View Issue Details

IDProjectCategoryView StatusLast Update
0008141mantisbtbugtrackerpublic2022-05-13 03:51
Reporterexkludge Assigned Toatrol  
PrioritynormalSeverityfeatureReproducibilityalways
Status assignedResolutionopen 
Product Version1.0.8 
Target Version2.26.0 
Summary0008141: Issue reporters should be able to update their own issues
Description

I notice that the reporter of a particular issue cannot update his/her <b>own</b> reported issue.

I think it will be better if Mantis will allow the reporter of a particular issue to edit / update his <b>own</b> reported issue. This will lessen the work of UPDATER in correcting those (wrong) information entered by the reporter.

Please direct me if this can be done though configuration.

Thanks

Tagspatch
Attached Files
allow_reporter_update-1.2.12.patch (2,608 bytes)   
diff -aur ../mantisbt-1.2.12/bug_update_advanced_page.php ./bug_update_advanced_page.php
--- bug_update_advanced_page.php	2012-11-11 23:10:40.000000000 +0000
+++ bug_update_advanced_page.php	2013-04-06 19:33:11.931150001 +0000
@@ -49,7 +49,12 @@
 	trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
 }
 
-access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
+if ( ON == config_get( 'allow_reporter_update' ) ) {
+	if( bug_is_user_reporter( $f_bug_id, auth_get_current_user_id() ) ) {
+		access_ensure_bug_level( config_get( 'report_bug_threshold' ), $f_bug_id );
+	}
+}
+else access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
 
 html_page_top( bug_format_summary( $f_bug_id, SUMMARY_CAPTION ) );
 
diff -aur ../mantisbt-1.2.12/bug_update.php ./bug_update.php
--- bug_update.php	2012-11-11 23:10:40.000000000 +0000
+++ bug_update.php	2013-04-06 19:24:54.943149999 +0000
@@ -53,6 +53,7 @@
 				&& access_has_bug_level( config_get( 'report_bug_threshold' ), $f_bug_id, $t_user )
 				&& (   ON == config_get( 'allow_reporter_reopen' )
 					|| ON == config_get( 'allow_reporter_close' )
+					|| ON == config_get( 'allow_reporter_update' )
 				   )
 			   )
 		  )
diff -aur ../mantisbt-1.2.12/config_defaults_inc.php ./config_defaults_inc.php
--- config_defaults_inc.php	2012-11-11 23:10:40.000000000 +0000
+++ config_defaults_inc.php	2013-04-06 19:46:50.403150021 +0000
@@ -2575,6 +2575,13 @@
 	$g_allow_reporter_reopen	= ON;
 
 	/**
+	 * reporter can update
+	 * Allow reporters to update the bugs they reported, without being able to update any other bugs.
+	 * @global int $g_allow_reporter_update
+	 */
+	$g_allow_reporter_update	= OFF;
+
+	/**
 	 * reporter can upload
 	 * Allow reporters to upload attachments to bugs they reported.
 	 * @global int $g_allow_reporter_upload
diff -aur ../mantisbt-1.2.12/core/html_api.php ./core/html_api.php
--- core/html_api.php	2012-11-11 23:10:40.000000000 +0000
+++ core/html_api.php	2013-04-06 19:14:43.679150001 +0000
@@ -1370,7 +1370,12 @@
  * @return null
  */
 function html_button_bug_update( $p_bug_id ) {
-	if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {
+	if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ||
+		( access_has_bug_level( config_get( 'report_bug_threshold' ), $p_bug_id ) &&
+			bug_is_user_reporter( $p_bug_id, auth_get_current_user_id() ) &&
+			ON == config_get( 'allow_reporter_update' )
+			)
+		) {
 		html_button( string_get_bug_update_page(), lang_get( 'update_bug_button' ), array( 'bug_id' => $p_bug_id ) );
 	}
 }

