/**
* Checks whether the users access level or the access level from
* a group a user is in is higher. Return the user id with higher
* access level.
* @param object $p_event
* @param array $p_chained_param array(array(user_project_level, user_id, project_id))
* @return int user id
*/
function group_access_has_bug_level($p_event, $p_chained_param)
{
$t_user_project_level = $p_chained_param[0];
$t_user_id = $p_chained_param[1];
$t_project_id = $p_chained_param[2];
$t_group_user_id = 0;
$t_group_access_level = 0;
$t_users = plugin_table('users');
$query = "SELECT group_user_id FROM {$t_users} WHERE user=" . db_param();
$result = db_query_bound($query, array((int) $t_user_id));
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
$t_level = access_get_project_level($t_project_id, $row['group_user_id']);
if ($t_level >= $t_group_access_level) {
$t_group_access_level = $t_level;
$t_group_user_id = $row['group_user_id'];
}
}
if ($t_user_project_level < $t_group_access_level) {
return $t_group_user_id;
} else {
return $t_user_id;
}
}
function print_status_option_list_plugin($p_select_label, $p_current_value = 0, $p_allow_close = false, $p_project_id = ALL_PROJECTS)
{
$t_current_auth = access_get_project_level($p_project_id);
#Changement de la fonction de récupération des statuts
$t_enum_list = get_status_option_list_plugin($t_current_auth, $p_current_value, true, $p_allow_close, $p_project_id);
if (count($t_enum_list) > 1) {
# resort the list into ascending order
ksort($t_enum_list);
reset($t_enum_list);
echo '<select ', helper_get_tab_index(), ' name="' . $p_select_label . '">';
foreach ($t_enum_list as $key => $val) {
#On ne veut pas afficher la valeur @0@
if ($val == '@0@') {
continue;
}
echo '<option value="' . $key . '"';
check_selected($key, $p_current_value, false);
#fix 1.3.0
echo '>' . $val . '</option>';
}
echo '</select>';
} else {
if (count($t_enum_list) == 1) {
echo array_pop($t_enum_list);
} else {
echo MantisEnum::getLabel(lang_get('status_enum_string'), $p_current_value);
}
}
}
/**
* Print Change Status to: AJAXified button
* This code is similar to button_bug_change_status except that the
* button is AJAXified.
* Uses projax.php
*
* @param int $p_bug_id
* @param int $t_project_id
* @param int $t_user_id
* @return null
*/
function kanban_ajax_button_bug_change_status($p_bug_id, $t_project_id, $t_user_id)
{
global $g_projax;
$t_bug_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_current_state = bug_get_field($p_bug_id, 'status');
$t_current_access = access_get_project_level($t_bug_project_id);
$t_enum_list = get_status_option_list($t_current_access, $t_bug_current_state, false, bug_get_field($p_bug_id, 'reporter_id') == auth_get_current_user_id() && ON == config_get('allow_reporter_close'), $t_bug_project_id);
if (count($t_enum_list) > 0) {
# resort the list into ascending order after noting the key from the first element (the default)
$t_default_arr = each($t_enum_list);
$t_default = $t_default_arr['key'];
ksort($t_enum_list);
reset($t_enum_list);
echo "<div id=\"ajax_statuschange\"><form method=\"post\" id=\"ajax_status_form\" action=\"xmlhttprequest.php\">";
# CSRF protection not required here - form does not result in modifications
echo "<input type=\"hidden\" name=\"project_id\" id=\"project_id\" value=\"{$t_project_id}\" />";
echo "<input type=\"hidden\" name=\"user_id\" id=\"user_id\" value=\"{$t_user_id}\" />";
echo "<input type=\"hidden\" name=\"entrypoint\" id=\"entrypoint\" value=\"bug_update_status\" />";
$t_button_text = lang_get('bug_status_to_button');
// AJAX button options
$options = array('url' => plugin_page('kanban_ajax_request'), 'with' => true, 'confirm' => lang_get('confirm_change_status'), 'success' => 'location.reload()', 'failure' => 'alert("Error: " ' + request . status + ')');
echo $g_projax->submit_to_remote('ajax_status', $t_button_text, $options);
echo " <select name=\"new_status\">";
# space at beginning of line is important
foreach ($t_enum_list as $key => $val) {
echo "<option value=\"{$key}\" ";
check_selected($key, $t_default);
echo ">{$val}</option>";
}
echo '</select>';
$t_bug_id = string_attribute($p_bug_id);
echo "<input type=\"hidden\" name=\"id\" value=\"{$t_bug_id}\" />\n";
echo "</form></div>\n";
}
}
function custom_function_override_print_bug_view_page_custom_buttons($p_bug_id)
{
