/**
* Whether to skip this event after access checks
* @return boolean
*/
public function skip()
{
if (!bugnote_exists($this->issue_note_id)) {
return true;
}
if (!access_has_bugnote_level(VIEWER, $this->issue_note_id)) {
return true;
}
return false;
}
/**
* Check if the user has the specified access level for the given bugnote
* and deny access to the page if not
* @see access_has_bugnote_level
* @param int $p_access_level integer representing access level
* @param int $p_bugnote_id integer representing bugnote id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @access public
*/
function access_ensure_bugnote_level($p_access_level, $p_bugnote_id, $p_user_id = null)
{
if (!access_has_bugnote_level($p_access_level, $p_bugnote_id, $p_user_id)) {
access_denied();
}
}
if (!bug_is_readonly($f_bug_id)) {
# check if the user can edit this bugnote
if ($t_user_id == $t_bugnote->reporter_id) {
$t_can_edit_bugnote = access_has_bugnote_level($t_bugnote_user_edit_threshold, $t_bugnote->id);
} else {
$t_can_edit_bugnote = $t_can_edit_all_bugnotes;
}
# check if the user can delete this bugnote
if ($t_user_id == $t_bugnote->reporter_id) {
$t_can_delete_bugnote = access_has_bugnote_level($t_bugnote_user_delete_threshold, $t_bugnote->id);
} else {
$t_can_delete_bugnote = $t_can_delete_all_bugnotes;
}
# check if the user can make this bugnote private
if ($t_user_id == $t_bugnote->reporter_id) {
$t_can_change_view_state = access_has_bugnote_level($t_bugnote_user_change_view_state_threshold, $t_bugnote->id);
} else {
$t_can_change_view_state = $t_can_change_view_state_all_bugnotes;
}
# show edit button if the user is allowed to edit this bugnote
if ($t_can_edit_bugnote) {
print_button('bugnote_edit_page.php?bugnote_id=' . $t_bugnote->id, lang_get('bugnote_edit_link'));
}
# show delete button if the user is allowed to delete this bugnote
if ($t_can_delete_bugnote) {
print_button('bugnote_delete.php?bugnote_id=' . $t_bugnote->id, lang_get('delete_link'));
}
# show make public or make private button if the user is allowed to change the view state of this bugnote
if ($t_can_change_view_state) {
if (VS_PRIVATE == $t_bugnote->view_state) {
print_button('bugnote_set_view_state.php?private=0&bugnote_id=' . $t_bugnote->id, lang_get('make_public'));
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* @param string $p_password The password of the user.
* @param stdClass $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, stdClass $p_note)
{
global $g_project_override;
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
$p_note = SoapObjectsFactory::unwrapObject($p_note);
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note id must not be blank.');
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note text must not be blank.');
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note \'' . $t_issue_note_id . '\' does not exist.');
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
$g_project_override = $t_project_id;
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_user_edit_threshold', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $t_issue_id . '\' is readonly');
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id == VS_PRIVATE);
}
log_event(LOG_WEBSERVICE, 'updating bugnote id \'' . $t_issue_note_id . '\'');
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
/**
* @todo yarick123: email_collect_recipients(...) will be completely rewritten to provide additional information such as language, user access,..
