Bug 303784: Visibility can keep admin from administering groups - Patch by Joel…

Bug 303784: Visibility can keep admin from administering groups - Patch by Joel Peshkin <bugreport@peshkin.net> r=LpSolit a=justdave

Bug 303784: Visibility can keep admin from administering groups - Patch by Joel…
67cb0c3f · lpsolit%gmail.com · 5e5715df · 67cb0c3f · 67cb0c3f
Commit 67cb0c3f authored Sep 26, 2005 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 13 deletions

User.pm Bugzilla/User.pm +1 -1

editusers.cgi editusers.cgi +3 -12

No files found.
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -328,7 +328,7 @@ sub bless_groups {
    }

    # If visibilitygroups are used, restrict the set of groups.
-    if (Param('usevisibilitygroups')) {
+    if ((!$self->in_group('editusers')) && Param('usevisibilitygroups')) {
        # Users need to see a group in order to bless it.
        my $visibleGroups = join(', ', @{$self->visible_groups_direct()})
            || return $self->{'bless_groups'} = [];

--- a/editusers.cgi
+++ b/editusers.cgi
@@ -85,7 +85,7 @@ if ($action eq 'search') {
    my $nextCondition;
    my $visibleGroups;

-    if (Param('usevisibilitygroups')) {
+    if (!$editusers && Param('usevisibilitygroups')) {
        # Show only users in visible groups.
        $visibleGroups = $user->visible_groups_as_string();

@@ -233,7 +233,7 @@ if ($action eq 'search') {
                         'group_group_map READ',
                         'group_group_map AS ggm READ');
 
-    $user->can_see_user($otherUser)
+    $editusers || $user->can_see_user($otherUser)
        || ThrowUserError('auth_failure', {reason => "not_visible",
                                           action => "modify",
                                           object => "user"});
@@ -409,11 +409,6 @@ if ($action eq 'search') {
    $editusers || ThrowUserError('auth_failure', {group  => "editusers",
                                                  action => "delete",
                                                  object => "users"});
-    $user->can_see_user($otherUser)
-        || ThrowUserError('auth_failure', {reason => "not_visible",
-                                           action => "delete",
-                                           object => "user"});
-
    $vars->{'otheruser'}      = $otherUser;
    $vars->{'editcomponents'} = UserInGroup('editcomponents');

@@ -519,10 +514,6 @@ if ($action eq 'search') {
                                 {group  => "editusers",
                                  action => "delete",
                                  object => "users"});
-    $user->can_see_user($otherUser)
-        || ThrowUserError('auth_failure', {reason => "not_visible",
-                                           action => "delete",
-                                           object => "user"});
    @{$otherUser->product_responsibilities()}
        && ThrowUserError('user_has_responsibility');

@@ -785,7 +776,7 @@ sub edit_processing
    $otherUser 
        || ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});

-    $user->can_see_user($otherUser)
+    $editusers || $user->can_see_user($otherUser)
        || ThrowUserError('auth_failure', {reason => "not_visible",
                                           action => "modify",
                                           object => "user"});