From 0e9fdfdcb1b423f9d26747d779bf3d368b92ced1 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Fri, 16 Sep 2005 05:01:56 +0000 Subject: Bug 304696: Replace UserInGroup() by $user->in_group() when checking user privs in edit*.cgi files - Patch by Frédéric Buclin r=mkanat a=justdave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doeditparams.cgi | 5 ++--- editcomponents.cgi | 2 +- editflagtypes.cgi | 5 ++--- editgroups.cgi | 5 ++--- editkeywords.cgi | 5 ++--- editmilestones.cgi | 3 +-- editparams.cgi | 5 ++--- editproducts.cgi | 3 +-- editsettings.cgi | 5 ++--- editusers.cgi | 2 +- editversions.cgi | 5 ++--- editwhines.cgi | 5 ++--- 12 files changed, 20 insertions(+), 30 deletions(-) diff --git a/doeditparams.cgi b/doeditparams.cgi index cfc21e23d..8d69f56bc 100755 --- a/doeditparams.cgi +++ b/doeditparams.cgi @@ -28,18 +28,17 @@ use lib qw(.); use Bugzilla; use Bugzilla::Constants; use Bugzilla::Config qw(:DEFAULT :admin $datadir); -use Bugzilla::User; require "globals.pl"; -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; print $cgi->header(); -UserInGroup("tweakparams") +$user->in_group('tweakparams') || ThrowUserError("auth_failure", {group => "tweakparams", action => "modify", object => "parameters"}); diff --git a/editcomponents.cgi b/editcomponents.cgi index 703f124c9..096570d82 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -53,7 +53,7 @@ my $whoid = $user->id; print $cgi->header(); -UserInGroup("editcomponents") +$user->in_group('editcomponents') || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "components"}); diff --git a/editflagtypes.cgi b/editflagtypes.cgi index ed3743a43..d0c04f5c1 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -37,14 +37,13 @@ use Bugzilla::Constants; use Bugzilla::Flag; use Bugzilla::FlagType; use Bugzilla::Group; -use Bugzilla::User; use Bugzilla::Util; use vars qw( $template $vars ); # Make sure the user is logged in and is an administrator. -Bugzilla->login(LOGIN_REQUIRED); -UserInGroup("editcomponents") +my $user = Bugzilla->login(LOGIN_REQUIRED); +$user->in_group('editcomponents') || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "flagtypes"}); diff --git a/editgroups.cgi b/editgroups.cgi index f032da728..d457303f1 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -31,7 +31,6 @@ use lib "."; use Bugzilla; use Bugzilla::Constants; -use Bugzilla::User; use Bugzilla::Group; require "globals.pl"; @@ -40,11 +39,11 @@ my $dbh = Bugzilla->dbh; use vars qw($template $vars); -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); -UserInGroup("creategroups") +$user->in_group('creategroups') || ThrowUserError("auth_failure", {group => "creategroups", action => "edit", object => "groups"}); diff --git a/editkeywords.cgi b/editkeywords.cgi index bca94dba0..77b8f0a22 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -28,7 +28,6 @@ require "globals.pl"; use Bugzilla; use Bugzilla::Constants; use Bugzilla::Config qw(:DEFAULT $datadir); -use Bugzilla::User; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -60,11 +59,11 @@ sub Validate { # Preliminary checks: # -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); -UserInGroup("editkeywords") +$user->in_group('editkeywords') || ThrowUserError("auth_failure", {group => "editkeywords", action => "edit", object => "keywords"}); diff --git a/editmilestones.cgi b/editmilestones.cgi index 18c3f62aa..b9c4e0d51 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -23,7 +23,6 @@ require "globals.pl"; use Bugzilla::Constants; use Bugzilla::Config qw(:DEFAULT $datadir); -use Bugzilla::User; use Bugzilla::Product; use Bugzilla::Milestone; use Bugzilla::Bug; @@ -42,7 +41,7 @@ my $whoid = $user->id; print $cgi->header(); -UserInGroup("editcomponents") +$user->in_group('editcomponents') || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "milestones"}); diff --git a/editparams.cgi b/editparams.cgi index 264e991a4..8924a0edc 100755 --- a/editparams.cgi +++ b/editparams.cgi @@ -27,17 +27,16 @@ use lib "."; use Bugzilla::Constants; use Bugzilla::Config qw(:DEFAULT :admin); -use Bugzilla::User; require "globals.pl"; -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); my $template = Bugzilla->template; print Bugzilla->cgi->header(); -UserInGroup("tweakparams") +$user->in_group('tweakparams') || ThrowUserError("auth_failure", {group => "tweakparams", action => "modify", object => "parameters"}); diff --git a/editproducts.cgi b/editproducts.cgi index 315dfd059..9aadfd04a 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -37,7 +37,6 @@ use Bugzilla::Constants; require "globals.pl"; use Bugzilla::Bug; use Bugzilla::Series; -use Bugzilla::User; use Bugzilla::Config qw(:DEFAULT $datadir); # Shut up misguided -w warnings about "used only once". "use vars" just @@ -242,7 +241,7 @@ my $whoid = $user->id; my $cgi = Bugzilla->cgi; print $cgi->header(); -UserInGroup("editcomponents") +$user->in_group('editcomponents') || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "products"}); diff --git a/editsettings.cgi b/editsettings.cgi index 742bd7176..883666074 100755 --- a/editsettings.cgi +++ b/editsettings.cgi @@ -21,7 +21,6 @@ use lib qw(.); use Bugzilla; use Bugzilla::Constants; -use Bugzilla::User; use Bugzilla::User::Setting; require "globals.pl"; @@ -69,12 +68,12 @@ sub SaveSettings{ ### Live code ### ################### -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; print $cgi->header; -UserInGroup("tweakparams") +$user->in_group('tweakparams') || ThrowUserError("auth_failure", {group => "tweakparams", action => "modify", object => "settings"}); diff --git a/editusers.cgi b/editusers.cgi index ade2f0ca7..27c16bbe7 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -43,7 +43,7 @@ my $editusers = $user->in_group('editusers'); # Reject access if there is no sense in continuing. $editusers - || Bugzilla->user->can_bless() + || $user->can_bless() || ThrowUserError("auth_failure", {group => "editusers", reason => "cant_bless", action => "edit", diff --git a/editversions.cgi b/editversions.cgi index cf2303e5f..66e81b864 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -35,7 +35,6 @@ require "globals.pl"; use Bugzilla::Constants; use Bugzilla::Config qw(:DEFAULT $datadir); -use Bugzilla::User; use Bugzilla::Product; use Bugzilla::Version; @@ -48,11 +47,11 @@ my $dbh = Bugzilla->dbh; # Preliminary checks: # -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); -UserInGroup("editcomponents") +$user->in_group('editcomponents') || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "versions"}); diff --git a/editwhines.cgi b/editwhines.cgi index db9d08292..2b70acc13 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -36,7 +36,7 @@ use Bugzilla::Constants; use Bugzilla::User; use Bugzilla::Group; # require the user to have logged in -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); ############################################################################### # Main Body Execution @@ -46,7 +46,6 @@ my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; my $dbh = Bugzilla->dbh; -my $user = Bugzilla->user; my $userid = $user->id; my $sth; # database statement handle @@ -73,7 +72,7 @@ my $sth; # database statement handle my $events = get_events($userid); # First see if this user may use whines -UserInGroup("bz_canusewhines") +$user->in_group('bz_canusewhines') || ThrowUserError("auth_failure", {group => "bz_canusewhines", action => "schedule", object => "reports"}); -- cgit v1.2.3-24-g4f1b