* @todo yarick123:sort recipients list by language to reduce switches between different languages
* @param int $p_bug_id
* @param string $p_notify_type
* @param array $p_extra_user_ids_to_email
* @return array
*/
function email_collect_recipients($p_bug_id, $p_notify_type, $p_extra_user_ids_to_email = array())
{
$c_bug_id = db_prepare_int($p_bug_id);
$t_recipients = array();
# add explicitly specified users
if (ON == email_notify_flag($p_notify_type, 'explicit')) {
foreach ($p_extra_user_ids_to_email as $t_user_id) {
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add explicitly specified user = @U%d', $p_bug_id, $t_user_id));
}
}
# add Reporter
if (ON == email_notify_flag($p_notify_type, 'reporter')) {
$t_reporter_id = bug_get_field($p_bug_id, 'reporter_id');
$t_recipients[$t_reporter_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Reporter = @U%d', $p_bug_id, $t_reporter_id));
}
# add Handler
if (ON == email_notify_flag($p_notify_type, 'handler')) {
$t_handler_id = bug_get_field($p_bug_id, 'handler_id');
if ($t_handler_id > 0) {
$t_recipients[$t_handler_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Handler = @U%d', $p_bug_id, $t_handler_id));
}
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# add users monitoring the bug
$t_bug_monitor_table = db_get_table('mantis_bug_monitor_table');
if (ON == email_notify_flag($p_notify_type, 'monitor')) {
$query = "SELECT DISTINCT user_id\n\t\t\t\t\t FROM {$t_bug_monitor_table}\n\t\t\t\t\t WHERE bug_id=" . db_param();
$result = db_query_bound($query, array($c_bug_id));
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Monitor = @U%d', $p_bug_id, $t_user_id));
}
}
# add users who contributed bugnotes
$t_bugnote_id = bugnote_get_latest_id($p_bug_id);
$t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state');
$t_bugnote_date = bugnote_get_field($t_bugnote_id, 'last_modified');
$t_bug = bug_get($p_bug_id);
$t_bug_date = $t_bug->last_updated;
$t_bugnote_table = db_get_table('mantis_bugnote_table');
if (ON == email_notify_flag($p_notify_type, 'bugnotes')) {
$query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t FROM {$t_bugnote_table}\n\t\t\t\t\t WHERE bug_id = " . db_param();
$result = db_query_bound($query, array($c_bug_id));
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Note Author = @U%d', $p_bug_id, $t_user_id));
}
}
# add project users who meet the thresholds
$t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE;
$t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min');
$t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max');
$t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min);
foreach ($t_threshold_users as $t_user) {
if ($t_user['access_level'] <= $t_threshold_max) {
if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) {
$t_recipients[$t_user['id']] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Project User = @U%d', $p_bug_id, $t_user['id']));
}
}
}
# add users as specified by plugins
$t_recipients_include_data = event_signal('EVENT_NOTIFY_USER_INCLUDE', array($p_bug_id, $p_notify_type));
foreach ($t_recipients_include_data as $t_plugin => $t_recipients_include_data2) {
foreach ($t_recipients_include_data2 as $t_callback => $t_recipients_included) {
# only handle if we get an array from the callback
if (is_array($t_recipients_included)) {
foreach ($t_recipients_included as $t_user_id) {
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin added user @U%d', $p_bug_id, $t_plugin, $t_user_id));
}
}
}
}
# FIXME: the value of $p_notify_type could at this stage be either a status
# or a built-in actions such as 'owner and 'sponsor'. We have absolutely no
# idea whether 'new' is indicating a new bug has been filed, or if the
# status of an existing bug has been changed to 'new'. Therefore it is best
# to just assume built-in actions have precedence over status changes.
switch ($p_notify_type) {
case 'new':
case 'feedback':
# This isn't really a built-in action (delete me!)
# This isn't really a built-in action (delete me!)
case 'reopened':
case 'resolved':
case 'closed':
case 'bugnote':
$t_pref_field = 'email_on_' . $p_notify_type;
break;
case 'owner':
# The email_on_assigned notification type is now effectively
# email_on_change_of_handler.
$t_pref_field = 'email_on_assigned';
break;
case 'deleted':
case 'updated':
case 'sponsor':
case 'relation':
case 'monitor':
case 'priority':
