/** * Attempts to login the user. * If logged in successfully, return user information. * If failed to login in, then throw a fault. */ function mc_login($p_username, $p_password) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } return mci_user_get($p_username, $p_password, $t_user_id); }
/** * Get the value for the specified user preference. * * @param string $p_username The user's username * @param string $p_password The user's password * @param int $p_project_id Project ID (0 = ALL_PROJECTS (mantisbt/core/constant_inc.php)) * @param string $p_pref_name The name of the preference * @return string $t_user_pref The requested preference value */ function mc_user_pref_get_pref($p_username, $p_password, $p_project_id, $p_pref_name) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } return user_pref_get_pref($t_user_id, $p_pref_name, $p_project_id); }
/** * Delete an issue attachment given its id. * * @param string $p_username The name of the user trying to add an attachment to an issue. * @param string $p_password The password of the user. * @param integer $p_issue_attachment_id The id of the attachment to be deleted. * @return true: success, false: failure */ function mc_issue_attachment_delete( $p_username, $p_password, $p_issue_attachment_id ) { $t_user_id = mci_check_login( $p_username, $p_password ); if( $t_user_id === false ) { return mci_soap_fault_login_failed(); } $t_bug_id = file_get_field( $p_issue_attachment_id, 'bug_id' ); if( !access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id, $t_user_id ) ) { return mci_soap_fault_access_denied( $t_user_id ); } return file_delete( $p_issue_attachment_id, 'bug' ); }
/** * Delete a project attachment given its id. * * @param string $p_username The name of the user trying to add an attachment to an issue. * @param string $p_password The password of the user. * @param integer $p_project_attachment_id The id of the attachment to be deleted. * @return true: success, false: failure */ function mc_project_attachment_delete($p_username, $p_password, $p_project_attachment_id) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return new soap_fault('Client', '', 'Access Denied'); } $t_project_id = file_get_field($p_project_attachment_id, 'project_id', 'project'); if (!access_has_project_level(config_get('upload_project_file_threshold'), $t_project_id, $t_user_id)) { return new soap_fault('Client', '', 'Access Denied'); } return file_delete($p_project_attachment_id, 'project'); }
/** * * Deletes a tag * * @param string $p_username The user's username * @param string $p_password The user's password * @param unknown_type $p_tag_id * @param int $p_tag_id The id of the tag * @return soap_fault|boolean */ function mc_tag_delete($p_username, $p_password, $p_tag_id) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!access_has_global_level(config_get('tag_edit_threshold'))) { return mci_soap_fault_access_denied($t_user_id); } if (!tag_exists($p_tag_id)) { return SoapObjectsFactory::newSoapFault('Client', 'No tag with id ' . $p_tag_id); } return tag_delete($p_tag_id); }
function mc_config_get_string($p_username, $p_password, $p_config_var) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return new soap_fault('Client', '', 'Access Denied'); } if (!mci_has_readonly_access($t_user_id)) { return new soap_fault('Client', '', 'Access Denied'); } if (mci_config_is_private($p_config_var)) { return new soap_fault('Client', '', "Access to '{$p_config_var}' is denied"); } if (!config_is_set($p_config_var)) { return new soap_fault('Client', '', "Config '{$p_config_var}' is undefined"); } return config_get($p_config_var); }
function mc_config_get_string($p_username, $p_password, $p_config_var) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } if (config_is_private($p_config_var)) { return SoapObjectsFactory::newSoapFault('Client', "Access to '{$p_config_var}' is denied"); } if (!config_is_set($p_config_var)) { return SoapObjectsFactory::newSoapFault('Client', "Config '{$p_config_var}' is undefined"); } return config_get($p_config_var); }
/** * Delete an issue attachment given its id. * * @param string $p_username The name of the user trying to add an attachment to an issue. * @param string $p_password The password of the user. * @param integer $p_issue_attachment_id The id of the attachment to be deleted. * @return true: success, false: failure */ function mc_issue_attachment_delete($p_username, $p_password, $p_issue_attachment_id) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $t_bug_id = file_get_field($p_issue_attachment_id, 'bug_id'); # Perform access control checks $t_attachment_owner = file_get_field($p_issue_attachment_id, 'user_id'); $t_current_user_is_attachment_owner = $t_attachment_owner == $t_user_id; # Factor in allow_delete_own_attachments=ON|OFF if (!$t_current_user_is_attachment_owner || $t_current_user_is_attachment_owner && !config_get('allow_delete_own_attachments')) { # Check access against delete_attachments_threshold if (!access_has_bug_level(config_get('delete_attachments_threshold'), $t_bug_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } } return file_delete($p_issue_attachment_id, 'bug'); }
