Spruced up "editusers.cgi". Added an "editusers" group.

diff --git a/CGI.pl b/CGI.pl
index 5f7a21f882bf2a32340c41ebb3b5e95df9828713..f6ebcaaa6c6d7028fd69988d9b56f2258debc02a 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -838,6 +838,9 @@ sub GetCommandMenu {
             $html .= ", <a href=editparams.cgi>parameters</a>";
             $html .= ", <a href=sanitycheck.cgi><NOBR>sanity check</NOBR></a>";
         }
+        if (UserInGroup("editusers")) {
+            $html .= ", <a href=editusers.cgi>users</a>";
+        }
         if (UserInGroup("editcomponents")) {
             $html .= ", <a href=editproducts.cgi>components</a>";
         }

diff --git a/checksetup.pl b/checksetup.pl
index e1fd906bf06135699c082794e64acde351592976..0028d7cced2d1e935aff23b6fec3a2803d8a394f 100755 (executable)
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -741,6 +741,7 @@ sub AddGroup ($$)
 #
 
 AddGroup 'tweakparams',      'Can tweak operating parameters';
+AddGroup 'editusers',      'Can edit or disable users';
 AddGroup 'editgroupmembers', 'Can put people in and out of groups that they are members of.';
 AddGroup 'creategroups',     'Can create and destroy groups.';
 AddGroup 'editcomponents',   'Can create, destroy, and edit components.';

diff --git a/defparams.pl b/defparams.pl
index 43bccc8a22377c8e8a99aca14091f6c65348a1b3..342b06fa9a54f2d526c1bcbf9c069836939ee5be 100644 (file)
--- a/defparams.pl
+++ b/defparams.pl
@@ -418,6 +418,12 @@ DefParam("allowbugdeletion",
          0);
 
 
+DefParam("allowuserdeletion",
+         q{The pages to edit users can also let you delete a user.  But there is no code that goes and cleans up any references to that user in other tables, so such deletions are kinda scary.  So, you have to turn on this option before any such deletions will ever happen.},
+         "b",
+         0);
+
+
 DefParam("strictvaluechecks",
          "Do stricter integrity checking on both form submission values and values read in from the database.",
          "b",

diff --git a/editusers.cgi b/editusers.cgi
index 5b5d7e526feb6f9e622f64dc34572549ce60cc95..d4c3cfd166c942dd83dfeb49c2e1dfc41542e918 100755 (executable)
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -73,9 +73,9 @@ sub CheckUser ($)
 # Displays the form to edit a user parameters
 #
 
-sub EmitFormElements ($$$$)
+sub EmitFormElements ($$$$$)
 {
-    my ($user, $password, $realname, $groupset) = @_;
+    my ($user, $password, $realname, $groupset, $emailnotification) = @_;
 
     print "  <TH ALIGN=\"right\">Login name:</TH>\n";
     print "  <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"user\" VALUE=\"$user\"></TD>\n";
@@ -88,16 +88,29 @@ sub EmitFormElements ($$$$)
     print "  <TH ALIGN=\"right\">Password:</TH>\n";
     print "  <TD><INPUT SIZE=16 MAXLENGTH=16 NAME=\"password\" VALUE=\"$password\"></TD>\n";
 
+    print "</TR><TR>\n";
+    print "  <TH ALIGN=\"right\">Email notification:</TH>\n";
+    print qq{<TD><SELECT NAME="emailnotification">};
+    foreach my $i (["ExcludeSelfChanges", "All qualifying bugs except those which I change"],
+                   ["CConly", "Only those bugs which I am listed on the CC line"],
+                   ["All", "All qualifying bugs"]) {
+        my ($tag, $desc) = (@$i);
+        my $selectpart = "";
+        if ($tag eq $emailnotification) {
+            $selectpart = " SELECTED";
+        }
+        print qq{<OPTION$selectpart VALUE="$tag">$desc\n};
+    }
+    print "</SELECT></TD>\n";
 