# Zuerst die lokalierten Buttontexte auslesen
if (lang_get_current() === 'german') {
$t_bfe_clone_issue_button = 'Klon in anderes Projekt...';
$t_bfe_edit_failure_class_button = 'Fehlerklasse bearbeiten...';
} else {
$t_bfe_clone_issue_button = 'Clone To Other Project...';
$t_bfe_edit_failure_class_button = 'Edit Failure Class...';
}
# Wenn Zugriff mindestens onsite developer, dann darf er Issues klonen
if (access_has_project_level(50)) {
echo '<td>';
html_button_bug_clone_to_project($p_bug_id, $t_bfe_clone_issue_button);
echo '</td>';
}
# Wenn Zugriff ändern von Fehlerklasse erlaubt, dann darf er sie ändern
# Aber nur bis Status 'bestätigt' (40=confirmed)
# Und nur für QS-Reporter (30) und ab Entwickler vor Ort (50) aufwärts
if (custom_field_has_write_access(1, $p_bug_id)) {
if (bug_get_field($p_bug_id, 'status') < 40) {
if (access_compare_level(access_get_project_level(), array(30, 50, 55, 70, 90))) {
echo '<td>';
$t_bfe_bugs[] = $p_bug_id;
$t_src = relationship_get_all_src($p_bug_id);
$t_src_count = count($t_src);
$t_dest = relationship_get_all_dest($p_bug_id);
$t_dest_count = count($t_dest);
if ($t_src_count || $t_dest_count) {
# Zunächst die Destination Bug IDs
for ($x = 0; $x < $t_src_count; $x++) {
$t_thisbugid = $t_src[$x]->dest_bug_id;
if (access_has_bug_level(50, $t_thisbugid)) {
$t_bfe_bugs[] = $t_thisbugid;
}
}
# und jetzt die Source Bug IDs
for ($y = 0; $y < $t_dest_count; $y++) {
$t_thisbugid = $t_dest[$y]->src_bug_id;
if (access_has_bug_level(50, $t_thisbugid)) {
$t_bfe_bugs[] = $t_thisbugid;
}
}
}
if (count($t_bfe_bugs) > 1) {
bfe_fehlerklasse_button('bug_actiongroup_page.php', $t_bfe_edit_failure_class_button, $t_bfe_bugs);
} else {
html_button('bug_actiongroup_page.php', $t_bfe_edit_failure_class_button, array('bug_arr[]' => $p_bug_id, 'action' => 'custom_field_1'));
}
echo '</td>';
}
}
}
}
function html_button_bug_change_status($p_bug_id)
{
$t_bug_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_current_state = bug_get_field($p_bug_id, 'status');
$t_current_access = access_get_project_level($t_bug_project_id);
$t_enum_list = get_status_option_list($t_current_access, $t_bug_current_state, false, bug_get_field($p_bug_id, 'reporter_id') == auth_get_current_user_id() && ON == config_get('allow_reporter_close'));
if (count($t_enum_list) > 0) {
# resort the list into ascending order after noting the key from the first element (the default)
$t_default_arr = each($t_enum_list);
$t_default = $t_default_arr['key'];
ksort($t_enum_list);
reset($t_enum_list);
echo "<form method=\"post\" action=\"bug_change_status_page.php\">";
$t_button_text = lang_get('bug_status_to_button');
echo "<input type=\"submit\" class=\"button\" value=\"{$t_button_text}\" />";
echo " <select name=\"new_status\">";
# space at beginning of line is important
foreach ($t_enum_list as $key => $val) {
echo "<option value=\"{$key}\" ";
check_selected($key, $t_default);
echo ">{$val}</option>";
}
echo '</select>';
$t_bug_id = string_attribute($p_bug_id);
echo "<input type=\"hidden\" name=\"bug_id\" value=\"{$t_bug_id}\" />\n";
echo "</form>\n";
}
}
$t_project_ids[] = $t_project_id;
}
}
} else {
access_ensure_project_level(config_get('view_changelog_threshold'), $t_project_id);
$t_project_ids = user_get_all_accessible_subprojects($t_user_id, $t_project_id);
array_unshift($t_project_ids, $t_project_id);
}
$t_project_index = 0;
version_cache_array_rows($t_project_ids);
category_cache_array_rows_by_project($t_project_ids);
foreach ($t_project_ids as $t_project_id) {
$t_project_name = project_get_field($t_project_id, 'name');
$t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
$t_limit_reporters = config_get('limit_reporters');
$t_user_access_level_is_reporter = REPORTER == access_get_project_level($t_project_id);
$t_resolved = config_get('bug_resolved_status_threshold');
$t_bug_table = db_get_table('mantis_bug_table');
$t_relation_table = db_get_table('mantis_bug_relationship_table');
# grab version info for later use
$t_version_rows = version_get_all_rows($t_project_id, null, false);
# cache category info, but ignore the results for now
category_get_all_rows($t_project_id);
$t_project_header_printed = false;
foreach ($t_version_rows as $t_version_row) {
$t_version_header_printed = false;
$t_version = $t_version_row['version'];
$t_version_id = $t_version_row['id'];
