View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0012443mantisbtbugtrackerpublic2010-10-13 10:362014-09-23 18:05
Reportercproensa Assigned Todhx  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.3 
Target Version1.2.6Fixed in Version1.2.6 
Summary0012443: allows to move a bug into a project with viewer access level
Description

The user with enough rights to move a bug into another project, is allowed to move it into a project in which he has only 'viewer' rights.

Steps To Reproduce

User has full rights in project A (enough to report and move bugs)
User has 'viewer' right in project B
User creates a bug in project A and is allowed to move it into project B

Tagspatch
Attached Files
fix_12443_master-1.2.x.patch (1,241 bytes)    
From b32d4ed2dbc74038b0dcdbebaa4c51a05dc2b263 Mon Sep 17 00:00:00 2001
From: Carlos Proensa <proensa@gmail.com>
Date: Tue, 9 Nov 2010 11:55:52 +0100
Subject: [PATCH] fix 0012443: allows to move a bug into a project with viewer access level
 adds a check for reporter_access_level for destination project

---
 bug_actiongroup.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
index 7d72793..1f87db6 100644
--- a/bug_actiongroup.php
+++ b/bug_actiongroup.php
@@ -98,9 +98,10 @@
 			break;
 
 		case 'MOVE':
-			if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) {
+			$f_project_id = gpc_get_int( 'project_id' );
+			if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id )
+					&& access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) {
 				/** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
-				$f_project_id = gpc_get_int( 'project_id' );
 				bug_set_field( $t_bug_id, 'project_id', $f_project_id );
 				helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
 			} else {
-- 
1.7.1
fix_12443_master-1.2.x.patch (1,241 bytes)   

Relationships

related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
has duplicate 0013059 closed User rights inconsistency 

Activities

cproensa

cproensa

2010-11-09 06:05

developer   ~0027316

i've attached a patch for 1.2.x,
in bug_actiongroup.php it adds a check against report_bug_threshold for destination project.
i hope its ok, im still struggling with git basics
dhx

dhx

2010-12-14 05:53

reporter   ~0027593

Confirmed, thank you for the patch Carlos. I can confirm that your patch is 100% ready-to-commit. Good work on your first patch!

Thanks for your contribution. I'll try to have this committed shortly to both 1.2.x and 1.3.x branches.
dhx

dhx

2011-07-12 07:08

reporter   ~0029148

Apologies for the very long delay in committing this patch. It got lost in the pile :(

I've finally committed your patch to both master and master-1.2.x branches.

Thanks again for taking the time to submit a patch for MantisBT.
grangeway

grangeway

2013-04-05 17:57

reporter   ~0036400

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master a9032400

2010-11-08 21:55

cproensa


Details Diff		 Fix 0012443: Moving bugs - check for reporter permissions in destination project

The user with enough rights to move a bug into another project, is
allowed to move it into a project in which he has only 'viewer' rights.

Steps to reproduce this bug:
1. User has full rights in project A (enough to report and move bugs)
2. User has 'viewer' right in project B
3. User creates a bug in project A and is allowed to move it into project B

Signed-off-by: David Hicks <d@hx.id.au>		 Affected Issues
0012443
mod - bug_actiongroup.php Diff File

MantisBT: master 63db6ac8

2010-11-09 05:55

cproensa

Committer: dhx


Details Diff		 Fix 0012443: Moving bugs - check for reporter permissions in destination project

The user with enough rights to move a bug into another project, is
allowed to move it into a project in which he has only 'viewer' rights.

Steps to reproduce this bug:
1. User has full rights in project A (enough to report and move bugs)
2. User has 'viewer' right in project B
3. User creates a bug in project A and is allowed to move it into project B

Signed-off-by: David Hicks <d@hx.id.au>		 Affected Issues
0012443
mod - bug_actiongroup.php Diff File

MantisBT: master-1.2.x 822e50d6

2010-11-09 05:55

cproensa

Committer: dhx


Details Diff		 Fix 0012443: Moving bugs - check for reporter permissions in destination project

The user with enough rights to move a bug into another project, is
allowed to move it into a project in which he has only 'viewer' rights.

Steps to reproduce this bug:
1. User has full rights in project A (enough to report and move bugs)
2. User has 'viewer' right in project B
3. User creates a bug in project A and is allowed to move it into project B

Signed-off-by: David Hicks <d@hx.id.au>		 Affected Issues
0012443
mod - bug_actiongroup.php Diff File

MantisBT: master 1b5e97dd

2011-09-09 22:47

dhx


Details Diff		 Revert "Fix 0012443: Moving bugs - check for reporter permissions in destination project"

This reverts commit 63db6ac834136b76ee3f1a8eaa0e126161350233.

This commit has been incorrectly forward-ported from the master-1.2.x
branch and has overwritten changes to this file made in the master
branch.

Removed, to be reapplied correctly.		 Affected Issues
0012443
mod - bug_actiongroup.php Diff File