0012103: g_reopen_bug_threshold - config parameter defined but reopen doesn't check it - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0012103	mantisbt	preferences	public	2010-06-21 06:42	2011-08-05 02:12

Reporter	watergad	Assigned To	dhx
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	duplicate
Product Version	1.2.1

Summary	0012103: g_reopen_bug_threshold - config parameter defined but reopen doesn't check it
Description	config_default_inc.php: /** access level needed to re-open bugs @global int $g_reopen_bug_threshold */ $g_reopen_bug_threshold = DEVELOPER; // (I set it to the REPORTER, so that's why this question appears) So this option allows bug reopening for the specified access level (all bugs, independently of $g_allow_reporter_reopen). But when we try to reopen smb. else's bug we see 'reopen' button, press it, and get 'Access denied' reply. It happens because of bug_update.php, line 73: It checks 'update_bug_threshold' or then $g_allow_reporter_reopen-related access but not $g_reopen_bug_threshold. if ( !( ( access_has_bug_level( access_get_status_threshold( $f_new_status, bug_get_field( $f_bug_id, 'project_id' ) ), $f_bug_id ) ) \|\| ( access_has_bug_level( config_get( 'update_bug_threshold' ) , $f_bug_id ) ) \|\| ( ( bug_get_field( $f_bug_id, 'reporter_id' ) == auth_get_current_user_id() ) && ( ( ON == config_get( 'allow_reporter_reopen' ) ) \|\| ( ON == config_get( 'allow_reporter_close' ) ) ) ) ) ) { //echo ("Access denied!"); die(); access_denied(); } I suppose there must be an additional check for the $g_reopen_bug_threshold: if ( !( ( access_has_bug_level( access_get_status_threshold( $f_new_status, bug_get_field( $f_bug_id, 'project_id' ) ), $f_bug_id ) ) \|\| // Watergad: reopen threshold check ( access_has_bug_level( config_get( 'reopen_bug_threshold' ) , $f_bug_id ) ) \|\| ( access_has_bug_level( config_get( 'update_bug_threshold' ) , $f_bug_id ) ) \|\| ( ( bug_get_field( $f_bug_id, 'reporter_id' ) == auth_get_current_user_id() ) && ( ( ON == config_get( 'allow_reporter_reopen' ) ) \|\| ( ON == config_get( 'allow_reporter_close' ) ) ) ) ) ) { //echo ("Access denied!"); die(); access_denied(); } Add this to the future releases please if it's really bug and not my misunderstanding of the $g_reopen_bug_threshold principles.
Tags	No tags attached.

watergad 2010-06-21 06:44 reporter ~0025939 Last edited: 2010-06-21 06:50	Sorry, debug comment pasted in the code (: And I had to arrange code with PRE tag... P.S. line number is for the outdated -dev build, so searching for the string would be better

dhx 2010-06-21 08:34 reporter ~0025942	Thanks for the detailed report. I have already fixed this as part of 0009828 and 0012097 and I'll commit and backport it soon. I'm just doing some final testing to make sure the refactored bug_update.php works :)