Bug 282574 : use the new "auth_failure" error message for all authentication failures

Patch by Frederic Buclin <LpSolit@gmail.com>   r=travis, wurblzap  a=myk

diff --git a/attachment.cgi b/attachment.cgi
index 64e30f64a7f8b0b7b727be2ec5744ea57e957818..5e4c520f50d9b72c3fabe44bb189c9c0d278df8c 100755 (executable)
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -204,9 +204,10 @@ sub validateID
     # Make sure the user is authorized to access this attachment's bug.
     ($bugid, my $isprivate) = FetchSQLData();
     ValidateBugID($bugid);
-    if (($isprivate > 0 ) && Param("insidergroup") && 
-        !(UserInGroup(Param("insidergroup")))) {
-        ThrowUserError("attachment_access_denied");
+    if ($isprivate && Param("insidergroup")) {
+        UserInGroup(Param("insidergroup"))
+          || ThrowUserError("auth_failure", {action => "access",
+                                             object => "attachment"});
     }
 
     # XXX shim code, kill $::FORM

diff --git a/buglist.cgi b/buglist.cgi
index 5eadd906e378d7157b9c9d4d34711c6d989d9723..18ccde0d7069474adc4a982404e08adb0bbbb0ed 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -73,7 +73,10 @@ my $dotweak = $::FORM{'tweak'} ? 1 : 0;
 # Log the user in
 if ($dotweak) {
     Bugzilla->login(LOGIN_REQUIRED);
-    UserInGroup("editbugs") || ThrowUserError("insufficient_privs_for_multi");
+    UserInGroup("editbugs")
+      || ThrowUserError("auth_failure", {group  => "editbugs",
+                                         action => "modify",
+                                         object => "multiple_bugs"});
     GetVersionTable();
 }
 else {

diff --git a/doeditparams.cgi b/doeditparams.cgi
index 679bd74e3ffe3782d82fd7fd8a4d46a764e77657..099b98404ca6b611fd99d7969fa3e756cce02aab 100755 (executable)
--- a/doeditparams.cgi
+++ b/doeditparams.cgi
@@ -37,12 +37,10 @@ my $cgi = Bugzilla->cgi;
 
 print $cgi->header();
 
-if (!UserInGroup("tweakparams")) {
-    print "<h1>Sorry, you aren't a member of the 'tweakparams' group.</h1>\n";
-    print "And so, you aren't allowed to edit the parameters.\n";
-    PutFooter();
-    exit;
-}
+UserInGroup("tweakparams")
+  || ThrowUserError("auth_failure", {group  => "tweakparams",
+                                     action => "modify",
+                                     object => "parameters"});
 
 PutHeader("Saving new parameters");
 

diff --git a/quips.cgi b/quips.cgi
index 0e0c13d085252afbce8b144f56074566e5242abe..dc0106450ba60b5b90e5554865a98ac6d16718e1 100755 (executable)
--- a/quips.cgi
+++ b/quips.cgi
@@ -119,9 +119,10 @@ if ($action eq 'approve') {
 }
 
 if ($action eq "delete") {
-    if (!UserInGroup('admin')) {
-        ThrowUserError("quips_edit_denied");
-    }
+    UserInGroup("admin")
+      || ThrowUserError("auth_failure", {group  => "admin",
+                                         action => "delete",
+                                         object => "quips"});
     my $quipid = $cgi->param("quipid");
     ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; 
     $quipid = $1;

diff --git a/sanitycheck.cgi b/sanitycheck.cgi
index 63ddf181f55b390b1e9325edec0120f88e6fe77a..30a07be5bac8acd2f5670ce4b5de32471ca8d595 100755 (executable)
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -82,7 +82,9 @@ my $dbh = Bugzilla->dbh;
 # prevents users with a legitimate interest in Bugzilla integrity
 # from accessing the script).
 UserInGroup("editbugs")
-  || ThrowUserError("sanity_check_access_denied");
+  || ThrowUserError("auth_failure", {group  => "editbugs",
+                                     action => "run",
+                                     object => "sanity_check"});
 
 print "Content-type: text/html\n";
 print "\n";

