diff options
| author | dklawren <dklawren@users.noreply.github.com> | 2018-04-10 05:17:44 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-10 05:17:44 +0200 |
| commit | 58c4f6814461ee4e35f0cffbdd63d948df940d35 (patch) | |
| tree | 012231025cb598c791ba9ddfa6009ac584b668ec | |
| parent | 694df9c1c6ec244c416c2d8e85657651b6a28dab (diff) | |
| download | bugzilla-58c4f6814461ee4e35f0cffbdd63d948df940d35.tar.gz bugzilla-58c4f6814461ee4e35f0cffbdd63d948df940d35.tar.xz | |
Bug 1328900 - Create new group called 'disableusers' that can only edit the bugmail and disabledtext fields of a user
| -rw-r--r-- | Bugzilla/Install.pm | 4 | ||||
| -rwxr-xr-x | admin.cgi | 1 | ||||
| -rwxr-xr-x | editusers.cgi | 32 | ||||
| -rw-r--r-- | extensions/BugModal/template/en/default/bug_modal/user.html.tmpl | 2 | ||||
| -rw-r--r-- | extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl | 4 | ||||
| -rw-r--r-- | template/en/default/admin/admin.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/admin/users/edit.html.tmpl | 73 | ||||
| -rw-r--r-- | template/en/default/admin/users/list.html.tmpl | 15 | ||||
| -rw-r--r-- | template/en/default/admin/users/userdata.html.tmpl | 49 | ||||
| -rw-r--r-- | template/en/default/global/header.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/global/site-navigation.html.tmpl | 20 | ||||
| -rw-r--r-- | template/en/default/global/user.html.tmpl | 2 |
12 files changed, 114 insertions, 92 deletions
diff --git a/Bugzilla/Install.pm b/Bugzilla/Install.pm index ced559111..8bce9b5e7 100644 --- a/Bugzilla/Install.pm +++ b/Bugzilla/Install.pm @@ -204,6 +204,10 @@ use constant SYSTEM_GROUPS => ( description => 'Can edit or disable users' }, { + name => 'disableusers', + description => 'Can disable users' + }, + { name => 'creategroups', description => 'Can create and destroy groups' }, @@ -25,6 +25,7 @@ print $cgi->header(); $user->in_group('admin') || $user->in_group('tweakparams') || $user->in_group('editusers') + || $user->in_group('disableusers') || $user->can_bless || (Bugzilla->params->{'useclassification'} && $user->in_group('editclassifications')) || $user->in_group('editcomponents') diff --git a/editusers.cgi b/editusers.cgi index 934e0a4ef..9fbd550fe 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -26,15 +26,18 @@ use Bugzilla::Token; my $user = Bugzilla->login(LOGIN_REQUIRED); -my $cgi = Bugzilla->cgi; -my $template = Bugzilla->template; -my $dbh = Bugzilla->dbh; -my $userid = $user->id; -my $editusers = $user->in_group('editusers'); +my $cgi = Bugzilla->cgi; +my $template = Bugzilla->template; +my $dbh = Bugzilla->dbh; +my $userid = $user->id; +my $editusers = $user->in_group('editusers'); +my $disableusers = $user->in_group('disableusers'); + local our $vars = {}; # Reject access if there is no sense in continuing. $editusers + || $disableusers || $user->can_bless() || ThrowUserError("auth_failure", {group => "editusers", reason => "cant_bless", @@ -51,6 +54,7 @@ my $token = $cgi->param('token'); # Prefill template vars with data used in all or nearly all templates $vars->{'editusers'} = $editusers; +$vars->{'disableusers'} = $disableusers; mirrorListSelectionValues(); Bugzilla::Hook::process('admin_editusers_action', @@ -234,7 +238,7 @@ if ($action eq 'search') { # Lock tables during the check+update session. $dbh->bz_start_transaction(); - $editusers || $user->can_see_user($otherUser) + $editusers || $disableusers || $user->can_see_user($otherUser) || ThrowUserError('auth_failure', {reason => "not_visible", action => "modify", object => "user"}); @@ -246,11 +250,8 @@ if ($action eq 'search') { my $changes = {}; if ($editusers) { $otherUser->set_login($cgi->param('login')); - $otherUser->set_name($cgi->param('name')); $otherUser->set_password($cgi->param('password')) if $cgi->param('password'); - $otherUser->set_disabledtext($cgi->param('disabledtext')); - $otherUser->set_disable_mail($cgi->param('disable_mail')); $otherUser->set_extern_id($cgi->param('extern_id')) if