View Issue Details

IDProjectCategoryView StatusLast Update
0010884mantisbtcustomizationpublic2014-12-08 00:34
Reportercmfitch1Assigned Todhx 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0010884: Make 'edit', 'delete', and 'make private' buttons on bugnotes independently configurable
Description

Currently, it is only possible to configure whether a user can edit and delete his/her bugnotes. It would be nice if each action that can be taken on a bugnote was configurable independently of the others. For example, it would be useful to allow users to edit their bugnotes, but not to delete them or make them private.

Tagspatch

Relationships

related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
child of 0010964 confirmed Anonymous account problems at 'reporter' access level (no bugnote_edit_threshold, public/private problems) 

Activities

cmfitch1

cmfitch1

2009-08-27 10:46

reporter  

issue_10884.patch (7,399 bytes)
From ee9de5f83f9f45e9b55a42a300fe6db24a0f1784 Mon Sep 17 00:00:00 2001
From: Chris Fitch <cfitch@redcom.com>
Date: Tue, 18 Aug 2009 14:48:37 -0400
Subject: [PATCH] Make 'delete' and 'make private' buttons configurable


diff --git a/bugnote_delete.php b/bugnote_delete.php
index 5b76f23..03ddd08 100644
--- a/bugnote_delete.php
+++ b/bugnote_delete.php
@@ -48,7 +48,7 @@
 	$t_user_id = auth_get_current_user_id();
 	$t_reporter_id = bugnote_get_field( $f_bugnote_id, 'reporter_id' );
 
-	if ( ( $t_user_id != $t_reporter_id ) || ( OFF == config_get( 'bugnote_allow_user_edit_delete' ) ) ) {
+	if ( ( $t_user_id != $t_reporter_id ) || ( OFF == config_get( 'bugnote_allow_user_delete' ) ) ) {
 		access_ensure_bugnote_level( config_get( 'delete_bugnote_threshold' ), $f_bugnote_id );
 	}
 
diff --git a/bugnote_edit_page.php b/bugnote_edit_page.php
index 68853f2..4ea44a8 100644
--- a/bugnote_edit_page.php
+++ b/bugnote_edit_page.php
@@ -57,7 +57,7 @@
 	$t_reporter_id = bugnote_get_field( $f_bugnote_id, 'reporter_id' );
 
 	if ( ( $t_user_id != $t_reporter_id ) ||
-	 	( OFF == config_get( 'bugnote_allow_user_edit_delete' ) ) ) {
+	 	( OFF == config_get( 'bugnote_allow_user_edit' ) ) ) {
 		access_ensure_bugnote_level( config_get( 'update_bugnote_threshold' ), $f_bugnote_id );
 	}
 
diff --git a/bugnote_update.php b/bugnote_update.php
index dd7e279..cdbfd26 100644
--- a/bugnote_update.php
+++ b/bugnote_update.php
@@ -41,7 +41,7 @@
 	$t_user_id = auth_get_current_user_id();
 	$t_reporter_id = bugnote_get_field( $f_bugnote_id, 'reporter_id' );
 
-	if ( ( $t_user_id != $t_reporter_id ) || ( OFF == config_get( 'bugnote_allow_user_edit_delete' ) )) {
+	if ( ( $t_user_id != $t_reporter_id ) || ( OFF == config_get( 'bugnote_allow_user_edit' ) )) {
 		access_ensure_bugnote_level( config_get( 'update_bugnote_threshold' ), $f_bugnote_id );
 	}
 
diff --git a/bugnote_view_inc.php b/bugnote_view_inc.php
index 6d8b95a..f3c9ab5 100644
--- a/bugnote_view_inc.php
+++ b/bugnote_view_inc.php
@@ -138,12 +138,24 @@ $num_notes = count( $t_bugnotes );
 			if ( !bug_is_readonly( $f_bug_id ) ) {
 				$t_can_edit_note = false;
 				$t_can_delete_note = false;
+				$t_can_make_note_priv = false;
 
