From: terry%mozilla.org <> Date: Wed, 19 Jan 2000 02:33:28 +0000 (+0000) Subject: Spruced up "editusers.cgi". Added an "editusers" group. X-Git-Tag: bugzilla-2.12~454 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=608e17c03974ecd0c54b01dadad994507dc2b23d;p=thirdparty%2Fbugzilla.git Spruced up "editusers.cgi". Added an "editusers" group. --- diff --git a/CGI.pl b/CGI.pl index 5f7a21f882..f6ebcaaa6c 100644 --- a/CGI.pl +++ b/CGI.pl @@ -838,6 +838,9 @@ sub GetCommandMenu { $html .= ", parameters"; $html .= ", sanity check"; } + if (UserInGroup("editusers")) { + $html .= ", users"; + } if (UserInGroup("editcomponents")) { $html .= ", components"; } diff --git a/checksetup.pl b/checksetup.pl index e1fd906bf0..0028d7cced 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -741,6 +741,7 @@ sub AddGroup ($$) # AddGroup 'tweakparams', 'Can tweak operating parameters'; +AddGroup 'editusers', 'Can edit or disable users'; AddGroup 'editgroupmembers', 'Can put people in and out of groups that they are members of.'; AddGroup 'creategroups', 'Can create and destroy groups.'; AddGroup 'editcomponents', 'Can create, destroy, and edit components.'; diff --git a/defparams.pl b/defparams.pl index 43bccc8a22..342b06fa9a 100644 --- a/defparams.pl +++ b/defparams.pl @@ -418,6 +418,12 @@ DefParam("allowbugdeletion", 0); +DefParam("allowuserdeletion", + q{The pages to edit users can also let you delete a user. But there is no code that goes and cleans up any references to that user in other tables, so such deletions are kinda scary. So, you have to turn on this option before any such deletions will ever happen.}, + "b", + 0); + + DefParam("strictvaluechecks", "Do stricter integrity checking on both form submission values and values read in from the database.", "b", diff --git a/editusers.cgi b/editusers.cgi index 5b5d7e526f..d4c3cfd166 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -73,9 +73,9 @@ sub CheckUser ($) # Displays the form to edit a user parameters # -sub EmitFormElements ($$$$) +sub EmitFormElements ($$$$$) { - my ($user, $password, $realname, $groupset) = @_; + my ($user, $password, $realname, $groupset, $emailnotification) = @_; print " Login name:\n"; print " \n"; @@ -88,16 +88,29 @@ sub EmitFormElements ($$$$) print " Password:\n"; print " \n"; + print "\n"; + print " Email notification:\n"; + print qq{\n"; - SendSQL("SELECT bit,name,description + SendSQL("SELECT bit,name,description,bit & $groupset != 0 FROM groups ORDER BY name"); while (MoreSQLData()) { - my($bit,$name,$description) = FetchSQLData(); + my ($bit,$name,$description,$checked) = FetchSQLData(); print "\n"; - $bit = $bit+0; # this strange construct coverts a string to a number print " ", ucfirst($name), ":\n"; - my $checked = ($groupset & $bit) ? "CHECKED" : ""; + $checked = ($checked) ? "CHECKED" : ""; print " $description\n"; } @@ -142,9 +155,9 @@ confirm_login(); print "Content-type: text/html\n\n"; -unless (UserInGroup("tweakparams")) { +unless (UserInGroup("editusers")) { PutHeader("Not allowed"); - print "Sorry, you aren't a member of the 'tweakparams' group.\n"; + print "Sorry, you aren't a member of the 'editusers' group.\n"; print "And so, you aren't allowed to add, modify or delete users.\n"; PutTrailer(); exit; @@ -158,25 +171,63 @@ unless (UserInGroup("tweakparams")) { my $user = trim($::FORM{user} || ''); my $action = trim($::FORM{action} || ''); my $localtrailer = "edit more users"; +my $candelete = Param('allowuserdeletion'); # -# action='' -> Show nice list of users +# action='' -> Ask for match string for users. # unless ($action) { + PutHeader("Select match string"); + print qq{ +
+ +List users with login name matching: + + +
