summaryrefslogtreecommitdiffstats
path: root/editusers.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-xeditusers.cgi83
1 files changed, 37 insertions, 46 deletions
diff --git a/editusers.cgi b/editusers.cgi
index fd8498348..82ad50bcf 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -23,19 +23,21 @@ require "globals.pl";
use vars qw( $vars );
+use Bugzilla;
use Bugzilla::User;
+use Bugzilla::Config;
use Bugzilla::Constants;
use Bugzilla::Auth;
+use Bugzilla::Util;
Bugzilla->login(LOGIN_REQUIRED);
-my $cgi = Bugzilla->cgi();
-my $template = Bugzilla->template();
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
my $dbh = Bugzilla->dbh;
-my $user = Bugzilla->user();
-my $userid = $user->id();
-my $editusers = UserInGroup('editusers');
-my $action = $cgi->param('action') || 'search';
+my $user = Bugzilla->user;
+my $userid = $user->id;
+my $editusers = $user->in_group('editusers');
# Reject access if there is no sense in continuing.
$editusers
@@ -47,6 +49,19 @@ $editusers
print Bugzilla->cgi->header();
+# Common CGI params
+my $action = $cgi->param('action') || 'search';
+my $login = $cgi->param('login');
+my $password = $cgi->param('password');
+my $groupid = $cgi->param('groupid');
+my $otherUser = new Bugzilla::User($cgi->param('userid'));
+my $realname = trim($cgi->param('name') || '');
+my $disabledtext = trim($cgi->param('disabledtext') || '');
+
+# Directly from common CGI params derived values
+my $otherUserID = $otherUser->id();
+
+# Prefill template vars with data used in all or nearly all templates
$vars->{'editusers'} = $editusers;
mirrorListSelectionValues();
@@ -62,7 +77,6 @@ if ($action eq 'search') {
my $matchstr = $cgi->param('matchstr');
my $matchtype = $cgi->param('matchtype');
my $grouprestrict = $cgi->param('grouprestrict') || '0';
- my $groupid = $cgi->param('groupid');
my $query = 'SELECT DISTINCT userid, login_name, realname, disabledtext ' .
'FROM profiles';
my @bindValues;
@@ -136,13 +150,6 @@ if ($action eq 'search') {
action => "add",
object => "users"});
- my $login = $cgi->param('login');
- my $password = $cgi->param('password');
-
- # Cleanups
- my $realname = trim($cgi->param('name') || '');
- my $disabledtext = trim($cgi->param('disabledtext') || '');
-
# Lock tables during the check+creation session.
$dbh->bz_lock_tables('profiles WRITE',
'profiles_activity WRITE',
@@ -175,9 +182,8 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'edit') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
canSeeUser($otherUserID)
|| ThrowUserError('auth_failure', {reason => "not_visible",
@@ -191,9 +197,8 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'update') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
my $logoutNeeded = 0;
my @changedFields;
@@ -215,13 +220,10 @@ if ($action eq 'search') {
object => "user"});
# Cleanups
- my $login = trim($cgi->param('login') || '');
- my $loginold = $cgi->param('loginold') || '';
- my $realname = trim($cgi->param('name') || '');
- my $realnameold = $cgi->param('nameold') || '';
- my $password = $cgi->param('password') || '';
- my $disabledtext = trim($cgi->param('disabledtext') || '');
- my $disabledtextold = $cgi->param('disabledtextold') || '';
+ my $loginold = $cgi->param('loginold') || '';
+ my $realnameold = $cgi->param('nameold') || '';
+ my $password = $cgi->param('password') || '';
+ my $disabledtextold = $cgi->param('disabledtextold') || '';
# Update profiles table entry; silently skip doing this if the user
# is not authorized.
@@ -272,7 +274,7 @@ if ($action eq 'search') {
join(' = ?,', @changedFields).' = ? ' .
'WHERE userid = ?',
undef, @values);
- # FIXME: should create profiles_activity entries.
+ # XXX: should create profiles_activity entries.
}
}
@@ -301,8 +303,8 @@ if ($action eq 'search') {
# Regard only groups the user is allowed to bless and skip all others
# silently.
- # FIXME: checking for existence of each user_group_map entry
- # would allow to display a friendlier error message on page reloads.
+ # XXX: checking for existence of each user_group_map entry
+ # would allow to display a friendlier error message on page reloads.
foreach (@{groupsUserMayBless($user, 'id')}) {
my $id = $$_{'id'};
@@ -355,11 +357,11 @@ if ($action eq 'search') {
$dbh->do('UPDATE profiles SET refreshed_when=? WHERE userid = ?',
undef, ('1900-01-01 00:00:00', $otherUserID));
}
- # FIXME: should create profiles_activity entries for blesser changes.
+ # XXX: should create profiles_activity entries for blesser changes.
$dbh->bz_unlock_tables();
- # FIXME: userDataToVars may be off when editing ourselves.
+ # XXX: userDataToVars may be off when editing ourselves.
userDataToVars($otherUserID);
$vars->{'message'} = 'account_updated';
@@ -374,9 +376,8 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'del') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
Param('allowuserdeletion') || ThrowUserError('users_deletion_disabled');
$editusers || ThrowUserError('auth_failure', {group => "editusers",
@@ -415,15 +416,6 @@ if ($action eq 'search') {
$vars->{'flags'}{'setter'} = $dbh->selectrow_array(
'SELECT COUNT(*) FROM flags WHERE setter_id = ?',
undef, $otherUserID);
- $vars->{'groups'} = $dbh->selectall_arrayref(
- qq{SELECT name
- FROM groups, user_group_map
- WHERE id = group_id
- AND user_id = ?
- AND isbless = 0
- ORDER BY name
- },
- {'Slice' => {}}, $otherUserID);
$vars->{'longdescs'} = $dbh->selectrow_array(
'SELECT COUNT(*) FROM longdescs WHERE who = ?',
undef, $otherUserID);
@@ -461,15 +453,14 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'delete') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
my $otherUserLogin = $otherUser->login();
# Lock tables during the check+removal session.
- # FIXME: if there was some change on these tables after the deletion
- # confirmation checks, we may do something here we haven't warned
- # about.
+ # XXX: if there was some change on these tables after the deletion
+ # confirmation checks, we may do something here we haven't warned
+ # about.
$dbh->bz_lock_tables('products READ',
'components READ',
'logincookies WRITE',