Bug 312439: The user being impersonated has "moral" rights to keep informed - Patch by A. Karl Kornel <karl@kornel.name> r=LpSolit a=justdave

2005-11-04 16:11:46 +00:00 · 2005-11-04 16:11:46 +00:00 · 0f30c75599
--- a/webtools/bugzilla/docs/xml/administration.xml
+++ b/webtools/bugzilla/docs/xml/administration.xml
@ -538,12 +538,15 @@
        </note>
        
        <para>
-        If you have access to use this feature, you should notice a link
-        next to your login name (in the footer) titled "sudo".  Click on the 
-        link.  This will take you to a page where you will see a description of 
-        the feature and instructions on how to use it.  After reading the text, 
-        simply enter the login of the user you would like to impersonate and 
-        press the button.</para>
+        If you have access to this feature, you may start a session by
+        going to the Edit Users page, Searching for a user and clicking on 
+        their login.  You should see a link below their login name titled 
+        "Impersonate this user".  Click on the link.  This will take you 
+        to a page where you will see a description of the feature and 
+        instructions for using it.  After reading the text, simply 
+        enter the login of the user you would like to impersonate, provide 
+        a short message explaining why you are doing this, and press the 
+        button.</para>
        
        <para>
        As long as you are using this feature, everything you do will be done 
--- a/webtools/bugzilla/relogin.cgi
+++ b/webtools/bugzilla/relogin.cgi
@ -23,11 +23,12 @@
 #                 A. Karl Kornel <karl@kornel.name>

 use strict;
-
 use lib qw(.);
+
+require "globals.pl";
+
 use Bugzilla;
-use Bugzilla::Auth::Login::WWW;
-use Bugzilla::CGI;
+use Bugzilla::BugMail;
 use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::User;
@ -70,7 +71,7 @@ if ($action eq 'sudo') {
    }

    # Show the sudo page
-    $vars->{'will_logout'} = 1 if Bugzilla::Auth::Login::WWW->can_logout;
+    $vars->{'will_logout'} = $user->get_flag('can_logout');
    $target = 'admin/sudo.html.tmpl';
 }
 # transition-sudo: Validate target, logout user, and redirect for session start
@ -113,11 +114,16 @@ elsif ($action eq 'sudo-transition') {
        ThrowUserError('sudo_protected', { login => $target_user->login });
    }
    
-    # Log out and Redirect user to the new page
+    # If we have a reason passed in, keep it under 200 characters
+    my $reason = $cgi->param('reason') || '';
+    $reason = substr($reason, $[, 200);
+    my $reason_string = '&reason=' . url_quote($reason);
+    
+    # Log out and redirect user to the new page
    Bugzilla->logout();
    $target = 'relogin.cgi';
    print $cgi->redirect($target . '?action=begin-sudo&target_login=' .
-                         url_quote($target_user->login));
+                         url_quote($target_user->login) . $reason_string);
    exit;
 }
 # begin-sudo: Confirm login and start sudo session
@ -161,6 +167,10 @@ elsif ($action eq 'begin-sudo') {
        ThrowUserError('sudo_protected', { login => $target_user->login });
    }
    
+    # If we have a reason passed in, keep it under 200 characters
+    my $reason = $cgi->param('reason') || '';
+    $reason = substr($reason, $[, 200);
+    
    # Calculate the session expiry time (T + 6 hours)
    my $time_string = time2str('%a, %d-%b-%Y %T %Z', time+(6*60*60), 'GMT');

@ -174,7 +184,14 @@ elsif ($action eq 'begin-sudo') {
    Bugzilla->sudo_request($target_user, Bugzilla->user);
    
    # NOTE: If you want to log the start of an sudo session, do it here.
-    
+
+    # Go ahead and send out the message now
+    my $message;
+    $template->process('email/sudo.txt.tmpl', 
+                       { reason => $reason },
+                       \$message);
+    Bugzilla::BugMail::MessageToMTA($message);
+        
    $vars->{'message'} = 'sudo_started';
    $vars->{'target'} = $target_user->login;
    $target = 'global/message.html.tmpl';
--- a/webtools/bugzilla/template/en/default/admin/sudo.html.tmpl
+++ b/webtools/bugzilla/template/en/default/admin/sudo.html.tmpl
@ -65,7 +65,18 @@
  [% END %]
  
