View Issue Details

IDProjectCategoryView StatusLast Update
0021894mantisbtsecuritypublic2016-11-27 00:45
ReportermcmoAssigned Toatrol 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.3 
Target Version1.3.4Fixed in Version1.3.4 
Summary0021894: Handlers(Assignees) are visible when editing an issue even if they are not visible when viewing it
Description

if the view_handler_threshold configuration value is set to hide the handlers to reporters, the handlers are visible when the reporters edit an issue.

Steps To Reproduce

0- set update_bug_threshold to reporter
1- set view_handler_threshold to a value above reporter
2- create an issue with the reporter
3- assign the issue as a manager
4- view the issue as the reporter: the handler is hidden
5- edit the issue as the reporter: the handler is visible

[EDIT dregad] added step 0 per atrol's note 0021894:0054549

TagsNo tags attached.

Activities

mcmo

mcmo

2016-11-09 11:20

reporter  

mcmo

mcmo

2016-11-09 11:20

reporter  

atrol

atrol

2016-11-20 07:52

developer   ~0054549

Last edited: 2016-11-20 08:00

View 2 revisions

Missing one step in "Steps To Reproduce"
0- set update_bug_threshold to reporter

Also reproducible in 1.3.x

Missing check for view_handler_threshold in bug_update_page.php

atrol

atrol

2016-11-24 06:14

developer   ~0054573

PR https://github.com/mantisbt/mantisbt/pull/957

mcmo

mcmo

2016-11-25 03:00

reporter   ~0054584

Hi
will that be fixed in version 2.0.0 as well?
thanks

dregad

dregad

2016-11-25 03:01

developer   ~0054585

In principle, all patches applied in 1.3 branch are merged in master branch as well, so yes.

Related Changesets

MantisBT: master-1.3.x c8c4aa25

2016-11-24 06:09:00

atrol

Details Diff
Check access rights to view handlers on bug update page

Fixes 0021894
mod - bug_update_page.php Diff File

Issue History

Date Modified Username Field Change
2016-11-09 11:20 mcmo New Issue
2016-11-09 11:20 mcmo File Added: Editing Issue - Handler visible.png
2016-11-09 11:20 mcmo File Added: View Issue - Handler not visible.png
2016-11-20 07:52 atrol Status new => confirmed
2016-11-20 07:52 atrol Note Added: 0054549
2016-11-20 07:52 atrol Category ui => security
2016-11-20 08:00 atrol Note Edited: 0054549 View Revisions
2016-11-21 06:42 dregad Product Version 2.0.0-rc.1 => 1.3.3
2016-11-21 06:42 dregad Target Version => 1.3.4
2016-11-21 06:42 dregad Steps to Reproduce Updated View Revisions
2016-11-24 05:59 atrol Assigned To => atrol
2016-11-24 05:59 atrol Status confirmed => assigned
2016-11-24 06:14 atrol Note Added: 0054573
2016-11-25 02:52 atrol Changeset attached => MantisBT master-1.3.x c8c4aa25
2016-11-25 02:52 atrol Status assigned => resolved
2016-11-25 02:52 atrol Resolution open => fixed
2016-11-25 02:52 atrol Fixed in Version => 1.3.4
2016-11-25 03:00 mcmo Note Added: 0054584
2016-11-25 03:01 dregad Note Added: 0054585
2016-11-27 00:45 vboctor Status resolved => closed