/**
* Whether to skip this event after access checks
* @return boolean
*/
public function skip()
{
if (!bugnote_exists($this->issue_note_id)) {
return true;
}
if (!access_has_bugnote_level(VIEWER, $this->issue_note_id)) {
return true;
}
return false;
}
/**
* Localizes one raw history item specified by set the next parameters: $p_field_name, $p_type, $p_old_value, $p_new_value
* Returns array with two elements indexed as 'note' and 'change'
* @param string $p_field_name The field name of the field being localized.
* @param integer $p_type The type of the history entry.
* @param string $p_old_value The old value of the field.
* @param string $p_new_value The new value of the field.
* @param boolean $p_linkify Whether to return a string containing hyperlinks.
* @return array
*/
function history_localize_item($p_field_name, $p_type, $p_old_value, $p_new_value, $p_linkify = true)
{
$t_note = '';
$t_change = '';
$t_field_localized = $p_field_name;
$t_raw = true;
if (PLUGIN_HISTORY == $p_type) {
$t_note = lang_get_defaulted('plugin_' . $p_field_name, $p_field_name);
$t_change = isset($p_new_value) ? $p_old_value . ' => ' . $p_new_value : $p_old_value;
return array('note' => $t_note, 'change' => $t_change, 'raw' => true);
}
switch ($p_field_name) {
case 'category':
$t_field_localized = lang_get('category');
break;
case 'status':
$p_old_value = get_enum_element('status', $p_old_value);
$p_new_value = get_enum_element('status', $p_new_value);
$t_field_localized = lang_get('status');
break;
case 'severity':
$p_old_value = get_enum_element('severity', $p_old_value);
$p_new_value = get_enum_element('severity', $p_new_value);
$t_field_localized = lang_get('severity');
break;
case 'reproducibility':
$p_old_value = get_enum_element('reproducibility', $p_old_value);
$p_new_value = get_enum_element('reproducibility', $p_new_value);
$t_field_localized = lang_get('reproducibility');
break;
case 'resolution':
$p_old_value = get_enum_element('resolution', $p_old_value);
$p_new_value = get_enum_element('resolution', $p_new_value);
$t_field_localized = lang_get('resolution');
break;
case 'priority':
$p_old_value = get_enum_element('priority', $p_old_value);
$p_new_value = get_enum_element('priority', $p_new_value);
$t_field_localized = lang_get('priority');
break;
case 'eta':
$p_old_value = get_enum_element('eta', $p_old_value);
$p_new_value = get_enum_element('eta', $p_new_value);
$t_field_localized = lang_get('eta');
break;
case 'view_state':
$p_old_value = get_enum_element('view_state', $p_old_value);
$p_new_value = get_enum_element('view_state', $p_new_value);
$t_field_localized = lang_get('view_status');
break;
case 'projection':
$p_old_value = get_enum_element('projection', $p_old_value);
$p_new_value = get_enum_element('projection', $p_new_value);
$t_field_localized = lang_get('projection');
break;
case 'sticky':
$p_old_value = gpc_string_to_bool($p_old_value) ? lang_get('yes') : lang_get('no');
$p_new_value = gpc_string_to_bool($p_new_value) ? lang_get('yes') : lang_get('no');
$t_field_localized = lang_get('sticky_issue');
break;
case 'project_id':
if (project_exists($p_old_value)) {
$p_old_value = project_get_field($p_old_value, 'name');
} else {
$p_old_value = '@' . $p_old_value . '@';
