</note>
<para>
- If you have access to use this feature, you should notice a link
- next to your login name (in the footer) titled "sudo". Click on the
- link. This will take you to a page where you will see a description of
- the feature and instructions on how to use it. After reading the text,
- simply enter the login of the user you would like to impersonate and
- press the button.</para>
+ If you have access to this feature, you may start a session by
+ going to the Edit Users page, Searching for a user and clicking on
+ their login. You should see a link below their login name titled
+ "Impersonate this user". Click on the link. This will take you
+ to a page where you will see a description of the feature and
+ instructions for using it. After reading the text, simply
+ enter the login of the user you would like to impersonate, provide
+ a short message explaining why you are doing this, and press the
+ button.</para>
<para>
As long as you are using this feature, everything you do will be done
# A. Karl Kornel <karl@kornel.name>
use strict;
-
use lib qw(.);
+
+require "globals.pl";
+
use Bugzilla;
-use Bugzilla::Auth::Login::WWW;
-use Bugzilla::CGI;
+use Bugzilla::BugMail;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::User;
}
# Show the sudo page
- $vars->{'will_logout'} = 1 if Bugzilla::Auth::Login::WWW->can_logout;
+ $vars->{'will_logout'} = $user->get_flag('can_logout');
$target = 'admin/sudo.html.tmpl';
}
# transition-sudo: Validate target, logout user, and redirect for session start
ThrowUserError('sudo_protected', { login => $target_user->login });
}
- # Log out and Redirect user to the new page
+ # If we have a reason passed in, keep it under 200 characters
+ my $reason = $cgi->param('reason') || '';
+ $reason = substr($reason, $[, 200);
+ my $reason_string = '&reason=' . url_quote($reason);
+
+ # Log out and redirect user to the new page
Bugzilla->logout();
$target = 'relogin.cgi';
print $cgi->redirect($target . '?action=begin-sudo&target_login=' .
- url_quote($target_user->login));
+ url_quote($target_user->login) . $reason_string);
exit;
}
# begin-sudo: Confirm login and start sudo session
ThrowUserError('sudo_protected', { login => $target_user->login });
}
+ # If we have a reason passed in, keep it under 200 characters
+ my $reason = $cgi->param('reason') || '';
+ $reason = substr($reason, $[, 200);
+
# Calculate the session expiry time (T + 6 hours)
my $time_string = time2str('%a, %d-%b-%Y %T %Z', time+(6*60*60), 'GMT');
Bugzilla->sudo_request($target_user, Bugzilla->user);
# NOTE: If you want to log the start of an sudo session, do it here.
-
+
+ # Go ahead and send out the message now
+ my $message;
+ $template->process('email/sudo.txt.tmpl',
+ { reason => $reason },
+ \$message);
+ Bugzilla::BugMail::MessageToMTA($message);
+
$vars->{'message'} = 'sudo_started';
$vars->{'target'} = $target_user->login;
$target = 'global/message.html.tmpl';
[% END %]
<p>
- Next, click the button to begin the session:
+ Next, please take a moment to explain why you are doing this:<br>
+ <input type="text" name="reason" size="80" maxlength="200">
+ </p>
+
+ <p>
+ The message you enter here will be sent to the impersonated user by email.
+ You may leave this empty if you wish, but they will still know that you
+ are impersonating them.
+ </p>
+
+ <p>
+ Finally, click the button to begin the session:
<input type="submit" value="Begin Session">
<input type="hidden" name="action" value="sudo-transition">
</p>
--- /dev/null
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Netscape Communications
+ # Corporation. Portions created by Netscape are
+ # Copyright (C) 2005 Netscape Communications Corporation. All
+ # Rights Reserved.
+ #
+ # Contributor(s): A. Karl Kornel <karl@kornel.name>
+ #%]
+
+[% PROCESS global/variables.none.tmpl %]
+
+Content-Type: text/plain
+From: [% Param("maintainer") %]
+To: [% user.email %]
+Subject: [[% terms.Bugzilla %]] Your account [% user.login -%]
+ is being impersonated
+
+ [%+ sudoer.identity %] has used the 'sudo' feature to access
+[%+ terms.Bugzilla %] using your account.
+
+[% IF reason %]
+ [%+ sudoer.identity %] provided the following reason for doing this:
+
+[% reason FILTER wrap_comment %]
+[% ELSE %]
+ [%+ sudoer.identity %] did not provide a reason for doing this.
+[% END %]
+
+ If you feel that this action was inappropiate, please contact
+[%+ Param("maintainer") %]. For more information on this feature,
+visit <[% Param("urlbase") %]page.cgi?id=sudo.html>.
--- /dev/null
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Netscape Communications
+ # Corporation. Portions created by Netscape are
+ # Copyright (C) 2005 Netscape Communications Corporation. All
+ # Rights Reserved.
+ #
+ # Contributor(s): A. Karl Kornel <karl@kornel.name>
+ #%]
+
+[% PROCESS global/variables.none.tmpl %]
+[% INCLUDE global/header.html.tmpl title = "sudo: User Impersonation" %]
+
+<p>
+ [%+ terms.Bugzilla %] includes the ability to have one user impersonate
+another, in something called a <i>sudo session</i>, so long as the person
+doing the impersonating has the appropriate privileges.
+</p>
+
+<p>
+ While a session is in progress, [% terms.Bugzilla %] will act as if the
+ impersonated user is doing everything. This is especially useful for testing,
+ and for doing critical work when the impersonated user is unavailable. The
+ impersonated user will receive an email from [% terms.Bugzilla %] when the
+ session begins; they will not be told anything else.
+</p>
+
+<p>
+ To use this feature, you must be a member of the appropriate group. The group
+ includes all administrators by default. Other users, and members of other
+ groups, can be given access to this feature on a case-by-case basis. To
+ request access, contact the maintainer of this installation:
+ <a href="mailto:[% Param("maintainer") %]">
+ [%- Param("maintainer") %]</a>.
+</p>
+
+<p>
+ If you would like to be protected from impersonation, you should contact the
+ maintainer of this installation to see if that is possible. People with
+ access to this feature are protected automatically.
+</p>
+
+<p id="message">
+ [% IF user.groups.bz_sudoers %]
+ You are a member of the <b>bz_sudoers</b> group. You may use this
+ feature to impersonate others.
+ [% ELSE %]
+ You are not a member of an appropriate group. You may not use this
+ feature.
+ [% END %]
+ [% IF user.groups.bz_sudo_protect %]
+ <br>
+ You are a member of the <b>bz_sudo_protect</b> group. Other people will
+ not be able to use this feature to impersonate you.
+ [% END %]
+</p>
+
+[% INCLUDE global/footer.html.tmpl %]
projects / thirdparty / bugzilla.git / commitdiff
