Skip to content

bugzilla
bugzilla
Commit 67cb0c3f authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 303784: Visibility can keep admin from administering groups - Patch by Joel…

Bug 303784: Visibility can keep admin from administering groups - Patch by Joel Peshkin <bugreport@peshkin.net> r=LpSolit a=justdave
parent 5e5715df
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 13 deletions
Bugzilla/User.pm
View file @ 67cb0c3f
...@@ -328,7 +328,7 @@ sub bless_groups { ...@@ -328,7 +328,7 @@ sub bless_groups {
} }
# If visibilitygroups are used, restrict the set of groups. # If visibilitygroups are used, restrict the set of groups.
if (Param('usevisibilitygroups')) { if ((!$self->in_group('editusers')) && Param('usevisibilitygroups')) {
# Users need to see a group in order to bless it. # Users need to see a group in order to bless it.
my $visibleGroups = join(', ', @{$self->visible_groups_direct()}) my $visibleGroups = join(', ', @{$self->visible_groups_direct()})
|| return $self->{'bless_groups'} = []; || return $self->{'bless_groups'} = [];
......
editusers.cgi
View file @ 67cb0c3f
...@@ -85,7 +85,7 @@ if ($action eq 'search') { ...@@ -85,7 +85,7 @@ if ($action eq 'search') {
my $nextCondition; my $nextCondition;
my $visibleGroups; my $visibleGroups;
if (Param('usevisibilitygroups')) { if (!$editusers && Param('usevisibilitygroups')) {
# Show only users in visible groups. # Show only users in visible groups.
$visibleGroups = $user->visible_groups_as_string(); $visibleGroups = $user->visible_groups_as_string();
...@@ -233,7 +233,7 @@ if ($action eq 'search') { ...@@ -233,7 +233,7 @@ if ($action eq 'search') {
'group_group_map READ', 'group_group_map READ',
'group_group_map AS ggm READ'); 'group_group_map AS ggm READ');
$user->can_see_user($otherUser) $editusers || $user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible", || ThrowUserError('auth_failure', {reason => "not_visible",
action => "modify", action => "modify",
object => "user"}); object => "user"});
...@@ -409,11 +409,6 @@ if ($action eq 'search') { ...@@ -409,11 +409,6 @@ if ($action eq 'search') {
$editusers || ThrowUserError('auth_failure', {group => "editusers", $editusers || ThrowUserError('auth_failure', {group => "editusers",
action => "delete", action => "delete",
object => "users"}); object => "users"});
$user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible",
action => "delete",
object => "user"});
$vars->{'otheruser'} = $otherUser; $vars->{'otheruser'} = $otherUser;
$vars->{'editcomponents'} = UserInGroup('editcomponents'); $vars->{'editcomponents'} = UserInGroup('editcomponents');
...@@ -519,10 +514,6 @@ if ($action eq 'search') { ...@@ -519,10 +514,6 @@ if ($action eq 'search') {
{group => "editusers", {group => "editusers",
action => "delete", action => "delete",
object => "users"}); object => "users"});
$user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible",
action => "delete",
object => "user"});
@{$otherUser->product_responsibilities()} @{$otherUser->product_responsibilities()}
&& ThrowUserError('user_has_responsibility'); && ThrowUserError('user_has_responsibility');
...@@ -785,7 +776,7 @@ sub edit_processing ...@@ -785,7 +776,7 @@ sub edit_processing
$otherUser $otherUser
|| ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')}); || ThrowCodeError('invalid_user_id', {'userid' => $cgi->param('userid')});
$user->can_see_user($otherUser) $editusers || $user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible", || ThrowUserError('auth_failure', {reason => "not_visible",
action => "modify", action => "modify",
object => "user"}); object => "user"});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment