Bug 442031: Make Bugzilla::User::groups return an arrayref of Bugzilla::Group…

Bugzilla/BugMail.pm

@@ -489,9 +489,7 @@ sub Send {
             # If we are using insiders, and the comment is private, only send 
             # to insiders
             my $insider_ok = 1;
-            $insider_ok = 0 if (Bugzilla->params->{"insidergroup"} && 
-                                ($anyprivate != 0) && 
-                                (!$user->groups->{Bugzilla->params->{"insidergroup"}}));
+            $insider_ok = 0 if $anyprivate && !$user->is_insider;
 
             # We shouldn't send mail if this is a dependency mail (i.e. there 
             # is something in @depbugs), and any of the depending bugs are not 
@@ -562,9 +560,9 @@ sub sendMail {
           next;
         }
         # Only send estimated_time if it is enabled and the user is in the group
-        if (($f ne 'estimated_time' && $f ne 'deadline') ||
-             $user->groups->{Bugzilla->params->{'timetrackinggroup'}}) {
-
+        if (($f ne 'estimated_time' && $f ne 'deadline') 
+            || $user->is_timetracker)
+        {
             my $desc = $fielddescription{$f};
             $head .= multiline_sprintf(FORMAT_DOUBLE, ["$desc:", $value], 
                                        FORMAT_2_SIZE);
@@ -584,14 +582,12 @@ sub sendMail {
             ($diff->{'fieldname'} eq 'estimated_time' ||
              $diff->{'fieldname'} eq 'remaining_time' ||
              $diff->{'fieldname'} eq 'work_time' ||
-             $diff->{'fieldname'} eq 'deadline')){
-            if ($user->groups->{Bugzilla->params->{"timetrackinggroup"}}) {
-                $add_diff = 1;
-            }
-        } elsif (($diff->{'isprivate'}) 
-                 && Bugzilla->params->{'insidergroup'}
-                 && !($user->groups->{Bugzilla->params->{'insidergroup'}})
-                ) {
+             $diff->{'fieldname'} eq 'deadline'))
+        {
+            $add_diff = 1 if $user->is_timetracker;
+        } elsif ($diff->{'isprivate'} 
+                 && !$user->is_insider)
+        {
             $add_diff = 0;
         } else {
             $add_diff = 1;

Bugzilla/Chart.pm

@@ -382,8 +382,7 @@ sub getSeriesIDs {
 sub getVisibleSeries {
     my %cats;
 
-    # List of groups the user is in; use -1 to make sure it's not empty.
-    my $grouplist = join(", ", (-1, values(%{Bugzilla->user->groups})));
+    my $grouplist = Bugzilla->user->groups_as_string;
     
     # Get all visible series
     my $dbh = Bugzilla->dbh;

Bugzilla/Search.pm

@@ -775,8 +775,9 @@ sub init {
                 " ON bug_group_map.bug_id = bugs.bug_id ";
 
     if ($user->id) {
-        if (%{$user->groups}) {
-            $query .= " AND bug_group_map.group_id NOT IN (" . join(',', values(%{$user->groups})) . ") ";
+        if (scalar @{ $user->groups }) {
+            $query .= " AND bug_group_map.group_id NOT IN (" 
+                   . $user->groups_as_string . ") ";
         }
 
         $query .= " LEFT JOIN cc ON cc.bug_id = bugs.bug_id AND cc.who = " . $user->id;

Bugzilla/User.pm

@@ -359,75 +359,62 @@ sub groups {
     my $self = shift;
 
     return $self->{groups} if defined $self->{groups};
-    return {} unless $self->id;
+    return [] unless $self->id;
 
