Bug 304696: Replace UserInGroup() by $user->in_group() when checking user privs in edit*.cgi files - Patch by Fr�d�ric Buclin <LpSolit@gmail.com> r=mkanat a=justdave

webtools/bugzilla/doeditparams.cgi

@@ -28,18 +28,17 @@ use lib qw(.);
 use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:DEFAULT :admin $datadir);
-use Bugzilla::User;
 
 require "globals.pl";
 
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 my $cgi = Bugzilla->cgi;
 my $template = Bugzilla->template;
 
 print $cgi->header();
 
-UserInGroup("tweakparams")
+$user->in_group('tweakparams')
   || ThrowUserError("auth_failure", {group  => "tweakparams",
                                      action => "modify",
                                      object => "parameters"});

webtools/bugzilla/editcomponents.cgi

@@ -53,7 +53,7 @@ my $whoid = $user->id;
 
 print $cgi->header();
 
-UserInGroup("editcomponents")
+$user->in_group('editcomponents')
   || ThrowUserError("auth_failure", {group  => "editcomponents",
                                      action => "edit",
                                      object => "components"});

webtools/bugzilla/editflagtypes.cgi

@@ -37,14 +37,13 @@ use Bugzilla::Constants;
 use Bugzilla::Flag;
 use Bugzilla::FlagType;
 use Bugzilla::Group;
-use Bugzilla::User;
 use Bugzilla::Util;
 
 use vars qw( $template $vars );
 
 # Make sure the user is logged in and is an administrator.
-Bugzilla->login(LOGIN_REQUIRED);
-UserInGroup("editcomponents")
+my $user = Bugzilla->login(LOGIN_REQUIRED);
+$user->in_group('editcomponents')
   || ThrowUserError("auth_failure", {group  => "editcomponents",
                                      action => "edit",
                                      object => "flagtypes"});

webtools/bugzilla/editgroups.cgi

@@ -31,7 +31,6 @@ use lib ".";
 
 use Bugzilla;
 use Bugzilla::Constants;
-use Bugzilla::User;
 use Bugzilla::Group;
 require "globals.pl";
 
@@ -40,11 +39,11 @@ my $dbh = Bugzilla->dbh;
 
 use vars qw($template $vars);
 
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 print $cgi->header();
 
-UserInGroup("creategroups")
+$user->in_group('creategroups')
   || ThrowUserError("auth_failure", {group  => "creategroups",
                                      action => "edit",
                                      object => "groups"});

webtools/bugzilla/editkeywords.cgi

@@ -28,7 +28,6 @@ require "globals.pl";
 use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:DEFAULT $datadir);
-use Bugzilla::User;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -60,11 +59,11 @@ sub Validate {
 # Preliminary checks:
 #
 
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 print $cgi->header();
 
-UserInGroup("editkeywords")
+$user->in_group('editkeywords')
   || ThrowUserError("auth_failure", {group  => "editkeywords",
                                      action => "edit",
                                      object => "keywords"});

webtools/bugzilla/editmilestones.cgi

@@ -23,7 +23,6 @@ require "globals.pl";
 
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:DEFAULT $datadir);
-use Bugzilla::User;
 use Bugzilla::Product;
 use Bugzilla::Milestone;
 use Bugzilla::Bug;
@@ -42,7 +41,7 @@ my $whoid = $user->id;
 
 print $cgi->header();
 
-UserInGroup("editcomponents")
+$user->in_group('editcomponents')
   || ThrowUserError("auth_failure", {group  => "editcomponents",
                                      action => "edit",
                                      object => "milestones"});

webtools/bugzilla/editparams.cgi

@@ -27,17 +27,16 @@ use lib ".";
 
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:DEFAULT :admin);
-use Bugzilla::User;
 
 require "globals.pl";
 
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 my $template = Bugzilla->template;
 
 print Bugzilla->cgi->header();
 
-UserInGroup("tweakparams")
+$user->in_group('tweakparams')
   || ThrowUserError("auth_failure", {group  => "tweakparams",
                                      action => "modify",
                                      object => "parameters"});

webtools/bugzilla/editproducts.cgi

@@ -37,7 +37,6 @@ use Bugzilla::Constants;
 require "globals.pl";
 use Bugzilla::Bug;
 use Bugzilla::Series;
-use Bugzilla::User;
 use Bugzilla::Config qw(:DEFAULT $datadir);
 
 # Shut up misguided -w warnings about "used only once".  "use vars" just
@@ -242,7 +241,7 @@ my $whoid = $user->id;
 my $cgi = Bugzilla->cgi;
 print $cgi->header();
 
-UserInGroup("editcomponents")
+$user->in_group('editcomponents')
   || ThrowUserError("auth_failure", {group  => "editcomponents",
                                      action => "edit",
                                      object => "products"});

webtools/bugzilla/editsettings.cgi

@@ -21,7 +21,6 @@ use lib qw(.);
 
 use Bugzilla;
 use Bugzilla::Constants;
-use Bugzilla::User;
 use Bugzilla::User::Setting;
 
 require "globals.pl";
@@ -69,12 +68,12 @@ sub SaveSettings{
 ###  Live code  ###
 ###################
 
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 my $cgi = Bugzilla->cgi;
 print $cgi->header;
 
-UserInGroup("tweakparams")
+$user->in_group('tweakparams')
   || ThrowUserError("auth_failure", {group  => "tweakparams",
                                      action => "modify",
                                      object => "settings"});

webtools/bugzilla/editusers.cgi

@@ -43,7 +43,7 @@ my $editusers = $user->in_group('editusers');
 
 # Reject access if there is no sense in continuing.
 $editusers
-    || Bugzilla->user->can_bless()
+    || $user->can_bless()
     || ThrowUserError("auth_failure", {group  => "editusers",
                                        reason => "cant_bless",
                                        action => "edit",

webtools/bugzilla/editversions.cgi

@@ -35,7 +35,6 @@ require "globals.pl";
 
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:DEFAULT $datadir);
-use Bugzilla::User;
 use Bugzilla::Product;
 use Bugzilla::Version;
 
@@ -48,11 +47,11 @@ my $dbh = Bugzilla->dbh;
 # Preliminary checks:
 #
 
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 print $cgi->header();
 
-UserInGroup("editcomponents")
+$user->in_group('editcomponents')
   || ThrowUserError("auth_failure", {group  => "editcomponents",
                                      action => "edit",
                                      object => "versions"});

webtools/bugzilla/editwhines.cgi

@@ -36,7 +36,7 @@ use Bugzilla::Constants;
 use Bugzilla::User;
 use Bugzilla::Group;
 # require the user to have logged in
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 ###############################################################################
 # Main Body Execution
@@ -46,7 +46,6 @@ my $cgi      = Bugzilla->cgi;
 my $template = Bugzilla->template;
 my $dbh      = Bugzilla->dbh;
 
-my $user     = Bugzilla->user;
 my $userid   = $user->id;
 
 my $sth; # database statement handle
@@ -73,7 +72,7 @@ my $sth; # database statement handle
 my $events = get_events($userid);
 
 # First see if this user may use whines
-UserInGroup("bz_canusewhines")
+$user->in_group('bz_canusewhines')
   || ThrowUserError("auth_failure", {group  => "bz_canusewhines",
                                      action => "schedule",
                                      object => "reports"});