-				# admins and the bugnote creator can edit/delete this bugnote
-				if ( ( access_has_bug_level( config_get( 'manage_project_threshold' ), $f_bug_id ) ) ||
-					( ( $t_bugnote->reporter_id == $t_user_id ) && ( ON == config_get( 'bugnote_allow_user_edit_delete' ) ) ) ) {
+				# admins can edit/delete this bugnote
+				if ( ( access_has_bug_level( config_get( 'manage_project_threshold' ), $f_bug_id ) ) ) {
 					$t_can_edit_note = true;
 					$t_can_delete_note = true;
+					$t_can_make_note_priv = true;
+				# bugnote creator might be able to edit/delete this bugnote
+				} else if ( $t_bugnote->reporter_id == $t_user_id ) {
+					if ( ON == config_get( 'bugnote_allow_user_edit' ) ) {
+						$t_can_edit_note = true;
+					}
+					if ( ON == config_get( 'bugnote_allow_user_delete' ) ) {
+						$t_can_delete_note = true;
+					}
+					if ( ON == config_get( 'bugnote_allow_user_make_priv' ) ) {
+						$t_can_make_note_priv = true;
+					}
 				}
 
 				# users above update_bugnote_threshold should be able to edit this bugnote
@@ -157,8 +169,8 @@ $num_notes = count( $t_bugnotes );
 					print_button( 'bugnote_delete.php?bugnote_id='.$t_bugnote->id, lang_get( 'delete_link' ) );
 				}
 
-				# users with access to both update and change view status (or the bugnote author) can change public/private status
-				if ( $t_can_edit_note || ( access_has_bug_level( config_get( 'update_bugnote_threshold' ), $f_bug_id ) &&
+				# users with access to both update and change view status (or the bugnote author if allowed) can change public/private status
+				if ( $t_can_make_note_priv || ( access_has_bug_level( config_get( 'update_bugnote_threshold' ), $f_bug_id ) &&
 					access_has_bug_level( config_get( 'change_view_status_threshold' ), $f_bug_id ) ) ) {
 					if ( VS_PRIVATE == $t_bugnote->view_state ) {
 						echo " ";
diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index df10831..f0c812f 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -2409,10 +2409,22 @@
 	$g_delete_bugnote_threshold = '%delete_bug_threshold%';
 
 	/**
-	 * Are users allowed to change and delete their own bugnotes?
-	 * @global int $g_bugnote_allow_user_edit_delete
+	 * Are users allowed to change their own bugnotes?
+	 * @global int $g_bugnote_allow_user_edit
 	 */
-	$g_bugnote_allow_user_edit_delete = ON;
+	$g_bugnote_allow_user_edit = ON;
+
+	/**
+	 * Are users allowed to delete their own bugnotes?
+	 * @global int $g_bugnote_allow_user_delete
+	 */
+	$g_bugnote_allow_user_delete = ON;
+
+	/**
+	 * Are users allowed to change the view status of their own bugnotes?
+	 * @global int $g_bugnote_allow_user_make_priv
+	 */
+	$g_bugnote_allow_user_make_priv = ON;
 
