function reportBugFormTop($p_event, $p_project_id)
{
# allow to change reporter_id (if access level is higher than defined)
$t_user_id = auth_get_current_user_id();
$t_access_level = user_get_access_level($t_user_id, $p_project_id);
if ($t_access_level >= plugin_config_get('select_threshold')) {
?>
<tr <?php
echo helper_alternate_class();
?>
>
<td class="category" width="30%">
<?php
echo lang_get('reporter');
?>
</td>
<td width="70%">
<select <?php
echo helper_get_tab_index();
?>
name="reporter_id">
<?php
print_reporter_option_list($t_user_id, $p_project_id);
?>
</select>
</td>
</tr>
<?php
}
}
function footer()
{
$t_project_id = helper_get_current_project();
$t_user_id = auth_get_current_user_id();
$t_user_has_level = user_get_access_level($t_user_id, $t_project_id) >= plugin_config_get('BackgroundImageAccessLevel', PLUGINS_BACKGROUNDIMAGEVIEW_THRESHOLD_LEVEL_DEFAULT);
if (plugin_config_get('ShowInFooter') == 1 && $t_user_has_level) {
return '<address>' . $this->name . ' ' . $this->version . ' Copyright © 2015 by <a href="mailto://' . $this->contact . '">' . $this->author . '</a></address>';
}
return null;
}
function add_columns()
{
$t_project_id = helper_get_current_project();
$t_user_id = auth_get_current_user_id();
$t_user_has_level = user_get_access_level($t_user_id, $t_project_id) >= plugin_config_get('RelationshipColumnAccessLevel', PLUGINS_RELATIONSHIPCOLUMNVIEW_THRESHOLD_LEVEL_DEFAULT);
$t_result = array();
if (plugin_config_get('ShowRelationshipColumn') == gpc_get_int('ShowRelationshipColumn', ON) && $t_user_has_level) {
if ('1.2.' == substr(MANTIS_VERSION, 0, 4)) {
require_once 'classes' . DIRECTORY_SEPARATOR . 'RelationshipColumn.class.1.2.0.php';
} else {
require_once 'classes' . DIRECTORY_SEPARATOR . 'RelationshipColumn.class.1.3.0.php';
}
$t_result[] = 'RelationshipColumn';
}
return $t_result;
}
public function get($request)
{
/*
* Returns a Response with a representation of the note list.
*
* @param $request - The Request we're responding to
*/
$this->bug_id = BugnoteList::get_bug_id_from_url($request->url);
# Access checking and note gathering is based on Mantis's
# email_build_visible_bug_data().
$project_id = bug_get_field($this->bug_id, 'project_id');
$user_id = auth_get_current_user_id();
$access_level = user_get_access_level($user_id, $project_id);
if (!access_has_bug_level(VIEWER, $this->bug_id)) {
throw new HTTPException(403, "Access denied");
}
$visible_notes = bugnote_get_all_visible_bugnotes($this->bug_id, $access_level, 'ASC', 0);
$visible_note_ids = array();
foreach ($visible_notes as $n) {
$visible_note_ids[] = (int) $n->id;
}
# Apply conditions and sorts
$sql_to_add = $this->_build_sql_from_querystring($request->query);
$note_ids = array();
if ($sql_to_add) {
$mantis_bugnote_table = config_get('mantis_bugnote_table');
$query = "SELECT n.id FROM {$mantis_bugnote_table} n {$sql_to_add};";
$result = db_query($query);
foreach ($result as $r) {
if (in_array((int) $r[0], $visible_note_ids)) {
$note_ids[] = (int) $r[0];
}
}
} else {
$note_ids = $visible_note_ids;
}
$this->rsrc_data = array();
$this->rsrc_data['results'] = array();
foreach ($note_ids as $n) {
$config = get_config();
$this->rsrc_data['results'][] = Bugnote::get_url_from_mantis_id($n);
}
$resp = new Response();
$resp->status = 200;
$resp->body = $this->_repr($request);
return $resp;