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index fffcdf4c436973612678741fc47bad48e9584257..2d992dfce3c9f171e6bf1f6708c434f52e84af2f 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -17,7 +17,7 @@
   # Rights Reserved.
   #
   # Contributor(s): Gervase Markham <gerv@gerv.net>
-  #                 Frédéric Buclin <LpSolit@netscape.net>
+  #                 Frédéric Buclin <LpSolit@gmail.com>
   #%]
 
 [%# INTERFACE:
@@ -113,8 +113,10 @@
       [% END %]
     [% END %]
 
-    and so you aren't allowed to
-    [% IF action == "add" %]
+    [% IF group || reason %] and so [% END %] you are not authorized to
+    [% IF action == "access" %]
+      access
+    [% ELSIF action == "add" %]
       add new
     [% ELSIF action == "modify" %]
       modify
@@ -122,13 +124,17 @@
       delete
     [% ELSIF action == "edit" %]
       add, modify or delete
+    [% ELSIF action == "run" %]
+      run
     [% ELSIF action == "schedule" %]
       schedule
     [% ELSIF action == "use" %]
       use
     [% END %]
 
-    [% IF object == "charts" %]
+    [% IF object == "attachment" %]
+      this attachment
+    [% ELSIF object == "charts" %]
       the "New Charts" feature
     [% ELSIF object == "classifications" %]
       classifications
@@ -142,12 +148,18 @@
       keywords
     [% ELSIF object == "milestones" %]
       milestones
+    [% ELSIF object == "multiple_bugs" %]
+      multiple [% terms.bugs %] at once
     [% ELSIF object == "parameters" %]
       parameters
     [% ELSIF object == "products" %]
       products
+    [% ELSIF object == "quips" %]
+      quips
     [% ELSIF object == "reports" %]
       whine reports
+    [% ELSIF object == "sanity_check" %]
+      a sanity check
     [% ELSIF object == "user" %]
       the user you specified
     [% ELSIF object == "users" %]
@@ -156,10 +168,6 @@
       versions
     [% END %].
 
-  [% ELSIF error == "attachment_access_denied" %]
-    [% title = "Access Denied" %]
-    You are not authorized to access this attachment.
-
   [% ELSIF error == "attachment_removed" %]
     [% title = "Attachment Removed" %]
     The attachment you are attempting to access has been removed.
@@ -548,11 +556,6 @@
   [% ELSIF error == "insufficient_data_points" %]
     We don't have enough data points to make a graph (yet).
         
-  [% ELSIF error == "insufficient_privs_for_multi" %]
-    [% title = "Insufficient Privileges" %]
-    Sorry, you do not have sufficient privileges to edit multiple 
-    [% terms.bugs %].
-    
   [% ELSIF error == "invalid_attach_id" %]
     [% title = "Invalid Attachment ID" %]
     The attachment id [% attach_id FILTER html %] is invalid.
@@ -918,10 +921,6 @@
     [% title = "Quips Disabled" %]
     Quips are disabled.
 
-  [% ELSIF error == "quips_edit_denied" %]
-    [% title = "Permission Denied" %]
-    You do not have permission to edit quips.
-
   [% ELSIF error == "reassign_to_empty" %]
     [% title = "Illegal Reassignment" %]
     To reassign [% terms.abug %], you must provide an address for
@@ -945,10 +944,6 @@
     [% title = "Summary Needed" %]
     You must enter a summary for this [% terms.bug %].
 
-  [% ELSIF error == "sanity_check_access_denied" %]
-    [% title = "Access Denied" %]
-    You do not have the permissions necessary to run a sanity check.
-
   [% ELSIF error == "search_content_without_matches" %]
     [% title = "Illegal Search" %]
     The "content" field can only be used with "matches" search