# Skip all versions except the specified one (if any).
if ($f_version_id != -1 && $f_version_id != $t_version_id) {
continue;
/**
* Print Change Status to: button
* This code is similar to print_status_option_list except
* there is no masking, except for the current state
*
* @param BugData $p_bug Bug object
* @return null
*/
function html_button_bug_change_status($p_bug)
{
$t_current_access = access_get_project_level($p_bug->project_id);
# User must have rights to change status to use this button
if (!access_has_bug_level(config_get('update_bug_status_threshold'), $p_bug->id)) {
return;
}
$t_enum_list = get_status_option_list($t_current_access, $p_bug->status, false, bug_is_user_reporter($p_bug->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug->id) && ON == config_get('allow_reporter_close'), $p_bug->project_id);
if (count($t_enum_list) > 0) {
# resort the list into ascending order after noting the key from the first element (the default)
$t_default_arr = each($t_enum_list);
$t_default = $t_default_arr['key'];
ksort($t_enum_list);
reset($t_enum_list);
echo "<form method=\"post\" action=\"bug_change_status_page.php\">";
# CSRF protection not required here - form does not result in modifications
$t_button_text = lang_get('bug_status_to_button');
echo "<input type=\"submit\" class=\"button\" value=\"{$t_button_text}\" />";
echo " <select name=\"new_status\">";
# space at beginning of line is important
foreach ($t_enum_list as $key => $val) {
echo "<option value=\"{$key}\" ";
check_selected($key, $t_default);
echo ">{$val}</option>";
}
echo '</select>';
$t_bug_id = string_attribute($p_bug->id);
echo "<input type=\"hidden\" name=\"id\" value=\"{$t_bug_id}\" />\n";
echo "</form>\n";
}
}
/**
* Build the bug info part of the message
* @param array $p_visible_bug_data
* @return string
*/
function email_format_bug_message($p_visible_bug_data)
{
$t_normal_date_format = config_get('normal_date_format');
$t_complete_date_format = config_get('complete_date_format');
$t_email_separator1 = config_get('email_separator1');
$t_email_separator2 = config_get('email_separator2');
$t_email_padding_length = config_get('email_padding_length');
$t_status = $p_visible_bug_data['email_status'];
$p_visible_bug_data['email_date_submitted'] = date($t_complete_date_format, $p_visible_bug_data['email_date_submitted']);
$p_visible_bug_data['email_last_modified'] = date($t_complete_date_format, $p_visible_bug_data['email_last_modified']);
$p_visible_bug_data['email_status'] = get_enum_element('status', $t_status);
$p_visible_bug_data['email_severity'] = get_enum_element('severity', $p_visible_bug_data['email_severity']);
$p_visible_bug_data['email_priority'] = get_enum_element('priority', $p_visible_bug_data['email_priority']);
$p_visible_bug_data['email_reproducibility'] = get_enum_element('reproducibility', $p_visible_bug_data['email_reproducibility']);
$t_message = $t_email_separator1 . " \n";
if (isset($p_visible_bug_data['email_bug_view_url'])) {
$t_message .= $p_visible_bug_data['email_bug_view_url'] . " \n";
$t_message .= $t_email_separator1 . " \n";
}
$t_message .= email_format_attribute($p_visible_bug_data, 'email_reporter');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_handler');
$t_message .= $t_email_separator1 . " \n";
$t_message .= email_format_attribute($p_visible_bug_data, 'email_project');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_bug');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_category');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_reproducibility');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_severity');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_priority');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_status');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_target_version');
# custom fields formatting
foreach ($p_visible_bug_data['custom_fields'] as $t_custom_field_name => $t_custom_field_data) {
$t_message .= utf8_str_pad(lang_get_defaulted($t_custom_field_name, null) . ': ', $t_email_padding_length, ' ', STR_PAD_RIGHT);
$t_message .= string_custom_field_value_for_email($t_custom_field_data['value'], $t_custom_field_data['type']);
$t_message .= " \n";
}
# end foreach custom field
if (config_get('bug_resolved_status_threshold') <= $t_status) {
$p_visible_bug_data['email_resolution'] = get_enum_element('resolution', $p_visible_bug_data['email_resolution']);
$t_message .= email_format_attribute($p_visible_bug_data, 'email_resolution');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_fixed_in_version');
}
$t_message .= $t_email_separator1 . " \n";
$t_message .= email_format_attribute($p_visible_bug_data, 'email_date_submitted');
$t_message .= email_format_attribute($p_visible_bug_data, 'email_last_modified');
$t_message .= $t_email_separator1 . " \n";
$t_message .= email_format_attribute($p_visible_bug_data, 'email_summary');
