View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020625 | mantisbt | security | public | 2016-02-23 11:05 | 2016-07-18 14:56 |
Reporter | mattkolb | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | acknowledged | Resolution | open | ||
Summary | 0020625: Inconsistent time tracking permissions | ||||
Description | Adding time tracking information when changing the status of a ticket requires the user pass the private_bugnote_threshold. However, other methods of adding/editing time tracking permission do not require the increased access privileges. The problem line: Examples of correct implementations: | ||||
Tags | No tags attached. | ||||
related to | 0004428 | closed | davidnewcomb | Time Tracking |
Hello Thanks for the bug report. It appears this behavior exists since the initial implementation of the Time tracking feature back in 2006 [1] (see 0004428). That being said, I have no idea of the rationale behind the check for private note access, doesn't make sense to me. [1] https://github.com/mantisbt/mantisbt/blame/f02da95%5E/bug_change_status_page.php#L288 |
|
Bump |
|
@mattkolb, submitting a patch is always a good idea, as it increases the chances of improvement eventually making it into MantisBT core. All contributions are welcome and greatly appreciated. Patch submissions can be made in several ways. In the order of preference:
Kindly avoid to upload entire modified PHP files. Please make sure that your submissions adhere to our Coding Guidelines [2], if they don't your patch might be rejected. [1] https://github.com/mantisbt/mantisbt |
|