From a1d58085aa7e7c2d3e1342b92c4887b0d22926f1 Mon Sep 17 00:00:00 2001 From: "jocuri%softhome.net" <> Date: Sun, 16 Jan 2005 22:07:31 +0000 Subject: Patch for bug 265898: edit*.cgi files should all use ThrowUserError(); patch by Frédéric Buclin , r=vladd, a=myk. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editusers.cgi | 71 ++++++++++++++++++++--------------------------------------- 1 file changed, 24 insertions(+), 47 deletions(-) (limited to 'editusers.cgi') diff --git a/editusers.cgi b/editusers.cgi index 7f3eef3a9..a70e3fcf2 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -243,17 +243,12 @@ print Bugzilla->cgi->header(); $editall = UserInGroup("editusers"); -if (!$editall) { - if (!Bugzilla->user->can_bless) { - PutHeader("Not allowed"); - print "Sorry, you aren't a member of the 'editusers' group, and you\n"; - print "don't have permissions to put people in or out of any group.\n"; - print "And so, you aren't allowed to add, modify or delete users.\n"; - PutTrailer(); - exit; - } -} - +$editall + || Bugzilla->user->can_bless + || ThrowUserError("auth_failure", {group => "editusers", + reason => "cant_bless", + action => "edit", + object => "users"}); # @@ -385,13 +380,10 @@ if ($action eq 'list') { # if ($action eq 'add') { + $editall || ThrowUserError("auth_failure", {group => "editusers", + action => "add", + object => "users"}); PutHeader("Add user"); - if (!$editall) { - print "Sorry, you don't have permissions to add new users."; - PutTrailer(); - exit; - } - print "
\n"; print "\n"; @@ -415,13 +407,9 @@ if ($action eq 'add') { # if ($action eq 'new') { - PutHeader("Adding new user"); - - if (!$editall) { - print "Sorry, you don't have permissions to add new users."; - PutTrailer(); - exit; - } + $editall || ThrowUserError("auth_failure", {group => "editusers", + action => "add", + object => "users"}); # Cleanups and valididy checks my $realname = trim($::FORM{realname} || ''); @@ -432,6 +420,7 @@ if ($action eq 'new') { my $disabledtext = trim($::FORM{disabledtext} || ''); my $emailregexp = Param("emailregexp"); + PutHeader("Adding new user"); unless ($user) { print "You must enter a name for the new user. Please press\n"; print "Back and try again.\n"; @@ -494,17 +483,10 @@ if ($action eq 'new') { # if ($action eq 'del') { - PutHeader("Delete user $user"); - if (!$candelete) { - print "Sorry, deleting users isn't allowed."; - PutTrailer(); - exit; - } - if (!$editall) { - print "Sorry, you don't have permissions to delete users."; - PutTrailer(); - exit; - } + $candelete || ThrowUserError("users_deletion_disabled"); + $editall || ThrowUserError("auth_failure", {group => "editusers", + action => "delete", + object => "users"}); CheckUser($user); # display some data about the user @@ -514,6 +496,7 @@ if ($action eq 'del') { FetchSQLData(); $realname = ($realname ? html_quote($realname) : "missing"); + PutHeader("Delete user $user"); print "
\n"; print "\n"; print " \n"; @@ -628,17 +611,10 @@ if ($action eq 'del') { # if ($action eq 'delete') { - PutHeader("Deleting user"); - if (!$candelete) { - print "Sorry, deleting users isn't allowed."; - PutTrailer(); - exit; - } - if (!$editall) { - print "Sorry, you don't have permissions to delete users."; - PutTrailer(); - exit; - } + $candelete || ThrowUserError("users_deletion_disabled"); + $editall || ThrowUserError("auth_failure", {group => "editusers", + action => "delete", + object => "users"}); CheckUser($user); SendSQL("SELECT userid @@ -651,8 +627,9 @@ if ($action eq 'delete') { WHERE login_name=" . SqlQuote($user)); SendSQL("DELETE FROM user_group_map WHERE user_id=" . $userid); - print "User deleted.
\n"; + PutHeader("Deleting user"); + print "User deleted.
\n"; PutTrailer($localtrailer); exit; } -- cgit v1.2.3-24-g4f1b
Part