$t_message .= lang_get('email_description') . ": \n" . $p_visible_bug_data['email_description'] . "\n";
if (!is_blank($p_visible_bug_data['email_steps_to_reproduce'])) {
$t_message .= "\n" . lang_get('email_steps_to_reproduce') . ": \n" . $p_visible_bug_data['email_steps_to_reproduce'] . "\n";
}
if (!is_blank($p_visible_bug_data['email_additional_information'])) {
$t_message .= "\n" . lang_get('email_additional_information') . ": \n" . $p_visible_bug_data['email_additional_information'] . "\n";
}
if (isset($p_visible_bug_data['relations'])) {
if ($p_visible_bug_data['relations'] != '') {
$t_message .= $t_email_separator1 . "\n" . str_pad(lang_get('bug_relationships'), 20) . str_pad(lang_get('id'), 8) . lang_get('summary') . "\n" . $t_email_separator2 . "\n" . $p_visible_bug_data['relations'];
}
}
# Sponsorship
if (isset($p_visible_bug_data['sponsorship_total']) && $p_visible_bug_data['sponsorship_total'] > 0) {
$t_message .= $t_email_separator1 . " \n";
$t_message .= sprintf(lang_get('total_sponsorship_amount'), sponsorship_format_amount($p_visible_bug_data['sponsorship_total'])) . "\n" . "\n";
if (isset($p_visible_bug_data['sponsorships'])) {
foreach ($p_visible_bug_data['sponsorships'] as $t_sponsorship) {
$t_date_added = date(config_get('normal_date_format'), $t_sponsorship->date_submitted);
$t_message .= $t_date_added . ': ';
$t_message .= user_get_name($t_sponsorship->user_id);
$t_message .= ' (' . sponsorship_format_amount($t_sponsorship->amount) . ')' . " \n";
}
}
}
$t_message .= $t_email_separator1 . " \n\n";
# format bugnotes
foreach ($p_visible_bug_data['bugnotes'] as $t_bugnote) {
$t_last_modified = date($t_normal_date_format, $t_bugnote->last_modified);
$t_formatted_bugnote_id = bugnote_format_id($t_bugnote->id);
$t_bugnote_link = string_process_bugnote_link(config_get('bugnote_link_tag') . $t_bugnote->id, false, false, true);
if ($t_bugnote->time_tracking > 0) {
$t_time_tracking = ' ' . lang_get('time_tracking') . ' ' . db_minutes_to_hhmm($t_bugnote->time_tracking) . "\n";
} else {
$t_time_tracking = '';
}
if (user_exists($t_bugnote->reporter_id)) {
$t_access_level = access_get_project_level($p_visible_bug_data['email_project_id'], $t_bugnote->reporter_id);
$t_access_level_string = ' (' . get_enum_element('access_levels', $t_access_level) . ') - ';
} else {
$t_access_level_string = '';
}
$t_string = ' (' . $t_formatted_bugnote_id . ') ' . user_get_name($t_bugnote->reporter_id) . $t_access_level_string . $t_last_modified . "\n" . $t_time_tracking . ' ' . $t_bugnote_link;
$t_message .= $t_email_separator2 . " \n";
$t_message .= $t_string . " \n";
$t_message .= $t_email_separator2 . " \n";
$t_message .= $t_bugnote->note . " \n\n";
}
# format history
if (array_key_exists('history', $p_visible_bug_data)) {
$t_message .= lang_get('bug_history') . " \n";
$t_message .= utf8_str_pad(lang_get('date_modified'), 17) . utf8_str_pad(lang_get('username'), 15) . utf8_str_pad(lang_get('field'), 25) . utf8_str_pad(lang_get('change'), 20) . " \n";
$t_message .= $t_email_separator1 . " \n";
foreach ($p_visible_bug_data['history'] as $t_raw_history_item) {
$t_localized_item = history_localize_item($t_raw_history_item['field'], $t_raw_history_item['type'], $t_raw_history_item['old_value'], $t_raw_history_item['new_value'], false);
$t_message .= utf8_str_pad(date($t_normal_date_format, $t_raw_history_item['date']), 17) . utf8_str_pad($t_raw_history_item['username'], 15) . utf8_str_pad($t_localized_item['note'], 25) . utf8_str_pad($t_localized_item['change'], 20) . "\n";
}
$t_message .= $t_email_separator1 . " \n\n";
}
return $t_message;
}
/**
* For a list of bug ids, returns an array of bugnote stats.
* If a bug has no visible bugnotes, returns "false" as the stats item for that bug id.
* @param array $p_bugs_id Array of Integer representing bug identifiers.
* @param integer|null $p_user_id User for checking access levels. null defaults to current user
* @return array Array of bugnote stats
* @access public
* @uses database_api.php
*/
function bug_get_bugnote_stats_array(array $p_bugs_id, $p_user_id = null)
{
$t_id_array = array();
foreach ($p_bugs_id as $t_id) {
$t_id_array[$t_id] = (int) $t_id;
}
if (empty($t_id_array)) {
return array();
}
if (null === $p_user_id) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = $p_user_id;
}
db_param_push();
$t_params = array();
$t_in_clause_elems = array();
foreach ($t_id_array as $t_id) {
$t_in_clause_elems[] = db_param();
$t_params[] = $t_id;
}
$t_query = 'SELECT n.id, n.bug_id, n.reporter_id, n.view_state, n.last_modified, n.date_submitted, b.project_id' . ' FROM {bugnote} n JOIN {bug} b ON (n.bug_id = b.id)' . ' WHERE n.bug_id IN (' . implode(', ', $t_in_clause_elems) . ')' . ' ORDER BY b.project_id, n.bug_id, n.last_modified';
# perform query
$t_result = db_query($t_query, $t_params);
$t_counter = 0;
$t_stats = array();
