зеркало из https://github.com/mozilla/pjs.git
- redirect user to the login page (with confirmation) when they edit themselves
This commit is contained in:
Родитель
c03f31ddb6
Коммит
8e3f821afa
webtools/litmus
|
@ -89,6 +89,7 @@ if (Litmus::Auth::istrusted($cookie)) {
|
|||
}
|
||||
my @groups = Litmus::DB::SecurityGroup->retrieve_all();
|
||||
my $vars = {
|
||||
current_user => $cookie,
|
||||
user => $user,
|
||||
groups => \@groups,
|
||||
};
|
||||
|
@ -97,8 +98,8 @@ if (Litmus::Auth::istrusted($cookie)) {
|
|||
} elsif ($c->param('user_id')) {
|
||||
# process changes to a user:
|
||||
my $user = Litmus::DB::User->retrieve($c->param('user_id'));
|
||||
print $c->header();
|
||||
if (! $user) {
|
||||
print $c->header();
|
||||
invalidInputError("Invalid user ID: " . $c->param('user_id'));
|
||||
}
|
||||
$user->bugzilla_uid($c->param('bugzilla_uid'));
|
||||
|
@ -136,22 +137,32 @@ if (Litmus::Auth::istrusted($cookie)) {
|
|||
Litmus::DB::UserGroupMap->remove($user, $group);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$user->authtoken($c->param('authtoken'));
|
||||
$user->update();
|
||||
|
||||
if ($revoke_sessions) {
|
||||
Litmus::DB::Session->search(user_id => $user->{'user_id'})->delete_all;
|
||||
}
|
||||
if ($revoke_sessions) {
|
||||
Litmus::DB::Session->search(user_id => $user->{'user_id'})->delete_all;
|
||||
}
|
||||
|
||||
# Did we just change the current user? Redirect them to the login page if
|
||||
# so. They should get a JS confirmation dialog to tell them as much when
|
||||
# they submit the form.
|
||||
if ($cookie->user_id == $user->{'user_id'}) {
|
||||
print $c->redirect("/login.cgi");
|
||||
exit;
|
||||
}
|
||||
|
||||
print $c->header();
|
||||
my $vars = {
|
||||
user => $user,
|
||||
user => $user,
|
||||
onload => "toggleMessage('success','User information updated successfully.');",
|
||||
groups => \@allgroups,
|
||||
};
|
||||
Litmus->template()->process("admin/edit_users/search_users.html.tmpl", $vars) ||
|
||||
internalError(Litmus->template()->error());
|
||||
exit;
|
||||
|
||||
} else {
|
||||
# we're here for the first time, so display the search form
|
||||
my @groups = Litmus::DB::SecurityGroup->retrieve_all();
|
||||
|
|
|
@ -59,8 +59,8 @@ Litmus::Auth::requireLogin("index.cgi");
|
|||
# if we end up here, it means the user was already logged in
|
||||
# for some reason, so we should send a redirect to index.cgi:
|
||||
print $c->start_html(-title=>'Please Wait',
|
||||
-head=>$c->meta({-http_equiv=> 'refresh', -content=>'0;url=index.cgi'})
|
||||
);
|
||||
-head=>$c->meta({-http_equiv=> 'refresh', -content=>'0;url=index.cgi'})
|
||||
);
|
||||
print $c->end_html();
|
||||
|
||||
exit;
|
||||
|
|
|
@ -28,7 +28,14 @@
|
|||
[% INCLUDE global/litmus_header.tmpl %]
|
||||
|
||||
<script type="text/javascript">
|
||||
var current_user_id=[% current_user.user_id %];
|
||||
function checkFormContents(f) {
|
||||
if (current_user_id == f.user_id.value) {
|
||||
if (! confirm('You are updating yourself. This will require you to login again. Continue?')) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
[% IF show_admin %]
|
||||
return (
|
||||
comparePasswords(f.edit_password,f.edit_confirm_password,true)
|
||||
|
|
Загрузка…
Ссылка в новой задаче