| Anonymous | Login | Signup for a new account | 2010-02-09 06:53 EST |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0006390 | mantisbt | bugtracker | public | 2005-11-04 11:27 | 2009-08-20 15:38 | ||||||
| Reporter | mmchenry | ||||||||||
| Assigned To | |||||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||||
| Status | acknowledged | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 1.0.0rc3 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0006390: Group action assign broken again | ||||||||||
| Description | Threshold and access validation on group action assign seems to be broken. Even if user has permission to change status and assign, and assigned user has permission to handle bugs, you get a permission denied message when assigning via group actions. Assigning an individual bug works as expected. Similar to 0006068, but problem is at the validation level instead of the UI level. | ||||||||||
| Additional Information | I believe the problem is in bug_actiongroup.php around line 112. It looks to me like it's checking if the assigned user has permission to change status to assigned instead of current user. Current code: if ( access_has_bug_level( $t_threshold , $t_bug_id, $f_assign ) && access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $t_bug_id ) && I think should be changed to: if ( access_has_bug_level( $t_threshold , $t_bug_id ) && access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $t_bug_id, $f_assign ) && | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files |  bug_actiongroup.php.patch [^] (1,607 bytes) 2007-05-24 10:55 [Show Content]
| ||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
 (0014630)ave (reporter) 2007-05-24 10:56 |
Attached patch resolves inconsistency between group assigning and individual assigning. It is against bug_actiongroup.php v 1.50. It basically reflects validation defined in bug_assign.php. As a result, this patch also fixes another bug ; sponsored issues can be assigned via group action regardless of the values of '$g_assign_sponsored_bugs_threshold' and '$g_handle_sponsored_bugs_threshold'. |
 (0021823)mmchenry (reporter) 2009-05-14 18:33 |
Not to seem ungrateful, but we're going on four years later and this still has not been fixed as of 1.1.7. Is there some problem getting this patch into the shipping code? Or can we at least get it into the upcoming 1.2.x? It's not like this is an oddball enhancement request. It's incorrect validation preventing the feature from working as designed. It really should be fixed. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2005-11-04 11:27 | mmchenry | New Issue | |
| 2007-03-21 11:09 | renfrowl | Issue Monitored: renfrowl | |
| 2007-05-24 10:55 | ave | File Added: bug_actiongroup.php.patch | |
| 2007-05-24 10:56 | ave | Note Added: 0014630 | |
| 2007-06-09 12:43 | vboctor | Status | new => acknowledged |
| 2009-05-14 18:33 | mmchenry | Note Added: 0021823 | |
| 2009-08-20 15:38 | damien_b | Issue Monitored: damien_b | |
|
Issue History |
| MantisBT 1.2.0rc2 git live[^]
Copyright © 2000 - 2010 MantisBT Group
Time: 0.2000 seconds. memory usage: 1,812 KB |
 |