Bug 204498 Add su (setuser) function

Patch by A. Karl Kornel <karl@kornel.name>
r=joel, a=justdave

5 files changed, 120 insertions, 2 deletions

diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl
new file mode 100644
index 000000000..ea4f0f38e
--- /dev/null
+++ b/template/en/default/admin/sudo.html.tmpl
@@ -0,0 +1,84 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Netscape Communications
+  # Corporation. Portions created by Netscape are
+  # Copyright (C) 2005 Netscape Communications Corporation. All
+  # Rights Reserved.
+  #
+  # Contributor(s): A. Karl Kornel <karl@kornel.name>
+  #%]
+  
+[% PROCESS global/variables.none.tmpl %]
+
+[% PROCESS global/header.html.tmpl
+   title = "Begin sudo session"
+   style_urls = ['skins/standard/admin.css']
+ %]
+ 
+[% DEFAULT target_login = "" %]
+
+<p>
+  The <b>sudo</b> feature of [% terms.Bugzilla %] allows you to impersonate a 
+  user for a short time  While an sudo session is in progress, every action you 
+  perform will be taking place as if you had logged in as the user whom will be 
+  impersonating.
+</p>
+
+<p class="areyoureallyreallysure">
+  This is a very powerful feature; you should be very careful while using it.  
+  Your actions may be logged more carefully than normal.
+</p>
+
+<form action="relogin.cgi" method="POST">
+  <p>
+    To begin, 
+    [% IF Param('usemenuforusers') %]
+      select 
+    [% ELSE %]
+      enter the login of 
+    [% END %]
+    the <u>u</u>ser to impersonate:
+    [% INCLUDE global/userselect.html.tmpl
+       name => "target_login"
+       value => "$target_login_default"
+       accesskey => "u"
+       size => 30
+       multiple => 5
+    %]
+  </p>
+  
+  [% IF !Param('usemenuforusers') %]
+    <p>
+      The username must be entered exactly.  No matching will be performed.
+    </p>
+  [% END %]
+  
+  <p>
+    Next, click the button to begin the session:
+    <input type="submit" value="Begin Session">
+    <input type="hidden" name="action" value="sudo-transition">
+  </p>
+  
+  [% IF will_logout %]
+    <p>
+      When you press the button, you may be logged out and asked to log in 
+      again.  This is done for two reasons.  First of all, it is done to reduce 
+      the chances of someone doing large amounts of damage using your 
+      already-logged-in account.  Second, it is there to force you to take the 
+      time to consider if you really need to use this feature.
+    </p>
+  [% END %]
+</form>
+
+[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl
index 43ee627f1..ab2e9de62 100644
--- a/template/en/default/admin/users/userdata.html.tmpl
+++ b/template/en/default/admin/users/userdata.html.tmpl
@@ -29,7 +29,9 @@
              id="login" value="[% otheruser.login FILTER html %]" />
       [% IF editform %]
         <input type="hidden" name="loginold"
-               value="[% otheruser.login FILTER html %]" />
+               value="[% otheruser.login FILTER html %]" /><br />
+        <a href="relogin.cgi?action=sudo&target_login=
+        [%- otheruser.login FILTER html %]">Impersonate this user</a>
       [% END %]
     [% ELSE %]
       [% otheruser.login FILTER html %]
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 7a33265a5..6730e8835 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -237,6 +237,17 @@
     set to zero automatically as part of marking this [% terms.bug %]
     as either RESOLVED or CLOSED.
 
+  [% ELSIF message_tag == "sudo_started" %]
+    [% title = "Sudo session started" %]
+      The sudo session has been started.  For the next 6 hours, or until you 
+      end the session, everything you do you do as the user you are 
+      impersonating ([% target FILTER html %]).
+  
+  [% ELSIF message_tag == "sudo_ended" %]
+    [% title = "Sudo session complete" %]
+      The sudo session has been ended.  From this point forward, everything you 
+      do you do as yourself.
+
   [% ELSIF message_tag == "series_created" %]
     [% title = "Series Created" %]
       The series <em>[% series.category FILTER html %] /
diff --git a/template/en/default/global/useful-links.html.tmpl b/template/en/default/global/useful-links.html.tmpl
index 2ac89f91c..ef7f3d19f 100644
--- a/template/en/default/global/useful-links.html.tmpl
+++ b/template/en/default/global/useful-links.html.tmpl
@@ -62,7 +62,13 @@
             [% ELSE %]
               | Logged&nbsp;in&nbsp;as&nbsp;
             [% END %]
-            [% user.login FILTER html %]
+            [% IF sudoer %]
+              [% sudoer.login FILTER html %] (<b>impersonating 
+              [% user.login FILTER html %]</b> 
+              <a href="relogin.cgi?action=end-sudo">end session</a>)
+            [% ELSE %]
+              [% user.login FILTER html %]
+            [% END %]
         [% ELSE %]
             [% IF Param('createemailregexp') %]
               | <a href="createaccount.cgi">New&nbsp;Account</a>
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 22d7c8dcd..56fedbed3 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -128,6 +128,8 @@
       access
     [% ELSIF action == "add" %]
       add new
+    [% ELSIF action == "begin" %]
+      begin
     [% ELSIF action == "modify" %]
       modify
     [% ELSIF action == "delete" %]
@@ -156,6 +158,8 @@
       components
     [% ELSIF object == "flagtypes" %]
       flag types
+    [% ELSIF object == "group_access" %]
+      group access
     [% ELSIF object == "groups" %]
       groups
     [% ELSIF object == "keywords" %]
@@ -174,6 +178,8 @@
       whine reports
     [% ELSIF object == "sanity_check" %]
       a sanity check
+    [% ELSIF object == "sudo_session" %]
+      an sudo session
     [% ELSIF object == "timetracking_summaries" %]
       time-tracking summary reports
     [% ELSIF object == "user" %]
@@ -1111,6 +1117,15 @@
       [% END %]
     [% END %]
 
+  [% ELSIF error == "sudo_in_progress" %]
+    [% title = "Session In Progress" %]
+    An sudo session (impersonating [% target FILTER html %]) is in progress.  
+    End that session (using the link in the footer) before starting a new one.
+
+  [% ELSIF error == "sudo_protected" %]
+    [% title = "User Protected" %]
+    The user [% login FILTER html %] may not be impersonated by sudoers.
+
   [% ELSIF error == "too_many_votes_for_bug" %]
     [% title = "Illegal Vote" %]
     You may only use at most [% max FILTER html %] votes for a single