From: dklawren Date: Tue, 10 Apr 2018 03:17:44 +0000 (-0400) Subject: Bug 1328900 - Create new group called 'disableusers' that can only edit the bugmail... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58c4f6814461ee4e35f0cffbdd63d948df940d35;p=thirdparty%2Fbugzilla.git Bug 1328900 - Create new group called 'disableusers' that can only edit the bugmail and disabledtext fields of a user --- diff --git a/Bugzilla/Install.pm b/Bugzilla/Install.pm index ced559111..8bce9b5e7 100644 --- a/Bugzilla/Install.pm +++ b/Bugzilla/Install.pm @@ -203,6 +203,10 @@ use constant SYSTEM_GROUPS => ( name => 'editusers', description => 'Can edit or disable users' }, + { + name => 'disableusers', + description => 'Can disable users' + }, { name => 'creategroups', description => 'Can create and destroy groups' diff --git a/admin.cgi b/admin.cgi index d8fc0475d..801b26e20 100755 --- a/admin.cgi +++ b/admin.cgi @@ -25,6 +25,7 @@ print $cgi->header(); $user->in_group('admin') || $user->in_group('tweakparams') || $user->in_group('editusers') + || $user->in_group('disableusers') || $user->can_bless || (Bugzilla->params->{'useclassification'} && $user->in_group('editclassifications')) || $user->in_group('editcomponents') diff --git a/editusers.cgi b/editusers.cgi index 934e0a4ef..9fbd550fe 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -26,15 +26,18 @@ use Bugzilla::Token; my $user = Bugzilla->login(LOGIN_REQUIRED); -my $cgi = Bugzilla->cgi; -my $template = Bugzilla->template; -my $dbh = Bugzilla->dbh; -my $userid = $user->id; -my $editusers = $user->in_group('editusers'); +my $cgi = Bugzilla->cgi; +my $template = Bugzilla->template; +my $dbh = Bugzilla->dbh; +my $userid = $user->id; +my $editusers = $user->in_group('editusers'); +my $disableusers = $user->in_group('disableusers'); + local our $vars = {}; # Reject access if there is no sense in continuing. $editusers + || $disableusers || $user->can_bless() || ThrowUserError("auth_failure", {group => "editusers", reason => "cant_bless", @@ -51,6 +54,7 @@ my $token = $cgi->param('token'); # Prefill template vars with data used in all or nearly all templates $vars->{'editusers'} = $editusers; +$vars->{'disableusers'} = $disableusers; mirrorListSelectionValues(); Bugzilla::Hook::process('admin_editusers_action', @@ -234,7 +238,7 @@ if ($action eq 'search') { # Lock tables during the check+update session. $dbh->bz_start_transaction(); - $editusers || $user->can_see_user($otherUser) + $editusers || $disableusers || $user->can_see_user($otherUser) || ThrowUserError('auth_failure', {reason => "not_visible", action => "modify", object => "user"}); @@ -246,11 +250,8 @@ if ($action eq 'search') { my $changes = {}; if ($editusers) { $otherUser->set_login($cgi->param('login')); - $otherUser->set_name($cgi->param('name')); $otherUser->set_password($cgi->param('password')) if $cgi->param('password'); - $otherUser->set_disabledtext($cgi->param('disabledtext')); - $otherUser->set_disable_mail($cgi->param('disable_mail')); $otherUser->set_extern_id($cgi->param('extern_id')) if defined($cgi->param('extern_id')); $otherUser->set_password_change_required($cgi->param('password_change_required')); @@ -262,9 +263,16 @@ if ($action eq 'search') { if ($user->in_group('bz_can_disable_mfa') && $otherUser->mfa && $cgi->param('mfa') eq '') { $otherUser->set_mfa(''); } - $changes = $otherUser->update(); } + if ($editusers || $disableusers) { + $otherUser->set_name($cgi->param('name')); + $otherUser->set_disabledtext($cgi->param('disabledtext')); + $otherUser->set_disable_mail($cgi->param('disable_mail')); + } + + $changes = $otherUser->update(); + # Update group settings. my $sth_add_mapping = $dbh->prepare( qq{INSERT INTO user_group_map ( @@ -850,7 +858,9 @@ sub edit_processing { my $user = Bugzilla->user; my $template = Bugzilla->template; - $user->in_group('editusers') || $user->can_see_user($otherUser) + $user->in_group('editusers') + || $user->in_group('disableusers') + || $user->can_see_user($otherUser) || ThrowUserError('auth_failure', {reason => "not_visible", action => "modify", object => "user"}); diff --git a/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl index cd05d053f..9eda7b936 100644 --- a/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl +++ b/extensions/BugModal/template/en/default/bug_modal/user.html.tmpl @@ -46,7 +46,7 @@ END; href="mailto:[% u.email FILTER html %]" data-user-email="[% u.email FILTER html %]" data-user-id="[% u.id FILTER html %]" - data-show-edit="[% user.in_group('editusers') || user.bless_groups.size > 0 ? 1 : 0 %]" + data-show-edit="[% user.in_group('editusers') || user.in_group('disableusers') || user.bless_groups.size > 0 ? 1 : 0 %]" title="[% u.identity FILTER html %]" [% ELSE %] href="user_profile?user_id=[% u.id FILTER none %]" diff --git a/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl b/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl index a90266dae..e5e299ef9 100644 --- a/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl +++ b/extensions/SecureMail/template/en/default/hook/admin/users/userdata-end.html.tmpl @@ -6,7 +6,7 @@ # defined by the Mozilla Public License, v. 2.0. #%] -[% RETURN UNLESS otheruser.id %] +[% RETURN UNLESS otheruser.id && user.in_group('editusers') %] Has Secure Mail Key/Cert: @@ -14,7 +14,7 @@ [% otheruser.public_key ? "Yes" : "No" %] - + Member of Secure Mail Group: diff --git a/template/en/default/admin/admin.html.tmpl b/template/en/default/admin/admin.html.tmpl index 62a246ceb..09fe00835 100644 --- a/template/en/default/admin/admin.html.tmpl +++ b/template/en/default/admin/admin.html.tmpl @@ -56,7 +56,7 @@ You can also automate this check by running sanitycheck.pl from a cron job. A notification will be sent per email to the specified user if errors are detected. - [% class = (user.in_group('editusers') || user.can_bless) ? "" : "forbidden" %] + [% class = (user.in_group('editusers') || user.in_group('disableusers') || user.can_bless) ? "" : "forbidden" %]
Users
Create new user accounts or edit existing ones. You can also add and remove users from groups (also known as "user privileges").
diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index 4eb62e763..de9826800 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -68,9 +68,10 @@ $(function() {
[% PROCESS admin/users/userdata.html.tmpl - editform = 1 - editusers = editusers - otheruser = otheruser + editform = 1 + editusers = editusers + disableusers = disableusers + otheruser = otheruser %] [% IF groups.size %] @@ -125,43 +126,46 @@ $(function() { [% END %] - - - - - - [% IF otheruser.groups_owned.size %] + [% IF editusers %] - + + + + [% IF otheruser.groups_owned.size %] + + + + + [% END %] + + + + [% END %] - - - -
Product responsibilities: - [% IF otheruser.product_responsibilities.size %] - [% PROCESS admin/users/responsibilities.html.tmpl otheruser = otheruser %] - [% ELSE %] - none - [% END %] -
Groups Owned:Product responsibilities: - [% can_edit_groups = user.in_group('creategroups') %] - [% FOREACH group = otheruser.groups_owned %] - [% IF can_edit_groups %] - + [% IF otheruser.product_responsibilities.size %] + [% PROCESS admin/users/responsibilities.html.tmpl otheruser = otheruser %] + [% ELSE %] + none + [% END %] +
Groups Owned: + [% can_edit_groups = user.in_group('creategroups') %] + [% FOREACH group = otheruser.groups_owned %] + [% IF can_edit_groups %] + + [% END %] + [% group.name FILTER html %] + [% '' IF can_edit_groups %]
[% END %] - [% group.name FILTER html %] - [% '' IF can_edit_groups %]
+
Last Login: + [% IF otheruser.last_seen_date %] + [% otheruser.last_seen_date FILTER html %] + [% ELSE %] + never [% END %]
