0005396: It shows only administrators in "assign to" dropdown and "manage project" page for private projects - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0005396	mantisbt	bugtracker	public	2005-03-30 01:35	2005-04-18 10:40

Reporter	astax	Assigned To	thraxisp
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Fixed in Version	1.0.0a1

Summary	0005396: It shows only administrators in "assign to" dropdown and "manage project" page for private projects
Description	If project is private, users permissions are checked incorrectly and this results in showing only administrators in "assign to" dropdown and on the "manage project" page in the list of people assigned to the project. I've looked in the code and found that the error is in core/project_api.php, in function project_get_all_user_rows() (line 480). Instead of checking "global" access level for private projects, need to check "local" one. The fix is simple - In this query: $query = "SELECT DISTINCT u.id, u.username, u.realname FROM $t_user_table u, $t_project_table p LEFT JOIN $t_project_user_list_table l ON p.id=l.project_id WHERE ( ( p.view_state='$t_pub' AND u.access_level >= $t_access_level ) OR ( l.access_level >= $t_access_level AND l.user_id=u.id ) OR u.access_level>='$t_adm' ) AND u.enabled = $t_on $t_project_clause ORDER BY u.realname, u.username"; need to replace "OR ( l.access_level >= $t_access_level AND l.user_id=u.id )" with "OR ( l.access_level >= $p_access_level AND l.user_id=u.id )".
Tags	No tags attached.

astax 2005-03-30 01:48 reporter ~0009680	Sorry, just found already posted issue 0005390 . Anyway, I explained the problem and solution here.

thraxisp 2005-03-30 14:50 reporter ~0009687	The sorting on the Manage Project page seems to have broken as well.

thraxisp 2005-03-30 21:35 reporter ~0009688	Fixed in CVS. Fixed the sorting of projects as well.