}
# Note that the new value maybe an intermediately project and not the
# current one.
if (project_exists($p_new_value)) {
$p_new_value = project_get_field($p_new_value, 'name');
} else {
$p_new_value = '@' . $p_new_value . '@';
}
$t_field_localized = lang_get('email_project');
break;
case 'handler_id':
$t_field_localized = lang_get('assigned_to');
case 'reporter_id':
if ('reporter_id' == $p_field_name) {
$t_field_localized = lang_get('reporter');
}
if (0 == $p_old_value) {
$p_old_value = '';
} else {
$p_old_value = user_get_name($p_old_value);
}
if (0 == $p_new_value) {
$p_new_value = '';
} else {
$p_new_value = user_get_name($p_new_value);
}
break;
case 'version':
$t_field_localized = lang_get('product_version');
break;
case 'fixed_in_version':
$t_field_localized = lang_get('fixed_in_version');
break;
case 'target_version':
$t_field_localized = lang_get('target_version');
break;
case 'date_submitted':
$p_old_value = date(config_get('normal_date_format'), $p_old_value);
$p_new_value = date(config_get('normal_date_format'), $p_new_value);
$t_field_localized = lang_get('date_submitted');
break;
case 'last_updated':
$p_old_value = date(config_get('normal_date_format'), $p_old_value);
$p_new_value = date(config_get('normal_date_format'), $p_new_value);
$t_field_localized = lang_get('last_update');
break;
case 'os':
$t_field_localized = lang_get('os');
break;
case 'os_build':
$t_field_localized = lang_get('os_version');
break;
case 'build':
$t_field_localized = lang_get('build');
break;
case 'platform':
$t_field_localized = lang_get('platform');
break;
case 'summary':
$t_field_localized = lang_get('summary');
break;
case 'duplicate_id':
$t_field_localized = lang_get('duplicate_id');
break;
case 'sponsorship_total':
$t_field_localized = lang_get('sponsorship_total');
break;
case 'due_date':
if ($p_old_value !== '') {
$p_old_value = date(config_get('normal_date_format'), (int) $p_old_value);
}
if ($p_new_value !== '') {
$p_new_value = date(config_get('normal_date_format'), (int) $p_new_value);
}
$t_field_localized = lang_get('due_date');
break;
default:
# assume it's a custom field name
$t_field_id = custom_field_get_id_from_name($p_field_name);
if (false !== $t_field_id) {
$t_cf_type = custom_field_type($t_field_id);
if ('' != $p_old_value) {
$p_old_value = string_custom_field_value_for_email($p_old_value, $t_cf_type);
}
$p_new_value = string_custom_field_value_for_email($p_new_value, $t_cf_type);
$t_field_localized = lang_get_defaulted($p_field_name);
}
}
if (NORMAL_TYPE != $p_type) {
switch ($p_type) {
case NEW_BUG:
$t_note = lang_get('new_bug');
break;
case BUGNOTE_ADDED:
$t_note = lang_get('bugnote_added') . ': ' . $p_old_value;
break;
case BUGNOTE_UPDATED:
$t_note = lang_get('bugnote_edited') . ': ' . $p_old_value;
$t_old_value = (int) $p_old_value;
$t_new_value = (int) $p_new_value;
if ($p_linkify && bug_revision_exists($t_new_value)) {
if (bugnote_exists($t_old_value)) {
$t_bug_revision_view_page_argument = 'bugnote_id=' . $t_old_value . '#r' . $t_new_value;
} else {
$t_bug_revision_view_page_argument = 'rev_id=' . $t_new_value;