# We need to check for each bugnote if it has permissions to view in respective project.
# bugnotes are grouped by project_id and bug_id to save calls to config_get
$t_current_project_id = null;
$t_current_bug_id = null;
while ($t_query_row = db_fetch_array($t_result)) {
$c_bug_id = (int) $t_query_row['bug_id'];
if (0 == $t_counter || $t_current_project_id !== $t_query_row['project_id']) {
# evaluating a new project from the rowset
$t_current_project_id = $t_query_row['project_id'];
$t_user_access_level = access_get_project_level($t_query_row['project_id'], $t_user_id);
$t_private_bugnote_visible = access_compare_level($t_user_access_level, config_get('private_bugnote_threshold', null, $t_user_id, $t_query_row['project_id']));
}
if (0 == $t_counter || $t_current_bug_id !== $c_bug_id) {
# evaluating a new bug from the rowset
$t_current_bug_id = $c_bug_id;
$t_note_count = 0;
$t_last_submit_date = 0;
}
$t_note_visible = $t_private_bugnote_visible || $t_query_row['reporter_id'] == $t_user_id || VS_PUBLIC == $t_query_row['view_state'];
if ($t_note_visible) {
# only count the bugnote if user has access
$t_stats[$c_bug_id]['bug_id'] = $c_bug_id;
$t_stats[$c_bug_id]['last_modified'] = $t_query_row['last_modified'];
$t_stats[$c_bug_id]['count'] = ++$t_note_count;
$t_stats[$c_bug_id]['last_modified_bugnote'] = $t_query_row['id'];
if ($t_query_row['date_submitted'] > $t_last_submit_date) {
$t_last_submit_date = $t_query_row['date_submitted'];
$t_stats[$c_bug_id]['last_submitted_bugnote'] = $t_query_row['id'];
}
if (isset($t_id_array[$c_bug_id])) {
unset($t_id_array[$c_bug_id]);
}
}
$t_counter++;
}
# The remaining bug ids, are those without visible notes. Save false as cached value
foreach ($t_id_array as $t_id) {
$t_stats[$t_id] = false;
}
return $t_stats;
}
/**
* Check the current user's access against the given value and return true
* if the user's access is equal to or higher, false otherwise.
* This function looks up the bug's project and performs an access check
* against that project
* @param int $p_access_level integer representing access level
* @param int $p_bug_id integer representing bug id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool whether user has access level specified
* @access public
*/
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
if ($p_user_id === null) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
# @@@ we may be able to remove this and just error
# and once we default to anon login, we can remove it for sure
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return false;
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id);
$t_access_level = access_get_project_level($t_project_id, $p_user_id);
# check limit_Reporter (Issue #4769)
# reporters can view just issues they reported
$t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id);
if ($t_limit_reporters && !$t_bug_is_user_reporter) {
# Here we only need to check that the current user has an access level
# higher than the lowest needed to report issues (report_bug_threshold).
# To improve performance, esp. when processing for several projects, we
# build a static array holding that threshold for each project
static $s_thresholds = array();
if (!isset($s_thresholds[$t_project_id])) {
$t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id);
if (!is_array($t_report_bug_threshold)) {
$s_thresholds[$t_project_id] = $t_report_bug_threshold + 1;
} else {
if (empty($t_report_bug_threshold)) {
$s_thresholds[$t_project_id] = NOBODY;
} else {
sort($t_report_bug_threshold);
$s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1;
}
}
}
if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) {
return false;
}
}
# If the bug is private and the user is not the reporter, then
# they must also have higher access than private_bug_threshold
if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) {
$t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id);
return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level);
}
return access_compare_level($t_access_level, $p_access_level);
}
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
require_api('user_api.php');
form_security_validate('manage_proj_user_remove');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int('user_id', 0);
# We should check both since we are in the project section and an
# admin might raise the first threshold and not realize they need
# to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
if (0 == $f_user_id) {
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button'));
project_remove_all_users($f_project_id, access_get_project_level($f_project_id));
} else {
# Don't allow removal of users from the project who have a higher access level than the current user
access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id);
$t_user = user_get_row($f_user_id);
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button'));
project_remove_user($f_project_id, $f_user_id);
}
form_security_purge('manage_proj_user_remove');
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);
html_page_bottom();
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
$f_other_project_id = gpc_get_int( 'other_project_id' );
$f_copy_from = gpc_get_bool( 'copy_from' );
$f_copy_to = gpc_get_bool( 'copy_to' );
if ( $f_copy_from ) {
$t_src_project_id = $f_other_project_id;
$t_dst_project_id = $f_project_id;
} else if ( $f_copy_to ) {
$t_src_project_id = $f_project_id;
$t_dst_project_id = $f_other_project_id;
} else {
/** @todo Should this become a separate error? */
trigger_error( ERROR_CATEGORY_NO_ACTION, ERROR );
}
# We should check both since we are in the project section and an
# admin might raise the first threshold and not realize they need
# to raise the second
access_ensure_project_level( config_get( 'manage_project_threshold' ), $t_dst_project_id );
access_ensure_project_level( config_get( 'project_user_threshold' ), $t_dst_project_id );