defined($cgi->param('extern_id')); $otherUser->set_password_change_required($cgi->param('password_change_required')); @@ -262,9 +263,16 @@ if ($action eq 'search') { if ($user->in_group('bz_can_disable_mfa') && $otherUser->mfa && $cgi->param('mfa') eq '') { $otherUser->set_mfa(''); } - $changes = $otherUser->update(); } + if ($editusers || $disableusers) { + $otherUser->set_name($cgi->param('name')); + $otherUser->set_disabledtext($cgi->param('disabledtext')); + $otherUser->set_disable_mail($cgi->param('disable_mail')); + } + + $changes = $otherUser->update(); + # Update group settings. my $sth_add_mapping = $dbh->prepare( qq{INSERT INTO user_group_map ( @@ -850,7 +858,9 @@ sub edit_processing { my $user = Bugzilla->user; my $template = Bugzilla->template; - $user->in_group('editusers') || $user->can_see_user($otherUser) + $user->in_group('editusers') + || $user->in_group('disableusers') + || $user->can_see_user($otherUser) || ThrowUserError('auth_failure', {reason => "not_visible", action => "modify", object => "user"}); diff --git a/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl index cd05d053f..9eda7b936 100644 --- a/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl +++ b/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl @@ -46,7 +46,7 @@ END; href="mailto:[% u.email FILTER html %]" data-user-email="[% u.email FILTER html %]" data-user-id="[% u.id FILTER html %]" - data-show-edit="[% user.in_group('editusers') || user.bless_groups.size > 0 ? 1 : 0 %]" + data-show-edit="[% user.in_group('editusers') || user.in_group('disableusers') || user.bless_groups.size > 0 ? 1 : 0 %]" title="[% u.identity FILTER html %]" [% ELSE %] href="user_profile?user_id=[% u.id FILTER none %]" diff --git a/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl b/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl index a90266dae..e5e299ef9 100644 --- a/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl +++ b/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl @@ -6,7 +6,7 @@ # defined by the Mozilla Public License, v. 2.0. #%] -[% RETURN UNLESS otheruser.id %] +[% RETURN UNLESS otheruser.id && user.in_group('editusers') %] <tr> <th>Has Secure Mail Key/Cert:</th> @@ -14,7 +14,7 @@ [% otheruser.public_key ? "Yes" : "No" %] </td> </tr> - + <tr> <th>Member of Secure Mail Group:</th> <td> diff --git a/template/en/default/admin/admin.html.tmpl b/template/en/default/admin/admin.html.tmpl index 62a246ceb..09fe00835 100644 --- a/template/en/default/admin/admin.html.tmpl +++ b/template/en/default/admin/admin.html.tmpl @@ -56,7 +56,7 @@ You can also automate this check by running <tt>sanitycheck.pl</tt> from a cron job. A notification will be sent per email to the specified user if errors are detected.</dd> - [% class = (user.in_group('editusers') || user.can_bless) ? "" : "forbidden" %] + [% class = (user.in_group('editusers') || user.in_group('disableusers') || user.can_bless) ? "" : "forbidden" %] <dt id="users" class="[% class %]"><a href="editusers.cgi">Users</a></dt> <dd class="[% class %]">Create new user accounts or edit existing ones. You can also add and remove users from groups (also known as "user privileges").</dd> diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index 4eb62e763..de9826800 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -68,9 +68,10 @@ $(function() { <form method="post" action="editusers.cgi"> <table class="main"> [% PROCESS admin/users/userdata.html.tmpl - editform = 1 - editusers = editusers - otheruser = otheruser + editform = 1 + editusers = editusers + disableusers = disableusers + otheruser = otheruser %] [% IF groups.size %] <tr> @@ -125,43 +126,46 @@ $(function() { </tr> [% END %] - <tr> - <th>Product responsibilities:</th> - <td> - [% IF otheruser.product_responsibilities.size %] - [% PROCESS admin/users/responsibilities.html.tmpl otheruser = otheruser %] - [% ELSE %] - <em>none</em> - [% END %] - </td> - </tr> - - [% IF otheruser.groups_owned.size %] + [% IF editusers %] <tr> - <th>Groups Owned:</th> + <th>Product responsibilities:</th> <td> - [% can_edit_groups = user.in_group('creategroups') %] - [% FOREACH group = otheruser.groups_owned %] - [% IF can_edit_groups %] - <a href="[% urlbase FILTER none %]editgroups.cgi?action=changeform&group=[% group.id FILTER none %]"> + [% IF otheruser.product_responsibilities.size %] + [% PROCESS admin/users/responsibilities.html.tmpl otheruser = otheruser %] + [% ELSE %] + <em>none</em> + [% END %] + </td> + </tr> + + [% IF otheruser.groups_owned.size %] + <tr> + <th>Groups Owned:</th> + <td> + [% can_edit_groups = user.in_group('creategroups') %] + [% FOREACH group = otheruser.groups_owned %] + [% IF can_edit_groups %] + <a href="[% urlbase FILTER none %]editgroups.cgi?action=changeform&group=[% group.id FILTER none %]"> + [% END %] + [% group.name FILTER html %] + [% '</a>' IF can_edit_groups %]<br> [% END %] - [% group.name FILTER html %] - [% '</a>' IF can_edit_groups %]<br> + </td> + </tr> + [% END %] + + <tr> + <th>Last Login:</th> + <td> + [% IF otheruser.last_seen_date %] + [% otheruser.last_seen_date FILTER html %] + [% ELSE %] + <em>never</em> [% END %] </td> </tr> [% END %] - <tr> - <th>Last Login:</th> - <td> - [% IF otheruser.last_seen_date %] - [% otheruser.last_seen_date FILTER html %] - [% ELSE %] - <em>never</em> - [% END %] - </td> - </tr> </table> <p> @@ -171,11 +175,10 @@ $(function() { <input type="hidden" name="token" value="[% token FILTER html %]"> [% INCLUDE listselectionhiddenfields %] - [% IF editusers %], [% ELSE %] or [% END %] - <a href="editusers.cgi?action=activity&userid=[% otheruser.id %]" + [% IF editusers %] + , <a href="editusers.cgi?action=activity&userid=[% otheruser.id %]" title="View Account History for ' [%- otheruser.login FILTER html %]'">View Account History</a> - [% IF editusers %] or <a href="editusers.cgi?action=admin_activity&userid=[% otheruser.id %]" title="View Account History for ' [%- otheruser.login FILTER html %]'">View Admin History</a> diff --git a/template/en/default/admin/users/list.html.tmpl b/template/en/default/admin/users/list.html.tmpl index 3ebfc2970..db425b40d 100644 --- a/template/en/default/admin/users/list.html.tmpl +++ b/template/en/default/admin/users/list.html.tmpl @@ -45,23 +45,24 @@ {name => 'last_seen_date' heading => 'Last Login' } - {heading => 'Account History' - content => 'View' - contentlink => 'editusers.cgi?action=activity' _ - '&userid=%%userid%%' _ - listselectionurlparams - } ] %] [% IF editusers %] [% columns.push({ + heading => 'Account History' + content => 'View' + contentlink => 'editusers.cgi?action=activity' _ + '&userid=%%userid%%' _ + listselectionurlparams + } + { heading => 'Admin History' content => 'View' contentlink => 'editusers.cgi?action=admin_activity' _ '&userid=%%userid%%' _ listselectionurlparams - }) + }) %] [% END %] diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl index 449a1b143..c4ab07010 100644 --- a/template/en/default/admin/users/userdata.html.tmpl +++ b/template/en/default/admin/users/userdata.html.tmpl @@ -54,7 +54,7 @@ <tr> <th><label for="name">Real name:</label></th> <td> - [% IF editusers %] + [% IF editusers || disableusers %] <input size="64" maxlength="255" name="name" autocomplete="off" id="name" value="[% otheruser.name FILTER html %]"> @@ -94,7 +94,9 @@ [% END %] </td> </tr> +[% END %] +[% IF editusers || disableusers %] <tr> <th><label for="disable_mail">[% terms.Bug %]mail Disabled:</label></th> <td> @@ -122,30 +124,31 @@ explain why.) </td> </tr> - [% IF editform %] - <tr> - <th><label for="mfa">Two-factor Auth:</label></th> - <td> - [% IF user.in_group('bz_can_disable_mfa') %] - [% IF otheruser.mfa %] - <select name="mfa" value="mfa"> - <option value="">Disable</option> - [% SWITCH otheruser.mfa %] - [% CASE "TOTP" %] - <option value="TOTP" selected>Enabled - TOTP</option> - [% CASE "Duo" %] - <option value="Duo" selected>Enabled - Duo