  <p>
-    Next, click the button to begin the session:
+    Next, please take a moment to explain why you are doing this:<br>
+    <input type="text" name="reason" size="80" maxlength="200">
+  </p>
+  
+  <p>
+    The message you enter here will be sent to the impersonated user by email.
+    You may leave this empty if you wish, but they will still know that you 
+    are impersonating them.
+  </p>
+  
+  <p>
+    Finally, click the button to begin the session:
    <input type="submit" value="Begin Session">
    <input type="hidden" name="action" value="sudo-transition">
  </p>
--- a/webtools/bugzilla/template/en/default/email/sudo.txt.tmpl
+++ b/webtools/bugzilla/template/en/default/email/sudo.txt.tmpl
@ -0,0 +1,43 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Netscape Communications
+  # Corporation. Portions created by Netscape are
+  # Copyright (C) 2005 Netscape Communications Corporation. All
+  # Rights Reserved.
+  #
+  # Contributor(s): A. Karl Kornel <karl@kornel.name>
+  #%]
+
+[% PROCESS global/variables.none.tmpl %]
+
+Content-Type: text/plain
+From: [% Param("maintainer") %]
+To: [% user.email %]
+Subject: [[% terms.Bugzilla %]] Your account [% user.login -%]
+ is being impersonated
+
+    [%+ sudoer.identity %] has used the 'sudo' feature to access 
+[%+ terms.Bugzilla %] using your account.
+
+[% IF reason %]
+    [%+ sudoer.identity %] provided the following reason for doing this:
+
+[% reason FILTER wrap_comment %]
+[% ELSE %]
+    [%+ sudoer.identity %] did not provide a reason for doing this.
+[% END %]
+
+    If you feel that this action was inappropiate, please contact 
+[%+ Param("maintainer") %].  For more information on this feature, 
+visit <[% Param("urlbase") %]page.cgi?id=sudo.html>.
--- a/webtools/bugzilla/template/en/default/pages/sudo.html.tmpl
+++ b/webtools/bugzilla/template/en/default/pages/sudo.html.tmpl
@ -0,0 +1,69 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Netscape Communications
+  # Corporation. Portions created by Netscape are
+  # Copyright (C) 2005 Netscape Communications Corporation. All
+  # Rights Reserved.
+  #
+  # Contributor(s): A. Karl Kornel <karl@kornel.name>
+  #%]
+
+[% PROCESS global/variables.none.tmpl %]
+[% INCLUDE global/header.html.tmpl title = "sudo: User Impersonation" %]
+
+<p>
+  [%+ terms.Bugzilla %] includes the ability to have one user impersonate 
+another, in something called a <i>sudo session</i>, so long as the person 
+doing the impersonating has the appropriate privileges.
+</p>
+
+<p>
+  While a session is in progress, [% terms.Bugzilla %] will act as if the 
+  impersonated user is doing everything.  This is especially useful for testing,
+  and for doing critical work when the impersonated user is unavailable.  The 
+  impersonated user will receive an email from [% terms.Bugzilla %] when the 
+  session begins; they will not be told anything else.
+</p>
+
+<p>
+  To use this feature, you must be a member of the appropriate group.  The group 
+  includes all administrators by default.  Other users, and members of other 
+  groups, can be given access to this feature on a case-by-case basis.  To 
+  request access, contact the maintainer of this installation: 
+  <a href="mailto:[% Param("maintainer") %]">
+  [%- Param("maintainer") %]</a>.
+</p>
+
+<p>
+  If you would like to be protected from impersonation, you should contact the 
+  maintainer of this installation to see if that is possible.  People with 
+  access to this feature are protected automatically.
+</p>
+
+<p id="message">
+  [% IF user.groups.bz_sudoers %]
+    You are a member of the <b>bz_sudoers</b> group.  You may use this 
+    feature to impersonate others.
+  [% ELSE %]
+    You are not a member of an appropriate group.  You may not use this 
+    feature.
+  [% END %]
+  [% IF user.groups.bz_sudo_protect %]
+    <br>
+    You are a member of the <b>bz_sudo_protect</b> group.  Other people will 
+    not be able to use this feature to impersonate you.
+  [% END %]
+</p>
+
+[% INCLUDE global/footer.html.tmpl %]