0009728: Project-Manager cannot update Project-Categories - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0009728	mantisbt	administration	public	2008-10-22 05:22	2009-01-15 11:26

Reporter	eiben	Assigned To	jreese
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Platform	PC	OS	Linux	OS Version	1.2.0a2
Product Version	1.2.0a2
Fixed in Version	1.2.0a3

Summary	0009728: Project-Manager cannot update Project-Categories
Description	I just stumbled across this error: I have a project with a project-manager assigned. While this manager can add new categories alright, whenever he tries to update an existing category he gets an ACCESS_DENIED error. I figured, that in the manage_proj_cat_edit_page.php the project_id field is missing, so the access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id ); always tests for the permission on ALL_PROJECTS (because of $f_project_id = gpc_get_int( 'project_id', ALL_PROJECTS ); However, by adding <input type="hidden" name="project_id" value="<?php echo $f_project_id ?>" /> to the manage_proj_cat_edit_page.php the problem could be resolved :)
Tags	No tags attached.
Attached Files	cat_edit_page.patch (382 bytes) * webroot/manage_proj_cat_edit_page.php.orig Wed Oct 22 11:24:46 2008 --- webroot/manage_proj_cat_edit_page.php Wed Oct 22 11:15:10 2008 *********** * 53,56 **** --- 53,57 ---- <tr> <td class="form-title" colspan="2"> + <input type="hidden" name="project_id" value="<?php echo $f_project_id ?>" /> <?php echo lang_get( 'edit_project_category_title' ) ?> </td> cat_edit_page.patch (382 bytes)

MantisBT: master 67313fa8 2008-10-22 08:41 jreese Details Diff	Fix 0009728: Project ID was not passed when editing categories. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5709 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		Affected Issues 0009728
	mod - manage_proj_cat_edit_page.php		Diff File