/** * Returns all the profiles for the user, including the global ones * * @param string $p_username The user's username. * @param string $p_password The user's password. * @param integer $p_page_number Page number. * @param integer $p_per_page Results per page. * @return mixed */ function mc_user_profiles_get_all($p_username, $p_password, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_results = array(); $t_start = max(array(0, $p_page_number - 1)) * $p_per_page; foreach (profile_get_all_for_user($t_user_id) as $t_profile_row) { $t_result = array('id' => $t_profile_row['id'], 'description' => $t_profile_row['description'], 'os' => $t_profile_row['os'], 'os_build' => $t_profile_row['os_build'], 'platform' => $t_profile_row['platform']); if ($t_profile_row['user_id'] != 0) { $t_result['user_id'] = mci_account_get_array_by_id($t_profile_row['user_id']); } $t_results[] = $t_result; } # the profile_api does not implement pagination in the backend, so we emulate it here # we can always push the pagination in the database, but this seems unlikely in the # near future, as the number of profiles is expected to be small $t_paged_results = array_slice($t_results, $t_start, $p_per_page); return array('total_results' => count($t_results), 'results' => $t_paged_results); }
/** * Get all issues header matching the ids. * * @param string $p_username The name of the user trying to access the filters. * @param string $p_password The password of the user. * @param IntegerArray $p_issue_ids Number of issues to display per page. * @return array that represents an IssueHeaderDataArray structure */ function mc_issues_get_header($p_username, $p_password, $p_issue_ids) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $t_lang = mci_get_user_lang($t_user_id); $t_result = array(); foreach ($p_issue_ids as $t_id) { if (mci_check_access_to_bug($t_user_id, $t_id) === false) { continue; } log_event(LOG_WEBSERVICE, 'getting details for issue \'' . $t_id . '\''); $t_issue_data = bug_get($t_id, true); $t_result[] = mci_issue_data_as_header_array($t_issue_data, $t_user_id, $t_lang); } return $t_result; }
/** * Get all issue ids matching the custom filter. * * @param string $p_username The name of the user trying to access the filters. * @param string $p_password The password of the user. * @param FilterSearchData $p_filter_search The custom filter. * @param integer $p_page_number Start with the given page number (zero-based). * @param integer $p_per_page Number of issues to display per page. * @return array that represents an IntegerArray structure */ function mc_filter_search_issue_ids($p_username, $p_password, $p_filter_search, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $t_rows = mci_filter_search_get_rows($t_user_id, $p_filter_search, $p_page_number, $p_per_page); $t_result = array(); foreach ($t_rows as $t_issue_data) { $t_result[] = $t_issue_data->id; } return $t_result; }
/** * Get the issue headers that match the specified filter and paging details. * * @param string $p_username The name of the user trying to access the filters. * @param string $p_password The password of the user. * @param integer $p_filter_id The id of the filter to apply. * @param integer $p_page_number Start with the given page number (zero-based) * @param integer $p_per_page Number of issues to display per page * @return Array that represents an IssueDataArray structure */ function mc_filter_get_issue_headers($p_username, $p_password, $p_project_id, $p_filter_id, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_orig_page_number = $p_page_number < 1 ? 1 : $p_page_number; $t_page_count = 0; $t_bug_count = 0; $t_filter = filter_db_get_filter($p_filter_id); $t_filter_detail = explode('#', $t_filter, 2); if (!isset($t_filter_detail[1])) { return SoapObjectsFactory::newSoapFault('Server', 'Invalid Filter'); } $t_filter = unserialize($t_filter_detail[1]); $t_filter = filter_ensure_valid_filter($t_filter); $t_result = array(); $t_rows = filter_get_bug_rows($p_page_number, $p_per_page, $t_page_count, $t_bug_count, $t_filter, $p_project_id); // the page number was moved back, so we have exceeded the actual page number, see bug #12991 if ($t_orig_page_number > $p_page_number) { return $t_result; } foreach ($t_rows as $t_issue_data) { $t_result[] = mci_issue_data_as_header_array($t_issue_data); } return $t_result; }
