View Issue Details

IDProjectCategoryView StatusLast Update
0011481mantisbtfeaturepublic2020-10-17 12:54
ReporterFabien Poirier Assigned Todhx  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platformany platformOSLinux & Windows 
Product Version1.2.0rc2 
Target Version1.2.0Fixed in Version1.2.0 
Summary0011481: Confusing combo on View Issue page
Description

At the bottom of the list issue there is a combo box (near Select All item) with all possible actions on the selected bugs in the list above.

The user can choose any action whereas it should be better to see only possible action for the current user.

Steps To Reproduce

Any existing action can be chosen in this combo whatever the current right level of the logged user. If the user selects a forbidden action in the list and try to do it, he is warned severall screens later that he isn't granted to do this particular action.

It would be clearer if the user can see in this combo only the action possible for his level.

TagsNo tags attached.

Relationships

related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
related to 0010637 closedatrol Option Attach Tags in View Issues page 

Activities

dhx

dhx

2010-02-09 23:40

reporter   ~0024357

This is a somewhat complex task because the user is able to view issues from multiple projects at once in the list (sub-projects, etc) and the permissions within each project may vary. Therefore we'd have to go through each bug displayed, find the project IDs of each and check each unique project ID to see if the user has permission within any project to use each actiongroup item.

dhx

dhx

2010-02-10 02:54

reporter   ~0024359

And it's fixed! (in 1.3.x)

Give it a try and let me know if it works for you. I've only done rudimentary testing so far.

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036410

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master-1.2.x 6ede60d3

2010-02-09 18:48

dhx


Details Diff
Fix 0011481: Don't show bug group actions that can't be used

Currently the bug action group dropdown list on view_all_bug_page.php
shows (almost) every available option, even if the current user isn't
authorised to use those options.

This patch implements checking to see which options are available to the
user for the issues which are currently shown on view_all_bug_page.php.
Options are only displayed in the dropdown list if the user is able to
use the option on at least one of the bugs displayed.

Additionally, the logic behind when selection checkboxes are shown
alongside a bug has been improved. Checkboxes won't display next to bugs
that the user cannot perform group actions on.

Backported from master branch because it's needed to resolve an LFI/XSS
issue in bug_actiongroup_ext.php.
Affected Issues
0011481
mod - core/bug_group_action_api.php Diff File
mod - core/columns_api.php Diff File
mod - core/print_api.php Diff File
mod - my_view_inc.php Diff File
mod - view_all_bug_page.php Diff File
mod - view_all_inc.php Diff File

MantisBT: master 6dc35105

2010-02-10 02:48

dhx


Details Diff
Fix 0011481: Don't show bug group actions that can't be used

Currently the bug action group dropdown list on view_all_bug_page.php
shows (almost) every available option, even if the current user isn't
authorised to use those options.

This patch implements checking to see which options are available to the
user for the issues which are currently shown on view_all_bug_page.php.
Options are only displayed in the dropdown list if the user is able to
use the option on at least one of the bugs displayed.

Additionally, the logic behind when selection checkboxes are shown
alongside a bug has been improved. Checkboxes won't display next to bugs
that the user cannot perform group actions on.
Affected Issues
0011481
mod - view_all_bug_page.php Diff File
mod - view_all_inc.php Diff File
mod - core/columns_api.php Diff File
mod - my_view_inc.php Diff File
mod - core/print_api.php Diff File
mod - core/bug_group_action_api.php Diff File

MantisBT: master 0cc7dde8

2010-02-25 10:13

dhx


Details Diff
Fix 0011481: Incorrect arguments for access_has_any_project

Commit 6dc35105064e5a2533fb4e1de54426ea17d2ef36 introduced improved
checking within print_column_selection to determine which actions should
be presented to users as part of the actiongroup support in MantisBT.

However the second argument to access_has_any_project should not be
defined in the way it was, as it is refers to the user ID not the
project ID. We don't need to specify this argument anyway, so it is
removed in this patch.
Affected Issues
0011481
mod - core/columns_api.php Diff File