project_copy_users( $t_dst_project_id, $t_src_project_id, access_get_project_level( $t_dst_project_id ) );
form_security_purge( 'manage_proj_user_copy' );
print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
function write_bug_rows($p_rows)
{
$user_array = get_user_array();
$alive_user_ids = array();
$issues_array_html = '';
$allowed_statuses_html = '';
print '<div id="taskodrome_data" hidden="true">
';
$users = '';
$user_number = count($user_array);
for ($i = 0; $i != $user_number; $i++) {
$users .= '<p hidden="true" class="user_data" ';
$users .= 'name="' . $user_array[$i]->name . '" ';
$users .= 'id="' . $user_array[$i]->id . '"';
$users .= '></p>';
$alive_user_ids[$user_array[$i]->id] = 1;
}
print $users;
$t_rows = count($p_rows);
for ($i = 0; $i < $t_rows; $i++) {
$t_row = $p_rows[$i];
$handler_id = $t_row->handler_id;
if (!array_key_exists($t_row->handler_id, $alive_user_ids)) {
$handler_id = 0;
}
$issues_array_html .= '<p hidden="true" class="issue_data" ';
$issues_array_html .= 'id="' . $t_row->id . '" ';
$issues_array_html .= 'summary="' . htmlentities($t_row->summary) . '" ';
$issues_array_html .= 'status="' . $t_row->status . '" ';
$issues_array_html .= 'handler_id="' . $handler_id . '" ';
$issues_array_html .= 'topColor="#0000FF" ';
$issues_array_html .= 'bottomColor="#FF0000" ';
$issues_array_html .= 'updateTime="' . $t_row->last_updated . '"';
$issues_array_html .= '></p>';
$t_all_statuses = get_status_option_list(access_get_project_level($t_row->project_id), $t_row->status, true, false, $t_row->project_id);
$allowed_statuses_html .= '<p hidden="true" class="status_pair" ';
$allowed_statuses_html .= 'id="' . $t_row->id . '" ';
$src_status_str = '';
$dst_status_str = '';
foreach ($t_all_statuses as $src_status => $src_st) {
$src_status_str .= $src_status . ';';
$t_enum_list = get_status_option_list(access_get_project_level($t_row->project_id), $src_status, true, bug_is_user_reporter($t_row->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $t_row->id) && ON == config_get('allow_reporter_close'), $t_row->project_id);
foreach ($t_enum_list as $dst_status => $dst_st) {
$dst_status_str .= $dst_status . ',';
}
$dst_status_str .= ';';
}
$allowed_statuses_html .= 'src_status="' . $src_status_str . '" ';
$allowed_statuses_html .= 'dst_status="' . $dst_status_str . '"';
$allowed_statuses_html .= '></p>';
}
print $issues_array_html;
print $allowed_statuses_html;
$status_order = null;
foreach (plugin_config_get("status_board_order") as $t_value) {
$status_order .= $t_value . ';';
}
print '<p hidden="true" class="status_board_order" value="' . $status_order . '"></p>';
print '<p hidden="true" id="cooldown_period_days" value="' . plugin_config_get("cooldown_period_days") . '"></p>';
print '<p hidden="true" id="cooldown_period_hours" value="' . plugin_config_get("cooldown_period_hours") . '"></p>';
print '</div>';
print '<section class="tabs">
<br>
<input type="radio" id="radio_dg" name="group" >
<input type="radio" id="radio_sg" name="group" >
[ <label id="label_dg" class="radio_label" for="radio_dg" >' . plugin_lang_get("assignment_board") . '</label> ]
[ <label id="label_sg" class="radio_label" for="radio_sg" >' . plugin_lang_get("status_board") . '</label> ]
<div class="tabs_cont">
<div id="tab_c1">
';
print '<div id="dev-grid" class="grid">
<canvas id="panel">
</canvas>
</div>
';
print '</div>';
print '<div id="tab_c2">
<div id="st-grid" class="grid">
<canvas id="panel_st">
</canvas>
</div>
';
html_page_bottom();
print '</div>';
print '</div>
</section>
';
}
/**
* Print Change Status to: button
* This code is similar to print_status_option_list except
* there is no masking, except for the current state
*
* @param BugData $p_bug A valid bug object.
* @return void
*/
function html_button_bug_change_status(BugData $p_bug)
{
$t_current_access = access_get_project_level($p_bug->project_id);
# User must have rights to change status to use this button
if (!access_has_bug_level(config_get('update_bug_status_threshold'), $p_bug->id)) {
return;
}
$t_enum_list = get_status_option_list($t_current_access, $p_bug->status, false, bug_is_user_reporter($p_bug->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug->id) && ON == config_get('allow_reporter_close'), $p_bug->project_id);
if (count($t_enum_list) > 0) {
# resort the list into ascending order after noting the key from the first element (the default)
$t_default_arr = each($t_enum_list);
$t_default = $t_default_arr['key'];
ksort($t_enum_list);
reset($t_enum_list);
echo '<form method="post" action="bug_change_status_page.php">';
# CSRF protection not required here - form does not result in modifications
$t_button_text = lang_get('bug_status_to_button');
echo '<input type="submit" class="button" value="' . $t_button_text . '" />';
echo ' <select name="new_status">';
# space at beginning of line is important
foreach ($t_enum_list as $t_key => $t_val) {
echo '<option value="' . $t_key . '" ';
check_selected($t_key, $t_default);
echo '>' . $t_val . '</option>';
}
echo '</select>';
$t_bug_id = string_attribute($p_bug->id);
echo '<input type="hidden" name="id" value="' . $t_bug_id . '" />' . "\n";
echo '<input type="hidden" name="change_type" value="' . BUG_UPDATE_TYPE_CHANGE_STATUS . '" />' . "\n";
echo '</form>' . "\n";
}
}
function access_has_project_level($p_access_level, $p_project_id = null, $p_user_id = null)
{
# Short circuit the check in this case
if (NOBODY == $p_access_level) {
return false;
}
if (null === $p_user_id) {
$p_user_id = auth_get_current_user_id();
}
if (null === $p_project_id) {
$p_project_id = helper_get_current_project();
}
$t_access_level = access_get_project_level($p_project_id, $p_user_id);
return access_compare_level($t_access_level, $p_access_level);
}
function print_project_access_levels_option_list($p_val, $p_project_id = null)
{
$t_current_user_access_level = access_get_project_level($p_project_id);
$t_access_levels_enum_string = config_get('access_levels_enum_string');
