/** * Get the value for the specified user preference. * * @param string $p_username The user's username * @param string $p_password The user's password * @param int $p_project_id Project ID (0 = ALL_PROJECTS (mantisbt/core/constant_inc.php)) * @param string $p_pref_name The name of the preference * @return string $t_user_pref The requested preference value */ function mc_user_pref_get_pref($p_username, $p_password, $p_project_id, $p_pref_name) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } return user_pref_get_pref($t_user_id, $p_pref_name, $p_project_id); }
/** * Delete an issue attachment given its id. * * @param string $p_username The name of the user trying to add an attachment to an issue. * @param string $p_password The password of the user. * @param integer $p_issue_attachment_id The id of the attachment to be deleted. * @return true: success, false: failure */ function mc_issue_attachment_delete( $p_username, $p_password, $p_issue_attachment_id ) { $t_user_id = mci_check_login( $p_username, $p_password ); if( $t_user_id === false ) { return mci_soap_fault_login_failed(); } $t_bug_id = file_get_field( $p_issue_attachment_id, 'bug_id' ); if( !access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id, $t_user_id ) ) { return mci_soap_fault_access_denied( $t_user_id ); } return file_delete( $p_issue_attachment_id, 'bug' ); }
function mc_config_get_string($p_username, $p_password, $p_config_var) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } if (config_is_private($p_config_var)) { return SoapObjectsFactory::newSoapFault('Client', "Access to '{$p_config_var}' is denied"); } if (!config_is_set($p_config_var)) { return SoapObjectsFactory::newSoapFault('Client', "Config '{$p_config_var}' is undefined"); } return config_get($p_config_var); }
/** * Delete an issue attachment given its id. * * @param string $p_username The name of the user trying to add an attachment to an issue. * @param string $p_password The password of the user. * @param integer $p_issue_attachment_id The id of the attachment to be deleted. * @return true: success, false: failure */ function mc_issue_attachment_delete($p_username, $p_password, $p_issue_attachment_id) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $t_bug_id = file_get_field($p_issue_attachment_id, 'bug_id'); # Perform access control checks $t_attachment_owner = file_get_field($p_issue_attachment_id, 'user_id'); $t_current_user_is_attachment_owner = $t_attachment_owner == $t_user_id; # Factor in allow_delete_own_attachments=ON|OFF if (!$t_current_user_is_attachment_owner || $t_current_user_is_attachment_owner && !config_get('allow_delete_own_attachments')) { # Check access against delete_attachments_threshold if (!access_has_bug_level(config_get('delete_attachments_threshold'), $t_bug_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } } return file_delete($p_issue_attachment_id, 'bug'); }
/** * Returns all the profiles for the user, including the global ones * * @param string $p_username The user's username. * @param string $p_password The user's password. * @param integer $p_page_number Page number. * @param integer $p_per_page Results per page. * @return mixed */ function mc_user_profiles_get_all($p_username, $p_password, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_results = array(); $t_start = max(array(0, $p_page_number - 1)) * $p_per_page; foreach (profile_get_all_for_user($t_user_id) as $t_profile_row) { $t_result = array('id' => $t_profile_row['id'], 'description' => $t_profile_row['description'], 'os' => $t_profile_row['os'], 'os_build' => $t_profile_row['os_build'], 'platform' => $t_profile_row['platform']); if ($t_profile_row['user_id'] != 0) { $t_result['user_id'] = mci_account_get_array_by_id($t_profile_row['user_id']); } $t_results[] = $t_result; } # the profile_api does not implement pagination in the backend, so we emulate it here # we can always push the pagination in the database, but this seems unlikely in the # near future, as the number of profiles is expected to be small $t_paged_results = array_slice($t_results, $t_start, $p_per_page); return array('total_results' => count($t_results), 'results' => $t_paged_results); }
