View Issue Details

IDProjectCategoryView StatusLast Update
0019271mantisbtauthorizationpublic2016-01-05 08:39
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityblockReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0-beta.1 
Target Version1.3.0-beta.2Fixed in Version1.3.0-beta.2 
Summary0019271: Reporter can't re-open or close issues even if they have access
Description

The re-open functionality leverages bug_update.php but gets access denied for reporters because it trips over the following check:

reporter doesn't have update access.

access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );

When re-opening an issue, it is going from readonly to read-write.

Hence, this check will fail.

if( bug_is_readonly( $f_bug_id ) ) {
error_parameters( $f_bug_id );
trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
}

The update_bug_status_threshold here is redundant and trips reporters.

if( $t_existing_bug->status !== $t_updated_bug->status ) {
access_ensure_bug_level( config_get( 'update_bug_status_threshold' ), $f_bug_id );

This check will not allow re-opening closed issued. It should check for >= $t_resolved_status

and <= $t_closed_status

$t_reopen_issue &&
$t_existing_bug->status < $t_closed_status &&

$t_existing_bug->view_state is of type string, needs to be casted to (int).

if( $t_existing_bug->view_state !== $t_updated_bug->view_state ) {

Tagsmantishub

Relationships

related to 0019265 closedvboctor Assign-To fails when there is a custom field that is required on update 
related to 0019648 closedvboctor Access denied when reporter re-opens an issue 
related to 0019649 closedvboctor change_type is set to "close" when re-opening issues 
related to 0020478 closeddregad bug_update.php: do not use strict type checking unless necessary 

Activities

vboctor

vboctor

2015-01-27 18:56

manager   ~0048712

The fix described in 0019265 should provide a model for tackling this issue as well.

vboctor

vboctor

2015-03-07 23:20

manager   ~0049148

Pull Request:
https://github.com/mantisbt/mantisbt/pull/584

Related Changesets

MantisBT: master 5890e6b2

2015-03-07 23:12:07

vboctor

Details Diff
Fix bug where reporter can't close issues

Issue 0019271
mod - bug_change_status_page.php Diff File
mod - bug_update.php Diff File
mod - core/constant_inc.php Diff File

MantisBT: master 7e188bc6

2015-03-07 23:17:29

vboctor

Details Diff
Fix bug where reporter can't re-open issues

Issue 0019271
mod - bug_update.php Diff File

Issue History

Date Modified Username Field Change
2015-01-27 00:17 vboctor New Issue
2015-01-27 00:18 vboctor Tag Attached: mantishub
2015-01-27 00:18 vboctor Status new => confirmed
2015-01-27 18:55 vboctor Relationship added related to 0019265
2015-01-27 18:56 vboctor Note Added: 0048712
2015-03-02 08:04 vitsaadmin Issue cloned: 0019436
2015-03-07 22:26 vboctor Severity minor => block
2015-03-07 23:20 vboctor Note Added: 0049148
2015-03-07 23:20 vboctor Assigned To => vboctor
2015-03-07 23:20 vboctor Status confirmed => assigned
2015-03-10 10:38 vboctor Changeset attached => MantisBT master 5890e6b2
2015-03-10 10:38 vboctor Changeset attached => MantisBT master 7e188bc6
2015-03-10 10:53 vboctor Status assigned => resolved
2015-03-10 10:53 vboctor Resolution open => fixed
2015-03-10 10:53 vboctor Fixed in Version => 1.3.0-beta.2
2015-03-15 19:58 dregad Status resolved => closed
2015-04-23 09:57 vboctor Relationship added related to 0019648
2015-04-23 09:59 vboctor Relationship added related to 0019649
2016-01-05 08:39 atrol Relationship added related to 0020478