View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003774 | mantisbt | custom fields | public | 2004-04-26 13:39 | 2004-11-06 06:27 |
Reporter | RJelinek | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 0.18.2 | ||||
Fixed in Version | 0.19.1 | ||||
Summary | 0003774: Only administrator can manage custom fields, because link is missing | ||||
Description | The configuration field $g_manage_custom_fields_threshold can be used, to allow users with a specific access level to manage custom fields. This can be done only be editing the address in a browser manually to manage_custom_field_page.php | ||||
Tags | No tags attached. | ||||
Attached Files | manage_patch.diff (4,264 bytes)
diff -Naurb mantis-0.18.2/core/access_api.php epia/core/access_api.php --- mantis-0.18.2/core/access_api.php 2004-02-12 00:16:28.000000000 +0100 +++ epia/core/access_api.php 2004-05-04 13:21:44.000000000 +0200 @@ -165,6 +165,23 @@ } # -------------------- + # Check if the user has any configured access level + # to manage something + function access_has_any_manage_level( ) { + $t_has_manage_custom_field_access = access_has_global_level( config_get( 'manage_custom_fields_threshold' ) ); + $t_has_manage_user_access = access_has_global_level( config_get( 'manage_user_threshold' ) ); + $t_has_manage_project_access = access_has_project_level( config_get( 'manage_project_threshold' ) ); + + if ( ($t_has_manage_custom_field_access || + $t_has_manage_user_access || + $t_has_manage_project_access) ) { + return true; + } + + return false; + } + + # -------------------- # Check the current user's access against the given value and return true # if the user's access is equal to or higher, false otherwise. # diff -Naurb mantis-0.18.2/core/html_api.php epia/core/html_api.php --- mantis-0.18.2/core/html_api.php 2004-02-29 11:07:44.000000000 +0100 +++ epia/core/html_api.php 2004-05-04 15:02:01.000000000 +0200 @@ -379,12 +393,8 @@ } # Manage Users (admins) or Manage Project (managers) - if ( access_has_project_level( config_get( 'manage_project_threshold' ) ) ) { - if ( access_has_project_level( ADMINISTRATOR ) ) { - $t_link = 'manage_user_page.php'; - } else { - $t_link = 'manage_proj_page.php'; - } + if ( access_has_any_manage_level( ) ) { + $t_link = 'manage_page.php'; $t_menu_options[] = "<a href=\"$t_link\">" . lang_get( 'manage_link' ) . '</a>'; } @@ -459,10 +469,14 @@ # Print the menu for the manage section # $p_page specifies the current page name so it's link can be disabled function print_manage_menu( $p_page='' ) { - if ( !access_has_project_level( ADMINISTRATOR ) ) { + if ( !access_has_any_manage_level( ) ) { return; } + $t_has_manage_custom_field_access = access_has_global_level( config_get( 'manage_custom_fields_threshold' ) ); + $t_has_manage_user_access = access_has_global_level( config_get( 'manage_user_threshold' ) ); + $t_has_manage_project_access = access_has_project_level( config_get( 'manage_project_threshold' ) ); + $t_manage_user_page = 'manage_user_page.php'; $t_manage_project_menu_page = 'manage_proj_page.php'; $t_manage_custom_field_page = 'manage_custom_field_page.php'; @@ -476,10 +490,18 @@ } echo '<br /><div align="center">'; + if ( $t_has_manage_user_access ) { print_bracket_link( $t_manage_user_page, lang_get( 'manage_users_link' ) ); + } + if ( $t_has_manage_project_access ) { print_bracket_link( $t_manage_project_menu_page, lang_get( 'manage_projects_link' ) ); + } + if ( $t_has_manage_custom_field_access ) { print_bracket_link( $t_manage_custom_field_page, lang_get( 'manage_custom_field_link' ) ); + } + if ( $t_has_manage_project_access ) { print_bracket_link( $t_documentation_page, lang_get( 'documentation_link' ) ); + } echo '</div>'; } diff -Naurb mantis-0.18.2/manage_page.php epia/manage_page.php --- mantis-0.18.2/manage_page.php 1970-01-01 01:00:00.000000000 +0100 +++ epia/manage_page.php 2004-05-04 15:02:22.000000000 +0200 @@ -0,0 +1,29 @@ +<?php + # Mantis - a php based bugtracking system + # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org + # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net + # This program is distributed under the terms and conditions of the GPL + # See the README and LICENSE files for details + + # -------------------------------------------------------- + # $Id$ + # -------------------------------------------------------- +?> +<?php + require_once( 'core.php' ); + + $t_core_path = config_get( 'core_path' ); + + require_once( $t_core_path . 'icon_api.php' ); +?> +<?php auth_ensure_user_authenticated() ?> +<?php html_page_top1() ?> +<?php html_page_top2() ?> + +<?php print_manage_menu( 'manage_page.php' ) ?> + +<?php # Project Menu Form BEGIN ?> + +<br /> + +<?php html_page_bottom1( __FILE__ ) ?> | ||||
patch with a (possible) solution added. Now, user with according rights can access manage-page. |
|
Can we get this patch or other suitable modification onto the HEAD? |
|
Fixed in CVS. The implementation is similar to that suggested, but doesn't require an additional module. |
|