 	/**
 	 * Move bug threshold
diff --git a/lang/strings_english.txt b/lang/strings_english.txt
index c65951d..8963b57 100644
--- a/lang/strings_english.txt
+++ b/lang/strings_english.txt
@@ -847,6 +847,8 @@ $s_allow_reporter_close = 'Allow Reporter to close Issue';
 $s_allow_reporter_reopen = 'Allow Reporter to re-open Issue';
 $s_set_status_assigned = 'Set status on assignment of Handler';
 $s_allow_user_edit = 'Allow user to edit their own issue notes';
+$s_allow_user_delete = 'Allow user to delete their own issue notes';
+$s_allow_user_make_priv = 'Allow user to make their own issue notes private';
 $s_limit_access = 'Limit reporter\'s access to their own issues';
 $s_submit_status = 'Status to which a new issue is set';
 $s_assigned_status = 'Status to set auto-assigned issues to';
diff --git a/manage_config_work_threshold_page.php b/manage_config_work_threshold_page.php
index aec9a8d..d531cc6 100644
--- a/manage_config_work_threshold_page.php
+++ b/manage_config_work_threshold_page.php
@@ -301,7 +301,9 @@
 	get_section_begin_mcwt( lang_get( 'notes' ) );
 	get_capability_row( lang_get( 'add_notes' ), 'add_bugnote_threshold' );
 	get_capability_row( lang_get( 'update_notes' ), 'update_bugnote_threshold' );
-    get_capability_boolean( lang_get( 'allow_user_edit' ), 'bugnote_allow_user_edit_delete' );
+    get_capability_boolean( lang_get( 'allow_user_edit' ), 'bugnote_allow_user_edit' );
+    get_capability_boolean( lang_get( 'allow_user_delete' ), 'bugnote_allow_user_delete' );
+    get_capability_boolean( lang_get( 'allow_user_make_priv' ), 'bugnote_allow_user_make_priv' );
 	get_capability_row( lang_get( 'delete_note' ), 'delete_bugnote_threshold' );
 	get_capability_row( lang_get( 'view_private_notes' ), 'private_bugnote_threshold' );
 	get_section_end();
diff --git a/manage_config_work_threshold_set.php b/manage_config_work_threshold_set.php
index bf6e87b..1dc4bd5 100644
--- a/manage_config_work_threshold_set.php
+++ b/manage_config_work_threshold_set.php
@@ -144,7 +144,9 @@
 	# Notes
 	set_capability_row( 'add_bugnote_threshold' );
 	set_capability_row( 'update_bugnote_threshold' );
-    set_capability_boolean( 'bugnote_allow_user_edit_delete' );
+    set_capability_boolean( 'bugnote_allow_user_edit' );
+    set_capability_boolean( 'bugnote_allow_user_delete' );
+    set_capability_boolean( 'bugnote_allow_user_make_priv' );
 	set_capability_row( 'delete_bugnote_threshold' );
 	set_capability_row( 'private_bugnote_threshold' );
 
-- 
1.6.0.4

issue_10884.patch (7,399 bytes)
dhx

dhx

2009-09-19 13:27

reporter   ~0022979

Ah, I was just looking for something like this. Thanks!

I see you've implemented these checks as boolean on/off switches whereas they really should be thresholds. This would allow for much greater flexibility with respect to anonymous accounts where we need to have the ability to disallow anonymous users from editing bugnotes (but registered users can). If you want to disable something, just set the access level to NOBODY and that effectively turns the feature off. If you want to give everyone access to a feature (highly unlikely...) then there is ANYBODY for that purpose.

cmfitch1

cmfitch1

2009-09-25 20:51

reporter  

issue_10884_a.patch (7,176 bytes)
From 5c786caa0dba0cefabec870557e092a74f86d463 Mon Sep 17 00:00:00 2001
From: Chris Fitch <cfitch@redcom.com>
Date: Fri, 25 Sep 2009 20:39:38 -0400
Subject: [PATCH] Convert boolean 'edit', 'delete', and 'make private' checks on bugnotes to thresholds


diff --git a/bugnote_delete.php b/bugnote_delete.php
index 03ddd08..6562952 100644
--- a/bugnote_delete.php
+++ b/bugnote_delete.php
@@ -48,7 +48,7 @@
 	$t_user_id = auth_get_current_user_id();
 	$t_reporter_id = bugnote_get_field( $f_bugnote_id, 'reporter_id' );
 
-	if ( ( $t_user_id != $t_reporter_id ) || ( OFF == config_get( 'bugnote_allow_user_delete' ) ) ) {
+	if ( ( $t_user_id != $t_reporter_id ) || !( access_has_bugnote_level( config_get( 'bugnote_user_delete_threshold' ), $f_bugnote_id ) ) ) {
 		access_ensure_bugnote_level( config_get( 'delete_bugnote_threshold' ), $f_bugnote_id );
 	}
 
diff --git a/bugnote_edit_page.php b/bugnote_edit_page.php
index d6a766e..9916ea2 100644
--- a/bugnote_edit_page.php
+++ b/bugnote_edit_page.php
@@ -57,7 +57,7 @@
 	$t_reporter_id = bugnote_get_field( $f_bugnote_id, 'reporter_id' );
 
