summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkarl%kornel.name <>2005-11-05 01:11:27 +0100
committerkarl%kornel.name <>2005-11-05 01:11:27 +0100
commit1afe548f9e830bcace4e06d3441bdd4b41c8d11a (patch)
treee25c39859529d8c72e85a33007d1c22877d6414a
parent4c7f4b10f22b3ad45db793ef4eb0e4ab1aef49e0 (diff)
downloadbugzilla-1afe548f9e830bcace4e06d3441bdd4b41c8d11a.tar.gz
bugzilla-1afe548f9e830bcace4e06d3441bdd4b41c8d11a.tar.xz
Bug 312439: The user being impersonated has "moral" rights to keep informed - Patch by A. Karl Kornel <karl@kornel.name> r=LpSolit a=justdave
-rw-r--r--docs/xml/administration.xml15
-rwxr-xr-xrelogin.cgi31
-rw-r--r--template/en/default/admin/sudo.html.tmpl13
-rw-r--r--template/en/default/email/sudo.txt.tmpl43
-rw-r--r--template/en/default/pages/sudo.html.tmpl69
5 files changed, 157 insertions, 14 deletions
diff --git a/docs/xml/administration.xml b/docs/xml/administration.xml
index 8c79e6fb7..104403013 100644
--- a/docs/xml/administration.xml
+++ b/docs/xml/administration.xml
@@ -538,12 +538,15 @@
</note>
<para>
- If you have access to use this feature, you should notice a link
- next to your login name (in the footer) titled "sudo". Click on the
- link. This will take you to a page where you will see a description of
- the feature and instructions on how to use it. After reading the text,
- simply enter the login of the user you would like to impersonate and
- press the button.</para>
+ If you have access to this feature, you may start a session by
+ going to the Edit Users page, Searching for a user and clicking on
+ their login. You should see a link below their login name titled
+ "Impersonate this user". Click on the link. This will take you
+ to a page where you will see a description of the feature and
+ instructions for using it. After reading the text, simply
+ enter the login of the user you would like to impersonate, provide
+ a short message explaining why you are doing this, and press the
+ button.</para>
<para>
As long as you are using this feature, everything you do will be done
diff --git a/relogin.cgi b/relogin.cgi
index a8ebd18f4..8c4517f0c 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -23,11 +23,12 @@
# A. Karl Kornel <karl@kornel.name>
use strict;
-
use lib qw(.);
+
+require "globals.pl";
+
use Bugzilla;
-use Bugzilla::Auth::Login::WWW;
-use Bugzilla::CGI;
+use Bugzilla::BugMail;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::User;
@@ -70,7 +71,7 @@ if ($action eq 'sudo') {
}
# Show the sudo page
- $vars->{'will_logout'} = 1 if Bugzilla::Auth::Login::WWW->can_logout;
+ $vars->{'will_logout'} = $user->get_flag('can_logout');
$target = 'admin/sudo.html.tmpl';
}
# transition-sudo: Validate target, logout user, and redirect for session start
@@ -113,11 +114,16 @@ elsif ($action eq 'sudo-transition') {
ThrowUserError('sudo_protected', { login => $target_user->login });
}
- # Log out and Redirect user to the new page
+ # If we have a reason passed in, keep it under 200 characters
+ my $reason = $cgi->param('reason') || '';
+ $reason = substr($reason, $[, 200);
+ my $reason_string = '&reason=' . url_quote($reason);
+
+ # Log out and redirect user to the new page
Bugzilla->logout();
$target = 'relogin.cgi';
print $cgi->redirect($target . '?action=begin-sudo&target_login=' .
- url_quote($target_user->login));
+ url_quote($target_user->login) . $reason_string);
exit;
}
# begin-sudo: Confirm login and start sudo session
@@ -161,6 +167,10 @@ elsif ($action eq 'begin-sudo') {
ThrowUserError('sudo_protected', { login => $target_user->login });
}
+ # If we have a reason passed in, keep it under 200 characters
+ my $reason = $cgi->param('reason') || '';
+ $reason = substr($reason, $[, 200);
+
# Calculate the session expiry time (T + 6 hours)
my $time_string = time2str('%a, %d-%b-%Y %T %Z', time+(6*60*60), 'GMT');
@@ -174,7 +184,14 @@ elsif ($action eq 'begin-sudo') {
Bugzilla->sudo_request($target_user, Bugzilla->user);
# NOTE: If you want to log the start of an sudo session, do it here.
-
+
+ # Go ahead and send out the message now
+ my $message;
+ $template->process('email/sudo.txt.tmpl',
+ { reason => $reason },
+ \$message);
+ Bugzilla::BugMail::MessageToMTA($message);
+
$vars->{'message'} = 'sudo_started';
$vars->{'target'} = $target_user->login;
$target = 'global/message.html.tmpl';
diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl
index ea4f0f38e..12aa586a6 100644
--- a/template/en/default/admin/sudo.html.tmpl
+++ b/template/en/default/admin/sudo.html.tmpl
@@ -65,7 +65,18 @@
[% END %]
<p>
- Next, click the button to begin the session:
+ Next, please take a moment to explain why you are doing this:<br>
+ <input type="text" name="reason" size="80" maxlength="200">
+ </p>
+
+ <p>
+ The message you enter here will be sent to the impersonated user by email.
