Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 13:51:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 282574 : use the new "auth_failure" error message for all authentication failures

Browse Source 
Patch by Frederic Buclin <LpSolit@gmail.com>   r=travis, wurblzap  a=myk
This commit is contained in:
travis%sedsystems.ca 2005-03-09 16:18:03 +00:00
parent 9dae3607ed
commit 0ca2d24e7e
6 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
webtools/bugzilla/attachment.cgi
View File

@ -204,9 +204,10 @@ sub validateID
# Make sure the user is authorized to access this attachment's bug.
($bugid, my $isprivate) = FetchSQLData();
ValidateBugID($bugid);
if (($isprivate > 0 ) && Param("insidergroup") &&
!(UserInGroup(Param("insidergroup")))) {
ThrowUserError("attachment_access_denied");
if ($isprivate && Param("insidergroup")) {
UserInGroup(Param("insidergroup"))
|| ThrowUserError("auth_failure", {action => "access",
object => "attachment"});
}
# XXX shim code, kill $::FORM

5
webtools/bugzilla/buglist.cgi
View File

@ -73,7 +73,10 @@ my $dotweak = $::FORM{'tweak'} ? 1 : 0;
# Log the user in
if ($dotweak) {
Bugzilla->login(LOGIN_REQUIRED);
UserInGroup("editbugs") || ThrowUserError("insufficient_privs_for_multi");
UserInGroup("editbugs")
|| ThrowUserError("auth_failure", {group => "editbugs",
action => "modify",
object => "multiple_bugs"});
GetVersionTable();
}
else {

10
webtools/bugzilla/doeditparams.cgi
View File

@ -37,12 +37,10 @@ my $cgi = Bugzilla->cgi;
print $cgi->header();
if (!UserInGroup("tweakparams")) {
print "<h1>Sorry, you aren't a member of the 'tweakparams' group.</h1>\n";
print "And so, you aren't allowed to edit the parameters.\n";
PutFooter();
exit;
}
UserInGroup("tweakparams")
|| ThrowUserError("auth_failure", {group => "tweakparams",
action => "modify",
object => "parameters"});
PutHeader("Saving new parameters");

7
webtools/bugzilla/quips.cgi
View File

@ -119,9 +119,10 @@ if ($action eq 'approve') {
}
if ($action eq "delete") {
if (!UserInGroup('admin')) {
ThrowUserError("quips_edit_denied");
}
UserInGroup("admin")
|| ThrowUserError("auth_failure", {group => "admin",
action => "delete",
object => "quips"});
my $quipid = $cgi->param("quipid");
ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/;
$quipid = $1;

4
webtools/bugzilla/sanitycheck.cgi
View File

@ -82,7 +82,9 @@ my $dbh = Bugzilla->dbh;
# prevents users with a legitimate interest in Bugzilla integrity
# from accessing the script).
UserInGroup("editbugs")
|| ThrowUserError("sanity_check_access_denied");
|| ThrowUserError("auth_failure", {group => "editbugs",
action => "run",
object => "sanity_check"});
print "Content-type: text/html\n";
print "\n";

37
webtools/bugzilla/template/en/default/global/user-error.html.tmpl
View File

@ -17,7 +17,7 @@
# Rights Reserved.
#
# Contributor(s): Gervase Markham <gerv@gerv.net>
# Frédéric Buclin <LpSolit@netscape.net>
# Frédéric Buclin <LpSolit@gmail.com>
#%]
[%# INTERFACE:
@ -113,8 +113,10 @@
[% END %]
[% END %]
and so you aren't allowed to
[% IF action == "add" %]
[% IF group || reason %] and so [% END %] you are not authorized to
[% IF action == "access" %]
access
[% ELSIF action == "add" %]
add new
[% ELSIF action == "modify" %]
modify
@ -122,13 +124,17 @@
delete
[% ELSIF action == "edit" %]
add, modify or delete
[% ELSIF action == "run" %]
run
[% ELSIF action == "schedule" %]
schedule
[% ELSIF action == "use" %]
use
[% END %]
[% IF object == "charts" %]
[% IF object == "attachment" %]
this attachment
[% ELSIF object == "charts" %]
the "New Charts" feature
[% ELSIF object == "classifications" %]
classifications
@ -142,12 +148,18 @@
keywords
[% ELSIF object == "milestones" %]
milestones
[% ELSIF object == "multiple_bugs" %]
multiple [% terms.bugs %] at once
[% ELSIF object == "parameters" %]
parameters
[% ELSIF object == "products" %]
products
[% ELSIF object == "quips" %]
quips
[% ELSIF object == "reports" %]
whine reports
[% ELSIF object == "sanity_check" %]
a sanity check
[% ELSIF object == "user" %]
the user you specified
[% ELSIF object == "users" %]
@ -156,10 +168,6 @@
versions
[% END %].
[% ELSIF error == "attachment_access_denied" %]
[% title = "Access Denied" %]
You are not authorized to access this attachment.
[% ELSIF error == "attachment_removed" %]
[% title = "Attachment Removed" %]
The attachment you are attempting to access has been removed.
@ -548,11 +556,6 @@
[% ELSIF error == "insufficient_data_points" %]
We don't have enough data points to make a graph (yet).
[% ELSIF error == "insufficient_privs_for_multi" %]
[% title = "Insufficient Privileges" %]
Sorry, you do not have sufficient privileges to edit multiple
[% terms.bugs %].
[% ELSIF error == "invalid_attach_id" %]
[% title = "Invalid Attachment ID" %]
The attachment id [% attach_id FILTER html %] is invalid.
@ -918,10 +921,6 @@
[% title = "Quips Disabled" %]
Quips are disabled.
[% ELSIF error == "quips_edit_denied" %]
[% title = "Permission Denied" %]
You do not have permission to edit quips.
[% ELSIF error == "reassign_to_empty" %]
[% title = "Illegal Reassignment" %]
To reassign [% terms.abug %], you must provide an address for
@ -945,10 +944,6 @@
[% title = "Summary Needed" %]
You must enter a summary for this [% terms.bug %].
[% ELSIF error == "sanity_check_access_denied" %]
[% title = "Access Denied" %]
You do not have the permissions necessary to run a sanity check.
[% ELSIF error == "search_content_without_matches" %]
[% title = "Illegal Search" %]
The "content" field can only be used with "matches" search