-    SendSQL("SELECT bit,name,description
+    SendSQL("SELECT bit,name,description,bit & $groupset != 0
             FROM groups
             ORDER BY name");
     while (MoreSQLData()) {
-       my($bit,$name,$description) = FetchSQLData();
+       my ($bit,$name,$description,$checked) = FetchSQLData();
        print "</TR><TR>\n";
-        $bit = $bit+0; # this strange construct coverts a string to a number
        print "  <TH ALIGN=\"right\">", ucfirst($name), ":</TH>\n";
-       my $checked = ($groupset & $bit) ? "CHECKED" : "";
+       $checked = ($checked) ? "CHECKED" : "";
        print "  <TD><INPUT TYPE=CHECKBOX NAME=\"bit_$name\" $checked VALUE=\"$bit\"> $description</TD>\n";
     }
 
@@ -142,9 +155,9 @@ confirm_login();
 
 print "Content-type: text/html\n\n";
 
-unless (UserInGroup("tweakparams")) {
+unless (UserInGroup("editusers")) {
     PutHeader("Not allowed");
-    print "Sorry, you aren't a member of the 'tweakparams' group.\n";
+    print "Sorry, you aren't a member of the 'editusers' group.\n";
     print "And so, you aren't allowed to add, modify or delete users.\n";
     PutTrailer();
     exit;
@@ -158,25 +171,63 @@ unless (UserInGroup("tweakparams")) {
 my $user    = trim($::FORM{user}   || '');
 my $action  = trim($::FORM{action} || '');
 my $localtrailer = "<A HREF=\"editusers.cgi\">edit</A> more users";
+my $candelete = Param('allowuserdeletion');
 
 
 
 #
-# action='' -> Show nice list of users
+# action='' -> Ask for match string for users.
 #
 
 unless ($action) {
+    PutHeader("Select match string");
+    print qq{
+<FORM METHOD=POST ACTION="editusers.cgi">
+<INPUT TYPE=HIDDEN NAME="action" VALUE="list">
+List users with login name matching: 
+<INPUT SIZE=32 NAME="matchstr">
+<SELECT NAME="matchtype">
+<OPTION VALUE="substr" SELECTED>case-insensitive substring
+<OPTION VALUE="regexp" SELECTED>case-sensitive regexp
+<OPTION VALUE="notregexp" SELECTED>not (case-sensitive regexp)
+</SELECT>
+<BR>
+<INPUT TYPE=SUBMIT VALUE="Submit">
+};
+    PutTrailer();
+    exit;
+}
+
+
+#
+# action='list' -> Show nice list of matching users
+#
+
+if ($action eq 'list') {
     PutHeader("Select user");
+    my $query = "SELECT login_name,realname FROM profiles WHERE login_name ";
+    if ($::FORM{'matchtype'} eq 'substr') {
+        $query .= "like";
+        $::FORM{'matchstr'} = '%' . $::FORM{'matchstr'} . '%';
+    } elsif ($::FORM{'matchtype'} eq 'regexp') {
+        $query .= "regexp";
+    } elsif ($::FORM{'matchtype'} eq 'notregexp') {
+        $query .= "not regexp";
+    } else {
+        die "Unknown match type";
+    }
+    $query .= SqlQuote($::FORM{'matchstr'}) . " ORDER BY login_name";
 
-    SendSQL("SELECT login_name,realname
-            FROM profiles
-            ORDER BY login_name");
+    SendSQL($query);
     my $count = 0;
     my $header = "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0><TR BGCOLOR=\"#6666FF\">
 <TH ALIGN=\"left\">Edit user ...</TH>
 <TH ALIGN=\"left\">Real name</TH>
-<TH ALIGN=\"left\">Action</TH>\n
-</TR>";
+";
+    if ($candelete) {
+        $header .= "<TH ALIGN=\"left\">Action</TH>\n";
+    }
+    $header .= "</TR>\n";
     print $header;
     while ( MoreSQLData() ) {
         $count++;
@@ -188,15 +239,22 @@ unless ($action) {
        print "<TR>\n";
        print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$user</B></A></TD>\n";
        print "  <TD VALIGN=\"top\">$realname</TD>\n";
-       print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n";
+        if ($candelete) {
+            print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n";
+        }
        print "</TR>";
     }
     print "<TR>\n";
-    print "  <TD VALIGN=\"top\" COLSPAN=2>Add a new user</TD>\n";
-    print "  <TD VALIGN=\"top\" ALIGN=\"middle\"><FONT SIZE =-1><A HREF=\"editusers.cgi?action=add\">Add</A></FONT></TD>\n";
+    my $span = $candelete ? 3 : 2;
+    print qq{
+<TD VALIGN="top" COLSPAN=$span ALIGN="right">
+    <A HREF=\"editusers.cgi?action=add\">Add a new user</A>
+</TD>
+};
     print "</TR></TABLE>\n";
+    print "$count users found.\n";
 
-    PutTrailer();
+    PutTrailer($localtrailer);
     exit;
 }
 
@@ -212,12 +270,10 @@ unless ($action) {
 if ($action eq 'add') {
     PutHeader("Add user");
 
-    #print "This page lets you add a new product to bugzilla.\n";
-
     print "<FORM METHOD=POST ACTION=editusers.cgi>\n";
     print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n";
 
-    EmitFormElements('', '', '', 0);
+    EmitFormElements('', '', '', 0, 'ExcludeSelfChanges');
 
     print "</TR></TABLE>\n<HR>\n";
     print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n";
@@ -269,11 +325,11 @@ if ($action eq 'new') {
         exit;
     }
 
-    my $bits = 0;
+    my $bits = "0";
     foreach (keys %::FORM) {
        next unless /^bit_/;
        #print "$_=$::FORM{$_}<br>\n";
-       $bits |= $::FORM{$_};
+       $bits .= "+ $::FORM{$_}";
     }
     
 
@@ -306,9 +362,13 @@ if ($action eq 'new') {
 
 if ($action eq 'del') {
     PutHeader("Delete user");
+    if (!$candelete) {
+        print "Sorry, deleting users isn't allowed.";
+        PutTrailer();
+    }
     CheckUser($user);
 
-    # display some data about the product
+    # display some data about the user
     SendSQL("SELECT realname, groupset, emailnotification, login_name
             FROM profiles
             WHERE login_name=" . SqlQuote($user));
@@ -431,6 +491,10 @@ if ($action eq 'del') {
 
 if ($action eq 'delete') {
     PutHeader("Deleting user");
+    if (!$candelete) {
+        print "Sorry, deleting users isn't allowed.";
+        PutTrailer();
+    }
     CheckUser($user);
 
     SendSQL("SELECT userid
@@ -469,7 +533,8 @@ if ($action eq 'edit') {
     print "<FORM METHOD=POST ACTION=editusers.cgi>\n";
     print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n";
 
-    EmitFormElements($user, $password, $realname, $groupset);
+    EmitFormElements($user, $password, $realname, $groupset,
+                     $emailnotification);
     
     print "</TR></TABLE>\n";
 
@@ -505,11 +570,11 @@ if ($action eq 'update') {
     my $emailnotificationold  = trim($::FORM{emailnotificationold} || '');
     my $groupsetold           = trim($::FORM{groupsetold}          || '');
 
-    my $groupset = 0;
+    my $groupset = "0";
     foreach (keys %::FORM) {
        next unless /^bit_/;
        #print "$_=$::FORM{$_}<br>\n";
-       $groupset |= $::FORM{$_};
+       $groupset .= "+ $::FORM{$_}";
     }
 
     CheckUser($userold);
@@ -524,20 +589,17 @@ if ($action eq 'update') {
        print "Updated permissions.\n";
     }
 
-=for me
-
     if ($emailnotification ne $emailnotificationold) {
         SendSQL("UPDATE profiles
-                SET emailnotification=" . $emailnotification . "
+                SET emailnotification=" . SqlQuote($emailnotification) . "
                 WHERE login_name=" . SqlQuote($userold));
        print "Updated email notification.<BR>\n";
     }
 
-=cut
-
     if ($password ne $passwordold) {
+        my $q = SqlQuote($password);
         SendSQL("UPDATE profiles
-                SET password=" . SqlQuote($password) . "
+                SET password= $q, cryptpassword = ENCRYPT($q)
                 WHERE login_name=" . SqlQuote($userold));
        print "Updated password.<BR>\n";
     }