Open Bug 528285 Opened 16 years ago Updated 12 years ago

shutdownhtml should force log off of all users but administrators, or alternative parameter made to support this

Categories

(Bugzilla :: Administration, task, P4)

Product:
Bugzilla
Component:
Administration
Type:
task

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: AndrewLGoldman, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) Build Identifier: 3.4.1 Normally when you put text in the shutdownhtml field in editparams.cgi (Required Fields), it will fully "turn off" Bugzilla. Everyone will be logged off and the only way to get it up and running again is to go back to editparams.cgi and remove the text from shutdownhtml. What I'd like to suggest is that Bugzilla logs off everyone but the admins, so the admins can perform their own customizations / updates without having to worry about mid-air collisions with other users or affecting the defect database while others are also modifying it. There could probably be a quick check of the user to see if they have admin privileges. If they don't, log them off and give them no access, but if they do, they should still have full access to make modifications like normal. If doing this with shutdownhtml, it might be nice to have another parameter such as admin_only_mode which allows this functionality. Reproducible: Always Steps to Reproduce: 1. Log on as an admin 2. Go to Administration -> Parameters -> Required Settings 3. Input text in shutdownhtml 4. Go to any other window Actual Results: Forced log-off even if you're an admin of the system Expected Results: Log you off only if you're NOT an admin In my company's config of BugZilla, everything is based off of products (renamed to projects), strict_isolation, and usevisibilitygroups. Certainly anonymous accounts are not allowed. Only those people with access to specific projects can log in and only see those specific projects.
The point of shutdownhtml is to work with no DB access, in case the DB is down. Checking user privs would require the DB to be up.
Well, currently shutdownhtml exists for times when you're doing major things during which nobody should be touching the Bugzilla database at all, such as upgrades. So we wouldn't modify shutdownhtml itself to do this.
OS: Windows XP → All
Priority: -- → P4
Hardware: x86 → All
In that case (judging from comments #1 and #2), would it be possible to make an admin_only_mode parameter instead?
Mmm, I think that might be something that would be best off in an extension. We're trying to add as few new parameters to Bugzilla itself as possible.
You need to log in before you can comment on or make changes to this bug.