View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003774 | mantisbt | custom fields | public | 2004-04-26 13:39 | 2004-11-06 06:27 |
| Reporter | RJelinek | Assigned To | thraxisp | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.18.2 | ||||
| Fixed in Version | 0.19.1 | ||||
| Summary | 0003774: Only administrator can manage custom fields, because link is missing | ||||
| Description | The configuration field $g_manage_custom_fields_threshold can be used, to allow users with a specific access level to manage custom fields. This can be done only be editing the address in a browser manually to manage_custom_field_page.php | ||||
| Tags | No tags attached. | ||||
| Attached Files | manage_patch.diff (4,264 bytes)
diff -Naurb mantis-0.18.2/core/access_api.php epia/core/access_api.php
--- mantis-0.18.2/core/access_api.php 2004-02-12 00:16:28.000000000 +0100
+++ epia/core/access_api.php 2004-05-04 13:21:44.000000000 +0200
@@ -165,6 +165,23 @@
}
# --------------------
+ # Check if the user has any configured access level
+ # to manage something
+ function access_has_any_manage_level( ) {
+ $t_has_manage_custom_field_access = access_has_global_level( config_get( 'manage_custom_fields_threshold' ) );
+ $t_has_manage_user_access = access_has_global_level( config_get( 'manage_user_threshold' ) );
+ $t_has_manage_project_access = access_has_project_level( config_get( 'manage_project_threshold' ) );
+
+ if ( ($t_has_manage_custom_field_access ||
+ $t_has_manage_user_access ||
+ $t_has_manage_project_access) ) {
+ return true;
+ }
+
+ return false;
+ }
+
+ # --------------------
# Check the current user's access against the given value and return true
# if the user's access is equal to or higher, false otherwise.
#
diff -Naurb mantis-0.18.2/core/html_api.php epia/core/html_api.php
--- mantis-0.18.2/core/html_api.php 2004-02-29 11:07:44.000000000 +0100
+++ epia/core/html_api.php 2004-05-04 15:02:01.000000000 +0200
@@ -379,12 +393,8 @@
}
# Manage Users (admins) or Manage Project (managers)
- if ( access_has_project_level( config_get( 'manage_project_threshold' ) ) ) {
- if ( access_has_project_level( ADMINISTRATOR ) ) {
- $t_link = 'manage_user_page.php';
- } else {
- $t_link = 'manage_proj_page.php';
- }
+ if ( access_has_any_manage_level( ) ) {
+ $t_link = 'manage_page.php';
$t_menu_options[] = "<a href=\"$t_link\">" . lang_get( 'manage_link' ) . '</a>';
}
@@ -459,10 +469,14 @@
# Print the menu for the manage section
# $p_page specifies the current page name so it's link can be disabled
function print_manage_menu( $p_page='' ) {
- if ( !access_has_project_level( ADMINISTRATOR ) ) {
+ if ( !access_has_any_manage_level( ) ) {
return;
}
+ $t_has_manage_custom_field_access = access_has_global_level( config_get( 'manage_custom_fields_threshold' ) );
+ $t_has_manage_user_access = access_has_global_level( config_get( 'manage_user_threshold' ) );
+ $t_has_manage_project_access = access_has_project_level( config_get( 'manage_project_threshold' ) );
+
$t_manage_user_page = 'manage_user_page.php';
$t_manage_project_menu_page = 'manage_proj_page.php';
$t_manage_custom_field_page = 'manage_custom_field_page.php';
@@ -476,10 +490,18 @@
}
echo '<br /><div align="center">';
+ if ( $t_has_manage_user_access ) {
print_bracket_link( $t_manage_user_page, lang_get( 'manage_users_link' ) );
+ }
+ if ( $t_has_manage_project_access ) {
print_bracket_link( $t_manage_project_menu_page, lang_get( 'manage_projects_link' ) );
+ }
+ if ( $t_has_manage_custom_field_access ) {
print_bracket_link( $t_manage_custom_field_page, lang_get( 'manage_custom_field_link' ) );
+ }
+ if ( $t_has_manage_project_access ) {
print_bracket_link( $t_documentation_page, lang_get( 'documentation_link' ) );
+ }
echo '</div>';
}
diff -Naurb mantis-0.18.2/manage_page.php epia/manage_page.php
--- mantis-0.18.2/manage_page.php 1970-01-01 01:00:00.000000000 +0100
+++ epia/manage_page.php 2004-05-04 15:02:22.000000000 +0200
@@ -0,0 +1,29 @@
+<?php
+ # Mantis - a php based bugtracking system
+ # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
+ # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
+ # This program is distributed under the terms and conditions of the GPL
+ # See the README and LICENSE files for details
+
+ # --------------------------------------------------------
+ # $Id$
+ # --------------------------------------------------------
+?>
+<?php
+ require_once( 'core.php' );
+
+ $t_core_path = config_get( 'core_path' );
+
+ require_once( $t_core_path . 'icon_api.php' );
+?>
+<?php auth_ensure_user_authenticated() ?>
+<?php html_page_top1() ?>
+<?php html_page_top2() ?>
+
+<?php print_manage_menu( 'manage_page.php' ) ?>
+
+<?php # Project Menu Form BEGIN ?>
+
+<br />
+
+<?php html_page_bottom1( __FILE__ ) ?>
| ||||
 |
patch with a (possible) solution added. Now, user with according rights can access manage-page. |
 |
Can we get this patch or other suitable modification onto the HEAD? |
 |
Fixed in CVS. The implementation is similar to that suggested, but doesn't require an additional module. |