/** * Returns the attachment contents * * @param int $p_file_id * @param string $p_type The file type, bug or doc * @param int $p_user_id * @return string|soap_fault the string contents, or a soap_fault */ function mci_file_get($p_file_id, $p_type, $p_user_id) { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ($p_type) { case 'bug': $t_bug_file_table = db_get_table('bug_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'"; break; case 'doc': $t_project_file_table = db_get_table('project_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'"; break; default: return new soap_fault('Server', '', 'Invalid file type ' . $p_type . ' .'); } $result = db_query($query); if ($result->EOF) { return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } $row = db_fetch_array($result); if ($p_type == 'doc') { $t_project_id = $row['project_id']; } else { if ($p_type == 'bug') { $t_bug_id = $row['bug_id']; $t_project_id = bug_get_field($t_bug_id, 'project_id'); } } $t_diskfile = file_normalize_attachment_path($row['diskfile'], $t_project_id); $t_content = $row['content']; # Check access rights switch ($p_type) { case 'bug': if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { return mci_soap_fault_access_denied($p_user_id); } if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; } # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } case FTP: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_diskfile, $t_diskfile); file_ftp_disconnect($ftp); return mci_file_read_local($t_diskfile); } default: return $t_content; } }
function mc_project_get_issue_headers($p_username, $p_password, $p_project_id, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!project_exists($p_project_id)) { return new soap_fault('Client', '', "Project '{$p_project_id}' does not exist."); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_page_count = 0; $t_bug_count = 0; $t_rows = filter_get_bug_rows($p_page_number, $p_per_page, $t_page_count, $t_bug_count, null, $p_project_id); $t_result = array(); foreach ($t_rows as $t_issue_data) { $t_id = $t_issue_data->id; $t_issue = array(); $t_issue['id'] = $t_id; $t_issue['view_state'] = $t_issue_data->view_state; $t_issue['last_updated'] = timestamp_to_iso8601($t_issue_data->last_updated); $t_issue['project'] = $t_issue_data->project_id; $t_issue['category'] = mci_get_category($t_issue_data->category_id); $t_issue['priority'] = $t_issue_data->priority; $t_issue['severity'] = $t_issue_data->severity; $t_issue['status'] = $t_issue_data->status; $t_issue['reporter'] = $t_issue_data->reporter_id; $t_issue['summary'] = $t_issue_data->summary; if (!empty($t_issue_data->handler_id)) { $t_issue['handler'] = $t_issue_data->handler_id; } $t_issue['resolution'] = $t_issue_data->resolution; $t_issue['attachments_count'] = count(mci_issue_get_attachments($t_issue_data->id)); $t_issue['notes_count'] = count(mci_issue_get_notes($t_issue_data->id)); $t_result[] = $t_issue; } return $t_result; }
/** * * Deletes a tag * * @param string $p_username The user's username * @param string $p_password The user's password * @param unknown_type $p_tag_id * @param int $p_tag_id The id of the tag * @return soap_fault|boolean */ function mc_tag_delete($p_username, $p_password, $p_tag_id) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!access_has_global_level(config_get('tag_edit_threshold'))) { return mci_soap_fault_access_denied($t_user_id); } if (!tag_exists($p_tag_id)) { return SoapObjectsFactory::newSoapFault('Client', 'No tag with id ' . $p_tag_id); } return tag_delete($p_tag_id); }
