summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Green <sgreen@redhat.com>2014-06-14 07:22:22 +0200
committerSimon Green <sgreen@redhat.com>2014-06-14 07:22:22 +0200
commit80c434b3c9afec9ba606e5061ef042d3b96720d3 (patch)
tree535d7785636b038ade627b082bd078c2764b7e2a
parent6c6efdde5b5e041deb75f65b5a18baae7665d660 (diff)
downloadbugzilla-80c434b3c9afec9ba606e5061ef042d3b96720d3.tar.gz
bugzilla-80c434b3c9afec9ba606e5061ef042d3b96720d3.tar.xz
Bug 1012508 - Add a admin_menu hook to change who has access to admin.cgi
r=gerv, a=sgreen
-rw-r--r--Bugzilla/User.pm28
-rwxr-xr-xadmin.cgi11
-rw-r--r--extensions/Example/Extension.pm12
-rw-r--r--template/en/default/global/common-links.html.tmpl6
4 files changed, 42 insertions, 15 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 7aeb9f8ee..2631a5eae 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1446,6 +1446,30 @@ sub get_accessible_products {
return [ sort { $a->name cmp $b->name } values %products ];
}
+sub can_administer {
+ my $self = shift;
+
+ if (not defined $self->{can_administer}) {
+ my $can_administer = 0;
+
+ $can_administer = 1 if $self->in_group('admin')
+ || $self->in_group('tweakparams')
+ || $self->in_group('editusers')
+ || $self->can_bless
+ || (Bugzilla->params->{'useclassification'} && $self->in_group('editclassifications'))
+ || $self->in_group('editcomponents')
+ || scalar(@{$self->get_products_by_permission('editcomponents')})
+ || $self->in_group('creategroups')
+ || $self->in_group('editkeywords')
+ || $self->in_group('bz_canusewhines');
+
+ Bugzilla::Hook::process('user_can_administer', { can_administer => \$can_administer });
+ $self->{can_administer} = $can_administer;
+ }
+
+ return $self->{can_administer};
+}
+
sub check_can_admin_product {
my ($self, $product_name) = @_;
@@ -2876,6 +2900,10 @@ not be aware of the existence of the product.
Returns: an array of product objects.
+=item C<can_administer>
+
+Returns 1 if the user can see the admin menu. Otherwise, returns 0
+
=item C<check_can_admin_product($product_name)>
Description: Checks whether the user is allowed to administrate the product.
diff --git a/admin.cgi b/admin.cgi
index 0767b07a3..70a6aa20e 100755
--- a/admin.cgi
+++ b/admin.cgi
@@ -20,16 +20,7 @@ my $user = Bugzilla->login(LOGIN_REQUIRED);
print $cgi->header();
-$user->in_group('admin')
- || $user->in_group('tweakparams')
- || $user->in_group('editusers')
- || $user->can_bless
- || (Bugzilla->params->{'useclassification'} && $user->in_group('editclassifications'))
- || $user->in_group('editcomponents')
- || scalar(@{$user->get_products_by_permission('editcomponents')})
- || $user->in_group('creategroups')
- || $user->in_group('editkeywords')
- || $user->in_group('bz_canusewhines')
+$user->can_administer
|| ThrowUserError('auth_failure', {action => 'access', object => 'administrative_pages'});
$template->process('admin/admin.html.tmpl')
diff --git a/extensions/Example/Extension.pm b/extensions/Example/Extension.pm
index 22a3103c2..c9449d8b0 100644
--- a/extensions/Example/Extension.pm
+++ b/extensions/Example/Extension.pm
@@ -31,6 +31,18 @@ use constant REL_EXAMPLE => -127;
our $VERSION = '1.0';
+sub user_can_administer {
+ my ($self, $args) = @_;
+ my $can_administer = $args->{can_administer};
+
+ # If you add an option to the admin pages (e.g. by using the Hooks in
+ # template/en/default/admin/admin.html.tmpl), you may want to allow
+ # users in another group view admin.cgi
+ #if (Bugzilla->user->in_group('other_group')) {
+ # $$can_administer = 1;
+ #}
+}
+
sub admin_editusers_action {
my ($self, $args) = @_;
my ($vars, $action, $user) = @$args{qw(vars action user)};
diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl
index c6c8863c5..ec23f551e 100644
--- a/template/en/default/global/common-links.html.tmpl
+++ b/template/en/default/global/common-links.html.tmpl
@@ -53,11 +53,7 @@
[% IF user.login %]
<li><span class="separator">| </span><a href="userprefs.cgi">Preferences</a></li>
- [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless
- || (Param('useclassification') && user.in_group('editclassifications'))
- || user.in_group('editcomponents') || user.in_group('admin') || user.in_group('creategroups')
- || user.in_group('editkeywords') || user.in_group('bz_canusewhines')
- || user.get_products_by_permission("editcomponents").size %]
+ [% IF user.can_administer %]
<li><span class="separator">| </span><a href="admin.cgi">Administration</a></li>
[% END %]