}
function menu()
{
if (plugin_config_get('show_menu')) {
require_once __DIR__ . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'wmApi.php';
$projectId = helper_get_current_project();
$userId = auth_get_current_user_id();
$userAccessLevel = user_get_access_level($userId, $projectId);
$whiteboardPlugins = wmApi::getWhiteboardPlugins();
$showMenu = false;
foreach ($whiteboardPlugins as $whiteboardPlugin) {
$pluginAccessLevel = $whiteboardPlugin[2];
if (user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) {
$showMenu = true;
break;
}
}
if ($showMenu) {
return '<a href="' . plugin_page('whiteboard_menu') . '">' . plugin_lang_get('menu_title') . '</a>';
}
}
return null;
}
function print_users_in_group_option_list($usergroup_id)
{
if (plugin_config_get('assign_to_groups', '') == 1 && plugin_config_get('assign_group_threshold', '') <= user_get_access_level(auth_get_current_user_id())) {
$show_groups = 1;
} else {
$show_groups = 0;
}
$t_table_users = plugin_table('users');
$t_user_table = db_get_table('mantis_user_table');
$query = "SELECT * FROM (";
$query .= " SELECT u.id, u.username, u.realname, ug.group_user_id";
$query .= " FROM {$t_user_table} AS u";
$query .= " LEFT JOIN {$t_table_users} AS ug ON (u.id=ug.user)";
//if( plugin_config_get('assign_to_groups', '') == 0 || plugin_config_get('assign_group_threshold','') > user_get_access_level( auth_get_current_user_id() ) )
if ($show_groups == 0) {
$query .= " WHERE u.username NOT LIKE " . db_param();
}
$query .= ") AS t1 WHERE group_user_id=" . db_param() . " OR group_user_id IS NULL ORDER BY username ASC";
if ($show_groups == 0) {
$result = db_query_bound($query, array(plugin_config_get('group_prefix') . '%', (int) $usergroup_id));
} else {
$result = db_query_bound($query, array((int) $usergroup_id));
}
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
if ($row['id'] == $usergroup_id) {
continue;
//usergroup must not be nested with itself
}
echo '<option value="' . $row['id'] . '" ';
if (!is_null($row['group_user_id'])) {
echo 'selected="selected"';
} else {
echo '';
}
echo '>' . $row['username'] . '</option>';
}
}
/**
* print menu entrys for each plugin
*/
public static function printWhiteboardMenu()
{
$projectId = helper_get_current_project();
$userId = auth_get_current_user_id();
$userAccessLevel = user_get_access_level($userId, $projectId);
$whiteboardPlugins = self::getWhiteboardPlugins();
$whiteboardPluginCount = count($whiteboardPlugins);
echo '<div class="table">';
for ($index = 0; $index < $whiteboardPluginCount; $index++) {
$whiteboardPlugin = $whiteboardPlugins[$index];
$plugin = $whiteboardPlugin[1];
$pluginAccessLevel = $whiteboardPlugin[2];
$pluginShowMenu = $whiteboardPlugin[3];
if ((user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) && $pluginShowMenu == 1) {
if ($index > 0) {
echo '<div class="item"> | </div>';
}
$pluginLink = $whiteboardPlugin[4];
echo '<div class="item"><a href="' . $pluginLink . '">' . plugin_lang_get('menu_title', $plugin) . '</a></div>';
}
}
echo '</div>';
}
/**
* Build the bugnotes array for the given bug_id filtered by specified $p_user_access_level.
* Bugnotes are sorted by date_submitted according to 'bugnote_order' configuration setting.
* Return BugnoteData class object with raw values from the tables except the field
* last_modified - it is UNIX_TIMESTAMP.