/** * Delete the relationship with the specified target id. * * @param string $p_username The name of the user trying to add a note to an issue. * @param string $p_password The password of the user. * @param integer $p_issue_id The id of the source issue for the relationship. * @param integer $p_relationship_id The id of relationship to delete. * @return boolean true: success, false: failure */ function mc_issue_relationship_delete($p_username, $p_password, $p_issue_id, $p_relationship_id) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $t_project_id = bug_get_field($p_issue_id, 'project_id'); $g_project_override = $t_project_id; if (!mci_has_readwrite_access($t_user_id, $t_project_id)) { return mci_soap_fault_access_denied($t_user_id); } # user has access to update the bug... if (!access_has_bug_level(config_get('update_bug_threshold'), $p_issue_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id, 'Active user does not have access level required to remove a relationship from this issue.'); } # bug is not read-only... if (bug_is_readonly($p_issue_id)) { return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $p_issue_id . '\' is readonly.'); } # retrieve the destination bug of the relationship $t_dest_issue_id = relationship_get_linked_bug_id($p_relationship_id, $p_issue_id); # user can access to the related bug at least as viewer, if it's exist... if (bug_exists($t_dest_issue_id)) { if (!access_has_bug_level(config_get('view_bug_threshold', null, null, $t_project_id), $t_dest_issue_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id, 'The issue \'' . $t_dest_issue_id . '\' requires higher access level.'); } } $t_bug_relationship_data = relationship_get($p_relationship_id); $t_rel_type = $t_bug_relationship_data->type; # delete relationship from the DB log_event(LOG_WEBSERVICE, 'deleting relationship id \'' . $p_relationship_id . '\''); relationship_delete($p_relationship_id); # update bug last updated bug_update_date($p_issue_id); bug_update_date($t_dest_issue_id); # set the rel_type for both bug and dest_bug based on $t_rel_type and on who is the dest bug if ($p_issue_id == $t_bug_relationship_data->src_bug_id) { $t_bug_rel_type = $t_rel_type; $t_dest_bug_rel_type = relationship_get_complementary_type($t_rel_type); } else { $t_bug_rel_type = relationship_get_complementary_type($t_rel_type); $t_dest_bug_rel_type = $t_rel_type; } # send email and update the history for the src issue history_log_event_special($p_issue_id, BUG_DEL_RELATIONSHIP, $t_bug_rel_type, $t_dest_issue_id); email_relationship_deleted($p_issue_id, $t_dest_issue_id, $t_bug_rel_type); if (bug_exists($t_dest_issue_id)) { # send email and update the history for the dest issue history_log_event_special($t_dest_issue_id, BUG_DEL_RELATIONSHIP, $t_dest_bug_rel_type, $p_issue_id); email_relationship_deleted($t_dest_issue_id, $p_issue_id, $t_dest_bug_rel_type); } return true; }
/** * Get all issue rows matching the custom filter. * * @param integer $p_user_id The user id. * @param FilterSearchData $p_filter_search The custom filter. * @param integer $p_page_number Start with the given page number (zero-based). * @param integer $p_per_page Number of issues to display per page. * @return array of issue rows */ function mci_filter_search_get_rows($p_user_id, $p_filter_search, $p_page_number, $p_per_page) { global $g_soap_api_to_filter_names; // object to array if (is_object($p_filter_search)) { $p_filter_search = get_object_vars($p_filter_search); } $t_project_id = array(); if (isset($p_filter_search['project_id'])) { // check access right to all projects foreach ($p_filter_search['project_id'] as $t_id) { if (mci_has_readonly_access($p_user_id, $t_id)) { $t_project_id[] = $t_id; } else { error_log('User: '******' has not access right to project: ' . $t_id . '.'); } } // user has not access right to any project if (count($t_project_id) < 1) { return mci_soap_fault_access_denied($p_user_id); } } else { if (!mci_has_readonly_access($p_user_id, ALL_PROJECTS)) { return mci_soap_fault_access_denied($p_user_id); } $t_project_id = array(ALL_PROJECTS); } $t_filter = array('_view_type' => 'advanced'); $t_filter['project_id'] = $t_project_id; // default fields foreach ($g_soap_api_to_filter_names as $t_soap_name => $t_filter_name) { if (isset($p_filter_search[$t_soap_name])) { $t_value = $p_filter_search[$t_soap_name]; $t_filter[$t_filter_name] = $t_value; } } // custom fields if (isset($p_filter_search['custom_fields'])) { foreach ($p_filter_search['custom_fields'] as $t_custom_field) { // object to array if (is_object($t_custom_field)) { $t_custom_field = get_object_vars($t_custom_field); } $t_field = $t_custom_field['field']; if (is_object($t_field)) { $t_field = get_object_vars($t_field); } // if is set custom_field's id, use it primary if (isset($t_field['id'])) { $t_custom_field_id = $t_field['id']; } else { $t_custom_field_id = custom_field_get_id_from_name($t_field['name']); } $t_value = $t_custom_field['value']; $t_filter['custom_fields'][$t_custom_field_id] = $t_value; } } $t_filter = filter_ensure_valid_filter($t_filter); $t_result = array(); $t_page_number = $p_page_number < 1 ? 1 : $p_page_number; $t_page_count = 0; $t_bug_count = 0; return filter_get_bug_rows($t_page_number, $p_per_page, $t_page_count, $t_bug_count, $t_filter); }
/** * Get Issue Headers * @param string $p_username The name of the user trying to access the versions. * @param string $p_password The password of the user. * @param integer $p_project_id The id of the project to retrieve the attachments for. * @param integer $p_page_number Page number. * @param integer $p_per_page Per page. * @return mixed */ function mc_project_get_issue_headers($p_username, $p_password, $p_project_id, $p_page_number, $p_per_page) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if ($p_project_id != ALL_PROJECTS && !project_exists($p_project_id)) { return SoapObjectsFactory::newSoapFault('Client', 'Project \'' . $p_project_id . '\' does not exist.'); } $g_project_override = $p_project_id; if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_orig_page_number = $p_page_number < 1 ? 1 : $p_page_number; $t_page_count = 0; $t_bug_count = 0; $t_rows = filter_get_bug_rows($p_page_number, $p_per_page, $t_page_count, $t_bug_count, null, $p_project_id); $t_result = array(); # the page number was moved back, so we have exceeded the actual page number, see bug #12991 if ($t_orig_page_number > $p_page_number) { return $t_result; } foreach ($t_rows as $t_issue_data) { $t_result[] = mci_issue_data_as_header_array($t_issue_data); } return $t_result; }
/** * Get the issue headers that match the specified filter and paging details. * * @param string $p_username The name of the user trying to access the filters. * @param string $p_password The password of the user. * @param integer $p_filter_id The id of the filter to apply. * @param integer $p_page_number Start with the given page number (zero-based) * @param integer $p_per_page Number of issues to display per page * @return Array that represents an IssueDataArray structure */ function mc_filter_get_issue_headers($p_username, $p_password, $p_project_id, $p_filter_id, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_orig_page_number = $p_page_number < 1 ? 1 : $p_page_number; $t_page_count = 0; $t_bug_count = 0; $t_filter = filter_db_get_filter($p_filter_id); $t_filter_detail = explode('#', $t_filter, 2); if (!isset($t_filter_detail[1])) { return SoapObjectsFactory::newSoapFault('Server', 'Invalid Filter'); } $t_filter = unserialize($t_filter_detail[1]); $t_filter = filter_ensure_valid_filter($t_filter); $t_result = array(); $t_rows = filter_get_bug_rows($p_page_number, $p_per_page, $t_page_count, $t_bug_count, $t_filter, $p_project_id); // the page number was moved back, so we have exceeded the actual page number, see bug #12991 if ($t_orig_page_number > $p_page_number) { return $t_result; } foreach ($t_rows as $t_issue_data) { $t_result[] = mci_issue_data_as_header_array($t_issue_data); } return $t_result; }