     my $dbh = Bugzilla->dbh;
-    my $groups = $dbh->selectcol_arrayref(q{SELECT DISTINCT groups.name, group_id
-                                              FROM groups, user_group_map
-                                             WHERE groups.id=user_group_map.group_id
-                                               AND user_id=?
-                                               AND isbless=0},
-                                          { Columns=>[1,2] },
-                                          $self->id);
-
-    # The above gives us an arrayref [name, id, name, id, ...]
-    # Convert that into a hashref
-    my %groups = @$groups;
-    my @groupidstocheck = values(%groups);
-    my %groupidschecked = ();
+    my $groups_to_check = $dbh->selectcol_arrayref(
+        q{SELECT DISTINCT group_id
+            FROM user_group_map
+           WHERE user_id = ? AND isbless = 0}, undef, $self->id);
+
     my $rows = $dbh->selectall_arrayref(
-                "SELECT DISTINCT groups.name, groups.id, member_id
+        "SELECT DISTINCT grantor_id, member_id
            FROM group_group_map
-                      INNER JOIN groups
-                              ON groups.id = grantor_id
           WHERE grant_type = " . GROUP_MEMBERSHIP);
-    my %group_names = ();
-    my %group_membership = ();
-    foreach my $row (@$rows) {
-        my ($member_name, $grantor_id, $member_id) = @$row; 
-        # Just save the group names
-        $group_names{$grantor_id} = $member_name;
 
-        # And group membership
-        push (@{$group_membership{$member_id}}, $grantor_id);
+    my %group_membership;
+    foreach my $row (@$rows) {
+        my ($grantor_id, $member_id) = @$row; 
+        push (@{ $group_membership{$member_id} }, $grantor_id);
     }
     
     # Let's walk the groups hierarchy tree (using FIFO)
     # On the first iteration it's pre-filled with direct groups 
     # membership. Later on, each group can add its own members into the
     # FIFO. Circular dependencies are eliminated by checking
-    # $groupidschecked{$member_id} hash values.
+    # $checked_groups{$member_id} hash values.
     # As a result, %groups will have all the groups we are the member of.
-    while ($#groupidstocheck >= 0) {
+    my %checked_groups;
+    my %groups;
+    while (scalar(@$groups_to_check) > 0) {
         # Pop the head group from FIFO
-        my $member_id = shift @groupidstocheck;
+        my $member_id = shift @$groups_to_check;
         
         # Skip the group if we have already checked it
-        if (!$groupidschecked{$member_id}) {
+        if (!$checked_groups{$member_id}) {
             # Mark group as checked
-            $groupidschecked{$member_id} = 1;
+            $checked_groups{$member_id} = 1;
             
             # Add all its members to the FIFO check list
             # %group_membership contains arrays of group members 
             # for all groups. Accessible by group number.
-            foreach my $newgroupid (@{$group_membership{$member_id}}) {
-                push @groupidstocheck, $newgroupid 
-                    if (!$groupidschecked{$newgroupid});
-            }
-            # Note on if clause: we could have group in %groups from 1st
-            # query and do not have it in second one
-            $groups{$group_names{$member_id}} = $member_id 
-                if $group_names{$member_id} && $member_id;
+            my $members = $group_membership{$member_id};
+            my @new_to_check = grep(!$checked_groups{$_}, @$members);
+            push(@$groups_to_check, @new_to_check);
+
+            $groups{$member_id} = 1;
         }
     }
-    $self->{groups} = \%groups;
+
+    $self->{groups} = Bugzilla::Group->new_from_list([keys %groups]);
 
     return $self->{groups};
 }
 
 sub groups_as_string {
     my $self = shift;
-    return (join(',',values(%{$self->groups})) || '-1');
+    my @ids = map { $_->id } @{ $self->groups };
+    return scalar(@ids) ? join(',', @ids) : '-1';
 }
 
 sub bless_groups {
@@ -483,7 +470,7 @@ sub bless_groups {
 
 sub in_group {
     my ($self, $group, $product_id) = @_;
-    if (exists $self->groups->{$group}) {
+    if (scalar grep($_->name eq $group, @{ $self->groups })) {
         return 1;
     }
     elsif ($product_id && detaint_natural($product_id)) {
@@ -512,8 +499,7 @@ sub in_group {
 
 sub in_group_id {
     my ($self, $id) = @_;
-    my %j = reverse(%{$self->groups});
-    return exists $j{$id} ? 1 : 0;
+    return grep($_->id == $id, @{ $self->groups }) ? 1 : 0;
 }
 