+ You may leave this empty if you wish, but they will still know that you
+ are impersonating them.
+ </p>
+
+ <p>
+ Finally, click the button to begin the session:
<input type="submit" value="Begin Session">
<input type="hidden" name="action" value="sudo-transition">
</p>
diff --git a/template/en/default/email/sudo.txt.tmpl b/template/en/default/email/sudo.txt.tmpl
new file mode 100644
index 000000000..06026cf39
--- /dev/null
+++ b/template/en/default/email/sudo.txt.tmpl
@@ -0,0 +1,43 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Netscape Communications
+ # Corporation. Portions created by Netscape are
+ # Copyright (C) 2005 Netscape Communications Corporation. All
+ # Rights Reserved.
+ #
+ # Contributor(s): A. Karl Kornel <karl@kornel.name>
+ #%]
+
+[% PROCESS global/variables.none.tmpl %]
+
+Content-Type: text/plain
+From: [% Param("maintainer") %]
+To: [% user.email %]
+Subject: [[% terms.Bugzilla %]] Your account [% user.login -%]
+ is being impersonated
+
+ [%+ sudoer.identity %] has used the 'sudo' feature to access
+[%+ terms.Bugzilla %] using your account.
+
+[% IF reason %]
+ [%+ sudoer.identity %] provided the following reason for doing this:
+
+[% reason FILTER wrap_comment %]
+[% ELSE %]
+ [%+ sudoer.identity %] did not provide a reason for doing this.
+[% END %]
+
+ If you feel that this action was inappropiate, please contact
+[%+ Param("maintainer") %]. For more information on this feature,
+visit <[% Param("urlbase") %]page.cgi?id=sudo.html>.
diff --git a/template/en/default/pages/sudo.html.tmpl b/template/en/default/pages/sudo.html.tmpl
new file mode 100644
index 000000000..ca57a8166
--- /dev/null
+++ b/template/en/default/pages/sudo.html.tmpl
@@ -0,0 +1,69 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Netscape Communications
+ # Corporation. Portions created by Netscape are
+ # Copyright (C) 2005 Netscape Communications Corporation. All
+ # Rights Reserved.
+ #
+ # Contributor(s): A. Karl Kornel <karl@kornel.name>
+ #%]
+
+[% PROCESS global/variables.none.tmpl %]
+[% INCLUDE global/header.html.tmpl title = "sudo: User Impersonation" %]
+
+<p>
+ [%+ terms.Bugzilla %] includes the ability to have one user impersonate
+another, in something called a <i>sudo session</i>, so long as the person
+doing the impersonating has the appropriate privileges.
+</p>
+
+<p>
+ While a session is in progress, [% terms.Bugzilla %] will act as if the
+ impersonated user is doing everything. This is especially useful for testing,
+ and for doing critical work when the impersonated user is unavailable. The
+ impersonated user will receive an email from [% terms.Bugzilla %] when the
+ session begins; they will not be told anything else.
+</p>
+
+<p>
+ To use this feature, you must be a member of the appropriate group. The group
+ includes all administrators by default. Other users, and members of other
+ groups, can be given access to this feature on a case-by-case basis. To
+ request access, contact the maintainer of this installation:
+ <a href="mailto:[% Param("maintainer") %]">
+ [%- Param("maintainer") %]</a>.
+</p>
+
+<p>
+ If you would like to be protected from impersonation, you should contact the
+ maintainer of this installation to see if that is possible. People with
+ access to this feature are protected automatically.
+</p>
+
+<p id="message">
+ [% IF user.groups.bz_sudoers %]
+ You are a member of the <b>bz_sudoers</b> group. You may use this
+ feature to impersonate others.
+ [% ELSE %]
+ You are not a member of an appropriate group. You may not use this
+ feature.
+ [% END %]
+ [% IF user.groups.bz_sudo_protect %]
+ <br>
+ You are a member of the <b>bz_sudo_protect</b> group. Other people will
+ not be able to use this feature to impersonate you.
+ [% END %]
+</p>
+
+[% INCLUDE global/footer.html.tmpl %]