Last Login: - [% IF otheruser.last_seen_date %] - [% otheruser.last_seen_date FILTER html %] - [% ELSE %] - never - [% END %] -

@@ -171,11 +175,10 @@ $(function() { [% INCLUDE listselectionhiddenfields %] - [% IF editusers %], [% ELSE %] or [% END %] - View Account History - [% IF editusers %] or View Admin History diff --git a/template/en/default/admin/users/list.html.tmpl b/template/en/default/admin/users/list.html.tmpl index 3ebfc2970..db425b40d 100644 --- a/template/en/default/admin/users/list.html.tmpl +++ b/template/en/default/admin/users/list.html.tmpl @@ -45,23 +45,24 @@ {name => 'last_seen_date' heading => 'Last Login' } - {heading => 'Account History' - content => 'View' - contentlink => 'editusers.cgi?action=activity' _ - '&userid=%%userid%%' _ - listselectionurlparams - } ] %] [% IF editusers %] [% columns.push({ + heading => 'Account History' + content => 'View' + contentlink => 'editusers.cgi?action=activity' _ + '&userid=%%userid%%' _ + listselectionurlparams + } + { heading => 'Admin History' content => 'View' contentlink => 'editusers.cgi?action=admin_activity' _ '&userid=%%userid%%' _ listselectionurlparams - }) + }) %] [% END %] diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl index 449a1b143..c4ab07010 100644 --- a/template/en/default/admin/users/userdata.html.tmpl +++ b/template/en/default/admin/users/userdata.html.tmpl @@ -54,7 +54,7 @@ - [% IF editusers %] + [% IF editusers || disableusers %] @@ -94,7 +94,9 @@ [% END %] +[% END %] +[% IF editusers || disableusers %] @@ -122,30 +124,31 @@ explain why.) - [% IF editform %] - - - - [% IF user.in_group('bz_can_disable_mfa') %] - [% IF otheruser.mfa %] - - [% ELSE %] - Disabled - [% END %] +[% END %] + +[% IF editform && editusers %] + + + + [% IF user.in_group('bz_can_disable_mfa') %] + [% IF otheruser.mfa %] + [% ELSE %] - [% otheruser.mfa ? "Enabled - " _ otheruser.mfa : "Disabled" FILTER html %] + Disabled [% END %] - - - [% END %] + [% ELSE %] + [% otheruser.mfa ? "Enabled - " _ otheruser.mfa : "Disabled" FILTER html %] + [% END %] + + [% END %] [% Hook.process('end') %] diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index 1d304ad04..cf1c8b991 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -294,7 +294,7 @@

  • Reports
    • - [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless + [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless || user.in_group('disableusers') || (Param('useclassification') && user.in_group('editclassifications')) || user.in_group('editcomponents') || user.in_group('admin') || user.in_group('creategroups') || user.in_group('editkeywords') || user.in_group('bz_canusewhines') diff --git a/template/en/default/global/site-navigation.html.tmpl b/template/en/default/global/site-navigation.html.tmpl index 06b0eaa92..510875422 100644 --- a/template/en/default/global/site-navigation.html.tmpl +++ b/template/en/default/global/site-navigation.html.tmpl @@ -69,22 +69,22 @@ [% END %] [%# *** Bugzilla Administration Tools *** %] - [% IF user.login %] - [% '' IF user.in_group('tweakparams') %] - [% '' IF user.in_group('editusers') %] + [% '' IF user.in_group('editusers') || user.in_group('disableusers') %] [% '' IF user.in_group('editcomponents') || user.get_products_by_permission("editcomponents").size %] - [% '' IF user.in_group('editcomponents') %] - [% '' IF user.in_group('creategroups') %] - [% '' IF user.in_group('editkeywords') %] - [% '' IF user.in_group('bz_canusewhines') %] - [% '' IF user.in_group('editcomponents') %] - [% END %] + [% END %] [% END %] diff --git a/template/en/default/global/user.html.tmpl b/template/en/default/global/user.html.tmpl index caea27c46..876d12805 100644 --- a/template/en/default/global/user.html.tmpl +++ b/template/en/default/global/user.html.tmpl @@ -28,7 +28,7 @@ [% IF user.id %]