0019271: Reporter can't re-open or close issues even if they have access - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0019271	mantisbt	authorization	public	2015-01-27 00:17	2016-01-05 08:39

Reporter	vboctor	Assigned To	vboctor
Priority	normal	Severity	block	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	1.3.0-beta.1
Target Version	1.3.0-beta.2	Fixed in Version	1.3.0-beta.2

Summary	0019271: Reporter can't re-open or close issues even if they have access
Description	The re-open functionality leverages bug_update.php but gets access denied for reporters because it trips over the following check: reporter doesn't have update access. access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id ); When re-opening an issue, it is going from readonly to read-write. Hence, this check will fail. if( bug_is_readonly( $f_bug_id ) ) { error_parameters( $f_bug_id ); trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR ); } The update_bug_status_threshold here is redundant and trips reporters. if( $t_existing_bug->status !== $t_updated_bug->status ) { access_ensure_bug_level( config_get( 'update_bug_status_threshold' ), $f_bug_id ); This check will not allow re-opening closed issued. It should check for >= $t_resolved_status and <= $t_closed_status $t_reopen_issue && $t_existing_bug->status < $t_closed_status && $t_existing_bug->view_state is of type string, needs to be casted to (int). if( $t_existing_bug->view_state !== $t_updated_bug->view_state ) {
Tags	mantishub

MantisBT: master 5890e6b2 2015-03-07 18:12 vboctor Details Diff	Fix bug where reporter can't close issues Issue 0019271		Affected Issues 0019271
	mod - bug_change_status_page.php		Diff File
	mod - bug_update.php		Diff File
	mod - core/constant_inc.php		Diff File
MantisBT: master 7e188bc6 2015-03-07 18:17 vboctor Details Diff	Fix bug where reporter can't re-open issues Issue 0019271		Affected Issues 0019271
	mod - bug_update.php		Diff File