View Issue Details

IDProjectCategoryView StatusLast Update
0020217mantisbtplug-inspublic2016-05-26 06:22
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionreopened 
Product Version1.3.0-beta.3 
Target Version1.3.0-rc.1Fixed in Version1.3.0-rc.1 
Summary0020217: MantisGraph: dont show links for users without access level
Description

The link for the plugin MantisGraph is showed to all users, even those who dont have access to the page, which results in an "access denied" error

TagsNo tags attached.

Relationships

related to 0020954 closedatrol Graph Problem 

Activities

cproensa

cproensa

2015-10-23 07:58

developer  

Selección_075.png (55,005 bytes)
Selección_075.png (55,005 bytes)
cproensa

cproensa

2015-10-23 08:04

developer   ~0051685

trivial fix, PR: https://github.com/mantisbt/mantisbt/pull/663

dregad

dregad

2015-10-23 19:47

developer   ~0051696

Thanks for your contribution !

atrol

atrol

2015-10-29 06:00

developer   ~0051746

This introduces a regression.
I get an empty login page.

No time to have a deeper look at the moment, but access_has_project_level is causing issues if you are not logged in (there is no current user and no current project at this moment)

cproensa

cproensa

2015-10-29 06:07

developer   ~0051748

Atrol, i think that happens with 1.2?

Plugin init sequence is different in 1.3. At the time the hooks() are called, the core functions are ready

atrol

atrol

2015-10-29 06:18

developer   ~0051749

Last edited: 2015-10-29 06:23

View 3 revisions

This piece of code is called now when visiting the login page (login_page.php)

+       if( access_has_project_level( config_get( 'view_summary_threshold' ) ) ) {
+           $t_hooks['EVENT_MENU_FILTER'] = 'graph_filter_menu';
+       }

Is this what you expect?

cproensa

cproensa

2015-10-29 07:42

developer   ~0051751

you are right, the problem is when aonyomous login is disabled
This is the correction
PR:https://github.com/mantisbt/mantisbt/pull/667

Related Changesets

MantisBT: master 738272f2

2015-10-23 07:59:41

cproensa


Committer: dregad Details Diff
Don't show MantisGraph link for users without access

fixes 0020217

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - plugins/MantisGraph/MantisGraph.php Diff File

MantisBT: master 2c0b2a59

2015-10-29 07:32:36

cproensa


Committer: dregad Details Diff
Revert 738272f and reimplement hide graph link

commit 738272f23900243de35b5f0ce29564274bad3090 to hide Mantisgraph link
introduced a regression: failing at login when anonymous login is
disabled.

Here that change is reverted and the access level check is now placed in
the callback function, instead of the hook initialization

Fixes 0020217

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - plugins/MantisGraph/MantisGraph.php Diff File

Issue History

Date Modified Username Field Change
2015-10-23 07:57 cproensa New Issue
2015-10-23 07:58 cproensa File Added: Selección_075.png
2015-10-23 08:04 cproensa Note Added: 0051685
2015-10-23 19:47 dregad Changeset attached => MantisBT master 738272f2
2015-10-23 19:47 dregad Assigned To => dregad
2015-10-23 19:47 dregad Status new => resolved
2015-10-23 19:47 dregad Resolution open => fixed
2015-10-23 19:47 dregad Fixed in Version => 1.3.0-rc.1
2015-10-23 19:47 dregad Target Version => 1.3.0-rc.1
2015-10-23 19:47 dregad Note Added: 0051696
2015-10-23 21:00 vboctor Assigned To dregad => community
2015-10-29 06:00 atrol Status resolved => feedback
2015-10-29 06:00 atrol Resolution fixed => reopened
2015-10-29 06:00 atrol Note Added: 0051746
2015-10-29 06:07 cproensa Note Added: 0051748
2015-10-29 06:07 cproensa Status feedback => assigned
2015-10-29 06:18 atrol Note Added: 0051749
2015-10-29 06:19 atrol Note Edited: 0051749 View Revisions
2015-10-29 06:23 atrol Note Edited: 0051749 View Revisions
2015-10-29 07:42 cproensa Note Added: 0051751
2015-10-30 09:44 dregad Changeset attached => MantisBT master 2c0b2a59
2015-10-30 09:44 dregad Assigned To community => dregad
2015-10-30 09:44 dregad Status assigned => resolved
2015-10-30 09:48 atrol Assigned To dregad => community
2015-12-06 02:45 vboctor Status resolved => closed
2016-01-19 15:24 atrol Assigned To community => cproensa
2016-05-26 06:22 atrol Relationship added related to 0020954