 	if ( ( $t_user_id != $t_reporter_id ) ||
-	 	( OFF == config_get( 'bugnote_allow_user_edit' ) ) ) {
+	 	!( access_has_bugnote_level( config_get( 'bugnote_user_edit_threshold' ), $f_bugnote_id ) ) ) {
 		access_ensure_bugnote_level( config_get( 'update_bugnote_threshold' ), $f_bugnote_id );
 	}
 
diff --git a/bugnote_update.php b/bugnote_update.php
index cdbfd26..ed4d361 100644
--- a/bugnote_update.php
+++ b/bugnote_update.php
@@ -41,7 +41,7 @@
 	$t_user_id = auth_get_current_user_id();
 	$t_reporter_id = bugnote_get_field( $f_bugnote_id, 'reporter_id' );
 
-	if ( ( $t_user_id != $t_reporter_id ) || ( OFF == config_get( 'bugnote_allow_user_edit' ) )) {
+	if ( ( $t_user_id != $t_reporter_id ) || !( access_has_bugnote_level( config_get( 'bugnote_user_edit_threshold' ), $f_bugnote_id ) )) {
 		access_ensure_bugnote_level( config_get( 'update_bugnote_threshold' ), $f_bugnote_id );
 	}
 
diff --git a/bugnote_view_inc.php b/bugnote_view_inc.php
index 4ca231c..6d4775b 100644
--- a/bugnote_view_inc.php
+++ b/bugnote_view_inc.php
@@ -142,13 +142,13 @@ $num_notes = count( $t_bugnotes );
 
 				# bugnote creator might be able to edit/delete this bugnote
 				if ( $t_bugnote->reporter_id == $t_user_id ) {
-					if ( ON == config_get( 'bugnote_allow_user_edit' ) ) {
+					if ( access_has_bugnote_level( config_get( 'bugnote_user_edit_threshold' ), $t_bugnote->id ) ) {
 						$t_can_edit_note = true;
 					}
-					if ( ON == config_get( 'bugnote_allow_user_delete' ) ) {
+					if ( access_has_bugnote_level( config_get( 'bugnote_user_delete_threshold' ), $t_bugnote->id ) ) {
 						$t_can_delete_note = true;
 					}
-					if ( ON == config_get( 'bugnote_allow_user_make_priv' ) ) {
+					if ( access_has_bugnote_level( config_get( 'bugnote_user_make_priv_threshold' ), $t_bugnote->id ) ) {
 						$t_can_make_note_priv = true;
 					}
 				}
diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index 5924b68..a97c221 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -2439,22 +2439,22 @@
 	$g_delete_bugnote_threshold = '%delete_bug_threshold%';
 
 	/**
-	 * Are users allowed to change their own bugnotes?
-	 * @global int $g_bugnote_allow_user_edit
+	 * Threshold at which a user can edit his/her own bugnotes
+	 * @global int $g_bugnote_user_edit_threshold
 	 */
-	$g_bugnote_allow_user_edit = ON;
+	$g_bugnote_user_edit_threshold = REPORTER;
 
 	/**
-	 * Are users allowed to delete their own bugnotes?
-	 * @global int $g_bugnote_allow_user_delete
+	 * Threshold at which a user can delete his/her own bugnotes
+	 * @global int $g_bugnote_user_delete_threshold
 	 */
-	$g_bugnote_allow_user_delete = ON;
+	$g_bugnote_user_delete_threshold = REPORTER;
 
 	/**
-	 * Are users allowed to change the view status of their own bugnotes?
-	 * @global int $g_bugnote_allow_user_make_priv
+	 * Threshold at which a user can make his/her own bugnotes private
+	 * @global int $g_bugnote_user_make_priv_threshold
 	 */
-	$g_bugnote_allow_user_make_priv = ON;
+	$g_bugnote_user_make_priv_threshold = REPORTER;
 