Security</option> - [% END %] - </select> - [% ELSE %] - Disabled - [% END %] +[% END %] + +[% IF editform && editusers %] + <tr> + <th><label for="mfa">Two-factor Auth:</label></th> + <td> + [% IF user.in_group('bz_can_disable_mfa') %] + [% IF otheruser.mfa %] + <select name="mfa" value="mfa"> + <option value="">Disable</option> + [% SWITCH otheruser.mfa %] + [% CASE "TOTP" %] + <option value="TOTP" selected>Enabled - TOTP</option> + [% CASE "Duo" %] + <option value="Duo" selected>Enabled - Duo Security</option> + [% END %] + </select> [% ELSE %] - [% otheruser.mfa ? "Enabled - " _ otheruser.mfa : "Disabled" FILTER html %] + Disabled [% END %] - </td> - </tr> - [% END %] + [% ELSE %] + [% otheruser.mfa ? "Enabled - " _ otheruser.mfa : "Disabled" FILTER html %] + [% END %] + </td> + </tr> [% END %] [% Hook.process('end') %] diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index 1d304ad04..cf1c8b991 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -294,7 +294,7 @@ <li role="presentation"> <a href="report.cgi" role="menuitem" tabindex="-1">Reports</a> </li> - [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless + [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless || user.in_group('disableusers') || (Param('useclassification') && user.in_group('editclassifications')) || user.in_group('editcomponents') || user.in_group('admin') || user.in_group('creategroups') || user.in_group('editkeywords') || user.in_group('bz_canusewhines') diff --git a/template/en/default/global/site-navigation.html.tmpl b/template/en/default/global/site-navigation.html.tmpl index 06b0eaa92..510875422 100644 --- a/template/en/default/global/site-navigation.html.tmpl +++ b/template/en/default/global/site-navigation.html.tmpl @@ -69,22 +69,22 @@ [% END %] [%# *** Bugzilla Administration Tools *** %] - [% IF user.login %] - [% '<link rel="Administration" title="Parameters" + [% IF user.login %] + [% '<link rel="Administration" title="Parameters" href="editparams.cgi">' IF user.in_group('tweakparams') %] - [% '<link rel="Administration" title="Users" - href="editusers.cgi">' IF user.in_group('editusers') %] + [% '<link rel="Administration" title="Users" + href="editusers.cgi">' IF user.in_group('editusers') || user.in_group('disableusers') %] [% '<link rel="Administration" title="Products" href="editproducts.cgi">' IF user.in_group('editcomponents') || user.get_products_by_permission("editcomponents").size %] - [% '<link rel="Administration" title="Flag Types" + [% '<link rel="Administration" title="Flag Types" href="editflagtypes.cgi">' IF user.in_group('editcomponents') %] - [% '<link rel="Administration" title="Groups" + [% '<link rel="Administration" title="Groups" href="editgroups.cgi">' IF user.in_group('creategroups') %] - [% '<link rel="Administration" title="Keywords" + [% '<link rel="Administration" title="Keywords" href="editkeywords.cgi">' IF user.in_group('editkeywords') %] - [% '<link rel="Administration" title="Whining" + [% '<link rel="Administration" title="Whining" href="editwhines.cgi">' IF user.in_group('bz_canusewhines') %] - [% '<link rel="Administration" title="Sanity Check" + [% '<link rel="Administration" title="Sanity Check" href="sanitycheck.cgi">' IF user.in_group('editcomponents') %] - [% END %] + [% END %] [% END %] diff --git a/template/en/default/global/user.html.tmpl b/template/en/default/global/user.html.tmpl index caea27c46..876d12805 100644 --- a/template/en/default/global/user.html.tmpl +++ b/template/en/default/global/user.html.tmpl @@ -28,7 +28,7 @@ [% IF user.id %] <a class="email" href="mailto:[% who.email FILTER html %]" onclick="return show_usermenu([% who.id FILTER none %], '[% who.email FILTER js %]', - [% user.in_group('editusers') || user.bless_groups.size > 0 ? "true" : "false" %]);" + [% user.in_group('editusers') || user.in_group('disableusers') || user.bless_groups.size > 0 ? "true" : "false" %]);" title="[% who.identity FILTER html %]"> [%- END -%] [% IF who %] |