View Issue Details

IDProjectCategoryView StatusLast Update
0012443mantisbtbugtrackerpublic2014-09-23 18:05
Reportercproensa Assigned Todhx  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.3 
Target Version1.2.6Fixed in Version1.2.6 
Summary0012443: allows to move a bug into a project with viewer access level
Description

The user with enough rights to move a bug into another project, is allowed to move it into a project in which he has only 'viewer' rights.

Steps To Reproduce

User has full rights in project A (enough to report and move bugs)
User has 'viewer' right in project B
User creates a bug in project A and is allowed to move it into project B

Tagspatch

Relationships

related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
has duplicate 0013059 closed User rights inconsistency 

Activities

cproensa

cproensa

2010-11-09 06:02

developer  

fix_12443_master-1.2.x.patch (1,241 bytes)   
From b32d4ed2dbc74038b0dcdbebaa4c51a05dc2b263 Mon Sep 17 00:00:00 2001
From: Carlos Proensa <proensa@gmail.com>
Date: Tue, 9 Nov 2010 11:55:52 +0100
Subject: [PATCH] fix 0012443: allows to move a bug into a project with viewer access level
 adds a check for reporter_access_level for destination project

---
 bug_actiongroup.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
index 7d72793..1f87db6 100644
--- a/bug_actiongroup.php
+++ b/bug_actiongroup.php
@@ -98,9 +98,10 @@
 			break;
 
 		case 'MOVE':
-			if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) {
+			$f_project_id = gpc_get_int( 'project_id' );
+			if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id )
+					&& access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) {
 				/** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
-				$f_project_id = gpc_get_int( 'project_id' );
 				bug_set_field( $t_bug_id, 'project_id', $f_project_id );
 				helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
 			} else {
-- 
1.7.1

fix_12443_master-1.2.x.patch (1,241 bytes)   
cproensa

cproensa

2010-11-09 06:05

developer   ~0027316

i've attached a patch for 1.2.x,
in bug_actiongroup.php it adds a check against report_bug_threshold for destination project.
i hope its ok, im still struggling with git basics

dhx

dhx

2010-12-14 05:53

reporter   ~0027593

Confirmed, thank you for the patch Carlos. I can confirm that your patch is 100% ready-to-commit. Good work on your first patch!

Thanks for your contribution. I'll try to have this committed shortly to both 1.2.x and 1.3.x branches.

dhx

dhx

2011-07-12 07:08

reporter   ~0029148

Apologies for the very long delay in committing this patch. It got lost in the pile :(

I've finally committed your patch to both master and master-1.2.x branches.

Thanks again for taking the time to submit a patch for MantisBT.

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036400

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master a9032400

2010-11-09 02:55:52

cproensa

Details Diff
Fix 0012443: Moving bugs - check for reporter permissions in destination project

The user with enough rights to move a bug into another project, is
allowed to move it into a project in which he has only 'viewer' rights.

Steps to reproduce this bug:
1. User has full rights in project A (enough to report and move bugs)
2. User has 'viewer' right in project B
3. User creates a bug in project A and is allowed to move it into project B

Signed-off-by: David Hicks <d@hx.id.au>
Affected Issues
0012443
mod - bug_actiongroup.php Diff File

MantisBT: master 63db6ac8

2010-11-09 10:55:52

cproensa


Committer: dhx Details Diff
Fix 0012443: Moving bugs - check for reporter permissions in destination project

The user with enough rights to move a bug into another project, is
allowed to move it into a project in which he has only 'viewer' rights.

Steps to reproduce this bug:
1. User has full rights in project A (enough to report and move bugs)
2. User has 'viewer' right in project B
3. User creates a bug in project A and is allowed to move it into project B

Signed-off-by: David Hicks <d@hx.id.au>
Affected Issues
0012443
mod - bug_actiongroup.php Diff File

MantisBT: master-1.2.x 822e50d6

2010-11-09 10:55:52

cproensa


Committer: dhx Details Diff
Fix 0012443: Moving bugs - check for reporter permissions in destination project

The user with enough rights to move a bug into another project, is
allowed to move it into a project in which he has only 'viewer' rights.

Steps to reproduce this bug:
1. User has full rights in project A (enough to report and move bugs)
2. User has 'viewer' right in project B
3. User creates a bug in project A and is allowed to move it into project B

Signed-off-by: David Hicks <d@hx.id.au>
Affected Issues
0012443
mod - bug_actiongroup.php Diff File

MantisBT: master 1b5e97dd

2011-09-10 02:47:29

dhx

Details Diff
Revert "Fix 0012443: Moving bugs - check for reporter permissions in destination project"

This reverts commit 63db6ac834136b76ee3f1a8eaa0e126161350233.

This commit has been incorrectly forward-ported from the master-1.2.x
branch and has overwritten changes to this file made in the master
branch.

Removed, to be reapplied correctly.
Affected Issues
0012443
mod - bug_actiongroup.php Diff File

Issue History

Date Modified Username Field Change
2010-10-13 10:36 cproensa New Issue
2010-11-09 06:02 cproensa File Added: fix_12443_master-1.2.x.patch
2010-11-09 06:05 cproensa Note Added: 0027316
2010-12-01 12:39 atrol Tag Attached: patch
2010-12-14 05:48 dhx Assigned To => dhx
2010-12-14 05:48 dhx Status new => assigned
2010-12-14 05:48 dhx Target Version => 1.2.4
2010-12-14 05:53 dhx Note Added: 0027593
2010-12-14 21:05 jreese Target Version 1.2.4 => 1.2.5
2011-04-05 12:25 jreese Target Version 1.2.5 => 1.2.6
2011-06-07 05:57 rombert Relationship added has duplicate 0013059
2011-07-12 07:06 dhx Changeset attached => MantisBT master 63db6ac8
2011-07-12 07:06 dhx Changeset attached => MantisBT master-1.2.x 822e50d6
2011-07-12 07:06 dhx Resolution open => fixed
2011-07-12 07:06 dhx Fixed in Version => 1.2.6
2011-07-12 07:08 dhx Note Added: 0029148
2011-07-12 07:08 dhx Status assigned => resolved
2011-07-26 09:53 jreese Status resolved => closed
2011-09-10 05:53 dhx Changeset attached => MantisBT master 1b5e97dd
2011-09-10 05:53 cproensa Changeset attached => MantisBT master a9032400
2013-04-05 17:57 grangeway Status closed => acknowledged
2013-04-05 17:57 grangeway Note Added: 0036400
2013-04-05 18:13 grangeway Relationship added related to 0015721
2013-04-06 03:43 dregad Status acknowledged => closed
2013-04-06 07:22 grangeway Status closed => acknowledged
2013-04-06 09:22 dregad Tag Attached: 2.0.x check
2013-04-06 09:23 dregad Status acknowledged => closed
2014-09-23 18:05 grangeway Tag Detached: 2.0.x check