From 917a8d4c59b36138e84aafb51c8106ad612a7a4a Mon Sep 17 00:00:00 2001
From: "bzrmirror%bugzilla.org"
 <bzrmirror%bugzilla.org@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Sat, 14 Jun 2014 05:30:49 +0000
Subject: [PATCH] Bug 1012508 - Add a admin_menu hook to change who has access
 to admin.cgi r=gerv, a=sgreen

git-svn-id: svn://10.0.0.236/trunk@265431 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/webtools/bugzilla/.bzrrev             |  2 +-
 mozilla/webtools/bugzilla/.gitrev             |  2 +-
 mozilla/webtools/bugzilla/Bugzilla/User.pm    | 28 +++++++++++++++++++
 mozilla/webtools/bugzilla/admin.cgi           | 11 +-------
 .../bugzilla/extensions/Example/Extension.pm  | 12 ++++++++
 .../en/default/global/common-links.html.tmpl  |  6 +---
 6 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev
index 931a0e6e30d..febb23f12c0 100644
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@@ -1 +1 @@
-9055
\ No newline at end of file
+9056
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/.gitrev b/mozilla/webtools/bugzilla/.gitrev
index f8766c7c073..3644f152067 100644
--- a/mozilla/webtools/bugzilla/.gitrev
+++ b/mozilla/webtools/bugzilla/.gitrev
@@ -1 +1 @@
-6c6efdde5b5e041deb75f65b5a18baae7665d660
\ No newline at end of file
+80c434b3c9afec9ba606e5061ef042d3b96720d3
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/Bugzilla/User.pm b/mozilla/webtools/bugzilla/Bugzilla/User.pm
index 7aeb9f8ee2e..2631a5eae82 100644
--- a/mozilla/webtools/bugzilla/Bugzilla/User.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/User.pm
@@ -1446,6 +1446,30 @@ sub get_accessible_products {
     return [ sort { $a->name cmp $b->name } values %products ];
 }
 
+sub can_administer {
+    my $self = shift;
+
+    if (not defined $self->{can_administer}) {
+        my $can_administer = 0;
+
+        $can_administer = 1 if $self->in_group('admin')
+            || $self->in_group('tweakparams')
+            || $self->in_group('editusers')
+            || $self->can_bless
+            || (Bugzilla->params->{'useclassification'} && $self->in_group('editclassifications'))
+            || $self->in_group('editcomponents')
+            || scalar(@{$self->get_products_by_permission('editcomponents')})
+            || $self->in_group('creategroups')
+            || $self->in_group('editkeywords')
+            || $self->in_group('bz_canusewhines');
+
+        Bugzilla::Hook::process('user_can_administer', { can_administer => \$can_administer });
+        $self->{can_administer} = $can_administer;
+    }
+
+    return $self->{can_administer};
+}
+
 sub check_can_admin_product {
     my ($self, $product_name) = @_;
 
@@ -2876,6 +2900,10 @@ not be aware of the existence of the product.
 
  Returns:     an array of product objects.
 
+=item C<can_administer>
+
+Returns 1 if the user can see the admin menu. Otherwise, returns 0
+
 =item C<check_can_admin_product($product_name)>
 
  Description: Checks whether the user is allowed to administrate the product.
diff --git a/mozilla/webtools/bugzilla/admin.cgi b/mozilla/webtools/bugzilla/admin.cgi
index 0767b07a391..70a6aa20ec8 100755
--- a/mozilla/webtools/bugzilla/admin.cgi
+++ b/mozilla/webtools/bugzilla/admin.cgi
@@ -20,16 +20,7 @@ my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 print $cgi->header();
 
-$user->in_group('admin')
-  || $user->in_group('tweakparams')
-  || $user->in_group('editusers')
-  || $user->can_bless
-  || (Bugzilla->params->{'useclassification'} && $user->in_group('editclassifications'))
-  || $user->in_group('editcomponents')
-  || scalar(@{$user->get_products_by_permission('editcomponents')})
-  || $user->in_group('creategroups')
-  || $user->in_group('editkeywords')
-  || $user->in_group('bz_canusewhines')
+$user->can_administer
   || ThrowUserError('auth_failure', {action => 'access', object => 'administrative_pages'});
 
 $template->process('admin/admin.html.tmpl')
diff --git a/mozilla/webtools/bugzilla/extensions/Example/Extension.pm b/mozilla/webtools/bugzilla/extensions/Example/Extension.pm
index 22a3103c2d3..c9449d8b0a0 100644
--- a/mozilla/webtools/bugzilla/extensions/Example/Extension.pm
+++ b/mozilla/webtools/bugzilla/extensions/Example/Extension.pm
@@ -31,6 +31,18 @@ use constant REL_EXAMPLE => -127;
 
 our $VERSION = '1.0';
 
+sub user_can_administer {
+    my ($self, $args) = @_;
+    my $can_administer = $args->{can_administer};
+
+    # If you add an option to the admin pages (e.g. by using the Hooks in
+    # template/en/default/admin/admin.html.tmpl), you may want to allow
+    # users in another group view admin.cgi
+    #if (Bugzilla->user->in_group('other_group')) {
+    #    $$can_administer = 1;
+    #}
+}
+
 sub admin_editusers_action {
     my ($self, $args) = @_;
     my ($vars, $action, $user) = @$args{qw(vars action user)};
diff --git a/mozilla/webtools/bugzilla/template/en/default/global/common-links.html.tmpl b/mozilla/webtools/bugzilla/template/en/default/global/common-links.html.tmpl
index c6c8863c57a..ec23f551ee0 100644
--- a/mozilla/webtools/bugzilla/template/en/default/global/common-links.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/global/common-links.html.tmpl
@@ -53,11 +53,7 @@
 
   [% IF user.login %]
     <li><span class="separator">| </span><a href="userprefs.cgi">Preferences</a></li>
-    [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless
-          || (Param('useclassification') && user.in_group('editclassifications'))
-          || user.in_group('editcomponents') || user.in_group('admin') || user.in_group('creategroups')
-          || user.in_group('editkeywords') || user.in_group('bz_canusewhines')
-          || user.get_products_by_permission("editcomponents").size %]
+    [% IF user.can_administer %]
       <li><span class="separator">| </span><a href="admin.cgi">Administration</a></li>
     [% END %]