Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/webtools/litmus/edit_users.cgi
ccooper%deadsquid.com 729b978398 Misc. 
- removed references to Time::Piece::* modules. The default date behavior has burned us a few time now (most notably in the Session code), so we need to be explicit about our dates and date comparisons.
- standardized how we make our calls to Date::Manip
- implemented a logError method and use it replace all old STDERR output references
- manage_categories cleanup: show product name in branch listing, making it easier to find which branch you're looking for when many branches have the same name. Do the same thing for opsyses and platforms.
- added Litmus::Utils::sanitize() for processing CGI input


git-svn-id: svn://10.0.0.236/trunk@252331 18797224-902f-48f8-a5cc-f745e15eee43
2008-06-13 21:07:48 +00:00

232 lines
7.2 KiB
Perl
Executable File
Raw Blame History

#!/usr/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is Litmus.
#
# The Initial Developer of the Original Code is
# the Mozilla Corporation.
# Portions created by the Initial Developer are Copyright (C) 2006
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
# Chris Cooper <ccooper@deadsquid.com>
# Zach Lipton <zach@zachlipton.com>
#
# ***** END LICENSE BLOCK *****
use strict;
use Litmus;
use Litmus::Error;
use Litmus::DB::Product;
use Litmus::Auth;
use Litmus::Utils;
use CGI;
Litmus->init();
my $c = Litmus->cgi();
Litmus::Auth::requireLogin("edit_users.cgi");
# Only trusted users can edit other users.
my $cookie = undef;
$cookie = Litmus::Auth::getCookie();
if (Litmus::Auth::istrusted($cookie)) {
if ($c->param('submit')) {
# search for users:
# gather group membership bits:
my @groups = Litmus::DB::SecurityGroup->retrieve_all(order_by => "grouptype, group_id");
my @group_search;
my %checked;
foreach my $cur (@groups) {
if ($c->param("group_".$cur->group_id())) {
push(@group_search, $cur);
$checked{$cur->group_id()} = 1;
}
}
my @users = Litmus::DB::User->search_full_text(
$c->param('search_string'),
$c->param('search_string'),
$c->param('search_string'),
@group_search);
my $vars = {
users => \@users,
search_string => $c->param('search_string'),
groups => \@groups,
checked => \%checked,
};
print $c->header();
Litmus->template()->process("admin/edit_users/search_results.html.tmpl", $vars) ||
internalError(Litmus->template()->error());
} elsif ($c->param('id')) {
# lookup a given user
my $uid = $c->param('id');
my $user = Litmus::DB::User->retrieve($uid);
print $c->header();
if (! $user) {
invalidInputError("Invalid user ID: $uid");
}
my @groups = Litmus::DB::SecurityGroup->retrieve_all();
my $vars = {
current_user => $cookie,
user => $user,
groups => \@groups,
};
Litmus->template()->process("admin/edit_users/edit_user.html.tmpl", $vars) ||
internalError(Litmus->template()->error());
} elsif ($c->param('user_id')) {
# process changes to a user:
my $user = Litmus::DB::User->retrieve($c->param('user_id'));
if (! $user) {
print $c->header();
invalidInputError("Invalid user ID: " . $c->param('user_id'));
}
$user->bugzilla_uid($c->param('bugzilla_uid'));
$user->email($c->param('edit_email'));
if ($c->param('edit_password') ne '' and
$c->param('edit_password') eq $c->param('edit_confirm_password')) {
# they changed the password, so let the auth folks know:
Litmus::Auth::changePassword($user, $c->param('edit_password'));
}
$user->realname($c->param('realname'));
$user->irc_nickname($c->param('irc_nickname'));
my $revoke_sessions = 0;
# Check to see whether we are enabling this user.
if ($c->param('enabled')) {
$user->enabled(1);
} else {
if ($user->enabled) {
$user->enabled(0);
$revoke_sessions = 1;
}
}
$user->authtoken($c->param('authtoken'));
# process changes to group permissions:
my @allgroups = Litmus::DB::SecurityGroup->retrieve_all();
foreach my $group (@allgroups) {
if ($c->param("group_".$group->group_id())) {
# we're blessing this user
Litmus::DB::UserGroupMap->find_or_create(user=>$user, group=>$group);
} else {
# unblesing (if previously blessed) the user
Litmus::DB::UserGroupMap->remove($user, $group);
}
}
$user->authtoken($c->param('authtoken'));
$user->update();
if ($revoke_sessions) {
Litmus::DB::Session->search(user_id => $user->{'user_id'})->delete_all;
}
# Did we just change the current user? Redirect them to the login page if
# so. They should get a JS confirmation dialog to tell them as much when
# they submit the form.
if ($cookie->user_id == $user->{'user_id'}) {
print $c->redirect("/login.cgi");
exit;
}
print $c->header();
my $vars = {
user => $user,
onload => "toggleMessage('success','User information updated successfully.');",
groups => \@allgroups,
};
Litmus->template()->process("admin/edit_users/search_users.html.tmpl", $vars) ||
internalError(Litmus->template()->error());
exit;
} else {
# we're here for the first time, so display the search form
my @groups = Litmus::DB::SecurityGroup->retrieve_all();
my $vars = {
groups => \@groups,
};
print $c->header();
Litmus->template()->process("admin/edit_users/search_users.html.tmpl", $vars) ||
internalError(Litmus->template()->error());
}
} else {
my $uid = $cookie->user_id;
# Process user-submited changes.
if ($c->param('user_id')) {
# Check for the user_id param, but don't trust its contents.
my $user = Litmus::DB::User->retrieve($uid);
print $c->header();
if (! $user) {
invalidInputError("Invalid user ID: $uid");
}
if (!Litmus::Auth::checkPassword($user,$c->param('current_password'))) {
invalidInputError("The current password you supplied was invalid.");
}
$user->email($c->param('edit_email'));
$user->realname($c->param('realname'));
$user->irc_nickname($c->param('irc_nickname'));
$user->update();
my $template_file = "admin/edit_users/edit_user.html.tmpl";
if ($c->param('edit_password') ne '' and
$c->param('edit_password') eq $c->param('edit_confirm_password')) {
# they changed the password, so let the auth folks know:
Litmus::Auth::changePassword($user, $c->param('edit_password'));
$template_file = "auth/login.html.tmpl";
}
my $vars = {
user => $user,
onload => "toggleMessage('success','User information updated successfully.');"
};
Litmus->template()->process($template_file, $vars) ||
internalError(Litmus->template()->error());
} else {
# Lookup details for non-admin user.
my $user = Litmus::DB::User->retrieve($uid);
print $c->header();
if (! $user) {
invalidInputError("Invalid user ID: $uid");
}
my $vars = {
user => $user,
};
Litmus->template()->process("admin/edit_users/edit_user.html.tmpl", $vars) ||
internalError(Litmus->template()->error());
}
}
Reference in New Issue View Git Blame Copy Permalink