}
$t_change = '<a href="bug_revision_view_page.php?' . $t_bug_revision_view_page_argument . '">' . lang_get('view_revisions') . '</a>';
$t_raw = false;
}
break;
case BUGNOTE_DELETED:
$t_note = lang_get('bugnote_deleted') . ': ' . $p_old_value;
break;
case DESCRIPTION_UPDATED:
$t_note = lang_get('description_updated');
$t_old_value = (int) $p_old_value;
if ($p_linkify && bug_revision_exists($t_old_value)) {
$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $t_old_value . '#r' . $t_old_value . '">' . lang_get('view_revisions') . '</a>';
$t_raw = false;
}
break;
case ADDITIONAL_INFO_UPDATED:
$t_note = lang_get('additional_information_updated');
$t_old_value = (int) $p_old_value;
if ($p_linkify && bug_revision_exists($t_old_value)) {
$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $t_old_value . '#r' . $t_old_value . '">' . lang_get('view_revisions') . '</a>';
$t_raw = false;
}
break;
case STEP_TO_REPRODUCE_UPDATED:
$t_note = lang_get('steps_to_reproduce_updated');
$t_old_value = (int) $p_old_value;
if ($p_linkify && bug_revision_exists($t_old_value)) {
$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $t_old_value . '#r' . $t_old_value . '">' . lang_get('view_revisions') . '</a>';
$t_raw = false;
}
break;
case FILE_ADDED:
$t_note = lang_get('file_added') . ': ' . $p_old_value;
break;
case FILE_DELETED:
$t_note = lang_get('file_deleted') . ': ' . $p_old_value;
break;
case BUGNOTE_STATE_CHANGED:
$p_old_value = get_enum_element('view_state', $p_old_value);
$t_note = lang_get('bugnote_view_state') . ': ' . $p_new_value . ': ' . $p_old_value;
break;
case BUG_MONITOR:
$p_old_value = user_get_name($p_old_value);
$t_note = lang_get('bug_monitor') . ': ' . $p_old_value;
break;
case BUG_UNMONITOR:
if ($p_old_value !== '') {
$p_old_value = user_get_name($p_old_value);
}
$t_note = lang_get('bug_end_monitor') . ': ' . $p_old_value;
break;
case BUG_DELETED:
$t_note = lang_get('bug_deleted') . ': ' . $p_old_value;
break;
case BUG_ADD_SPONSORSHIP:
$t_note = lang_get('sponsorship_added');
$t_change = user_get_name($p_old_value) . ': ' . sponsorship_format_amount($p_new_value);
break;
case BUG_UPDATE_SPONSORSHIP:
$t_note = lang_get('sponsorship_updated');
$t_change = user_get_name($p_old_value) . ': ' . sponsorship_format_amount($p_new_value);
break;
case BUG_DELETE_SPONSORSHIP:
$t_note = lang_get('sponsorship_deleted');
$t_change = user_get_name($p_old_value) . ': ' . sponsorship_format_amount($p_new_value);
break;
case BUG_PAID_SPONSORSHIP:
$t_note = lang_get('sponsorship_paid');
$t_change = user_get_name($p_old_value) . ': ' . get_enum_element('sponsorship', $p_new_value);
break;
case BUG_ADD_RELATIONSHIP:
$t_note = lang_get('relationship_added');
$t_change = relationship_get_description_for_history($p_old_value) . ' ' . bug_format_id($p_new_value);
break;
case BUG_REPLACE_RELATIONSHIP:
$t_note = lang_get('relationship_replaced');
$t_change = relationship_get_description_for_history($p_old_value) . ' ' . bug_format_id($p_new_value);
break;
case BUG_DEL_RELATIONSHIP:
$t_note = lang_get('relationship_deleted');