# This is never used, but exists in the database!
# FIXME: these notification actions are not actually implemented
# in the database and therefore aren't adjustable on a per-user
# basis! The exception is 'monitor' that makes no sense being a
# customisable per-user preference.
$t_pref_field = false;
break;
default:
# Anything not built-in is probably going to be a status
$t_pref_field = 'email_on_status';
break;
}
# @@@ we could optimize by modifiying user_cache() to take an array
# of user ids so we could pull them all in. We'll see if it's necessary
$t_final_recipients = array();
$t_user_ids = array_keys($t_recipients);
user_cache_array_rows($t_user_ids);
user_pref_cache_array_rows($t_user_ids);
user_pref_cache_array_rows($t_user_ids, $t_bug->project_id);
# Check whether users should receive the emails
# and put email address to $t_recipients[user_id]
foreach ($t_recipients as $t_id => $t_ignore) {
# Possibly eliminate the current user
if (auth_get_current_user_id() == $t_id && OFF == config_get('email_receive_own')) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (own)', $p_bug_id, $t_id));
continue;
}
# Eliminate users who don't exist anymore or who are disabled
if (!user_exists($t_id) || !user_is_enabled($t_id)) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (disabled)', $p_bug_id, $t_id));
continue;
}
# Exclude users who have this notification type turned off
if ($t_pref_field) {
$t_notify = user_pref_get_pref($t_id, $t_pref_field);
if (OFF == $t_notify) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref %s off)', $p_bug_id, $t_id, $t_pref_field));
continue;
} else {
# Users can define the severity of an issue before they are emailed for
# each type of notification
$t_min_sev_pref_field = $t_pref_field . '_min_severity';
$t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field);
$t_bug_severity = bug_get_field($p_bug_id, 'severity');
if ($t_bug_severity < $t_min_sev_notify) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref threshold)', $p_bug_id, $t_id));
continue;
}
}
}
# exclude users who don't have at least viewer access to the bug,
# or who can't see bugnotes if the last update included a bugnote
if (!access_has_bug_level(VIEWER, $p_bug_id, $t_id) || $t_bug_date == $t_bugnote_date && !access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (access level)', $p_bug_id, $t_id));
continue;
}
# check to exclude users as specified by plugins
$t_recipient_exclude_data = event_signal('EVENT_NOTIFY_USER_EXCLUDE', array($p_bug_id, $p_notify_type, $t_id));
$t_exclude = false;
foreach ($t_recipient_exclude_data as $t_plugin => $t_recipient_exclude_data2) {
foreach ($t_recipient_exclude_data2 as $t_callback => $t_recipient_excluded) {
# exclude if any plugin returns true (excludes the user)
if ($t_recipient_excluded) {
$t_exclude = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin dropped user @U%d', $p_bug_id, $t_plugin, $t_id));
}
}
}
# user was excluded by a plugin
if ($t_exclude) {
continue;
}
# Finally, let's get their emails, if they've set one
$t_email = user_get_email($t_id);
if (is_blank($t_email)) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (no email)', $p_bug_id, $t_id));
} else {
# @@@ we could check the emails for validity again but I think
# it would be too slow
$t_final_recipients[$t_id] = $t_email;
}
}
return $t_final_recipients;
}
function email_collect_recipients($p_bug_id, $p_notify_type)
{
$c_bug_id = db_prepare_int($p_bug_id);
$t_recipients = array();
# add Reporter
if (ON == email_notify_flag($p_notify_type, 'reporter')) {
$t_reporter_id = bug_get_field($p_bug_id, 'reporter_id');
$t_recipients[$t_reporter_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add reporter={$t_reporter_id}");
}
# add Handler
if (ON == email_notify_flag($p_notify_type, 'handler')) {
$t_handler_id = bug_get_field($p_bug_id, 'handler_id');
if ($t_handler_id > 0) {
$t_recipients[$t_handler_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add handler={$t_handler_id}");
}
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# add users monitoring the bug
$t_bug_monitor_table = config_get('mantis_bug_monitor_table');
if (ON == email_notify_flag($p_notify_type, 'monitor')) {
$query = "SELECT DISTINCT user_id\n\t\t\t\t\t FROM {$t_bug_monitor_table}\n\t\t\t\t\t WHERE bug_id={$c_bug_id}";
