summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/User.pm5
-rw-r--r--defparams.pl13
-rwxr-xr-xeditusers.cgi83
-rw-r--r--template/en/default/admin/users/confirm-delete.html.tmpl8
4 files changed, 52 insertions, 57 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index dc11822bc..e67a78c83 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -149,6 +149,8 @@ sub id { $_[0]->{id}; }
sub login { $_[0]->{login}; }
sub email { $_[0]->{login} . Param('emailsuffix'); }
sub name { $_[0]->{name}; }
+sub disabledtext { $_[0]->{'disabledtext'}; }
+sub is_disabled { $_[0]->disabledtext ? 1 : 0; }
sub showmybugslink { $_[0]->{showmybugslink}; }
sub set_flags {
@@ -1277,6 +1279,9 @@ Params: $username (scalar, string) - The login name for the new user.
generated.
$disabledtext (scalar, string) - Optional. The disable text for the new
user; if not given, it will be empty.
+ If given, the user will be disabled,
+ meaning the account will be
+ unavailable for login.
Returns: The password for this user, in plain text, so it can be included
in an e-mail sent to the user.
diff --git a/defparams.pl b/defparams.pl
index bcd050713..b31f18397 100644
--- a/defparams.pl
+++ b/defparams.pl
@@ -1073,12 +1073,13 @@ Reason: %reason%
{
name => 'allowuserdeletion',
- desc => 'The pages to edit users can also let you delete a user. ' .
- 'Bugzilla will issue a warning in case you\'d run into ' .
- 'inconsistencies when you\'re about to do so, ' .
- 'but such deletions remain kinda scary. ' .
- 'So, you have to turn on this option before any such deletions ' .
- 'will ever happen.',
+ desc => q{The user editing pages are capable of letting you delete user
+ accounts.
+ Bugzilla will issue a warning in case you'd run into
+ inconsistencies when you're about to do so,
+ but such deletions remain kinda scary.
+ So, you have to turn on this option before any such deletions
+ will ever happen.},
type => 'b',
default => 0
},
diff --git a/editusers.cgi b/editusers.cgi
index fd8498348..82ad50bcf 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -23,19 +23,21 @@ require "globals.pl";
use vars qw( $vars );
+use Bugzilla;
use Bugzilla::User;
+use Bugzilla::Config;
use Bugzilla::Constants;
use Bugzilla::Auth;
+use Bugzilla::Util;
Bugzilla->login(LOGIN_REQUIRED);
-my $cgi = Bugzilla->cgi();
-my $template = Bugzilla->template();
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
my $dbh = Bugzilla->dbh;
-my $user = Bugzilla->user();
-my $userid = $user->id();
-my $editusers = UserInGroup('editusers');
-my $action = $cgi->param('action') || 'search';
+my $user = Bugzilla->user;
+my $userid = $user->id;
+my $editusers = $user->in_group('editusers');
# Reject access if there is no sense in continuing.
$editusers
@@ -47,6 +49,19 @@ $editusers
print Bugzilla->cgi->header();
+# Common CGI params
+my $action = $cgi->param('action') || 'search';
+my $login = $cgi->param('login');
+my $password = $cgi->param('password');
+my $groupid = $cgi->param('groupid');
+my $otherUser = new Bugzilla::User($cgi->param('userid'));
+my $realname = trim($cgi->param('name') || '');
+my $disabledtext = trim($cgi->param('disabledtext') || '');
+
+# Directly from common CGI params derived values
+my $otherUserID = $otherUser->id();
+
+# Prefill template vars with data used in all or nearly all templates
$vars->{'editusers'} = $editusers;
mirrorListSelectionValues();
@@ -62,7 +77,6 @@ if ($action eq 'search') {
my $matchstr = $cgi->param('matchstr');
my $matchtype = $cgi->param('matchtype');
my $grouprestrict = $cgi->param('grouprestrict') || '0';
- my $groupid = $cgi->param('groupid');
my $query = 'SELECT DISTINCT userid, login_name, realname, disabledtext ' .
'FROM profiles';
my @bindValues;
@@ -136,13 +150,6 @@ if ($action eq 'search') {
action => "add",
object => "users"});
- my $login = $cgi->param('login');
- my $password = $cgi->param('password');
-
- # Cleanups
- my $realname = trim($cgi->param('name') || '');
- my $disabledtext = trim($cgi->param('disabledtext') || '');