/** * Get appropriate users assigned to a project by access level. * * @param string $p_username The name of the user trying to access the versions. * @param string $p_password The password of the user. * @param integer $p_project_id The id of the project to retrieve the users for. * @param integer $p_access Minimum access level. * @return Array representing a ProjectAttachmentDataArray structure. */ function mc_project_get_users($p_username, $p_password, $p_project_id, $p_access) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $t_users = array(); $t_users = project_get_all_user_rows($p_project_id, $p_access); # handles ALL_PROJECTS case $t_display = array(); $t_sort = array(); $t_show_realname = ON == config_get('show_realname'); $t_sort_by_last_name = ON == config_get('sort_by_last_name'); foreach ($t_users as $t_user) { $t_user_name = string_attribute($t_user['username']); $t_sort_name = strtolower($t_user_name); if ($t_show_realname && $t_user['realname'] != "") { $t_user_name = string_attribute($t_user['realname']); if ($t_sort_by_last_name) { $t_sort_name_bits = explode(' ', strtolower($t_user_name), 2); $t_sort_name = (isset($t_sort_name_bits[1]) ? $t_sort_name_bits[1] . ', ' : '') . $t_sort_name_bits[0]; } else { $t_sort_name = strtolower($t_user_name); } } $t_display[] = $t_user_name; $t_sort[] = $t_sort_name; } array_multisort($t_sort, SORT_ASC, SORT_STRING, $t_users, $t_display); $t_result = array(); for ($i = 0; $i < count($t_sort); $i++) { $t_row = $t_users[$i]; // This is not very performant - But we have to assure that the data returned is exactly // the same as the data that comes with an issue (test for equality - $t_row[] does not // contain email fields). $t_result[] = mci_account_get_array_by_id($t_row['id']); } return $t_result; }
/** * Get an appropriate enumeration. (Should become an internal function.) * * @param string $p_username The name of the user trying to access the enumeration. * @param string $p_password The password of the user. * @param string $p_enumeration The enumeration to get. * @return string The requested enumeration. */ function mc_enum_get($p_username, $p_password, $p_enumeration) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return new soap_fault('Client', '', 'Access Denied'); } if (!mci_has_readonly_access($t_user_id)) { return new soap_fault('Client', '', 'Access Denied'); } $t_lang = mci_get_user_lang($t_user_id); return lang_get($p_enumeration . '_enum_string', $t_lang); }
/** * Get the issue headers that match the specified filter and paging details. * * @param string $p_username The name of the user trying to access the filters. * @param string $p_password The password of the user. * @param integer $p_filter_id The id of the filter to apply. * @param integer $p_page_number Start with the given page number (zero-based) * @param integer $p_per_page Number of issues to display per page * @return Array that represents an IssueDataArray structure */ function mc_filter_get_issue_headers($p_username, $p_password, $p_project_id, $p_filter_id, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_page_count = 0; $t_bug_count = 0; $t_filter = filter_db_get_filter($p_filter_id); $t_filter_detail = explode('#', $t_filter, 2); if (!isset($t_filter_detail[1])) { return new soap_fault('Server', '', 'Invalid Filter'); } $t_filter = unserialize($t_filter_detail[1]); $t_filter = filter_ensure_valid_filter($t_filter); $t_result = array(); $t_rows = filter_get_bug_rows($p_page_number, $p_per_page, $t_page_count, $t_bug_count, $t_filter, $p_project_id); foreach ($t_rows as $t_issue_data) { $t_id = $t_issue_data->id; $t_issue = array(); $t_issue['id'] = $t_id; $t_issue['view_state'] = $t_issue_data->view_state; $t_issue['last_updated'] = timestamp_to_iso8601($t_issue_data->last_updated); $t_issue['project'] = $t_issue_data->project_id; $t_issue['category'] = mci_get_category($t_issue_data->category_id); $t_issue['priority'] = $t_issue_data->priority; $t_issue['severity'] = $t_issue_data->severity; $t_issue['status'] = $t_issue_data->status; $t_issue['reporter'] = $t_issue_data->reporter_id; $t_issue['summary'] = $t_issue_data->summary; if (!empty($t_issue_data->handler_id)) { $t_issue['handler'] = $t_issue_data->handler_id; } $t_issue['resolution'] = $t_issue_data->resolution; $t_issue['attachments_count'] = count(mci_issue_get_attachments($t_issue_data->id)); $t_issue['notes_count'] = count(mci_issue_get_notes($t_issue_data->id)); $t_result[] = $t_issue; } return $t_result; }
