View Issue Details

IDProjectCategoryView StatusLast Update
0026988mantisbtpreferencespublic2021-03-07 18:29
Reportermaturbet Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformVMOSdebianOS Version10.3
Product Version2.24.1 
Target Version2.25.0Fixed in Version2.25.0 
Summary0026988: issue report TOO_MANY_REDIRECTS
Description

There is a redirection loop at "issue report" when the default project rights have been removed for a viewer user.

Steps To Reproduce
  1. Setup Mantis with just 3 private projects A, B and C
  2. Give "reporter" access on all 3 projects to a "viewer" user
  3. The user choose project B as default project in his preferences
  4. Remove access to the project B for the user
    4.1. User see "All Projects" as default project in his preferences
    4.2. Admin see B as default project in user preferences
  5. User click on "Report Issue"
    => redirection loop
Additional Information
  1. User return to the previous page
  2. In his preferences, user click "Update Prefs" without changing annything
  3. User click on "Report Issue"
    => All is OK
Tagspatch

Relationships

has duplicate 0027595 closeddregad invalid selected default project leads to infinite redirecting loop, when bug_report_page is requested 
related to 0027144 closeddregad Data integrity: ensure users' default_project preference is a valid project 

Activities

maturbet

maturbet

2020-05-28 12:19

reporter   ~0064033

PR : https://github.com/mantisbt/mantisbt/pull/1677

dregad

dregad

2020-05-29 05:03

developer   ~0064039

I tried on my dev box, but I'm not able to reproduce the problem.

After revoking REPORTER rights on project B (step 3), in my case the user preferences still show it as the default project (i.e. not All Projects), I guess because the user still has viewer rights to project B.

Trying to report an issue at that point, displays the Choose Project page (login_select_proj_page.php), where the only select-able project is A (other available projects are listed but grayed out).

Maybe I'm missing something ?

maturbet

maturbet

2020-05-29 05:21

reporter   ~0064040

In our configuration, we have only private projects.
It seem to be OK with public ones.

dregad

dregad

2020-05-29 08:11

developer   ~0064042

OK, I didn't consider private projects. So I setup a fresh install with 2 private projects, but still can't reproduce...

4.1. User see "All Projects" as default project in his preferences

Here I see that the default project is A, even though in the DB it is indeed still stored as B.

  1. User click on "Report Issue"

No error, issue gets created in project A, as expected.

maturbet

maturbet

2020-05-29 08:25

reporter   ~0064043

Last edited: 2020-05-29 11:36

My bad ! I forget one (again) thing in the description.
Indeed, if there is only one project left, it becomes the default one and the bug doesn't happen.
Can you redo the test with a third project C ?

dregad

dregad

2020-05-29 18:08

developer   ~0064051

OK now I can reproduce - updated the issue's description

Related Changesets

MantisBT: master b162f8fb

2020-05-28 11:56:33

maturbet


Committer: dregad Details Diff
Fix TOO_MANY_REDIRECTS on bug_report_page.php

There is a redirection loop on bug_report_page.php, when the default
project rights have been removed for a viewer user.

Fixes 0026988
Affected Issues
0026988
mod - bug_report_page.php Diff File