View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011481 | mantisbt | feature | public | 2010-02-09 06:33 | 2020-10-17 12:54 |
Reporter | Fabien Poirier | Assigned To | dhx | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | any platform | OS | Linux & Windows | ||
Product Version | 1.2.0rc2 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011481: Confusing combo on View Issue page | ||||
Description | At the bottom of the list issue there is a combo box (near Select All item) with all possible actions on the selected bugs in the list above. The user can choose any action whereas it should be better to see only possible action for the current user. | ||||
Steps To Reproduce | Any existing action can be chosen in this combo whatever the current right level of the logged user. If the user selects a forbidden action in the list and try to do it, he is warned severall screens later that he isn't granted to do this particular action. It would be clearer if the user can see in this combo only the action possible for his level. | ||||
Tags | No tags attached. | ||||
This is a somewhat complex task because the user is able to view issues from multiple projects at once in the list (sub-projects, etc) and the permissions within each project may vary. Therefore we'd have to go through each bug displayed, find the project IDs of each and check each unique project ID to see if the user has permission within any project to use each actiongroup item. |
|
And it's fixed! (in 1.3.x) Give it a try and let me know if it works for you. I've only done rudimentary testing so far. |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master-1.2.x 6ede60d3 2010-02-09 18:48 Details Diff |
Fix 0011481: Don't show bug group actions that can't be used Currently the bug action group dropdown list on view_all_bug_page.php shows (almost) every available option, even if the current user isn't authorised to use those options. This patch implements checking to see which options are available to the user for the issues which are currently shown on view_all_bug_page.php. Options are only displayed in the dropdown list if the user is able to use the option on at least one of the bugs displayed. Additionally, the logic behind when selection checkboxes are shown alongside a bug has been improved. Checkboxes won't display next to bugs that the user cannot perform group actions on. Backported from master branch because it's needed to resolve an LFI/XSS issue in bug_actiongroup_ext.php. |
Affected Issues 0011481 |
|
mod - core/bug_group_action_api.php | Diff File | ||
mod - core/columns_api.php | Diff File | ||
mod - core/print_api.php | Diff File | ||
mod - my_view_inc.php | Diff File | ||
mod - view_all_bug_page.php | Diff File | ||
mod - view_all_inc.php | Diff File | ||
MantisBT: master 6dc35105 2010-02-10 02:48 Details Diff |
Fix 0011481: Don't show bug group actions that can't be used Currently the bug action group dropdown list on view_all_bug_page.php shows (almost) every available option, even if the current user isn't authorised to use those options. This patch implements checking to see which options are available to the user for the issues which are currently shown on view_all_bug_page.php. Options are only displayed in the dropdown list if the user is able to use the option on at least one of the bugs displayed. Additionally, the logic behind when selection checkboxes are shown alongside a bug has been improved. Checkboxes won't display next to bugs that the user cannot perform group actions on. |
Affected Issues 0011481 |
|
mod - view_all_bug_page.php | Diff File | ||
mod - view_all_inc.php | Diff File | ||
mod - core/columns_api.php | Diff File | ||
mod - my_view_inc.php | Diff File | ||
mod - core/print_api.php | Diff File | ||
mod - core/bug_group_action_api.php | Diff File | ||
MantisBT: master 0cc7dde8 2010-02-25 10:13 Details Diff |
Fix 0011481: Incorrect arguments for access_has_any_project Commit 6dc35105064e5a2533fb4e1de54426ea17d2ef36 introduced improved checking within print_column_selection to determine which actions should be presented to users as part of the actiongroup support in MantisBT. However the second argument to access_has_any_project should not be defined in the way it was, as it is refers to the user ID not the project ID. We don't need to specify this argument anyway, so it is removed in this patch. |
Affected Issues 0011481 |
|
mod - core/columns_api.php | Diff File |