/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* @param string $p_password The password of the user.
* @param stdClass $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, stdClass $p_note)
{
global $g_project_override;
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
$p_note = SoapObjectsFactory::unwrapObject($p_note);
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note id must not be blank.');
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note text must not be blank.');
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note \'' . $t_issue_note_id . '\' does not exist.');
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
$g_project_override = $t_project_id;
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_user_edit_threshold', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $t_issue_id . '\' is readonly');
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id == VS_PRIVATE);
}
log_event(LOG_WEBSERVICE, 'updating bugnote id \'' . $t_issue_note_id . '\'');
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
/**
* Check the current user's access against the given value and return true
* if the user's access is equal to or higher, false otherwise.
* This function looks up the bugnote's bug and performs an access check
* against that bug
* @param int $p_access_level integer representing access level
* @param int $p_bugnote_id integer representing bugnote id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool whether user has access level specified
* @access public
*/
function access_has_bugnote_level($p_access_level, $p_bugnote_id, $p_user_id = null)
{
if (null === $p_user_id) {
$p_user_id = auth_get_current_user_id();
}
$t_bug_id = bugnote_get_field($p_bugnote_id, 'bug_id');
$t_project_id = bug_get_field($t_bug_id, 'project_id');
# If the bug is private and the user is not the reporter, then the
# the user must also have higher access than private_bug_threshold
if (bugnote_get_field($p_bugnote_id, 'view_state') == VS_PRIVATE && !bugnote_is_user_reporter($p_bugnote_id, $p_user_id)) {
$t_private_bugnote_threshold = config_get('private_bugnote_threshold', null, $p_user_id, $t_project_id);
$p_access_level = max($p_access_level, $t_private_bugnote_threshold);
}
return access_has_bug_level($p_access_level, $t_bug_id, $p_user_id);
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* param string $p_password The password of the user.
* @param IssueNoteData $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, $p_note)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return new soap_fault('Client', '', "Issue note id must not be blank.");
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return new soap_fault('Client', '', "Issue note text must not be blank.");
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return new soap_fault('Server', '', "Issue note '{$t_issue_note_id}' does not exist.");
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_allow_user_edit_delete', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, "Issue ' . {$t_issue_id} . ' is readonly");
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id);
}
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