 	/**
 	 * Move bug threshold
diff --git a/lang/strings_english.txt b/lang/strings_english.txt
index 727502d..69412d7 100644
--- a/lang/strings_english.txt
+++ b/lang/strings_english.txt
@@ -846,9 +846,9 @@ $s_allow_close_immediate = 'Allow issue to be closed on Resolve';
 $s_allow_reporter_close = 'Allow Reporter to close Issue';
 $s_allow_reporter_reopen = 'Allow Reporter to re-open Issue';
 $s_set_status_assigned = 'Set status on assignment of Handler';
-$s_allow_user_edit = 'Allow user to edit their own issue notes';
-$s_allow_user_delete = 'Allow user to delete their own issue notes';
-$s_allow_user_make_priv = 'Allow user to make their own issue notes private';
+$s_edit_user_notes = 'User can edit his/her own notes';
+$s_delete_user_notes = 'User can delete his/her own notes';
+$s_make_user_notes_priv = 'User can make his/her own notes private';
 $s_limit_access = 'Limit reporter\'s access to their own issues';
 $s_submit_status = 'Status to which a new issue is set';
 $s_assigned_status = 'Status to set auto-assigned issues to';
diff --git a/manage_config_work_threshold_page.php b/manage_config_work_threshold_page.php
index 3d95fa8..998e756 100644
--- a/manage_config_work_threshold_page.php
+++ b/manage_config_work_threshold_page.php
@@ -301,10 +301,10 @@
 	get_section_begin_mcwt( lang_get( 'notes' ) );
 	get_capability_row( lang_get( 'add_notes' ), 'add_bugnote_threshold' );
 	get_capability_row( lang_get( 'update_notes' ), 'update_bugnote_threshold' );
-    get_capability_boolean( lang_get( 'allow_user_edit' ), 'bugnote_allow_user_edit' );
-    get_capability_boolean( lang_get( 'allow_user_delete' ), 'bugnote_allow_user_delete' );
-    get_capability_boolean( lang_get( 'allow_user_make_priv' ), 'bugnote_allow_user_make_priv' );
 	get_capability_row( lang_get( 'delete_note' ), 'delete_bugnote_threshold' );
+	get_capability_row( lang_get( 'edit_user_notes' ), 'bugnote_user_edit_threshold' );
+	get_capability_row( lang_get( 'delete_user_notes' ), 'bugnote_user_delete_threshold' );
+	get_capability_row( lang_get( 'make_user_notes_priv' ), 'bugnote_user_make_priv_threshold' );
 	get_capability_row( lang_get( 'view_private_notes' ), 'private_bugnote_threshold' );
 	get_section_end();
 
diff --git a/manage_config_work_threshold_set.php b/manage_config_work_threshold_set.php
index ef2f4e5..ffa9209 100644
--- a/manage_config_work_threshold_set.php
+++ b/manage_config_work_threshold_set.php
@@ -144,9 +144,9 @@
 	# Notes
 	set_capability_row( 'add_bugnote_threshold' );
 	set_capability_row( 'update_bugnote_threshold' );
-    set_capability_boolean( 'bugnote_allow_user_edit' );
-    set_capability_boolean( 'bugnote_allow_user_delete' );
-    set_capability_boolean( 'bugnote_allow_user_make_priv' );
+	set_capability_row( 'bugnote_user_edit_threshold' );
+	set_capability_row( 'bugnote_user_delete_threshold' );
+	set_capability_row( 'bugnote_user_make_priv_threshold' );
 	set_capability_row( 'delete_bugnote_threshold' );
 	set_capability_row( 'private_bugnote_threshold' );
 
-- 
1.6.0.4

issue_10884_a.patch (7,176 bytes)
cmfitch1

cmfitch1

2009-09-25 20:54

reporter   ~0023033

I have uploaded a second patch to convert my original work into thresholds. Apply the first patch followed by the second to get everything.

dhx

dhx

2009-10-27 08:17

reporter   ~0023407

Thanks. I'll get onto this soon. I haven't forgotten :)

Zamolxis

Zamolxis

2009-12-23 21:09

reporter   ~0023979

Hi. I am interested in this feature as well. Thanks cmfitch1 & dhx. ;)

dhx

dhx

2010-01-17 07:24

reporter   ~0024179

I've rewritten this patch with some changes and improvements, and committed it to the 1.3.x branch. Please try it out and let me know if there are any problems (or things that you weren't expecting).

