summaryrefslogtreecommitdiffstats
path: root/editusers.cgi
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2018-07-08 06:59:55 +0200
committerDylan William Hardison <dylan@hardison.net>2018-07-08 06:59:55 +0200
commitbe1f92450788dc89280c9e04a4bf983b5d7fac54 (patch)
treeb5513fd846597fe5f152177dbbda88dca08fdf5f /editusers.cgi
parent9bbd8d368598046c47964ee043620621b6c3634b (diff)
parent446a08b30b0dbaac9f2b88e0a5cad410f0446140 (diff)
downloadbugzilla-be1f92450788dc89280c9e04a4bf983b5d7fac54.tar.gz
bugzilla-be1f92450788dc89280c9e04a4bf983b5d7fac54.tar.xz
Merge remote-tracking branch 'bmo/master'
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-xeditusers.cgi34
1 files changed, 22 insertions, 12 deletions
diff --git a/editusers.cgi b/editusers.cgi
index ae1f35835..beb9b3a4c 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -25,15 +25,18 @@ use Bugzilla::Group;
use Bugzilla::Token;
local our $user = Bugzilla->login(LOGIN_REQUIRED);
-my $cgi = Bugzilla->cgi;
-my $template = Bugzilla->template;
-my $dbh = Bugzilla->dbh;
-my $userid = $user->id;
-my $editusers = $user->in_group('editusers');
-local our $vars = {};
+
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
+my $dbh = Bugzilla->dbh;
+my $userid = $user->id;
+my $editusers = $user->in_group('editusers');
+my $disableusers = $user->in_group('disableusers');
+local our $vars = {};
# Reject access if there is no sense in continuing.
$editusers
+ || $disableusers
|| $user->can_bless()
|| ThrowUserError("auth_failure", {group => "editusers",
reason => "cant_bless",
@@ -50,6 +53,7 @@ my $token = $cgi->param('token');
# Prefill template vars with data used in all or nearly all templates
$vars->{'editusers'} = $editusers;
+$vars->{'disableusers'} = $disableusers;
mirrorListSelectionValues();
Bugzilla::Hook::process('admin_editusers_action',
@@ -233,7 +237,7 @@ if ($action eq 'search') {
# Lock tables during the check+update session.
$dbh->bz_start_transaction();
- $editusers || $user->can_see_user($otherUser)
+ $editusers || $disableusers || $user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible",
action => "modify",
object => "user"});
@@ -245,11 +249,8 @@ if ($action eq 'search') {
my $changes = {};
if ($editusers) {
$otherUser->set_login($cgi->param('login'));
- $otherUser->set_name($cgi->param('name'));
$otherUser->set_password($cgi->param('password'))
if $cgi->param('password');
- $otherUser->set_disabledtext($cgi->param('disabledtext'));
- $otherUser->set_disable_mail($cgi->param('disable_mail'));
$otherUser->set_extern_id($cgi->param('extern_id'))
if defined($cgi->param('extern_id'));
$otherUser->set_password_change_required($cgi->param('password_change_required'));
@@ -261,9 +262,16 @@ if ($action eq 'search') {
if ($user->in_group('bz_can_disable_mfa') && $otherUser->mfa && $cgi->param('mfa') eq '') {
$otherUser->set_mfa('');
}
- $changes = $otherUser->update();
}
+ if ($editusers || $disableusers) {
+ $otherUser->set_name($cgi->param('name'));
+ $otherUser->set_disabledtext($cgi->param('disabledtext'));
+ $otherUser->set_disable_mail($cgi->param('disable_mail'));
+ }
+
+ $changes = $otherUser->update();
+
# Update group settings.
my $sth_add_mapping = $dbh->prepare(
qq{INSERT INTO user_group_map (
@@ -849,7 +857,9 @@ sub edit_processing {
my $user = Bugzilla->user;
my $template = Bugzilla->template;
- $user->in_group('editusers') || $user->can_see_user($otherUser)
+ $user->in_group('editusers')
+ || $user->in_group('disableusers')
+ || $user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible",
action => "modify",
object => "user"});