# Add [default access level] to add the user to a project
# with his default access level.
print "<option value=\"" . DEFAULT_ACCESS_LEVEL . "\"";
print ">[" . lang_get('default_access_level') . "]</option>";
$t_arr = explode_enum_string($t_access_levels_enum_string);
$enum_count = count($t_arr);
for ($i = 0; $i < $enum_count; $i++) {
$t_elem = explode_enum_arr($t_arr[$i]);
# a user must not be able to assign another user an access level that is higher than theirs.
if ($t_elem[0] > $t_current_user_access_level) {
continue;
}
$t_access_level = get_enum_element('access_levels', $t_elem[0]);
print "<option value=\"{$t_elem['0']}\"";
check_selected($p_val, $t_elem[0]);
print ">{$t_access_level}</option>";
}
# end for
}
">
<?php
if (ON == config_get("show_avatar")) {
print_avatar($v3_reporter_id);
}
?>
<span class="small">(<?php
echo $t_bugnote_id_formatted;
?>
)</span><br />
<?php
echo print_user($v3_reporter_id);
?>
<span class="small"><?php
if (user_exists($v3_reporter_id)) {
$t_access_level = access_get_project_level(null, $v3_reporter_id);
echo '(', get_enum_element('access_levels', $t_access_level), ')';
}
?>
</span>
<?php
if (VS_PRIVATE == $v3_view_state) {
?>
<span class="small">[ <?php
echo lang_get('private');
?>
]</span>
<?php
}
?>
<br />
<option value="0" selected="selected"></option>
<?php print_assign_to_option_list( $f_handler_id ) ?>
</select>
</span>
<span class="label-style"></span>
</div>
<?php } ?>
<?php if( $t_show_status ) { ?>
<div class="field-container">
<label><span><?php echo lang_get( 'status' ) ?></span></label>
<span class="select">
<select <?php echo helper_get_tab_index() ?> name="status">
<?php
$t_resolution_options = get_status_option_list(
access_get_project_level( $t_project_id ),
config_get( 'bug_submit_status' ),
true,
ON == config_get( 'allow_reporter_close' ),
$t_project_id );
foreach ( $t_resolution_options as $t_key => $t_value ) {
?>
<option value="<?php echo $t_key ?>" <?php check_selected( $t_key, config_get( 'bug_submit_status' ) ); ?> >
<?php echo $t_value ?>
</option>
<?php } ?>
</select>
</span>
<span class="label-style"></span>
</div>
<?php } ?>
?>
" title="<?php
echo lang_get('bugnote_link_title');
?>
"><?php
echo htmlentities(config_get_global('bugnote_link_tag')) . $t_bugnote_id_formatted;
?>
</a></span><br />
<span class="bugnote-reporter">
<?php
echo print_user($t_bugnote->reporter_id);
?>
<span class="small access-level"><?php
if (user_exists($t_bugnote->reporter_id)) {
$t_access_level = access_get_project_level(null, (int) $t_bugnote->reporter_id);
// Only display access level when higher than 0 (ANYBODY)
if ($t_access_level > ANYBODY) {
echo '(', get_enum_element('access_levels', $t_access_level), ')';
}
}
?>
</span>
</span>
<?php
if (VS_PRIVATE == $t_bugnote->view_state) {
?>
<span class="small bugnote-view-state">[ <?php
echo lang_get('private');
?>
}
}
} else {
access_ensure_project_level(config_get('roadmap_view_threshold'), $t_project_id);
$t_project_ids = user_get_all_accessible_subprojects($t_user_id, $t_project_id);
array_unshift($t_project_ids, $t_project_id);
}
$t_project_id_for_access_check = $t_project_id;
html_page_top(lang_get('roadmap'));
version_cache_array_rows($t_project_ids);
category_cache_array_rows_by_project($t_project_ids);
foreach ($t_project_ids as $t_project_id) {
$t_project_name = project_get_field($t_project_id, 'name');
$t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
$t_limit_reporters = config_get('limit_reporters');
$t_user_access_level_is_reporter = config_get('report_bug_threshold', null, null, $t_project_id) == access_get_project_level($t_project_id);
$t_resolved = config_get('bug_resolved_status_threshold');
$t_version_rows = array_reverse(version_get_all_rows($t_project_id));
# cache category info, but ignore the results for now
category_get_all_rows($t_project_id);
$t_project_header_printed = false;
foreach ($t_version_rows as $t_version_row) {
if ($t_version_row['released'] == 1) {
continue;
