View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012443 | mantisbt | bugtracker | public | 2010-10-13 10:36 | 2014-09-23 18:05 |
Reporter | cproensa | Assigned To | dhx | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.3 | ||||
Target Version | 1.2.6 | Fixed in Version | 1.2.6 | ||
Summary | 0012443: allows to move a bug into a project with viewer access level | ||||
Description | The user with enough rights to move a bug into another project, is allowed to move it into a project in which he has only 'viewer' rights. | ||||
Steps To Reproduce | User has full rights in project A (enough to report and move bugs) | ||||
Tags | patch | ||||
Attached Files | fix_12443_master-1.2.x.patch (1,241 bytes)
From b32d4ed2dbc74038b0dcdbebaa4c51a05dc2b263 Mon Sep 17 00:00:00 2001 From: Carlos Proensa <proensa@gmail.com> Date: Tue, 9 Nov 2010 11:55:52 +0100 Subject: [PATCH] fix 0012443: allows to move a bug into a project with viewer access level adds a check for reporter_access_level for destination project --- bug_actiongroup.php | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bug_actiongroup.php b/bug_actiongroup.php index 7d72793..1f87db6 100644 --- a/bug_actiongroup.php +++ b/bug_actiongroup.php @@ -98,9 +98,10 @@ break; case 'MOVE': - if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) { + $f_project_id = gpc_get_int( 'project_id' ); + if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) + && access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) { /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */ - $f_project_id = gpc_get_int( 'project_id' ); bug_set_field( $t_bug_id, 'project_id', $f_project_id ); helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) ); } else { -- 1.7.1 | ||||
i've attached a patch for 1.2.x, |
|
Confirmed, thank you for the patch Carlos. I can confirm that your patch is 100% ready-to-commit. Good work on your first patch! Thanks for your contribution. I'll try to have this committed shortly to both 1.2.x and 1.3.x branches. |
|
Apologies for the very long delay in committing this patch. It got lost in the pile :( I've finally committed your patch to both master and master-1.2.x branches. Thanks again for taking the time to submit a patch for MantisBT. |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master a9032400 2010-11-08 21:55 Details Diff |
Fix 0012443: Moving bugs - check for reporter permissions in destination project The user with enough rights to move a bug into another project, is allowed to move it into a project in which he has only 'viewer' rights. Steps to reproduce this bug: 1. User has full rights in project A (enough to report and move bugs) 2. User has 'viewer' right in project B 3. User creates a bug in project A and is allowed to move it into project B Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0012443 |
|
mod - bug_actiongroup.php | Diff File | ||
MantisBT: master 63db6ac8 2010-11-09 05:55 Committer: dhx Details Diff |
Fix 0012443: Moving bugs - check for reporter permissions in destination project The user with enough rights to move a bug into another project, is allowed to move it into a project in which he has only 'viewer' rights. Steps to reproduce this bug: 1. User has full rights in project A (enough to report and move bugs) 2. User has 'viewer' right in project B 3. User creates a bug in project A and is allowed to move it into project B Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0012443 |
|
mod - bug_actiongroup.php | Diff File | ||
MantisBT: master-1.2.x 822e50d6 2010-11-09 05:55 Committer: dhx Details Diff |
Fix 0012443: Moving bugs - check for reporter permissions in destination project The user with enough rights to move a bug into another project, is allowed to move it into a project in which he has only 'viewer' rights. Steps to reproduce this bug: 1. User has full rights in project A (enough to report and move bugs) 2. User has 'viewer' right in project B 3. User creates a bug in project A and is allowed to move it into project B Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0012443 |
|
mod - bug_actiongroup.php | Diff File | ||
MantisBT: master 1b5e97dd 2011-09-09 22:47 Details Diff |
Revert "Fix 0012443: Moving bugs - check for reporter permissions in destination project" This reverts commit 63db6ac834136b76ee3f1a8eaa0e126161350233. This commit has been incorrectly forward-ported from the master-1.2.x branch and has overwritten changes to this file made in the master branch. Removed, to be reapplied correctly. |
Affected Issues 0012443 |
|
mod - bug_actiongroup.php | Diff File |