 sub get_products_by_permission {
@@ -828,7 +814,7 @@ sub visible_groups_direct {
     my $sth;
    
     if (Bugzilla->params->{'usevisibilitygroups'}) {
-        my $glist = join(',',(-1,values(%{$self->groups})));
+        my $glist = $self->groups_as_string;
         $sth = $dbh->prepare("SELECT DISTINCT grantor_id
                                  FROM group_group_map
                                 WHERE member_id IN($glist)
@@ -873,7 +859,7 @@ sub queryshare_groups {
             }
         }
         else {
-            @queryshare_groups = values(%{$self->groups});
+            @queryshare_groups = map { $_->id } @{ $self->groups };
         }
     }
 
@@ -1531,6 +1517,17 @@ sub is_global_watcher {
     return  $self->{'is_global_watcher'};
 }
 
+sub is_timetracker {
+    my $self = shift;
+
+    if (!defined $self->{'is_timetracker'}) {
+        my $tt_group = Bugzilla->params->{'timetrackinggroup'};
+        $self->{'is_timetracker'} =
+            ($tt_group && $self->in_group($tt_group)) ? 1 : 0;
+    }
+    return $self->{'is_timetracker'};
+}
+
 sub get_userlist {
     my $self = shift;
 
@@ -1871,10 +1868,8 @@ is_default     - a boolean to indicate whether the user has chosen to make
 
 =item C<groups>
 
-Returns a hashref of group names for groups the user is a member of. The keys
-are the names of the groups, whilst the values are the respective group ids.
-(This is so that a set of all groupids for groups the user is in can be
-obtained by C<values(%{$user-E<gt>groups})>.)
+Returns an arrayref of L<Bugzilla::Group> objects representing
+groups that this user is a member of.
 
 =item C<groups_as_string>
 

buglist.cgi

@@ -264,7 +264,7 @@ sub LookupNamedQuery {
                                              FROM namedquery_group_map
                                             WHERE namedquery_id = ?',
                                           undef, $id);
-        if (!grep {$_ == $group} values(%{$user->groups()})) {
+        if (!grep { $_->id == $group } @{ $user->groups }) {
             ThrowUserError("missing_query", {'queryname' => $name,
                                              'sharer_id' => $sharer_id});
         }

docs/en/xml/customization.xml

@@ -582,7 +582,7 @@
 
     <programlisting><![CDATA[...
     [% ', <a href="editkeywords.cgi">keywords</a>' 
-                                              IF user.groups.editkeywords %]
+       IF user.in_group('editkeywords') %]
     [% Hook.process("edit") %]
 ...]]></programlisting>
 
@@ -592,7 +592,7 @@
       You then create that template file and add the following constant:
     </para>
 
-    <programlisting><![CDATA[...[% ', <a href="edit-projects.cgi">projects</a>' IF user.groups.projman_admins %]]]></programlisting>
+    <programlisting><![CDATA[...[% ', <a href="edit-projects.cgi">projects</a>' IF user.in_group('projman_admins') %]]]></programlisting>
 
     <para>
       Voila!  The link now appears after the other administration links in the
@@ -746,7 +746,7 @@
       positive check, which returns 1 (allow) if certain conditions are true,
       or a negative check, which returns 0 (deny.) E.g.:
       <programlisting>    if ($field eq "qacontact") {
-        if (Bugzilla->user->groups("quality_assurance")) {
+        if (Bugzilla->user->in_group("quality_assurance")) {
             return 1;
         } 
         else {

editclassifications.cgi

@@ -62,7 +62,7 @@ Bugzilla->login(LOGIN_REQUIRED);
 
 print $cgi->header();
 
-exists Bugzilla->user->groups->{'editclassifications'}
+Bugzilla->user->in_group('editclassifications')
   || ThrowUserError("auth_failure", {group  => "editclassifications",
                                      action => "edit",
                                      object => "classifications"});

editvalues.cgi

@@ -118,7 +118,7 @@ $vars->{'doc_section'} = 'edit-values.html';
 
 print $cgi->header();
 