+ +}; + PutTrailer(); + exit; +} + + +# +# action='list' -> Show nice list of matching users +# + +if ($action eq 'list') { PutHeader("Select user"); + my $query = "SELECT login_name,realname FROM profiles WHERE login_name "; + if ($::FORM{'matchtype'} eq 'substr') { + $query .= "like"; + $::FORM{'matchstr'} = '%' . $::FORM{'matchstr'} . '%'; + } elsif ($::FORM{'matchtype'} eq 'regexp') { + $query .= "regexp"; + } elsif ($::FORM{'matchtype'} eq 'notregexp') { + $query .= "not regexp"; + } else { + die "Unknown match type"; + } + $query .= SqlQuote($::FORM{'matchstr'}) . " ORDER BY login_name"; - SendSQL("SELECT login_name,realname - FROM profiles - ORDER BY login_name"); + SendSQL($query); my $count = 0; my $header = " -\n -"; +"; + if ($candelete) { + $header .= "\n"; + } + $header .= "\n"; print $header; while ( MoreSQLData() ) { $count++; @@ -188,15 +239,22 @@ unless ($action) { print "\n"; print " \n"; print " \n"; - print " \n"; + if ($candelete) { + print " \n"; + } print ""; } print "\n"; - print " \n"; - print " \n"; + my $span = $candelete ? 3 : 2; + print qq{ + +}; print "
Edit user ... Real nameAction
Action
$user$realnameDeleteDelete
Add a new userAdd + Add a new user +
\n"; + print "$count users found.\n"; - PutTrailer(); + PutTrailer($localtrailer); exit; } @@ -212,12 +270,10 @@ unless ($action) { if ($action eq 'add') { PutHeader("Add user"); - #print "This page lets you add a new product to bugzilla.\n"; - print "\n"; print "\n"; - EmitFormElements('', '', '', 0); + EmitFormElements('', '', '', 0, 'ExcludeSelfChanges'); print "
\n
\n"; print "\n"; @@ -269,11 +325,11 @@ if ($action eq 'new') { exit; } - my $bits = 0; + my $bits = "0"; foreach (keys %::FORM) { next unless /^bit_/; #print "$_=$::FORM{$_}
\n"; - $bits |= $::FORM{$_}; + $bits .= "+ $::FORM{$_}"; } @@ -306,9 +362,13 @@ if ($action eq 'new') { if ($action eq 'del') { PutHeader("Delete user"); + if (!$candelete) { + print "Sorry, deleting users isn't allowed."; + PutTrailer(); + } CheckUser($user); - # display some data about the product + # display some data about the user SendSQL("SELECT realname, groupset, emailnotification, login_name FROM profiles WHERE login_name=" . SqlQuote($user)); @@ -431,6 +491,10 @@ if ($action eq 'del') { if ($action eq 'delete') { PutHeader("Deleting user"); + if (!$candelete) { + print "Sorry, deleting users isn't allowed."; + PutTrailer(); + } CheckUser($user); SendSQL("SELECT userid @@ -469,7 +533,8 @@ if ($action eq 'edit') { print "\n"; print "\n"; - EmitFormElements($user, $password, $realname, $groupset); + EmitFormElements($user, $password, $realname, $groupset, + $emailnotification); print "
\n"; @@ -505,11 +570,11 @@ if ($action eq 'update') { my $emailnotificationold = trim($::FORM{emailnotificationold} || ''); my $groupsetold = trim($::FORM{groupsetold} || ''); - my $groupset = 0; + my $groupset = "0"; foreach (keys %::FORM) { next unless /^bit_/; #print "$_=$::FORM{$_}
\n"; - $groupset |= $::FORM{$_}; + $groupset .= "+ $::FORM{$_}"; } CheckUser($userold); @@ -524,20 +589,17 @@ if ($action eq 'update') { print "Updated permissions.\n"; } -=for me - if ($emailnotification ne $emailnotificationold) { SendSQL("UPDATE profiles - SET emailnotification=" . $emailnotification . " + SET emailnotification=" . SqlQuote($emailnotification) . " WHERE login_name=" . SqlQuote($userold)); print "Updated email notification.
\n"; } -=cut - if ($password ne $passwordold) { + my $q = SqlQuote($password); SendSQL("UPDATE profiles - SET password=" . SqlQuote($password) . " + SET password= $q, cryptpassword = ENCRYPT($q) WHERE login_name=" . SqlQuote($userold)); print "Updated password.
\n"; }