$result = db_query($query);
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add monitor={$t_user_id}");
}
}
# add users who contributed bugnotes
$t_bugnote_id = bugnote_get_latest_id($p_bug_id);
$t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state');
$t_bugnote_date = db_unixtimestamp(bugnote_get_field($t_bugnote_id, 'last_modified'));
$t_bug_date = bug_get_field($p_bug_id, 'last_updated');
$t_bugnote_table = config_get('mantis_bugnote_table');
if (ON == email_notify_flag($p_notify_type, 'bugnotes')) {
$query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t FROM {$t_bugnote_table}\n\t\t\t\t\t WHERE bug_id = {$c_bug_id}";
$result = db_query($query);
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add note author={$t_user_id}");
}
}
# add project users who meet the thresholds
$t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE;
$t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min');
$t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max');
$t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min);
foreach ($t_threshold_users as $t_user) {
if ($t_user['access_level'] <= $t_threshold_max) {
if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) {
$t_recipients[$t_user['id']] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add project user="******"bug={$p_bug_id}, drop {$t_id} (own)");
continue;
}
# Eliminate users who don't exist anymore or who are disabled
if (!user_exists($t_id) || !user_is_enabled($t_id)) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (disabled)");
continue;
}
# Exclude users who have this notification type turned off
if ($t_pref_field) {
$t_notify = user_pref_get_pref($t_id, $t_pref_field);
if (OFF == $t_notify) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (pref {$t_pref_field} off)");
continue;
} else {
# Users can define the severity of an issue before they are emailed for
# each type of notification
$t_min_sev_pref_field = $t_pref_field . '_min_severity';
$t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field);
$t_bug_severity = bug_get_field($p_bug_id, 'severity');
if ($t_bug_severity < $t_min_sev_notify) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (pref threshold)");
continue;
}
}
}
# check that user can see bugnotes if the last update included a bugnote
if ($t_bug_date == $t_bugnote_date) {
if (!access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (access level)");
continue;
}
}
# Finally, let's get their emails, if they've set one
$t_email = user_get_email($t_id);
if (is_blank($t_email)) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (no email)");
} else {
# @@@ we could check the emails for validity again but I think
# it would be too slow
$t_final_recipients[$t_id] = $t_email;
}
}
return $t_final_recipients;
}
public function put($request)
{
/**
* Updates the note.
*
* Only the text and view state of the note can be altered.
*
* @param $request - The request we're responding to
*/
$this->note_id = Bugnote::get_mantis_id_from_url($request->url);
if (!bugnote_exists($this->note_id)) {
throw new HTTPException(404, "No such bug note: {$this->note_id}");
}
# Check if the current user is allowed to edit the bugnote
# (This comes from Mantis's bugnote_update.php)
$user_id = auth_get_current_user_id();
$reporter_id = bugnote_get_field($this->note_id, 'reporter_id');
$bug_id = bugnote_get_field($this->note_id, 'bug_id');
if ($user_id != $reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) {
if (!access_has_bugnote_level(config_get('update_bugnote_threshold'), $this->note_id)) {
throw new HTTPException(403, "Access denied");
}
}
if (bug_is_readonly($bug_id)) {
throw new HTTPException(500, "Can't edit a note on a read-only bug");
}
$this->populate_from_repr($request->body);
bugnote_set_view_state($this->note_id, !!$this->_get_rsrc_attr('private'));
bugnote_set_text($this->note_id, $this->_get_mantis_attr('note'));
$resp = new Response();
$resp->status = 204;
return $resp;
}
/**
* Gets the billing information for the specified project during the specified date range.
*
* @param integer $p_project_id A project identifier or ALL_PROJECTS.
* @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored.
* @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored.
* @param integer $p_cost_per_hour Cost per hour.