Thanks for your initial patches :)

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036517

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master da6c133f

2010-01-17 08:43:08

dhx

Details Diff
Issue 0010884: Improve granularity of bugnote permissions

Currently it's only possible to use a single
$g_bugnote_allow_user_edit_delete setting to turn ON or OFF the ability
for users to be able to edit/delete their own bugnotes.

This patch provides improvement to the granularity of bugnote
permissions to make the following possible:
1) Separate edit and delete permissions
2) Thresholds instead of boolean switches
3) Ability for users to change the view state of their own bugnotes

On the topic of view states, the $g_set_view_status_threshold setting
controls whether a user can make a bug or bug note private at the time
of reporting/posting. The existing $g_change_view_status_threshold
setting allows users to change the view state of any bug or bug note
after they've been reported/posted. This patch introduces
$g_bugnote_user_change_view_state_threshold which allows administrators
to give users the the ability to make their own bugnotes public or
private as they choose, at any time.

$g_bugnote_user_edit_threshold is a new setting that can be changed to
allow users the ability to edit their own bugnotes.
$g_bugnote_user_delete_threshold is a new setting that can be changed to
allow users the ability to delete their own bugnotes. You may be
wondering why there is a difference when a user could simply edit and
blank their bugnote. The answer lies with bugnote revisions and the
ability for users to see a revision history of each bug that has been
edited.

Many thanks to Chris Fitch for the original idea and an initial patch
from August 2009. This patch is a rewrite of his earlier work with a
number of additional changes and improvements.
mod - config_defaults_inc.php Diff File
mod - lang/strings_english.txt Diff File
mod - bugnote_add.php Diff File
mod - manage_config_work_threshold_set.php Diff File
mod - bugnote_delete.php Diff File
mod - bugnote_update.php Diff File
mod - docbook/adminguide/en/page_descriptions.sgml Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - core/bugnote_api.php Diff File
mod - bugnote_edit_page.php Diff File
mod - manage_config_work_threshold_page.php Diff File
mod - core/obsolete.php Diff File
mod - bugnote_set_view_state.php Diff File
mod - bugnote_view_inc.php Diff File
mod - bugnote_add_inc.php Diff File

Issue History

Date Modified Username Field Change
2009-08-27 10:27 cmfitch1 New Issue
2009-08-27 10:46 cmfitch1 File Added: issue_10884.patch
2009-09-19 13:27 dhx Note Added: 0022979
2009-09-19 13:28 dhx Tag Attached: patch
2009-09-19 13:28 dhx Relationship added child of 0010964
2009-09-19 13:29 dhx Status new => acknowledged
2009-09-25 20:51 cmfitch1 File Added: issue_10884_a.patch
2009-09-25 20:54 cmfitch1 Note Added: 0023033
2009-10-27 08:17 dhx Note Added: 0023407
2009-10-27 08:17 dhx Assigned To => dhx
2009-10-27 08:17 dhx Status acknowledged => assigned
2009-10-27 08:17 dhx Target Version => 1.3.0-beta.1
2009-12-23 21:09 Zamolxis Note Added: 0023979
2010-01-17 07:24 dhx Note Added: 0024179
2010-01-17 07:24 dhx Status assigned => resolved
2010-01-17 07:24 dhx Fixed in Version => 1.3.0-beta.1
2010-01-17 07:24 dhx Resolution open => fixed
2010-01-17 07:30 dhx Changeset attached master da6c133f =>
2010-04-23 23:23 dhx Status resolved => closed
2013-04-05 17:57 grangeway Status closed => acknowledged
2013-04-05 17:57 grangeway Note Added: 0036517
2013-04-05 18:04 grangeway Relationship added related to 0015721
2013-04-06 03:44 dregad Status acknowledged => resolved
2013-04-06 07:20 grangeway Status resolved => acknowledged
2013-04-06 09:26 dregad Tag Attached: 2.0.x check
2013-04-06 09:26 dregad Status acknowledged => resolved
2014-09-23 18:05 grangeway Tag Detached: 2.0.x check
2014-12-08 00:34 vboctor Status resolved => closed