Bug 282574 : use the new "auth_failure" error message for all authentication failures

attachment.cgi

@@ -204,9 +204,10 @@ sub validateID
     # Make sure the user is authorized to access this attachment's bug.
     ($bugid, my $isprivate) = FetchSQLData();
     ValidateBugID($bugid);
-    if (($isprivate > 0 ) && Param("insidergroup") && 
-        !(UserInGroup(Param("insidergroup")))) {
-        ThrowUserError("attachment_access_denied");
+    if ($isprivate && Param("insidergroup")) {
+        UserInGroup(Param("insidergroup"))
+          || ThrowUserError("auth_failure", {action => "access",
+                                             object => "attachment"});
     }
 
     # XXX shim code, kill $::FORM

buglist.cgi

@@ -73,7 +73,10 @@ my $dotweak = $::FORM{'tweak'} ? 1 : 0;
 # Log the user in
 if ($dotweak) {
     Bugzilla->login(LOGIN_REQUIRED);
-    UserInGroup("editbugs") || ThrowUserError("insufficient_privs_for_multi");
+    UserInGroup("editbugs")
+      || ThrowUserError("auth_failure", {group  => "editbugs",
+                                         action => "modify",
+                                         object => "multiple_bugs"});
     GetVersionTable();
 }
 else {

doeditparams.cgi

@@ -37,12 +37,10 @@ my $cgi = Bugzilla->cgi;
 
 print $cgi->header();
 
-if (!UserInGroup("tweakparams")) {
-    print "<h1>Sorry, you aren't a member of the 'tweakparams' group.</h1>\n";
-    print "And so, you aren't allowed to edit the parameters.\n";
-    PutFooter();
-    exit;
-}
+UserInGroup("tweakparams")
+  || ThrowUserError("auth_failure", {group  => "tweakparams",
+                                     action => "modify",
+                                     object => "parameters"});
 
 PutHeader("Saving new parameters");
 

quips.cgi

@@ -119,9 +119,10 @@ if ($action eq 'approve') {
 }
 
 if ($action eq "delete") {
-    if (!UserInGroup('admin')) {
-        ThrowUserError("quips_edit_denied");
-    }
+    UserInGroup("admin")
+      || ThrowUserError("auth_failure", {group  => "admin",
+                                         action => "delete",
+                                         object => "quips"});
     my $quipid = $cgi->param("quipid");
     ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; 
     $quipid = $1;

sanitycheck.cgi

@@ -82,7 +82,9 @@ my $dbh = Bugzilla->dbh;
 # prevents users with a legitimate interest in Bugzilla integrity
 # from accessing the script).
 UserInGroup("editbugs")
-  || ThrowUserError("sanity_check_access_denied");
+  || ThrowUserError("auth_failure", {group  => "editbugs",
+                                     action => "run",
+                                     object => "sanity_check"});
 
 print "Content-type: text/html\n";
 print "\n";

template/en/default/global/user-error.html.tmpl

@@ -17,7 +17,7 @@
   # Rights Reserved.
   #
   # Contributor(s): Gervase Markham <gerv@gerv.net>
-  #                 Frédéric Buclin <LpSolit@netscape.net>
+  #                 Frédéric Buclin <LpSolit@gmail.com>
   #%]
 
 [%# INTERFACE:
@@ -113,8 +113,10 @@
       [% END %]
     [% END %]
 
-    and so you aren't allowed to
-    [% IF action == "add" %]
+    [% IF group || reason %] and so [% END %] you are not authorized to
+    [% IF action == "access" %]
+      access
+    [% ELSIF action == "add" %]
       add new
     [% ELSIF action == "modify" %]
       modify
@@ -122,13 +124,17 @@
       delete
     [% ELSIF action == "edit" %]
       add, modify or delete
+    [% ELSIF action == "run" %]
+      run
     [% ELSIF action == "schedule" %]
       schedule
     [% ELSIF action == "use" %]
       use
     [% END %]
 
-    [% IF object == "charts" %]
+    [% IF object == "attachment" %]
+      this attachment
+    [% ELSIF object == "charts" %]
       the "New Charts" feature
     [% ELSIF object == "classifications" %]
       classifications
@@ -142,12 +148,18 @@
       keywords
     [% ELSIF object == "milestones" %]
       milestones
+    [% ELSIF object == "multiple_bugs" %]
+      multiple [% terms.bugs %] at once
     [% ELSIF object == "parameters" %]
       parameters
     [% ELSIF object == "products" %]
       products
+    [% ELSIF object == "quips" %]
+      quips
     [% ELSIF object == "reports" %]
       whine reports
+    [% ELSIF object == "sanity_check" %]
+      a sanity check
     [% ELSIF object == "user" %]
       the user you specified
     [% ELSIF object == "users" %]
@@ -156,10 +168,6 @@
       versions
     [% END %].
 
-  [% ELSIF error == "attachment_access_denied" %]
-    [% title = "Access Denied" %]
-    You are not authorized to access this attachment.
-
   [% ELSIF error == "attachment_removed" %]
     [% title = "Attachment Removed" %]
     The attachment you are attempting to access has been removed.
@@ -548,11 +556,6 @@
   [% ELSIF error == "insufficient_data_points" %]
     We don't have enough data points to make a graph (yet).
         
-  [% ELSIF error == "insufficient_privs_for_multi" %]
-    [% title = "Insufficient Privileges" %]
-    Sorry, you do not have sufficient privileges to edit multiple 
-    [% terms.bugs %].
-    
   [% ELSIF error == "invalid_attach_id" %]
     [% title = "Invalid Attachment ID" %]
     The attachment id [% attach_id FILTER html %] is invalid.
@@ -918,10 +921,6 @@
     [% title = "Quips Disabled" %]
     Quips are disabled.
 
-  [% ELSIF error == "quips_edit_denied" %]
-    [% title = "Permission Denied" %]
-    You do not have permission to edit quips.
-
   [% ELSIF error == "reassign_to_empty" %]
     [% title = "Illegal Reassignment" %]
     To reassign [% terms.abug %], you must provide an address for
@@ -945,10 +944,6 @@
     [% title = "Summary Needed" %]
     You must enter a summary for this [% terms.bug %].
 
-  [% ELSIF error == "sanity_check_access_denied" %]
-    [% title = "Access Denied" %]
-    You do not have the permissions necessary to run a sanity check.
-
   [% ELSIF error == "search_content_without_matches" %]
     [% title = "Illegal Search" %]
     The "content" field can only be used with "matches" search