* @param int $p_bug_id bug id
* @param int $p_user_bugnote_order sort order
* @param int $p_user_bugnote_limit number of bugnotes to display to user
* @param int $p_user_id user id
* @return array array of bugnotes
* @access public
*/
function bugnote_get_all_visible_bugnotes($p_bug_id, $p_user_bugnote_order, $p_user_bugnote_limit, $p_user_id = null)
{
if ($p_user_id === null) {
$t_user_id = auth_get_current_user_id();
} else {
$t_user_id = $p_user_id;
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_user_access_level = user_get_access_level($t_user_id, $t_project_id);
$t_all_bugnotes = bugnote_get_all_bugnotes($p_bug_id);
$t_private_bugnote_threshold = config_get('private_bugnote_threshold');
$t_private_bugnote_visible = access_compare_level($t_user_access_level, config_get('private_bugnote_threshold'));
$t_time_tracking_visible = access_compare_level($t_user_access_level, config_get('time_tracking_view_threshold'));
$t_bugnotes = array();
$t_bugnote_count = count($t_all_bugnotes);
$t_bugnote_limit = $p_user_bugnote_limit > 0 ? $p_user_bugnote_limit : $t_bugnote_count;
$t_bugnotes_found = 0;
# build a list of the latest bugnotes that the user can see
for ($i = 0; $i < $t_bugnote_count && $t_bugnotes_found < $t_bugnote_limit; $i++) {
$t_bugnote = array_pop($t_all_bugnotes);
if ($t_private_bugnote_visible || $t_bugnote->reporter_id == $t_user_id || VS_PUBLIC == $t_bugnote->view_state) {
# If the access level specified is not enough to see time tracking information
# then reset it to 0.
if (!$t_time_tracking_visible) {
$t_bugnote->time_tracking = 0;
}
$t_bugnotes[$t_bugnotes_found++] = $t_bugnote;
}
}
# reverse the list for users with ascending view preferences
if ('ASC' == $p_user_bugnote_order) {
$t_bugnotes = array_reverse($t_bugnotes);
}
return $t_bugnotes;
}
function project_add_user($p_project_id, $p_user_id, $p_access_level)
{
$t_project_user_list_table = config_get('mantis_project_user_list_table');
$c_project_id = db_prepare_int($p_project_id);
$c_user_id = db_prepare_int($p_user_id);
$c_access_level = db_prepare_int($p_access_level);
if (DEFAULT_ACCESS_LEVEL == $p_access_level) {
# Default access level for this user
$c_access_level = db_prepare_int(user_get_access_level($p_user_id));
}
$query = "INSERT\r\n\t\t\t\t INTO {$t_project_user_list_table}\r\n\t\t\t\t ( project_id, user_id, access_level )\r\n\t\t\t\t VALUES\r\n\t\t\t\t ( '{$c_project_id}', '{$c_user_id}', '{$c_access_level}')";
db_query($query);
# db_query errors on failure so:
return true;
}
* Created: 2008-01-05
* Last update: 2012-05-23
*
* @link http://deboutv.free.fr/mantis/
* @copyright
* @author Vincent DEBOUT <*****@*****.**>
* @author Jiri Hron <*****@*****.**>
*/
require_once 'core.php';
require_once 'bug_api.php';
html_page_top(plugin_lang_get('display_page_title'));
$t_user_id = auth_get_current_user_id();
$t_project_id = helper_get_current_project();
$t_releases = version_get_all_rows($t_project_id, 1);
$t_project_name = project_get_name($t_project_id);
$t_user_has_upload_level = user_get_access_level($t_user_id, $t_project_id) >= plugin_config_get('upload_threshold_level', PLUGINS_RELEASEMGT_UPLOAD_THRESHOLD_LEVEL_DEFAULT);
echo '<br /><span class="pagetitle">', string_display($t_project_name), ' - ', plugin_lang_get('display_page_title'), '</span><br /><br />';
foreach ($t_releases as $t_release) {
$t_prj_id = $t_release['project_id'];
$t_project_name = project_get_field($t_prj_id, 'name');
$t_release_title = string_display($t_project_name) . ' - ' . string_display($t_release['version']);
echo '<tt>' . $t_release_title . '<br />';
echo str_pad('', strlen($t_release_title), '='), '</tt><br /><br />';
$t_query = 'SELECT id, title, description FROM ' . plugin_table('file') . ' WHERE project_id=' . db_prepare_int($t_prj_id) . ' AND version_id=' . db_prepare_int($t_release['id']) . ' ORDER BY title ASC';
$t_result = db_query($t_query);
while ($t_row = db_fetch_array($t_result)) {
echo '- <a href="' . plugin_page('download') . '&id=' . $t_row['id'] . '" title="' . plugin_lang_get('download_link') . '">' . $t_row['title'] . '</a>';
if ($t_user_has_upload_level) {
echo ' ';
echo '- [ <a href="' . plugin_page('delete') . '&id=' . $t_row['id'] . '" onclick="return confirm(\'Are you sure?\');" title=" ' . lang_get('delete_link') . '">' . lang_get('delete_link') . '</a> ]';
}
/**
* Get history details about an issue.
