- redirect user to the login page (with confirmation) when they edit themselves

This commit is contained in:
ccooper%deadsquid.com 2008-03-13 16:13:25 +00:00
Родитель c03f31ddb6
Коммит 8e3f821afa
3 изменённых файлов: 26 добавлений и 8 удалений
webtools/litmus
edit_users.cgilogin.cgi
templates/en/default/admin/edit_users

Просмотреть файл

@ -89,6 +89,7 @@ if (Litmus::Auth::istrusted($cookie)) {
}
my @groups = Litmus::DB::SecurityGroup->retrieve_all();
my $vars = {
current_user => $cookie,
user => $user,
groups => \@groups,
};
@ -97,8 +98,8 @@ if (Litmus::Auth::istrusted($cookie)) {
} elsif ($c->param('user_id')) {
# process changes to a user:
my $user = Litmus::DB::User->retrieve($c->param('user_id'));
print $c->header();
if (! $user) {
print $c->header();
invalidInputError("Invalid user ID: " . $c->param('user_id'));
}
$user->bugzilla_uid($c->param('bugzilla_uid'));
@ -136,22 +137,32 @@ if (Litmus::Auth::istrusted($cookie)) {
Litmus::DB::UserGroupMap->remove($user, $group);
}
}
$user->authtoken($c->param('authtoken'));
$user->update();
if ($revoke_sessions) {
Litmus::DB::Session->search(user_id => $user->{'user_id'})->delete_all;
}
if ($revoke_sessions) {
Litmus::DB::Session->search(user_id => $user->{'user_id'})->delete_all;
}
# Did we just change the current user? Redirect them to the login page if
# so. They should get a JS confirmation dialog to tell them as much when
# they submit the form.
if ($cookie->user_id == $user->{'user_id'}) {
print $c->redirect("/login.cgi");
exit;
}
print $c->header();
my $vars = {
user => $user,
user => $user,
onload => "toggleMessage('success','User information updated successfully.');",
groups => \@allgroups,
};
Litmus->template()->process("admin/edit_users/search_users.html.tmpl", $vars) ||
internalError(Litmus->template()->error());
exit;
} else {
# we're here for the first time, so display the search form
my @groups = Litmus::DB::SecurityGroup->retrieve_all();

Просмотреть файл

@ -59,8 +59,8 @@ Litmus::Auth::requireLogin("index.cgi");
# if we end up here, it means the user was already logged in
# for some reason, so we should send a redirect to index.cgi:
print $c->start_html(-title=>'Please Wait',
-head=>$c->meta({-http_equiv=> 'refresh', -content=>'0;url=index.cgi'})
);
-head=>$c->meta({-http_equiv=> 'refresh', -content=>'0;url=index.cgi'})
);
print $c->end_html();
exit;

Просмотреть файл

@ -28,7 +28,14 @@
[% INCLUDE global/litmus_header.tmpl %]
<script type="text/javascript">
var current_user_id=[% current_user.user_id %];
function checkFormContents(f) {
if (current_user_id == f.user_id.value) {
if (! confirm('You are updating yourself. This will require you to login again. Continue?')) {
return false;
}
}
[% IF show_admin %]
return (
comparePasswords(f.edit_password,f.edit_confirm_password,true)