}
# Skip all versions except the specified one (if any).
if ($f_version_id != -1 && $f_version_id != $t_version_row['id']) {
continue;
}
$t_issues_planned = 0;
$t_issues_resolved = 0;
if ($t_show_status) {
?>
<tr>
<th class="category">
<label for="status"><?php
echo lang_get('status');
?>
</label>
</th>
<td>
<select <?php
echo helper_get_tab_index();
?>
name="status">
<?php
$t_resolution_options = get_status_option_list(access_get_project_level($t_project_id), config_get('bug_submit_status'), true, ON == config_get('allow_reporter_close'), $t_project_id);
foreach ($t_resolution_options as $t_key => $t_value) {
?>
<option value="<?php
echo $t_key;
?>
" <?php
check_selected($t_key, config_get('bug_submit_status'));
?>
>
<?php
echo $t_value;
?>
</option>
<?php
}
/**
* Check the current user's access against the given value and return true
* if the user's access is equal to or higher, false otherwise.
* This function looks up the bug's project and performs an access check
* against that project
* @param int $p_access_level integer representing access level
* @param int $p_bug_id integer representing bug id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool whether user has access level specified
* @access public
*/
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
if ($p_user_id === null) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
# @@@ we may be able to remove this and just error
# and once we default to anon login, we can remove it for sure
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return false;
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# check limit_Reporter (Issue #4769)
# reporters can view just issues they reported
$t_limit_reporters = config_get('limit_reporters');
if (ON === $t_limit_reporters && !bug_is_user_reporter($p_bug_id, $p_user_id) && !access_has_project_level(REPORTER + 1, $t_project_id, $p_user_id)) {
return false;
}
# If the bug is private and the user is not the reporter, then
# they must also have higher access than private_bug_threshold
if (VS_PRIVATE == bug_get_field($p_bug_id, 'view_state') && !bug_is_user_reporter($p_bug_id, $p_user_id)) {
$t_access_level = access_get_project_level($t_project_id, $p_user_id);
return access_compare_level($t_access_level, config_get('private_bug_threshold')) && access_compare_level($t_access_level, $p_access_level);
}
return access_has_project_level($p_access_level, $t_project_id, $p_user_id);
}
function print_project_access_levels_option_list($p_val, $p_project_id = null)
{
$t_current_user_access_level = access_get_project_level($p_project_id);
$t_access_levels_enum_string = config_get('access_levels_enum_string');
$t_enum_values = MantisEnum::getValues($t_access_levels_enum_string);
foreach ($t_enum_values as $t_enum_value) {
# a user must not be able to assign another user an access level that is higher than theirs.
if ($t_enum_value > $t_current_user_access_level) {
continue;
}
$t_access_level = get_enum_element('access_levels', $t_enum_value);
echo '<option value="' . $t_enum_value . '"';
check_selected($p_val, $t_enum_value);
echo '>' . string_html_specialchars($t_access_level) . '</option>';
}
}
function gantt_get_issues_and_related_in_version($p_project_id, $p_version_name)
{
$t_bug_table = db_get_table('bug');
$t_relation_table = db_get_table('bug_relationship');
$t_bug_datas = array();
$t_project_id = db_prepare_int($p_project_id);
$t_version_name = db_prepare_string($p_version_name);
$t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
$t_limit_reporters = config_get('limit_reporters');
$t_user_access_level_is_reporter = REPORTER == access_get_project_level($t_project_id);
$t_user_id = auth_get_current_user_id();
$query = "SELECT sbt.*, {$t_relation_table}.source_bug_id as parent_issue, dbt.target_version as parent_version FROM {$t_bug_table} AS sbt\n LEFT JOIN {$t_relation_table} ON sbt.id={$t_relation_table}.destination_bug_id AND {$t_relation_table}.relationship_type=2\n LEFT JOIN {$t_bug_table} AS dbt ON dbt.id={$t_relation_table}.source_bug_id\n WHERE sbt.project_id=" . db_param() . " AND sbt.target_version=" . db_param() . " ORDER BY sbt.status ASC, sbt.last_updated DESC";
$t_result = db_query_bound($query, array($t_project_id, $t_version_name));
// Filter ids according to level access
while ($t_row = db_fetch_array($t_result)) {
# hide private bugs if user doesn't have access to view them.
if (!$t_can_view_private && $t_row['view_state'] == VS_PRIVATE) {
continue;
}
bug_cache_database_result($t_row);
# check limit_Reporter (Issue #4770)
# reporters can view just issues they reported
if (ON === $t_limit_reporters && $t_user_access_level_is_reporter && !bug_is_user_reporter($t_row['id'], $t_user_id)) {
continue;
}
$t_issue_id = $t_row['id'];
if (!helper_call_custom_function('roadmap_include_issue', array($t_issue_id))) {
continue;
}
if (!isset($t_bug_datas[$t_issue_id])) {
$t_bug_datas[$t_issue_id] = $t_row;
}
}
return $t_bug_datas;
}