-exists Bugzilla->user->groups->{'admin'} ||
+Bugzilla->user->in_group('admin') ||
     ThrowUserError('auth_failure', {group  => "admin",
                                     action => "edit",
                                     object => "field_values"});

request.cgi

@@ -142,7 +142,7 @@ sub queue {
            LEFT JOIN bug_group_map AS bgmap
                   ON bgmap.bug_id = bugs.bug_id
                  AND bgmap.group_id NOT IN (" .
-                     join(', ', (-1, values(%{$user->groups}))) . ")
+                     $user->groups_as_string . ")
            LEFT JOIN cc AS ccmap
                   ON ccmap.who = $userid
                  AND ccmap.bug_id = bugs.bug_id

template/en/default/account/prefs/permissions.html.tmpl

@@ -65,7 +65,7 @@
         There are no permission bits set on your account.
       [% END %]
 
-      [% IF user.groups.editusers %]
+      [% IF user.in_group('editusers') %]
         <br>
         You have editusers privileges.  You can turn on and off
         all permissions for all users.
@@ -83,7 +83,7 @@
           </table>
       [% END %]
 
-      [% IF user.groups.bz_sudoers %]
+      [% IF user.in_group('bz_sudoers') %]
         <br>
         You are a member of the <b>bz_sudoers</b> group, so you can 
         <a href="relogin.cgi?action=prepare-sudo">impersonate someone else</a>.

template/en/default/admin/admin.html.tmpl

@@ -36,7 +36,7 @@
   <tr>
     <td class="admin_links">
       <dl>
-        [% class = user.groups.tweakparams ? "" : "forbidden" %]
+        [% class = user.in_group('tweakparams') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editparams.cgi">Parameters</a></dt>
         <dd class="[% class %]">Set core parameters of the installation. That's the
         place where you specify the URL to access this installation, determine how
@@ -49,25 +49,25 @@
         which will be used by default for all users. Users will be able to edit their
         own preferences from the <a href="userprefs.cgi?tab=settings">Preferences</a>.</dd>
 
-        [% class = user.groups.editcomponents ? "" : "forbidden" %]
+        [% class = user.in_group('editcomponents') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="sanitycheck.cgi">Sanity Check</a></dt>
         <dd class="[% class %]">Run sanity checks to locate problems in your database.
         This may take several tens of minutes depending on the size of your installation.
         You can also automate this check by running <tt>sanitycheck.pl</tt> from a cron job.
         A notification will be sent per email to the specified user if errors are detected.</dd>
 
-        [% class = (user.groups.editusers || user.can_bless) ? "" : "forbidden" %]
+        [% class = (user.in_group('editusers') || user.can_bless) ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editusers.cgi">Users</a></dt>
         <dd class="[% class %]">Create new user accounts or edit existing ones. You can
         also add and remove users from groups (also known as "user privileges").</dd>
 
-        [% class = (Param('useclassification') && user.groups.editclassifications) ? "" : "forbidden" %]
+        [% class = (Param('useclassification') && user.in_group('editclassifications')) ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editclassifications.cgi">Classifications</a></dt>
         <dd class="[% class %]">If your installation has to manage many products at once,
         it's a good idea to group these products into distinct categories. This lets users
         find information more easily when doing searches or when filing new [% terms.bugs %].</dd>
 
-        [% class = (user.groups.editcomponents
+        [% class = (user.in_group('editcomponents')
                     || user.get_products_by_permission("editcomponents").size) ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editproducts.cgi">Products</a></dt>
         <dd class="[% class %]">Edit all aspects of products, including group restrictions
@@ -76,7 +76,7 @@
         <a href="editcomponents.cgi">components</a>, <a href="editversions.cgi">versions</a>
         and <a href="editmilestones.cgi">milestones</a> directly.</dd>
 
