View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0014268mantisbtbugtrackerpublic2012-05-17 14:442019-01-11 06:37
Reporterurdap Assigned Tocproensa  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.10 
Target Version1.3.4Fixed in Version1.3.4 
Summary0014268: "Report Issue" is missing if the user has access to only private projects, but has not selected a project from the dropdown.
Description

If I create a user in my private bug tracking database, and set them as a global 'viewer' but then grant them reporting roles or higher in more than 1 project, the user will not get 'report issue' until he or she selects a project from the drop down. This is not desirable, since a user should always have that link, and then have Mantis prompt for a project selection if necessary. This has been confusing to myself and other users.

Steps To Reproduce

1) Setup MantisBT to use only private projects
2) Create a user with just 'viewer' access
3) Grant this new user access to two or more private projects with a role that can 'Report Issue'
4) Login as this new user, you will be brought to a screen that is for 'All Projects'
5) 'Report Issue' is missing until that user selects a project

Additional Information

I made the following changes to my core/html_api.php:

if( access_has_project_level( config_get( 'report_bug_threshold' ) ) ) {

REPLACE WITH

if( access_has_project_level( config_get( 'report_bug_threshold' ) ) || count( current_user_get_accessible_projects() ) > 0 ) {

So the link is then prompted to the user. When they click on the report issue link, they are then prompted with the 'Select Project' screen to select a project. This is desirable as the user doesn't have to move from all projects to earn the 'Report Issue' link.

HOWEVER

I am not super familiar with the mantis core, so this is NOT bug free! If the user has only VIEWER access to the private projects, he or she will still get the link with this one-liner. They will be prompted to select a project, and then get an "access denied" if they continue through the screen.

So how can Mantis be fixed to allow this link to be displayed when:

1) A user is in the 'All Projects' selection from the dropdown
2) The User has access to 1 or more projects that he or she can report an issue for.

TagsNo tags attached.

Relationships

related to 0011322 closeddregad incorrect rights with only 1 authorized project 
related to 0009826 closeddregad Single project user should default to the project, not All Projects 
has duplicate 0021627 closedcproensa Show report bug menu entry if allowed for any project 
related to 0010296 closedcproensa single project is not selected 

Activities

urdap

urdap

2012-05-17 14:47

reporter   ~0031853

Minor correction to step to produce (I don't have edit access):

1) Setup MantisBT to use only private projects
2) Create a user with just 'viewer' access
3) Grant this new user access to two or more private projects with a role that can 'Report Issue'
4) Login as this new user, you will be brought to a screen that is for 'All Projects'
5) 'Report Issue' is missing until that user selects a project
dregad

dregad

2012-05-18 03:09

developer   ~0031855

Last edited: 2012-05-18 03:44

I updated the steps to reproduce as per your note 0014268:0031853

EDIT: you may want to check out function access_has_any_project() for your purposes, although I'm a bit concerned about the potential performance impact looping on all projects everytime a page is loaded may have, especially on installations with many projects.
urdap

urdap

2012-05-18 11:04

reporter   ~0031860

Perhaps a user variable needs to be introduced that can be polled to allow the interface to quickly check if that link should be displayed or not.

But yes, I agree that looping through ALL the projects the developer is listed on could create a performance issue.
atrol

atrol

2012-07-13 07:13

developer   ~0032323

A workaround for this is to use page "My Account" > "Preferences" and to change "Default Project" from "All Projects" to a assigned project
dregad

dregad

2012-09-10 09:36

developer   ~0032819

Actually, re-reading the bug's description, this is actually not fixed by b1a1bbae sorry for the confusion.
cproensa

cproensa

2016-08-28 12:23

developer   ~0053903

PR: https://github.com/mantisbt/mantisbt/pull/861

Related Changesets

MantisBT: master-1.2.x b1a1bbae

2012-09-10 01:56

dregad


Details Diff		 User with access to single project defaults to it, not all projects

Since 1.2, if a user has access to only one project, the project
selection box at top right isn't shown. This was causing issues as new
users accounts have 'All projects' as their default:

- user can't report issues (no link for all projects)
- categories displayed are prefixed with [project]

Until this commit, users had to define their (single) project as default
using preferences to work around the problem; this is no longer needed.

Function html_login_info() now sets the current project as appropriate
if user has only access to a single one, and also defines that as the
default.

The account preferences page has also been modified to only include 'All
projects' in the selection list when user has more than one project
available.

Fixes 0009826, 0014268		 Affected Issues
0009826, 0014268, 0016337
mod - account_prefs_inc.php Diff File
mod - core/html_api.php Diff File

MantisBT: master cfa022bc

2012-09-10 01:56

dregad


Details Diff		 User with access to single project defaults to it, not all projects

Since 1.2, if a user has access to only one project, the project
selection box at top right isn't shown. This was causing issues as new
users accounts have 'All projects' as their default:

- user can't report issues (no link for all projects)
- categories displayed are prefixed with [project]

Until this commit, users had to define their (single) project as default
using preferences to work around the problem; this is no longer needed.

Function html_login_info() now sets the current project as appropriate
if user has only access to a single one, and also defines that as the
default.

The account preferences page has also been modified to only include 'All
projects' in the selection list when user has more than one project
available.

Fixes 0009826, 0014268		 Affected Issues
0009826, 0014268, 0016337
mod - account_prefs_inc.php Diff File
mod - core/html_api.php Diff File

MantisBT: master-1.3.x 5d2f72a9

2016-08-18 07:07

cproensa

Committer: dregad


Details Diff		 Show report bug menu entry if allowed for any project

Previously, the "report bug" menu entry was not displayed when:
1. current project is ALL PROJECTS and user has not global report bug access
2. current project is a specific one, and user has not report access in
that project

(1) is confusing for users, when they have access to report in any of
the specific projects they are assigned to, but still cant find the menu
entry.
Note that for globally allowed users, when trying to report in ALL
PROJECTS, a page appears that promts the user to select a valid project

(2) can be also confusing like (1), when the user is positioned in a
project where is effectively a "viewer", want to report a bug and cant
find the menu entry. This forces the user to select a valid project
before being allowed to use the report menu.

The fix implemented here checks if the user has permissions to report in
any of his assigned projects, then show the menu entry.
If the user cant report in current project once the menu entry is
selected, show the project selection page to choose a valid project.

This fixes (1) which is a common complaint from new users
and (2), which also provides a more intuitive way to use the report
option, as first choose the action, later choose the project.

Fixes: 0014268		 Affected Issues
0014268
mod - bug_report_page.php Diff File
mod - core/html_api.php Diff File