace4e06d3441bdd4b41c8d11a (patch) | |
tree | e25c39859529d8c72e85a33007d1c22877d6414a | |
parent | 4c7f4b10f22b3ad45db793ef4eb0e4ab1aef49e0 (diff) | |
download | bugzilla-1afe548f9e830bcace4e06d3441bdd4b41c8d11a.tar.gz bugzilla-1afe548f9e830bcace4e06d3441bdd4b41c8d11a.tar.xz |
Bug 312439: The user being impersonated has "moral" rights to keep informed - Patch by A. Karl Kornel <karl@kornel.name> r=LpSolit a=justdave
-rw-r--r-- | docs/xml/administration.xml | 15 | ||||
-rwxr-xr-x | relogin.cgi | 31 | ||||
-rw-r--r-- | template/en/default/admin/sudo.html.tmpl | 13 | ||||
-rw-r--r-- | template/en/default/email/sudo.txt.tmpl | 43 | ||||
-rw-r--r-- | template/en/default/pages/sudo.html.tmpl | 69 |
5 files changed, 157 insertions, 14 deletions
diff --git a/docs/xml/administration.xml b/docs/xml/administration.xml index 8c79e6fb7..104403013 100644 --- a/docs/xml/administration.xml +++ b/docs/xml/administration.xml @@ -538,12 +538,15 @@ </note> <para> - If you have access to use this feature, you should notice a link - next to your login name (in the footer) titled "sudo". Click on the - link. This will take you to a page where you will see a description of - the feature and instructions on how to use it. After reading the text, - simply enter the login of the user you would like to impersonate and - press the button.</para> + If you have access to this feature, you may start a session by + going to the Edit Users page, Searching for a user and clicking on + their login. You should see a link below their login name titled + "Impersonate this user". Click on the link. This will take you + to a page where you will see a description of the feature and + instructions for using it. After reading the text, simply + enter the login of the user you would like to impersonate, provide + a short message explaining why you are doing this, and press the + button.</para> <para> As long as you are using this feature, everything you do will be done diff --git a/relogin.cgi b/relogin.cgi index a8ebd18f4..8c4517f0c 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -23,11 +23,12 @@ # A. Karl Kornel <karl@kornel.name> use strict; - use lib qw(.); + +require "globals.pl"; + use Bugzilla; -use Bugzilla::Auth::Login::WWW; -use Bugzilla::CGI; +use Bugzilla::BugMail; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::User; @@ -70,7 +71,7 @@ if ($action eq 'sudo') { } # Show the sudo page - $vars->{'will_logout'} = 1 if Bugzilla::Auth::Login::WWW->can_logout; + $vars->{'will_logout'} = $user->get_flag('can_logout'); $target = 'admin/sudo.html.tmpl'; } # transition-sudo: Validate target, logout user, and redirect for session start @@ -113,11 +114,16 @@ elsif ($action eq 'sudo-transition') { ThrowUserError('sudo_protected', { login => $target_user->login }); } - # Log out and Redirect user to the new page + # If we have a reason passed in, keep it under 200 characters + my $reason = $cgi->param('reason') || ''; + $reason = substr($reason, $[, 200); + my $reason_string = '&reason=' . url_quote($reason); + + # Log out and redirect user to the new page Bugzilla->logout(); $target = 'relogin.cgi'; print $cgi->redirect($target . '?action=begin-sudo&target_login=' . - url_quote($target_user->login)); + url_quote($target_user->login) . $reason_string); exit; } # begin-sudo: Confirm login and start sudo session @@ -161,6 +167,10 @@ elsif ($action eq 'begin-sudo') { ThrowUserError('sudo_protected', { login => $target_user->login }); } + # If we have a reason passed in, keep it under 200 characters + my $reason = $cgi->param('reason') || ''; + $reason = substr($reason, $[, 200); + # Calculate the session expiry time (T + 6 hours) my $time_string = time2str('%a, %d-%b-%Y %T %Z', time+(6*60*60), 'GMT'); @@ -174,7 +184,14 @@ elsif ($action eq 'begin-sudo') { Bugzilla->sudo_request($target_user, Bugzilla->user); # NOTE: If you want to log the start of an sudo session, do it here. - + + # Go ahead and send out the message now + my $message; + $template->process('email/sudo.txt.tmpl', + { reason => $reason }, + \$message); + Bugzilla::BugMail::MessageToMTA($message); + $vars->{'message'} = 'sudo_started'; $vars->{'target'} = $target_user->login; $target = 'global/message.html.tmpl'; diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl index ea4f0f38e..12aa586a6 100644 --- a/template/en/default/admin/sudo.html.tmpl +++ b/template/en/default/admin/sudo.html.tmpl @@ -65,7 +65,18 @@ [% END %] <p> - Next, click the button to begin the session: + Next, please take a moment to explain why you are doing this:<br> + <input type="text" name="reason" size="80" maxlength="200"> + </p> + + <p> + The message you enter here will be sent to the impersonated user by email. + You may leave this empty if you wish, but they will still know that you + are impersonating them. + </p> + + <p> + Finally, click the button to begin the session: <input type="submit" value="Begin Session"> <input type="hidden" name="action" value="sudo-transition"> </p> diff --git a/template/en/default/email/sudo.txt.tmpl b/template/en/default/email/sudo.txt.tmpl new file mode 100644 index 000000000..06026cf39 --- /dev/null +++ b/template/en/default/email/sudo.txt.tmpl @@ -0,0 +1,43 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Netscape Communications + # Corporation. Portions created by Netscape are + # Copyright (C) 2005 Netscape Communications Corporation. All + # Rights Reserved. + # + # Contributor(s): A. Karl Kornel <karl@kornel.name> + #%] + +[% PROCESS global/variables.none.tmpl %] + +Content-Type: text/plain +From: [% Param("maintainer") %] +To: [% user.email %] +Subject: [[% terms.Bugzilla %]] Your account [% user.login -%] + is being impersonated + + [%+ sudoer.identity %] has used the 'sudo' feature to access +[%+ terms.Bugzilla %] using your account. + +[% IF reason %] + [%+ sudoer.identity %] provided the following reason for doing this: + +[% reason FILTER wrap_comment %] +[% ELSE %] + [%+ sudoer.identity %] did not provide a reason for doing this. +[% END %] + + If you feel that this action was inappropiate, please contact +[%+ Param("maintainer") %]. For more information on this feature, +visit <[% Param("urlbase") %]page.cgi?id=sudo.html>. diff --git a/template/en/default/pages/sudo.html.tmpl b/template/en/default/pages/sudo.html.tmpl new file mode 100644 index 000000000..ca57a8166 --- /dev/null +++ b/template/en/default/pages/sudo.html.tmpl @@ -0,0 +1,69 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Netscape Communications + # Corporation. Portions created by Netscape are + # Copyright (C) 2005 Netscape Communications Corporation. All + # Rights Reserved. + # + # Contributor(s): A. Karl Kornel <karl@kornel.name> + #%] + +[% PROCESS global/variables.none.tmpl %] +[% INCLUDE global/header.html.tmpl title = "sudo: User Impersonation" %] + +<p> + [%+ terms.Bugzilla %] includes the ability to have one user impersonate +another, in something called a <i>sudo session</i>, so long as the person +doing the impersonating has the appropriate privileges. +</p> + +<p> + While a session is in progress, [% terms.Bugzilla %] will act as if the + impersonated user is doing everything. This is especially useful for testing, + and for doing critical work when the impersonated user is unavailable. The + impersonated user will receive an email from [% terms.Bugzilla %] when the + session begins; they will not be told anything else. +</p> + +<p> + To use this feature, you must be a member of the appropriate group. The group + includes all administrators by default. Other users, and members of other + groups, can be given access to this feature on a case-by-case basis. To + request access, contact the maintainer of this installation: + <a href="mailto:[% Param("maintainer") %]"> + [%- Param("maintainer") %]</a>. +</p> + +<p> + If you would like to be protected from impersonation, you should contact the + maintainer of this installation to see if that is possible. People with + access to this feature are protected automatically. +</p> + +<p id="message"> + [% IF user.groups.bz_sudoers %] + You are a member of the <b>bz_sudoers</b> group. You may use this + feature to impersonate others. + [% ELSE %] + You are not a member of an appropriate group. You may not use this + feature. + [% END %] + [% IF user.groups.bz_sudo_protect %] + <br> + You are a member of the <b>bz_sudo_protect</b> group. Other people will + not be able to use this feature to impersonate you. + [% END %] +</p> + +[% INCLUDE global/footer.html.tmpl %] |