-
# Lock tables during the check+creation session.
$dbh->bz_lock_tables('profiles WRITE',
'profiles_activity WRITE',
@@ -175,9 +182,8 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'edit') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
canSeeUser($otherUserID)
|| ThrowUserError('auth_failure', {reason => "not_visible",
@@ -191,9 +197,8 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'update') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
my $logoutNeeded = 0;
my @changedFields;
@@ -215,13 +220,10 @@ if ($action eq 'search') {
object => "user"});
# Cleanups
- my $login = trim($cgi->param('login') || '');
- my $loginold = $cgi->param('loginold') || '';
- my $realname = trim($cgi->param('name') || '');
- my $realnameold = $cgi->param('nameold') || '';
- my $password = $cgi->param('password') || '';
- my $disabledtext = trim($cgi->param('disabledtext') || '');
- my $disabledtextold = $cgi->param('disabledtextold') || '';
+ my $loginold = $cgi->param('loginold') || '';
+ my $realnameold = $cgi->param('nameold') || '';
+ my $password = $cgi->param('password') || '';
+ my $disabledtextold = $cgi->param('disabledtextold') || '';
# Update profiles table entry; silently skip doing this if the user
# is not authorized.
@@ -272,7 +274,7 @@ if ($action eq 'search') {
join(' = ?,', @changedFields).' = ? ' .
'WHERE userid = ?',
undef, @values);
- # FIXME: should create profiles_activity entries.
+ # XXX: should create profiles_activity entries.
}
}
@@ -301,8 +303,8 @@ if ($action eq 'search') {
# Regard only groups the user is allowed to bless and skip all others
# silently.
- # FIXME: checking for existence of each user_group_map entry
- # would allow to display a friendlier error message on page reloads.
+ # XXX: checking for existence of each user_group_map entry
+ # would allow to display a friendlier error message on page reloads.
foreach (@{groupsUserMayBless($user, 'id')}) {
my $id = $$_{'id'};
@@ -355,11 +357,11 @@ if ($action eq 'search') {
$dbh->do('UPDATE profiles SET refreshed_when=? WHERE userid = ?',
undef, ('1900-01-01 00:00:00', $otherUserID));
}
- # FIXME: should create profiles_activity entries for blesser changes.
+ # XXX: should create profiles_activity entries for blesser changes.
$dbh->bz_unlock_tables();
- # FIXME: userDataToVars may be off when editing ourselves.
+ # XXX: userDataToVars may be off when editing ourselves.
userDataToVars($otherUserID);
$vars->{'message'} = 'account_updated';
@@ -374,9 +376,8 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'del') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
Param('allowuserdeletion') || ThrowUserError('users_deletion_disabled');
$editusers || ThrowUserError('auth_failure', {group => "editusers",
@@ -415,15 +416,6 @@ if ($action eq 'search') {
$vars->{'flags'}{'setter'} = $dbh->selectrow_array(
'SELECT COUNT(*) FROM flags WHERE setter_id = ?',
undef, $otherUserID);
- $vars->{'groups'} = $dbh->selectall_arrayref(
- qq{SELECT name
- FROM groups, user_group_map
- WHERE id = group_id
- AND user_id = ?
- AND isbless = 0
- ORDER BY name
- },
- {'Slice' => {}}, $otherUserID);
$vars->{'longdescs'} = $dbh->selectrow_array(
'SELECT COUNT(*) FROM longdescs WHERE who = ?',
undef, $otherUserID);
@@ -461,15 +453,14 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'delete') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
my $otherUserLogin = $otherUser->login();
# Lock tables during the check+removal session.
- # FIXME: if there was some change on these tables after the deletion
- # confirmation checks, we may do something here we haven't warned
- # about.
+ # XXX: if there was some change on these tables after the deletion
+ # confirmation checks, we may do something here we haven't warned
+ # about.
$dbh->bz_lock_tables('products READ',
'components READ',
'logincookies WRITE',
diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl
index ece5de7e0..91b9395b8 100644
--- a/template/en/default/admin/users/confirm-delete.html.tmpl
+++ b/template/en/default/admin/users/confirm-delete.html.tmpl
@@ -21,8 +21,6 @@
# editusers: is viewing user member of editusers?
# editcomponents: is viewing user member of editcomponents?
# otheruser: Bugzilla::User object of the viewed user.
- # groups: array of Group names the viewed user is a member
- # of.
# product_responsibilities: list of hashes, one entry per Bugzilla component.
# productname: Name of the product.
# componentname: Name of the component.
@@ -78,8 +76,8 @@
<td>
[% IF groups.size %]
<ul>
- [% FOREACH group = groups %]
- <li>[% group.name FILTER html %]</li>
+ [% FOREACH group = otheruser.groups.keys %]
+ <li>[% group FILTER html %]</li>
[% END %]
</ul>
[% ELSE %]
@@ -96,7 +94,7 @@
<li>
[% andstring = '' %]
[% FOREACH responsibility = ['initialowner', 'initialqacontact'] %]
- [% IF component.$responsibility == userid %]
+ [% IF component.$responsibility == otheruser.id %]
[% andstring %] [% responsibilityterms.$responsibility %]
[% andstring = ' and ' %]
[% END %]