* @return array array of bugnotes
* @access public
*/
function billing_get_for_project($p_project_id, $p_from, $p_to, $p_cost_per_hour)
{
$t_params = array();
$c_to = strtotime($p_to) + SECONDS_PER_DAY - 1;
$c_from = strtotime($p_from);
if ($c_to === false || $c_from === false) {
error_parameters(array($p_from, $p_to));
trigger_error(ERROR_GENERIC, ERROR);
}
if (ALL_PROJECTS != $p_project_id) {
access_ensure_project_level(config_get('view_bug_threshold'), $p_project_id);
$t_project_where = ' AND b.project_id = ' . db_param() . ' AND bn.bug_id = b.id ';
$t_params[] = $p_project_id;
} else {
$t_project_ids = user_get_all_accessible_projects();
$t_project_where = ' AND b.project_id in (' . implode(', ', $t_project_ids) . ')';
}
if (!is_blank($c_from)) {
$t_from_where = ' AND bn.date_submitted >= ' . db_param();
$t_params[] = $c_from;
} else {
$t_from_where = '';
}
if (!is_blank($c_to)) {
$t_to_where = ' AND bn.date_submitted <= ' . db_param();
$t_params[] = $c_to;
} else {
$t_to_where = '';
}
$t_results = array();
$t_query = 'SELECT bn.id id, bn.time_tracking minutes, bn.date_submitted as date_submitted, bnt.note note,
u.realname realname, b.project_id project_id, b.summary bug_summary, bn.bug_id bug_id, bn.reporter_id reporter_id
FROM {user} u, {bugnote} bn, {bug} b, {bugnote_text} bnt
WHERE u.id = bn.reporter_id AND bn.time_tracking != 0 AND bn.bug_id = b.id AND bnt.id = bn.bugnote_text_id
' . $t_project_where . $t_from_where . $t_to_where . '
ORDER BY bn.id';
$t_result = db_query($t_query, $t_params);
$t_cost_per_min = $p_cost_per_hour / 60.0;
$t_access_level_required = config_get('time_tracking_view_threshold');
while ($t_row = db_fetch_array($t_result)) {
if (!access_has_bugnote_level($t_access_level_required, $t_row['id'])) {
continue;
}
$t_total_cost = $t_cost_per_min * $t_row['minutes'];
$t_row['cost'] = $t_total_cost;
$t_results[] = $t_row;
}
$t_billing_rows = billing_rows_to_array($t_results);
return $t_billing_rows;
}
/**
* Delete a note given its id.
*
* @param string $p_username The name of the user trying to add a note to an issue.
* @param string $p_password The password of the user.
* @param integer $p_issue_note_id The id of the note to be deleted.
* @return true: success, false: failure
*/
function mc_issue_note_delete($p_username, $p_password, $p_issue_note_id)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if ((int) $p_issue_note_id < 1) {
return new soap_fault('Client', '', "Invalid issue note id '{$p_issue_note_id}'.");
}
if (!bugnote_exists($p_issue_note_id)) {
return new soap_fault('Client', '', "Issue note '{$p_issue_note_id}' does not exist.");
}
$t_issue_id = bugnote_get_field($p_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_reporter_id = bugnote_get_field($p_issue_note_id, 'reporter_id');
// mirrors check from bugnote_delete.php
if ($t_user_id == $t_reporter_id) {
$t_threshold_config_name = 'bugnote_user_delete_threshold';
} else {
$t_threshold_config_name = 'delete_bugnote_threshold';
}
if (!access_has_bugnote_level(config_get($t_threshold_config_name), $p_issue_note_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
return bugnote_delete($p_issue_note_id);
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* param string $p_password The password of the user.
* @param IssueNoteData $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, $p_note)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return new soap_fault('Client', '', "Issue note id must not be blank.");
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return new soap_fault('Client', '', "Issue note text must not be blank.");
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return new soap_fault('Server', '', "Issue note '{$t_issue_note_id}' does not exist.");
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_allow_user_edit_delete', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, "Issue ' . {$t_issue_id} . ' is readonly");
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id);
}
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