/** * Log a checkin event on the issue * * @param string $p_username The name of the user trying to access the issue. * @param string $p_password The password of the user. * @param integer $p_issue_id The id of the issue to log a checkin. * @param string $p_comment The comment to add * @param boolean $p_fixed True if the issue is to be set to fixed * @return boolean true success, false otherwise. */ function mc_issue_checkin($p_username, $p_password, $p_issue_id, $p_comment, $p_fixed) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return new soap_fault('Client', '', 'Access Denied'); } if (!bug_exists($p_issue_id)) { return new soap_fault('Client', '', "Issue '{$p_issue_id}' not found."); } $t_project_id = bug_get_field($p_issue_id, 'project_id'); if (!mci_has_readwrite_access($t_user_id, $t_project_id)) { return new soap_fault('Client', '', 'Access Denied'); } helper_call_custom_function('checkin', array($p_issue_id, $p_comment, '', '', $p_fixed)); return true; }
/** * Log a checkin event on the issue * * @param string $p_username The name of the user trying to access the issue. * @param string $p_password The password of the user. * @param integer $p_issue_id The id of the issue to log a checkin. * @param string $p_comment The comment to add * @param boolean $p_fixed True if the issue is to be set to fixed * @return boolean true success, false otherwise. */ function mc_issue_checkin($p_username, $p_password, $p_issue_id, $p_comment, $p_fixed) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!bug_exists($p_issue_id)) { return SoapObjectsFactory::newSoapFault('Client', "Issue '{$p_issue_id}' not found."); } $t_project_id = bug_get_field($p_issue_id, 'project_id'); $g_project_override = $t_project_id; if (!mci_has_readwrite_access($t_user_id, $t_project_id)) { return mci_soap_fault_access_denied($t_user_id); } helper_call_custom_function('checkin', array($p_issue_id, $p_comment, '', '', $p_fixed)); return true; }
/** * Validates that the user has access to the enumeration values * * @param string $p_username * @param string $p_password * @return boolean true if the user has access, false otherwise */ function mci_validate_enum_access($p_username, $p_password) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return false; } if (!mci_has_readonly_access($t_user_id)) { return false; } return true; }
/** * Delete the relationship with the specified target id. * * @param string $p_username The name of the user trying to add a note to an issue. * @param string $p_password The password of the user. * @param integer $p_issue_id The id of the source issue for the relationship * @param integer $p_relationship_id The id of relationship to delete. * @return true: success, false: failure */ function mc_issue_relationship_delete( $p_username, $p_password, $p_issue_id, $p_relationship_id ) { $t_user_id = mci_check_login( $p_username, $p_password ); if( $t_user_id === false ) { return mci_soap_fault_login_failed(); } $t_project_id = bug_get_field( $p_issue_id, 'project_id' ); if( !mci_has_readwrite_access( $t_user_id, $t_project_id ) ) { return mci_soap_fault_access_denied( $t_user_id ); } # user has access to update the bug... if( !access_has_bug_level( config_get( 'update_bug_threshold' ), $p_issue_id, $t_user_id ) ) { return mci_soap_fault_access_denied( $t_user_id , "Active user does not have access level required to remove a relationship from this issue." ); } # bug is not read-only... if( bug_is_readonly( $p_issue_id ) ) { return mci_soap_fault_access_denied( $t_user_id , "Issue '$p_issue_id' is readonly." ); } # retrieve the destination bug of the relationship $t_dest_issue_id = relationship_get_linked_bug_id( $p_relationship_id, $p_issue_id ); # user can access to the related bug at least as viewer, if it's exist... if( bug_exists( $t_dest_issue_id ) ) { if( !access_has_bug_level( VIEWER, $t_dest_issue_id, $t_user_id ) ) { return mci_soap_fault_access_denied( $t_user_id , "The issue '$t_dest_issue_id' requires higher access level." ); } } $t_bug_relationship_data = relationship_get( $p_relationship_id ); $t_rel_type = $t_bug_relationship_data->type; # delete relationship from the DB relationship_delete( $p_relationship_id ); # update bug last updated bug_update_date( $p_issue_id ); bug_update_date ( $t_dest_issue_id ); # set the rel_type for both bug and dest_bug based on $t_rel_type and on who is the dest bug if( $p_issue_id == $t_bug_relationship_data->src_bug_id ) { $t_bug_rel_type = $t_rel_type; $t_dest_bug_rel_type = relationship_get_complementary_type( $t_rel_type ); } else { $t_bug_rel_type = relationship_get_complementary_type( $t_rel_type ); $t_dest_bug_rel_type = $t_rel_type; } # send email and update the history for the src issue history_log_event_special( $p_issue_id, BUG_DEL_RELATIONSHIP, $t_bug_rel_type, $t_dest_issue_id ); email_relationship_deleted( $p_issue_id, $t_dest_issue_id, $t_bug_rel_type ); if( bug_exists( $t_dest_issue_id ) ) { # send email and update the history for the dest issue history_log_event_special( $t_dest_issue_id, BUG_DEL_RELATIONSHIP, $t_dest_bug_rel_type, $p_issue_id ); email_relationship_deleted( $t_dest_issue_id, $p_issue_id, $t_dest_bug_rel_type ); } return true; }