# Fix for #7846: There are some cases where old value is empty, this may be due to an old bug.
if (!is_blank($p_old_value) && $p_old_value > 0) {
$t_change = relationship_get_description_for_history($p_old_value) . ' ' . bug_format_id($p_new_value);
} else {
$t_change = bug_format_id($p_new_value);
}
break;
case BUG_CLONED_TO:
$t_note = lang_get('bug_cloned_to') . ': ' . bug_format_id($p_new_value);
break;
case BUG_CREATED_FROM:
$t_note = lang_get('bug_created_from') . ': ' . bug_format_id($p_new_value);
break;
case TAG_ATTACHED:
$t_note = lang_get('tag_history_attached') . ': ' . $p_old_value;
break;
case TAG_DETACHED:
$t_note = lang_get('tag_history_detached') . ': ' . $p_old_value;
break;
case TAG_RENAMED:
$t_note = lang_get('tag_history_renamed');
$t_change = $p_old_value . ' => ' . $p_new_value;
break;
case BUG_REVISION_DROPPED:
$t_note = lang_get('bug_revision_dropped_history') . ': ' . bug_revision_get_type_name($p_new_value) . ': ' . $p_old_value;
break;
case BUGNOTE_REVISION_DROPPED:
$t_note = lang_get('bugnote_revision_dropped_history') . ': ' . $p_new_value . ': ' . $p_old_value;
break;
}
}
# output special cases
if (NORMAL_TYPE == $p_type) {
$t_note = $t_field_localized;
$t_change = $p_old_value . ' => ' . $p_new_value;
}
# end if DEFAULT
return array('note' => $t_note, 'change' => $t_change, 'raw' => $t_raw);
}
/**
* Check if a bugnote with the given ID exists
* return true if the bugnote exists, raise an error if not
* @param int $p_bugnote_id bugnote id
* @access public
*/
function bugnote_ensure_exists($p_bugnote_id)
{
if (!bugnote_exists($p_bugnote_id)) {
trigger_error(ERROR_BUGNOTE_NOT_FOUND, ERROR);
}
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* @param string $p_password The password of the user.
* @param stdClass $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, stdClass $p_note)
{
global $g_project_override;
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
$p_note = SoapObjectsFactory::unwrapObject($p_note);
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note id must not be blank.');
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note text must not be blank.');
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note \'' . $t_issue_note_id . '\' does not exist.');
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
$g_project_override = $t_project_id;
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_user_edit_threshold', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $t_issue_id . '\' is readonly');
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id == VS_PRIVATE);
}
log_event(LOG_WEBSERVICE, 'updating bugnote id \'' . $t_issue_note_id . '\'');
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
/**
* return an href anchor that links to a bug VIEW page for the given bug
* account for the user preference and site override
* @param integer $p_bug_id A bug identifier.
* @param integer $p_bugnote_id A bugnote identifier.
* @param integer $p_user_id A valid user identifier.
* @param boolean $p_detail_info Whether to include more detailed information (e.g. title attribute / project) in the returned string.
* @param boolean $p_fqdn Whether to return an absolute or relative link.
* @return string
*/
function string_get_bugnote_view_link($p_bug_id, $p_bugnote_id, $p_user_id = null, $p_detail_info = true, $p_fqdn = false)
{
$t_bug_id = (int) $p_bug_id;
if (bug_exists($t_bug_id) && bugnote_exists($p_bugnote_id)) {
$t_link = '<a href="';
if ($p_fqdn) {
$t_link .= config_get_global('path');
} else {
$t_link .= config_get_global('short_path');
}
$t_link .= string_get_bugnote_view_url($p_bug_id, $p_bugnote_id, $p_user_id) . '"';
if ($p_detail_info) {
$t_reporter = string_attribute(user_get_name(bugnote_get_field($p_bugnote_id, 'reporter_id')));
$t_update_date = string_attribute(date(config_get('normal_date_format'), bugnote_get_field($p_bugnote_id, 'last_modified')));
$t_link .= ' title="' . bug_format_id($t_bug_id) . ': [' . $t_update_date . '] ' . $t_reporter . '"';
}
$t_link .= '>' . bug_format_id($t_bug_id) . ':' . bugnote_format_id($p_bugnote_id) . '</a>';
} else {
$t_link = bugnote_format_id($t_bug_id) . ':' . bugnote_format_id($p_bugnote_id);
}
return $t_link;
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* param string $p_password The password of the user.
