Are you aware that restricting access to those pages does not restrict users from getting the same information by using other ways?

E.g. you could get the information by using the SOAP API or by using scripts to access "View Issue Details" page of all issues.

Are you aware that restricting access to those pages does not restrict users from getting the same information by using other ways

Besides that.. in similar situations, that you may want to alter some of the screen elements, where there is not a provided hook by core or plugin events, you may use javascript to selectively hide or delete those elements.

Are you aware that restricting access to those pages does not restrict users from getting the same information by using other ways

Yes, I am. My "rejected export access users" have no technical knowledge to use SOAP or scripts. And my goal is to hide "easy access" to unwanted export functions for non technical users (REPORTER). If they found an other way, their account deserve to be upgraded ;-)

Maybe that CSV export and Excel Export should become plugins? Because XML Import / Export is configurable :

public function config() {
    return array(
        "import_threshold" => ADMINISTRATOR,
        "export_threshold" => DEVELOPER,
    );
}

This is the behaviour that I need and imagine for Excel and CSV exports. I have no idea for Print Reports. Your throughts?

in similar situations, that you may want to alter some of the screen elements, where there is not a provided hook by core or plugin events, you may use javascript to selectively hide or delete those elements

Thanks for the tip. That will be my solution if nothing can be done in core or (new) plugins.

Regards

Having a configurable threshold for users that can execute a export may be a convenient feature.
So, relating atrol comment:

Are you aware that restricting access to those pages does not restrict users from getting the same information by using other ways?

Massive export can be a long running process, even if the same info can be accesed by the users, limiting the export execution could be used by some admin in some situations. For example: preventing server overload or DOS requests for small servers.

@atrol : did you change your mind with cproensa use case ?

@atrol : did you change your mind with cproensa use case ?

Change my mind? Isn't 0022224:0055237 true?

Change my mind? Isn't 0022224:0055237 true?

you're right, wrong formulation, my mistake and my apologies.

Are you in favor of adding this new configuration option ?

I don't need it myself, but I see no reason why it should not be implemented.

The options should not just prevent the display of the buttons, but also the access to the pages.
E.g. you should not be able open the link https://www.YourMantisbt.com/bugs/csv_export.php

So I would call the options
$g_export_excel_threshold, $g_export_csv_threshold, $g_print_report_threshold
instead of
$g_view_export_excel_button_threshold, $g_view_export_csv_button_threshold, $g_view_print_report_button_threshold

Not sure if 3 separate options are needed, maybe one is enough. Something like $g_export_issues_threshold

$g_print_report_threshold

I wasn't thinking in $g_print_report_threshold. I don't know if it falls in the same situation, if it can be easily used to output 1000s of issues at once.

$g_export_excel_threshold, $g_export_csv_threshold

I would define only one export threshold.
We still keep separated pages and configs for csv and excel operations, but in the future i think we'll probably want to join them into one single export functionality

Thanks for your responses.

In hindsight, I'm not able to provide a good reason to hide "Print reports" option. I made the mistake to group print and export functions when I wrote the issue.

I'll provide ASAP a PR with one configuration variable '$g_export_issues_threshold' that will be used to check user rights for Export Excel and Export CSV functionalities (display menus and access to pages).

PR : https://github.com/mantisbt/mantisbt/pull/1021

I don't know if it falls in the same situation, if it can be easily used to output 1000s of issues at once.

In hindsight, I'm not able to provide a good reason to hide "Print reports" option.

"Print reports" can easily be used to export all issues.

"Print reports" can easily be used to export all issues.

I agree. My contribution (overview in 0022224:0055513) is based on last response from @cproensa :

$g_print_report_threshold

I wasn't thinking in $g_print_report_threshold. I don't know if it falls in the same situation, if it can be easily used to output 1000s of issues at once.

$g_export_excel_threshold, $g_export_csv_threshold

I would define only one export threshold.

Should I add a second threshold ($g_print_report_threshold ?) for "Print Reports" option ? Or use the same threshold for the 3 options?

Has this issue been addressed ?
I have the same requirement as described.

Should I add a second threshold ($g_print_report_threshold ?) for "Print Reports" option ? Or use the same threshold for the 3 options?

In my opinion, a single threshold is sufficient.

Picking this up where @Mr.Bricodage left off.

For now, I have rebased his original work onto latest master - https://github.com/dregad/mantisbt/tree/pr1021. Will test and adapt the code in the coming days as time allows.

Please see new PR https://github.com/mantisbt/mantisbt/pull/1810, replacing the original contribution by @Mr.Bricodage.