-        [% class = user.groups.editcomponents ? "" : "forbidden" %]
+        [% class = user.in_group('editcomponents') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editflagtypes.cgi">Flags</a></dt>
         <dd class="[% class %]">A flag is a custom 4-states attribute of [% terms.bugs %]
         and/or attachments. These states are: granted, denied, requested and undefined.
@@ -87,7 +87,7 @@
 
     <td class="admin_links">
       <dl>
-        [% class = user.groups.admin ? "" : "forbidden" %]
+        [% class = user.in_group('admin') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editfields.cgi">Custom Fields</a></dt>
         <dd class="[% class %]">[% terms.Bugzilla %] lets you define fields which are
         not implemented by default, based on your local and specific requirements.
@@ -107,18 +107,18 @@
         statuses available on [% terms.bug %] creation and allowed [% terms.bug %] status
         transitions when editing existing [% terms.bugs %].</dd>
 
-        [% class = user.groups.creategroups ? "" : "forbidden" %]
+        [% class = user.in_group('creategroups') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editgroups.cgi">Groups</a></dt>
         <dd class="[% class %]">Define groups which will be used in the installation.
         They can either be used to define new user privileges or to restrict the access
         to some [% terms.bugs %].</dd>
 
-        [% class = user.groups.editkeywords ? "" : "forbidden" %]
+        [% class = user.in_group('editkeywords') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editkeywords.cgi">Keywords</a></dt>
         <dd class="[% class %]">Set keywords to be used with [% terms.bugs %]. Keywords
         are an easy way to "tag" [% terms.bugs %] to let you find them more easily later.</dd>
 
-        [% class = user.groups.bz_canusewhines ? "" : "forbidden" %]
+        [% class = user.in_group('bz_canusewhines') ? "" : "forbidden" %]
         <dt class="[% class %]"><a href="editwhines.cgi">Whining</a></dt>
         <dd class="[% class %]">Set queries which will be run at some specified date
         and time, and get the result of these queries directly per email. This is a

template/en/default/admin/fieldvalues/confirm-delete.html.tmpl

@@ -71,7 +71,7 @@
     [% IF param_name.defined && Param(param_name) == value %]
       <li>'[% value FILTER html %]' is the default value for
           the '[% field.description FILTER html %]' field.
-          [% IF user.groups.tweakparams %]
+          [% IF user.in_group('tweakparams') %]
             You first have to <a href="editparams.cgi?section=bugfields#
             [%- param_name FILTER url_quote %]">change the default value</a> for
             this field before you can delete this value.

template/en/default/admin/users/confirm-delete.html.tmpl

@@ -69,8 +69,8 @@
     <td>
       [% IF otheruser.groups.size %]
         <ul>
-          [% FOREACH group = otheruser.groups.keys %]
-            <li>[% group FILTER html %]</li>
+          [% FOREACH group = otheruser.groups %]
+            <li>[% group.name FILTER html %]</li>
           [% END %]
         </ul>
       [% ELSE %]

template/en/default/admin/users/userdata.html.tmpl

@@ -27,7 +27,7 @@
       <input size="64" maxlength="255" name="login" 
              id="login" value="[% otheruser.login FILTER html %]" />
       [% IF editform %]
-        [% IF !otheruser.groups.bz_sudo_protect %]
+        [% IF !otheruser.in_group('bz_sudo_protect') %]
           <br />
           <a href="relogin.cgi?action=prepare-sudo&amp;target_login=
           [%- otheruser.login FILTER url_quote %]">Impersonate this user</a>

template/en/default/attachment/edit.html.tmpl

@@ -274,7 +274,7 @@
          | <a href="attachment.cgi?id=[% attachment.id %]&amp;action=diff">Diff</a>
         [% END %]
         [% IF Param("allow_attachment_deletion")
-              && user.groups.admin
+              && user.in_group('admin')
               && attachment.datasize > 0 %]
           | <a href="attachment.cgi?id=[% attachment.id %]&amp;action=delete">Delete</a>
         [% END %]

