diff options
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-x | editusers.cgi | 125 |
1 files changed, 35 insertions, 90 deletions
diff --git a/editusers.cgi b/editusers.cgi index 9778aa808..a38195a4b 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wT +#!/usr/bin/perl -T # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. @@ -6,7 +6,10 @@ # This Source Code Form is "Incompatible With Secondary Licenses", as # defined by the Mozilla Public License, v. 2.0. +use 5.10.1; use strict; +use warnings; + use lib qw(. lib); use Bugzilla; @@ -20,6 +23,7 @@ use Bugzilla::Flag; use Bugzilla::Field; use Bugzilla::Group; use Bugzilla::Token; +use Bugzilla::Mailer; my $user = Bugzilla->login(LOGIN_REQUIRED); @@ -66,7 +70,7 @@ if ($action eq 'search') { my $matchstr = trim($cgi->param('matchstr')); my $matchtype = $cgi->param('matchtype'); my $grouprestrict = $cgi->param('grouprestrict') || '0'; - my $enabled_only = $cgi->param('enabled_only') || '0'; + my $is_enabled = scalar $cgi->param('is_enabled'); my $query = 'SELECT DISTINCT userid, login_name, realname, is_enabled, ' . $dbh->sql_date_format('last_seen_date', '%Y-%m-%d') . ' AS last_seen_date ' . 'FROM profiles'; @@ -158,11 +162,12 @@ if ($action eq 'search') { $query .= " $nextCondition ugm.group_id IN($grouplist) "; } - if ($enabled_only eq '1') { - $query .= " $nextCondition profiles.is_enabled = 1 "; + detaint_natural($is_enabled); + if ($is_enabled == 0 || $is_enabled == 1) { + $query .= " $nextCondition profiles.is_enabled = ?"; $nextCondition = 'AND'; + push(@bindValues, $is_enabled); } - $query .= ' ORDER BY profiles.login_name'; $vars->{'users'} = $dbh->selectall_arrayref($query, @@ -217,6 +222,15 @@ if ($action eq 'search') { delete_token($token); + if ($cgi->param('notify_user')) { + $vars->{'new_user'} = $new_user; + my $message; + + $template->process('email/new-user-details.txt.tmpl', $vars, \$message) + || ThrowTemplateError($template->error()); + MessageToMTA($message); + } + # We already display the updated page. We have to recreate a token now. $vars->{'token'} = issue_session_token('edit_user'); $vars->{'message'} = 'account_created'; @@ -236,7 +250,7 @@ if ($action eq 'search') { # Lock tables during the check+update session. $dbh->bz_start_transaction(); - + $editusers || $user->can_see_user($otherUser) || ThrowUserError('auth_failure', {reason => "not_visible", action => "modify", @@ -244,6 +258,10 @@ if ($action eq 'search') { $vars->{'loginold'} = $otherUser->login; + # Update groups + my @group_ids = grep { s/group_// } keys %{ Bugzilla->cgi->Vars }; + $otherUser->set_groups({ set => \@group_ids }); + # Update profiles table entry; silently skip doing this if the user # is not authorized. my $changes = {}; @@ -256,86 +274,12 @@ if ($action eq 'search') { $otherUser->set_disable_mail($cgi->param('disable_mail')); $otherUser->set_extern_id($cgi->param('extern_id')) if defined($cgi->param('extern_id')); - $changes = $otherUser->update(); - } - - # Update group settings. - my $sth_add_mapping = $dbh->prepare( - qq{INSERT INTO user_group_map ( - user_id, group_id, isbless, grant_type - ) VALUES ( - ?, ?, ?, ? - ) - }); - my $sth_remove_mapping = $dbh->prepare( - qq{DELETE FROM user_group_map - WHERE user_id = ? - AND group_id = ? - AND isbless = ? - AND grant_type = ? - }); - - my @groupsAddedTo; - my @groupsRemovedFrom; - my @groupsGrantedRightsToBless; - my @groupsDeniedRightsToBless; - - # Regard only groups the user is allowed to bless and skip all others - # silently. - # XXX: checking for existence of each user_group_map entry - # would allow to display a friendlier error message on page reloads. - userDataToVars($otherUserID); - my $permissions = $vars->{'permissions'}; - foreach my $blessable (@{$user->bless_groups()}) { - my $id = $blessable->id; - my $name = $blessable->name; - - # Change memberships. - my $groupid = $cgi->param("group_$id") || 0; - if ($groupid != $permissions->{$id}->{'directmember'}) { - if (!$groupid) { - $sth_remove_mapping->execute( - $otherUserID, $id, 0, GRANT_DIRECT); - push(@groupsRemovedFrom, $name); - } else { - $sth_add_mapping->execute( - $otherUserID, $id, 0, GRANT_DIRECT); - push(@groupsAddedTo, $name); - } - } - # Only members of the editusers group may change bless grants. - # Skip silently if this is not the case. - if ($editusers) { - my $groupid = $cgi->param("bless_$id") || 0; - if ($groupid != $permissions->{$id}->{'directbless'}) { - if (!$groupid) { - $sth_remove_mapping->execute( - $otherUserID, $id, 1, GRANT_DIRECT); - push(@groupsDeniedRightsToBless, $name); - } else { - $sth_add_mapping->execute( - $otherUserID, $id, 1, GRANT_DIRECT); - push(@groupsGrantedRightsToBless, $name); - } - } - } + # Update bless groups + my @bless_ids = grep { s/bless_// } keys %{ Bugzilla->cgi->Vars }; + $otherUser->set_bless_groups({ set => \@bless_ids }); } - if (@groupsAddedTo || @groupsRemovedFrom) { - $dbh->do(qq{INSERT INTO profiles_activity ( - userid, who, - profiles_when, fieldid, - oldvalue, newvalue - ) VALUES ( - ?, ?, now(), ?, ?, ? - ) - }, - undef, - ($otherUserID, $userid, - get_field_id('bug_group'), - join(', ', @groupsRemovedFrom), join(', ', @groupsAddedTo))); - } - # XXX: should create profiles_activity entries for blesser changes. + $changes = $otherUser->update(); $dbh->bz_commit_transaction(); @@ -344,11 +288,7 @@ if ($action eq 'search') { delete_token($token); $vars->{'message'} = 'account_updated'; - $vars->{'changed_fields'} = [keys %$changes]; - $vars->{'groups_added_to'} = \@groupsAddedTo; - $vars->{'groups_removed_from'} = \@groupsRemovedFrom; - $vars->{'groups_granted_rights_to_bless'} = \@groupsGrantedRightsToBless; - $vars->{'groups_denied_rights_to_bless'} = \@groupsDeniedRightsToBless; + $vars->{'changes'} = \%$changes; # We already display the updated page. We have to recreate a token now. $vars->{'token'} = issue_session_token('edit_user'); @@ -633,6 +573,11 @@ if ($action eq 'search') { $dbh->bz_commit_transaction(); delete_token($token); + # It's complex to determine which items now need to be flushed from + # memcached. As user deletion is expected to be a rare event, we just + # flush the entire cache when a user is deleted. + Bugzilla->memcached->clear_all(); + $vars->{'message'} = 'account_deleted'; $vars->{'otheruser'}{'login'} = $otherUser->login; $vars->{'restrictablegroups'} = $user->bless_groups(); @@ -705,7 +650,7 @@ sub mirrorListSelectionValues { my $cgi = Bugzilla->cgi; if (defined($cgi->param('matchtype'))) { foreach ('matchvalue', 'matchstr', 'matchtype', - 'grouprestrict', 'groupid', 'enabled_only') + 'grouprestrict', 'groupid', 'is_enabled') { $vars->{'listselectionvalues'}{$_} = $cgi->param($_); } |