/** * Update a note * * @param string $p_username The name of the user trying to add a note to an issue. * @param string $p_password The password of the user. * @param stdClass $p_note The note to update. * @return true on success, false on failure */ function mc_issue_note_update($p_username, $p_password, stdClass $p_note) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $p_note = SoapObjectsFactory::unwrapObject($p_note); if (!isset($p_note['id']) || is_blank($p_note['id'])) { return SoapObjectsFactory::newSoapFault('Client', 'Issue note id must not be blank.'); } if (!isset($p_note['text']) || is_blank($p_note['text'])) { return SoapObjectsFactory::newSoapFault('Client', 'Issue note text must not be blank.'); } $t_issue_note_id = $p_note['id']; if (!bugnote_exists($t_issue_note_id)) { return SoapObjectsFactory::newSoapFault('Client', 'Issue note \'' . $t_issue_note_id . '\' does not exist.'); } $t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id'); $t_project_id = bug_get_field($t_issue_id, 'project_id'); $g_project_override = $t_project_id; if (!mci_has_readwrite_access($t_user_id, $t_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id'); # Check if the user owns the bugnote and is allowed to update their own bugnotes # regardless of the update_bugnote_threshold level. $t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id); $t_user_can_update_own_bugnote = config_get('bugnote_user_edit_threshold', null, $t_user_id, $t_project_id); if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) { return mci_soap_fault_access_denied($t_user_id); } # Check if the user has an access level beyond update_bugnote_threshold for the # project containing the bugnote to update. $t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id); if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } # Check if the bug is readonly if (bug_is_readonly($t_issue_id)) { return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $t_issue_id . '\' is readonly'); } if (isset($p_note['view_state'])) { $t_view_state = $p_note['view_state']; $t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state); bugnote_set_view_state($t_issue_note_id, $t_view_state_id == VS_PRIVATE); } log_event(LOG_WEBSERVICE, 'updating bugnote id \'' . $t_issue_note_id . '\''); bugnote_set_text($t_issue_note_id, $p_note['text']); return bugnote_date_update($t_issue_note_id); }
/** * Check the current user's access against the given value and return true * if the user's access is equal to or higher, false otherwise. * This function looks up the bugnote's bug and performs an access check * against that bug * @param int $p_access_level integer representing access level * @param int $p_bugnote_id integer representing bugnote id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access level specified * @access public */ function access_has_bugnote_level($p_access_level, $p_bugnote_id, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } $t_bug_id = bugnote_get_field($p_bugnote_id, 'bug_id'); $t_project_id = bug_get_field($t_bug_id, 'project_id'); # If the bug is private and the user is not the reporter, then the # the user must also have higher access than private_bug_threshold if (bugnote_get_field($p_bugnote_id, 'view_state') == VS_PRIVATE && !bugnote_is_user_reporter($p_bugnote_id, $p_user_id)) { $t_private_bugnote_threshold = config_get('private_bugnote_threshold', null, $p_user_id, $t_project_id); $p_access_level = max($p_access_level, $t_private_bugnote_threshold); } return access_has_bug_level($p_access_level, $t_bug_id, $p_user_id); }
/** * Update a note * * @param string $p_username The name of the user trying to add a note to an issue. * param string $p_password The password of the user. * @param IssueNoteData $p_note The note to update. * @return true on success, false on failure */ function mc_issue_note_update($p_username, $p_password, $p_note) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!isset($p_note['id']) || is_blank($p_note['id'])) { return new soap_fault('Client', '', "Issue note id must not be blank."); } if (!isset($p_note['text']) || is_blank($p_note['text'])) { return new soap_fault('Client', '', "Issue note text must not be blank."); } $t_issue_note_id = $p_note['id']; if (!bugnote_exists($t_issue_note_id)) { return new soap_fault('Server', '', "Issue note '{$t_issue_note_id}' does not exist."); } $t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id'); $t_project_id = bug_get_field($t_issue_id, 'project_id'); if (!mci_has_readwrite_access($t_user_id, $t_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id'); # Check if the user owns the bugnote and is allowed to update their own bugnotes # regardless of the update_bugnote_threshold level. $t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id); $t_user_can_update_own_bugnote = config_get('bugnote_allow_user_edit_delete', null, $t_user_id, $t_project_id); if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) { return mci_soap_fault_access_denied($t_user_id); } # Check if the user has an access level beyond update_bugnote_threshold for the # project containing the bugnote to update. $t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id); if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } # Check if the bug is readonly if (bug_is_readonly($t_issue_id)) { return mci_soap_fault_access_denied($t_user_id, "Issue ' . {$t_issue_id} . ' is readonly"); } if (isset($p_note['view_state'])) { $t_view_state = $p_note['view_state']; $t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state); bugnote_set_view_state($t_issue_note_id, $t_view_state_id); } bugnote_set_text($t_issue_note_id, $p_note['text']); return bugnote_date_update($t_issue_note_id); }