template/en/default/bug/dependency-tree.html.tmpl

@@ -83,7 +83,7 @@
   [% IF ids.size %]
     ([% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END -%]
     <a href="buglist.cgi?bug_id=[% ids.join(",") %]">view as [% terms.bug %] list</a>
-    [% IF user.groups.editbugs && ids.size > 1 %]
+    [% IF user.in_group('editbugs') && ids.size > 1 %]
       | <a href="buglist.cgi?bug_id=[% ids.join(",") %]&amp;tweak=1">change several</a>
     [% END %])
     <ul class="tree">

template/en/default/global/common-links.html.tmpl

@@ -56,10 +56,10 @@
 
   [% IF user.login %]
     <li><span class="separator">| </span><a href="userprefs.cgi">Preferences</a></li>
-    [% IF user.groups.tweakparams || user.groups.editusers || user.can_bless
-          || (Param('useclassification') && user.groups.editclassifications)
-          || user.groups.editcomponents || user.groups.admin || user.groups.creategroups
-          || user.groups.editkeywords || user.groups.bz_canusewhines
+    [% IF user.in_group('tweakparams') || user.in_group('editusers') || user.can_bless
+          || (Param('useclassification') && user.in_group('editclassifications'))
+          || user.in_group('editcomponents') || user.in_group('admin') || user.in_group('creategroups')
+          || user.in_group('editkeywords') || user.in_group('bz_canusewhines')
           || user.get_products_by_permission("editcomponents").size %]
       <li><span class="separator">| </span><a href="admin.cgi">Administration</a></li>
     [% END %]

template/en/default/global/site-navigation.html.tmpl

@@ -108,20 +108,20 @@
   [%# *** Bugzilla Administration Tools *** %]
   [% IF user.login %] 
     [% '<link rel="Administration" title="Parameters"    
-              href="editparams.cgi">' IF user.groups.tweakparams %]
+              href="editparams.cgi">' IF user.in_group('tweakparams') %]
     [% '<link rel="Administration" title="Users"    
-              href="editusers.cgi">' IF user.groups.editusers %]
+              href="editusers.cgi">' IF user.in_group('editusers') %]
     [% '<link rel="Administration" title="Products" href="editproducts.cgi">'
-       IF user.groups.editcomponents || user.get_products_by_permission("editcomponents").size %]
+       IF user.in_group('editcomponents') || user.get_products_by_permission("editcomponents").size %]
     [% '<link rel="Administration" title="Flag Types"   
-              href="editflagtypes.cgi">' IF user.groups.editcomponents %]
+              href="editflagtypes.cgi">' IF user.in_group('editcomponents') %]
     [% '<link rel="Administration" title="Groups"        
-              href="editgroups.cgi">' IF user.groups.creategroups %]
+              href="editgroups.cgi">' IF user.in_group('creategroups') %]
     [% '<link rel="Administration" title="Keywords"      
-              href="editkeywords.cgi">' IF user.groups.editkeywords %]
+              href="editkeywords.cgi">' IF user.in_group('editkeywords') %]
     [% '<link rel="Administration" title="Whining"       
-              href="editwhines.cgi">' IF user.groups.bz_canusewhines %]
+              href="editwhines.cgi">' IF user.in_group('bz_canusewhines') %]
     [% '<link rel="Administration" title="Sanity Check"  
-              href="sanitycheck.cgi">' IF user.groups.editcomponents %]
+              href="sanitycheck.cgi">' IF user.in_group('editcomponents') %]
   [% END %]  
 [% END %]

template/en/default/global/user-error.html.tmpl

@@ -443,7 +443,7 @@
     [% title = "Specified Field Value Is Default" %]
     '[% value FILTER html %]' is the default value for
     the '[% field.description FILTER html %]' field and cannot be deleted.
-    [% IF user.groups.tweakparams %]
+    [% IF user.in_group('tweakparams') %]
       You have to <a href="editparams.cgi?section=bugfields#
       [%- param_name FILTER url_quote %]">change</a> the default value first.
     [% END %]

template/en/default/list/quips.html.tmpl

@@ -37,7 +37,7 @@
   <p>
     <font color="red">
       Your quip '<tt>[% added_quip FILTER html %]</tt>' has been added.
-      [% IF Param("quip_list_entry_control") == "moderated" AND !user.groups.admin %]
+      [% IF Param("quip_list_entry_control") == "moderated" AND !user.in_group('admin') %]
         It will be used as soon as it gets approved.
       [% END %]
     </font>
@@ -66,7 +66,7 @@
   <p>
     You can extend the quip list. Type in something clever or funny or boring
     (but not obscene or offensive, please) and bonk on the button.
-    [% IF Param("quip_list_entry_control") == "moderated" AND !user.groups.admin %]
+    [% IF Param("quip_list_entry_control") == "moderated" AND !user.in_group('admin') %]
       Note that your quip has to be approved before it is used.
     [% END %]
   </p>

template/en/default/pages/sudo.html.tmpl

@@ -51,14 +51,14 @@ doing the impersonating has the appropriate privileges.
 </p>
 
 <p id="message">
-  [% IF user.groups.bz_sudoers %]
+  [% IF user.in_group('bz_sudoers') %]
     You are a member of the <b>bz_sudoers</b> group.  You may use this 
     feature to impersonate others.
   [% ELSE %]
     You are not a member of an appropriate group.  You may not use this 
     feature.
   [% END %]
-  [% IF user.groups.bz_sudo_protect %]
+  [% IF user.in_group('bz_sudo_protect') %]
     <br>
     You are a member of the <b>bz_sudo_protect</b> group.  Other people will 
     not be able to use this feature to impersonate you.

template/en/default/sidebar.xul.tmpl

@@ -69,31 +69,31 @@ function normal_keypress_handler( aEvent ) {
 
 [% IF user.id %]
       <text class="text-link" onclick="load_relative_url('userprefs.cgi')" value="edit prefs"/>
-  [%- IF user.groups.tweakparams %]
+  [%- IF user.in_group('tweakparams') %]
       <text class="text-link" onclick="load_relative_url('editparams.cgi')" value="edit params"/>
       <text class="text-link" onclick="load_relative_url('editsettings.cgi')" value="edit default preferences"/>
   [%- END %]
-  [%- IF user.groups.editusers || user.can_bless %]
+  [%- IF user.in_group('editusers') || user.can_bless %]
       <text class="text-link" onclick="load_relative_url('editusers.cgi')" value="edit users"/>
   [%- END %]
-  [%- IF Param('useclassification') && user.groups.editclassifications %]
+  [%- IF Param('useclassification') && user.in_group('editclassifications') %]
       <text class="text-link" onclick="load_relative_url('editclassifications.cgi')" value="edit classifications"/>
   [%- END %]
-  [%- IF user.groups.editcomponents %]
+  [%- IF user.in_group('editcomponents') %]
       <text class="text-link" onclick="load_relative_url('editcomponents.cgi')" value="edit components"/>
       <text class="text-link" onclick="load_relative_url('editflagtypes.cgi')" value="edit flags"/>
       <text class="text-link" onclick="load_relative_url('editvalues.cgi')" value="edit field values"/>
   [%- END %]
-  [%- IF user.groups.creategroups %]
+  [%- IF user.in_group('creategroups') %]
       <text class="text-link" onclick="load_relative_url('editgroups.cgi')" value="edit groups"/>
   [%- END %]
-  [%- IF user.groups.editkeywords %]
+  [%- IF user.in_group('editkeywords') %]
       <text class="text-link" onclick="load_relative_url('editkeywords.cgi')" value="edit keywords"/>
   [%- END %]
-  [%- IF user.groups.bz_canusewhines %]
+  [%- IF user.in_group('bz_canusewhines') %]
       <text class="text-link" onclick="load_relative_url('editwhines.cgi')" value="edit whining"/>
   [%- END %]
-  [%- IF user.groups.editcomponents %]
+  [%- IF user.in_group('editcomponents') %]
       <text class="text-link" onclick="load_relative_url('sanitycheck.cgi')" value="sanity check"/>
   [%- END %]
   [%- IF user.authorizer.can_logout %]