diff options
author | Simon Green <sgreen@redhat.com> | 2014-06-14 07:22:22 +0200 |
---|---|---|
committer | Simon Green <sgreen@redhat.com> | 2014-06-14 07:22:22 +0200 |
commit | 80c434b3c9afec9ba606e5061ef042d3b96720d3 (patch) | |
tree | 535d7785636b038ade627b082bd078c2764b7e2a | |
parent | 6c6efdde5b5e041deb75f65b5a18baae7665d660 (diff) | |
download | bugzilla-80c434b3c9afec9ba606e5061ef042d3b96720d3.tar.gz bugzilla-80c434b3c9afec9ba606e5061ef042d3b96720d3.tar.xz |
Bug 1012508 - Add a admin_menu hook to change who has access to admin.cgi
r=gerv, a=sgreen
-rw-r--r-- | Bugzilla/User.pm | 28 | ||||
-rwxr-xr-x | admin.cgi | 11 | ||||
-rw-r--r-- | extensions/Example/Extension.pm | 12 | ||||
-rw-r--r-- | template/en/default/global/common-links.html.tmpl | 6 |
4 files changed, 42 insertions, 15 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 7aeb9f8ee..2631a5eae 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -1446,6 +1446,30 @@ sub get_accessible_products { return [ sort { $a->name cmp $b->name } values %products ]; } +sub can_administer { + my $self = shift; + + if (not defined $self->{can_administer}) { + my $can_administer = 0; + + $can_administer = 1 if $self->in_group('admin') + || $self->in_group('tweakparams') + || $self->in_group('editusers') + || $self->can_bless + || (Bugzilla->params->{'useclassification'} && $self->in_group('editclassifications')) + || $self->in_group('editcomponents') + || scalar(@{$self->get_products_by_permission('editcomponents')}) + || $self->in_group('creategroups') + || $self->in_group('editkeywords') + || $self->in_group('bz_canusewhines'); + + Bugzilla::Hook::process('user_can_administer', { can_administer => \$can_administer }); + $self->{can_administer} = $can_administer; + } + + return $self->{can_administer}; +} + sub check_can_admin_product { my ($self, $product_name) = @_; @@ -2876,6 +2900,10 @@ not be aware of the existence of the product. Returns: an array of product objects. +=item C<can_administer> + +Returns 1 if the user can see the admin menu. Otherwise, returns 0 + =item C<check_can_admin_product($product_name)> Description: Checks whether the user is allowed to administrate the product. @@ -20,16 +20,7 @@ my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); -$user->in_group('admin') - || $user->in_group('tweakparams') - || $user->in_group('editusers') - || $user->can_bless - || (Bugzilla->params->{'useclassification'} && $user->in_group('editclassifications')) - || $user->in_group('editcomponents') - || scalar(@{$user->get_products_by_permission('editcomponents')}) - || $user->in_group('creategroups') - || $user->in_group('editkeywords') - || $user->in_group('bz_canusewhines') +$user->can_administer || ThrowUserError('auth_failure', {action => 'access', object => 'administrative_pages'}); $template->process('admin/admin.html.tmpl') diff --git a/extensions/Example/Extension.pm b/extensions/Example/Extension.pm index 22a3103c2..c9449d8b0 100644 --- a/extensions/Example/Extension.pm +++ b/extensions/Example/Extension.pm @@ -31,6 +31,18 @@ use constant REL_EXAMPLE => -127; our $VERSION = '1.0'; +sub user_can_administer { + my ($self, $args) = @_; + my $can_administer = $args->{can_administer}; + + # If you add an option to the admin pages (e.g. by using the Hooks in + # template/en/default/admin/admin.html.tmpl), you may want to allow + # users in another group view admin.cgi + #if (Bugzilla->user->in_group('other_group')) { + # $$can_administer = 1; + #} +} + sub admin_editusers_action { my ($self, $args) = @_; my ($vars, $action, $user) = @$args{qw(vars action user)}; diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl index c6c8863c5..ec23f551e 100644 --- a/template/en/default/global/common-links.html.tmpl +++ b/template/en/default/global/common-links.html.tmpl @@ -53,11 +53,7 @@ [% IF user.login %] <li><span class="separator">| </span><a href="userprefs.cgi">Preferences</a></li> - [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless - || (Param('useclassification') && user.in_group('editclassifications')) - || user.in_group('editcomponents') || user.in_group('admin') || user.in_group('creategroups') - || user.in_group('editkeywords') || user.in_group('bz_canusewhines') - || user.get_products_by_permission("editcomponents").size %] + [% IF user.can_administer %] <li><span class="separator">| </span><a href="admin.cgi">Administration</a></li> [% END %] |