use vars qw( $vars );
+use Bugzilla;
use Bugzilla::User;
+use Bugzilla::Config;
use Bugzilla::Constants;
use Bugzilla::Auth;
+use Bugzilla::Util;
Bugzilla->login(LOGIN_REQUIRED);
-my $cgi = Bugzilla->cgi();
-my $template = Bugzilla->template();
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
my $dbh = Bugzilla->dbh;
-my $user = Bugzilla->user();
-my $userid = $user->id();
-my $editusers = UserInGroup('editusers');
-my $action = $cgi->param('action') || 'search';
+my $user = Bugzilla->user;
+my $userid = $user->id;
+my $editusers = $user->in_group('editusers');
# Reject access if there is no sense in continuing.
$editusers
print Bugzilla->cgi->header();
+# Common CGI params
+my $action = $cgi->param('action') || 'search';
+my $login = $cgi->param('login');
+my $password = $cgi->param('password');
+my $groupid = $cgi->param('groupid');
+my $otherUser = new Bugzilla::User($cgi->param('userid'));
+my $realname = trim($cgi->param('name') || '');
+my $disabledtext = trim($cgi->param('disabledtext') || '');
+
+# Directly from common CGI params derived values
+my $otherUserID = $otherUser->id();
+
+# Prefill template vars with data used in all or nearly all templates
$vars->{'editusers'} = $editusers;
mirrorListSelectionValues();
my $matchstr = $cgi->param('matchstr');
my $matchtype = $cgi->param('matchtype');
my $grouprestrict = $cgi->param('grouprestrict') || '0';
- my $groupid = $cgi->param('groupid');
my $query = 'SELECT DISTINCT userid, login_name, realname, disabledtext ' .
'FROM profiles';
my @bindValues;
action => "add",
object => "users"});
- my $login = $cgi->param('login');
- my $password = $cgi->param('password');
-
- # Cleanups
- my $realname = trim($cgi->param('name') || '');
- my $disabledtext = trim($cgi->param('disabledtext') || '');
-
# Lock tables during the check+creation session.
$dbh->bz_lock_tables('profiles WRITE',
'profiles_activity WRITE',
###########################################################################
} elsif ($action eq 'edit') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
canSeeUser($otherUserID)
|| ThrowUserError('auth_failure', {reason => "not_visible",
###########################################################################
} elsif ($action eq 'update') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
my $logoutNeeded = 0;
my @changedFields;
object => "user"});
# Cleanups
- my $login = trim($cgi->param('login') || '');
- my $loginold = $cgi->param('loginold') || '';
- my $realname = trim($cgi->param('name') || '');
- my $realnameold = $cgi->param('nameold') || '';
- my $password = $cgi->param('password') || '';
- my $disabledtext = trim($cgi->param('disabledtext') || '');
- my $disabledtextold = $cgi->param('disabledtextold') || '';
+ my $loginold = $cgi->param('loginold') || '';
+ my $realnameold = $cgi->param('nameold') || '';
+ my $password = $cgi->param('password') || '';
+ my $disabledtextold = $cgi->param('disabledtextold') || '';
# Update profiles table entry; silently skip doing this if the user
# is not authorized.
join(' = ?,', @changedFields).' = ? ' .
'WHERE userid = ?',
undef, @values);
- # FIXME: should create profiles_activity entries.
+ # XXX: should create profiles_activity entries.
}
}
# Regard only groups the user is allowed to bless and skip all others
# silently.
- # FIXME: checking for existence of each user_group_map entry
- # would allow to display a friendlier error message on page reloads.
+ # XXX: checking for existence of each user_group_map entry
+ # would allow to display a friendlier error message on page reloads.
foreach (@{groupsUserMayBless($user, 'id')}) {
my $id = $$_{'id'};
$dbh->do('UPDATE profiles SET refreshed_when=? WHERE userid = ?',
undef, ('1900-01-01 00:00:00', $otherUserID));
}
- # FIXME: should create profiles_activity entries for blesser changes.
+ # XXX: should create profiles_activity entries for blesser changes.
$dbh->bz_unlock_tables();
- # FIXME: userDataToVars may be off when editing ourselves.
+ # XXX: userDataToVars may be off when editing ourselves.
userDataToVars($otherUserID);
$vars->{'message'} = 'account_updated';
###########################################################################
} elsif ($action eq 'del') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
Param('allowuserdeletion') || ThrowUserError('users_deletion_disabled');
$editusers || ThrowUserError('auth_failure', {group => "editusers",
$vars->{'flags'}{'setter'} = $dbh->selectrow_array(
'SELECT COUNT(*) FROM flags WHERE setter_id = ?',
undef, $otherUserID);
- $vars->{'groups'} = $dbh->selectall_arrayref(
- qq{SELECT name
- FROM groups, user_group_map
- WHERE id = group_id
- AND user_id = ?
- AND isbless = 0
- ORDER BY name
- },
- {'Slice' => {}}, $otherUserID);
$vars->{'longdescs'} = $dbh->selectrow_array(
'SELECT COUNT(*) FROM longdescs WHERE who = ?',
undef, $otherUserID);
###########################################################################
} elsif ($action eq 'delete') {
- my $otherUser = new Bugzilla::User($cgi->param('userid'))
+ $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
- my $otherUserID = $otherUser->id();
my $otherUserLogin = $otherUser->login();
# Lock tables during the check+removal session.
- # FIXME: if there was some change on these tables after the deletion
- # confirmation checks, we may do something here we haven't warned
- # about.
+ # XXX: if there was some change on these tables after the deletion
+ # confirmation checks, we may do something here we haven't warned
+ # about.
$dbh->bz_lock_tables('products READ',
'components READ',
'logincookies WRITE',
projects / thirdparty / bugzilla.git / commitdiff