Relationships

related to 0005248 confirmed Restrict Handler (Developper) and Reporter to modify only their OWN issues 
has duplicate 0008143 closedryandesign Issue reporter can update own reported issue 
has duplicate 0008142 closedryandesign Issue reporter can update own reported issue 
has duplicate 0012349 closedatrol A reporter must be able to update his own issue (status, assigned, all details...) while not being to update others' issues 
has duplicate 0014038 closedatrol A reporter should have the right to edit his/her own issues as long they have status New 
has duplicate 0007225 closeddregad Reporters can override their permissions if they have access to the "Update Issue" button 
has duplicate 0030147 closeddregad It should be possible to give reporter permission to edit own reports 

Activities

exkludge

exkludge

2007-07-12 00:20

reporter   ~0014943

Last edited: 2007-07-12 00:27

hmmm... just what i was trying to say.

i missed the closing tag for "bold" (in 0008141) and i can't edit my own reported issue.

I tried to "back" my browser to complete the "bold" tag and tried to submit my "issue" without thinking that it will create another "ISSUE ID" (0008142, 0008143)...

kindly relate these issues 0008141, 0008142, 0008143 (because i guess it cannot be deleted...sorry about that)

squarebox

squarebox

2010-02-05 01:02

reporter   ~0024323

don't know about in your version, but in mantis 1.2.0rc2 (and i think 1.1.8) you can go Manage -->Manage Configuration --> Workflow Threshold and in the "update" row add a check for "reporter" column.

elias

elias

2010-09-15 06:19

reporter   ~0026718

so this request has been added 3 years ago, and it is still set as NEW!

Any plans on dealing with this? If not, at least let us know.

dregad

dregad

2010-09-16 07:45

developer   ~0026733

This would be nice to have !

bbufo

bbufo

2010-10-14 17:50

reporter   ~0027025

Warning,

squarebox's method will make Reports able to update all issues, including other person's issues. It has the same effect as setting the person to an "updater".

That is wrong. Do not do that. A real solution is needed.

squarebox

squarebox

2010-10-14 21:54

reporter   ~0027026

sorry i didn't catch that point about updating one's own reports. Bbufo is correct that my suggested change would allow all tickets to be updatable by reporters.

@elias: the mantis team, in particular Atrol, has been doing a review of all open bugs for the past few months. There is something like over 5k open bug reports and they are slowly, but surely working through them.

Goaul

Goaul

2012-10-14 13:33

reporter   ~0033193

Well yeah, such option where reporters can edit only their reported issues would be very handy.

Now there is only to allow all reporters to edit each others issues that isnt really usable.

Would be great to have such feature or atleast some workaround.

yany

yany

2012-12-14 18:49

reporter   ~0034544

Yep, this would be a nice feature. I think it is a fundamental possibility anywhere on the Internet for anybody to review and correct her/his own submit if there is a mistake in it. I really don't understand how can this little issue survive so many years without a fix. Now we have to use permissions similar to the Updaters just because of this. (just as squarebox hinted :))

kuntal

kuntal

2012-12-24 04:40

reporter   ~0034609

the reporter should be able to update his/her own issue. it would be better and user friendly.

TerrorBite

TerrorBite

2013-04-06 16:37

reporter   ~0036529

I have attached an experimental patch for Mantis 1.2.12 and 1.2.14 that enables reporters to update their own issues only if the allow_reporter_update setting is enabled. This setting defaults to OFF, so Mantis will behave as normal unless the setting is changed. Like other settings it can also be changed on a per-project and/or per-user basis.

TerrorBite

TerrorBite

2013-08-03 06:51

reporter   ~0037609

Was this patch (or similar functionality) ever implemented? I.e. is this still an issue?

TerrorBite

TerrorBite

2013-12-16 04:19

reporter   ~0038859

Can this please be looked at for feature inclusion in 2.0?

cordylus

cordylus

2016-11-05 00:31

reporter   ~0054432

Could this be implemented, please? It bugs me as a bug reporter a lot.

P.S. The bug is almost a decade already, that's crazy, I would consider this a basic functionality.

samtuke

samtuke

2018-10-24 09:31

reporter   ~0060843

This is still a problem for us and would be great to see it changed

Kunda

Kunda

2019-09-04 08:20

reporter   ~0062723

Hi @dregad is this ticket on the radar? Is there a way to set this functionality in MantisBT 2.21.0/2.22.0 ?

dregad

dregad

2019-09-04 10:15

developer   ~0062724

There are no plans to implement it at the moment, but if someone would send us a pull request with a working patch, we would gladly reviewed it for eventual inclusion in a later release.