/** * Returns the attachment contents * * @param integer $p_file_id File identifier. * @param string $p_type The file type, bug or doc. * @param integer $p_user_id A valid user identifier. * @return string|soap_fault the string contents, or a soap_fault */ function mci_file_get($p_file_id, $p_type, $p_user_id) { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $t_query = ''; switch ($p_type) { case 'bug': $t_query = 'SELECT * FROM {bug_file} WHERE id=' . db_param(); break; case 'doc': $t_query = 'SELECT * FROM {project_file} WHERE id=' . db_param(); break; default: return SoapObjectsFactory::newSoapFault('Server', 'Invalid file type ' . $p_type . ' .'); } $t_result = db_query($t_query, array($p_file_id)); if ($t_result->EOF) { return SoapObjectsFactory::newSoapFault('Client', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } $t_row = db_fetch_array($t_result); if ($p_type == 'doc') { $t_project_id = $t_row['project_id']; } else { if ($p_type == 'bug') { $t_bug_id = $t_row['bug_id']; $t_project_id = bug_get_field($t_bug_id, 'project_id'); } } $t_diskfile = file_normalize_attachment_path($t_row['diskfile'], $t_project_id); $t_content = $t_row['content']; # Check access rights switch ($p_type) { case 'bug': if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { return mci_soap_fault_access_denied($p_user_id); } if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; } # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { return SoapObjectsFactory::newSoapFault('Client', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } case DATABASE: return $t_content; default: trigger_error(ERROR_GENERIC, ERROR); } }
/** * Get the issue headers that match the specified filter and paging details. * * @param string $p_username The name of the user trying to access the filters. * @param string $p_password The password of the user. * @param integer $p_filter_id The id of the filter to apply. * @param integer $p_page_number Start with the given page number (zero-based) * @param integer $p_per_page Number of issues to display per page * @return Array that represents an IssueDataArray structure */ function mc_filter_get_issue_headers($p_username, $p_password, $p_project_id, $p_filter_id, $p_page_number, $p_per_page) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_page_count = 0; $t_bug_count = 0; $t_filter = filter_db_get_filter($p_filter_id); $t_filter_detail = explode('#', $t_filter, 2); if (!isset($t_filter_detail[1])) { return new soap_fault('Server', '', 'Invalid Filter'); } $t_filter = unserialize($t_filter_detail[1]); $t_filter = filter_ensure_valid_filter($t_filter); $t_result = array(); $t_rows = filter_get_bug_rows($p_page_number, $p_per_page, $t_page_count, $t_bug_count, $t_filter, $p_project_id); foreach ($t_rows as $t_issue_data) { $t_id = $t_issue_data->id; $t_issue = array(); $t_issue['id'] = $t_id; $t_issue['view_state'] = $t_issue_data->view_state; $t_issue['last_updated'] = timestamp_to_iso8601($t_issue_data->last_updated); $t_issue['project'] = $t_issue_data->project_id; $t_issue['category'] = mci_get_category($t_issue_data->category_id); $t_issue['priority'] = $t_issue_data->priority; $t_issue['severity'] = $t_issue_data->severity; $t_issue['status'] = $t_issue_data->status; $t_issue['reporter'] = $t_issue_data->reporter_id; $t_issue['summary'] = $t_issue_data->summary; if (!empty($t_issue_data->handler_id)) { $t_issue['handler'] = $t_issue_data->handler_id; } $t_issue['resolution'] = $t_issue_data->resolution; $t_issue['attachments_count'] = count(mci_issue_get_attachments($t_issue_data->id)); $t_issue['notes_count'] = count(mci_issue_get_notes($t_issue_data->id)); $t_result[] = $t_issue; } return $t_result; }
/** * Log a checkin event on the issue * * @param string $p_username The name of the user trying to access the issue. * @param string $p_password The password of the user. * @param integer $p_issue_id The id of the issue to log a checkin. * @param string $p_comment The comment to add * @param boolean $p_fixed True if the issue is to be set to fixed * @return boolean true success, false otherwise. */ function mc_issue_checkin($p_username, $p_password, $p_issue_id, $p_comment, $p_fixed) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!bug_exists($p_issue_id)) { return SoapObjectsFactory::newSoapFault('Client', "Issue '{$p_issue_id}' not found."); } $t_project_id = bug_get_field($p_issue_id, 'project_id'); $g_project_override = $t_project_id; if (!mci_has_readwrite_access($t_user_id, $t_project_id)) { return mci_soap_fault_access_denied($t_user_id); } helper_call_custom_function('checkin', array($p_issue_id, $p_comment, '', '', $p_fixed)); return true; }