* @param IssueNoteData $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update( $p_username, $p_password, $p_note ) {
$t_user_id = mci_check_login( $p_username, $p_password );
if( $t_user_id === false ) {
return mci_soap_fault_login_failed();
}
if ( !isset( $p_note['id'] ) || is_blank( $p_note['id'] ) ) {
return new soap_fault( 'Client', '', "Issue id must not be blank." );
}
if ( !isset( $p_note['text'] ) || is_blank( $p_note['text'] ) ) {
return new soap_fault( 'Client', '', "Issue note text must not be blank." );
}
$t_issue_note_id = $p_note['id'];
if( !bugnote_exists( $t_issue_note_id ) ) {
return new soap_fault( 'Server', '', "Issue note '$t_issue_note_id' does not exist." );
}
$t_issue_id = bugnote_get_field( $t_issue_note_id, 'bug_id' );
$t_project_id = bug_get_field( $t_issue_id, 'project_id' );
if( !mci_has_readwrite_access( $t_user_id, $t_project_id ) ) {
return mci_soap_fault_access_denied( $t_user_id );
}
if( !access_has_bug_level( config_get( 'add_bugnote_threshold' ), $t_issue_id, $t_user_id ) ) {
return mci_soap_fault_access_denied( $t_user_id, "You do not have access rights to add notes to this issue" );
}
if( bug_is_readonly( $t_issue_id ) ) {
return mci_soap_fault_access_denied( $t_user_id, "Issue ' . $t_issue_id . ' is readonly" );
}
if( isset( $p_note['view_state'] )) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref( 'view_state', $t_view_state );
bugnote_set_view_state( $t_issue_note_id, $t_view_state_id );
}
bugnote_set_text( $t_issue_note_id, $p_note['text'] );
return bugnote_date_update( $t_issue_note_id );
}
public function put($request)
{
/**
* Updates the note.
*
* Only the text and view state of the note can be altered.
*
* @param $request - The request we're responding to
*/
$this->note_id = Bugnote::get_mantis_id_from_url($request->url);
if (!bugnote_exists($this->note_id)) {
throw new HTTPException(404, "No such bug note: {$this->note_id}");
}
# Check if the current user is allowed to edit the bugnote
# (This comes from Mantis's bugnote_update.php)
$user_id = auth_get_current_user_id();
$reporter_id = bugnote_get_field($this->note_id, 'reporter_id');
$bug_id = bugnote_get_field($this->note_id, 'bug_id');
if ($user_id != $reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) {
if (!access_has_bugnote_level(config_get('update_bugnote_threshold'), $this->note_id)) {
throw new HTTPException(403, "Access denied");
}
}
if (bug_is_readonly($bug_id)) {
throw new HTTPException(500, "Can't edit a note on a read-only bug");
}
$this->populate_from_repr($request->body);
bugnote_set_view_state($this->note_id, !!$this->_get_rsrc_attr('private'));
bugnote_set_text($this->note_id, $this->_get_mantis_attr('note'));
$resp = new Response();
$resp->status = 204;
return $resp;
}
/**
* Delete a note given its id.
*
* @param string $p_username The name of the user trying to add a note to an issue.
* @param string $p_password The password of the user.
* @param integer $p_issue_note_id The id of the note to be deleted.
* @return true: success, false: failure
*/
function mc_issue_note_delete($p_username, $p_password, $p_issue_note_id)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return new soap_fault('Client', '', 'Access Denied');
}
if ((int) $p_issue_note_id < 1) {
return new soap_fault('Client', '', "Invalid issue note id '{$p_issue_note_id}'.");
}
if (!bugnote_exists($p_issue_note_id)) {
return new soap_fault('Server', '', "Issue note '{$p_issue_note_id}' does not exist.");
}
$t_issue_id = bugnote_get_field($p_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return new soap_fault('Client', '', 'Access Denied');
}
return bugnote_delete($p_issue_note_id);
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* param string $p_password The password of the user.
* @param IssueNoteData $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, $p_note)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return new soap_fault('Client', '', "Issue note id must not be blank.");
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return new soap_fault('Client', '', "Issue note text must not be blank.");
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return new soap_fault('Server', '', "Issue note '{$t_issue_note_id}' does not exist.");
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_allow_user_edit_delete', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, "Issue ' . {$t_issue_id} . ' is readonly");
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id);
}
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}