Kunda

Kunda

2019-09-07 12:36

reporter   ~0062750

Actually, it does look possible

Mantis-edit-issue.png (62,691 bytes)   
Mantis-edit-issue.png (62,691 bytes)   
dregad

dregad

2019-09-09 03:40

developer   ~0062753

Actually, it does look possible

@Kunda This setting will allow reporters to update ALL issues, not just their own...

Kunda

Kunda

2019-09-10 18:19

reporter   ~0062763

Last edited: 2019-09-10 18:19

This setting will allow reporters to update ALL issues, not just their own...

@dregad bummer

vic-t

vic-t

2022-05-06 09:36

reporter   ~0066539

Not aware that this issue already exists, I just created a duplicate (0030147).

While my duplicate was closed, I would like to preserve this addition:

Personally, I'd even go a step further in making a permission that has further dependencies. While an issue is being discussed (i.e. while the status is one of new, feedback, or acknowledged), the reporter should have the possibility to correct his issue description. But after the status has been set to confirmed, which usually means that someone is going to work on it, changes should no longer be possible.

atrol

atrol

2022-05-06 09:50

developer   ~0066540

@vic-t the following existing options might be enough to cover your addition

**
 * Bug becomes readonly if its status is >= this status.  The bug becomes
 * read/write again if re-opened and its status becomes less than this
 * threshold.
 * @global integer $g_bug_readonly_status_threshold
 */
$g_bug_readonly_status_threshold = RESOLVED;

/**
 * Threshold needed to update readonly bugs.  Readonly bugs are identified via
 * $g_bug_readonly_status_threshold.
 * @global integer $g_update_readonly_bug_threshold
 */
$g_update_readonly_bug_threshold = MANAGER;
vic-t

vic-t

2022-05-06 10:03

reporter   ~0066541

@atrol Indeed, thanks!

Maybe this is not the right place but can I ask why this request has not been resolved in over a decade? It seems there is enough interest out there. Is it maybe too complex, would too many places in the software have to be rewritten for this?

dregad

dregad

2022-05-07 12:02

developer   ~0066544

can I ask why this request has not been resolved in over a decade

Because nobody has judged this feature important enough to justify investing time and effort in developing it yet... As for complexity TBH I don't know as I never looked into it in detail, but as it is touching security it might be a bit tricky.

If you have the skills and resources to do it, then by all means do submit a pull request, we'll gladly review and merge it.

atrol

atrol

2022-05-07 12:24

developer   ~0066545

Last edited: 2022-05-08 05:51

@dregad I started to work on that, but while looking at it I found some bugs around affected code that should be fixed first, e.g. 0030178 and 0030182
@vic-t I can't promise anything, as I might have to stop my work if it should become to complex.

TerrorBite

TerrorBite

2022-05-07 21:18

reporter   ~0066547

Hi @atrol, in 2013 I attached a patch file that I believed could resolve this issue. Would this be of any help to you?

atrol

atrol

2022-05-08 12:06

developer   ~0066548

Sorry @TerrorBite seems that nobody was really aware of the patch.

In general it's the way to go and similar to what I started.
I didn't try in 1.2, but if I see right, your patch introduces a major security issue.
If allow_reporter_update is set to ON and the user is not the reporter, then there are not any access checks.
As pointed out by dregad, this can be a bit tricky.
E.g. see the change in my_view_inc.php of my WIP branch how it should look like.
https://github.com/mantisbt/mantisbt/compare/master...atrol:i8141-reporters-update-own-issues

vic-t

vic-t

2022-05-10 13:47

reporter   ~0066556

@atrol

I can't promise anything, as I might have to stop my work if it should become to complex.

It's open source, no expectation, just a lot of appreciation for the work you guys do. :-)

atrol

atrol

2022-05-13 03:51

developer   ~0066576

WIP PR https://github.com/mantisbt/mantisbt/pull/1811