*
* @param string $p_username The name of the user trying to access the issue.
* @param string $p_password The password of the user.
* @param integer $p_issue_id The id of the issue to retrieve.
* @return array that represents a HistoryDataArray structure
*/
function mc_issue_get_history($p_username, $p_password, $p_issue_id)
{
global $g_project_override;
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if (!bug_exists($p_issue_id)) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue does not exist');
}
$t_project_id = bug_get_field($p_issue_id, 'project_id');
if (!mci_has_readonly_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$g_project_override = $t_project_id;
if (!access_has_bug_level(config_get('view_bug_threshold', null, null, $t_project_id), $p_issue_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_user_access_level = user_get_access_level($t_user_id, $t_project_id);
if (!access_compare_level($t_user_access_level, config_get('view_history_threshold'))) {
return mci_soap_fault_access_denied($t_user_id);
}
log_event(LOG_WEBSERVICE, 'retrieving history for issue \'' . $p_issue_id . '\'');
$t_bug_history = history_get_raw_events_array($p_issue_id, $t_user_id);
return $t_bug_history;
}
/**
* Get all visible notes for a specific issue
*
* @param integer $p_issue_id The id of the issue to retrieve the notes for
* @return Array that represents an IssueNoteData structure
*/
function mci_issue_get_notes($p_issue_id)
{
$t_user_id = auth_get_current_user_id();
$t_lang = mci_get_user_lang($t_user_id);
$t_project_id = bug_get_field($p_issue_id, 'project_id');
$t_user_access_level = user_get_access_level($t_user_id, $t_project_id);
$t_user_bugnote_order = 'ASC';
// always get the notes in ascending order for consistency to the calling application.
$t_result = array();
foreach (bugnote_get_all_visible_bugnotes($p_issue_id, $t_user_access_level, $t_user_bugnote_order, 0) as $t_value) {
$t_bugnote = array();
$t_bugnote['id'] = $t_value->id;
$t_bugnote['reporter'] = mci_account_get_array_by_id($t_value->reporter_id);
$t_bugnote['date_submitted'] = timestamp_to_iso8601($t_value->date_submitted);
$t_bugnote['last_modified'] = timestamp_to_iso8601($t_value->last_modified);
$t_bugnote['text'] = $t_value->note;
$t_bugnote['view_state'] = mci_enum_get_array_by_id($t_value->view_state, 'view_state', $t_lang);
$t_result[] = $t_bugnote;
}
return $t_result;
}
function getUserHasLevel()
{
$project_id = helper_get_current_project();
$user_id = auth_get_current_user_id();
return user_get_access_level($user_id, $project_id) >= plugin_config_get('UserProjectAccessLevel', PLUGINS_USERPROJECTVIEW_THRESHOLD_LEVEL_DEFAULT);
}
/**
* Returns the access level of the current user in the current project
*
* @return access level code
* @access public
*/
function current_user_get_access_level()
{
return user_get_access_level(auth_get_current_user_id(), helper_get_current_project());
}
/**
* Print the option panel where the user manage user->project-assignments and the overall amount of issues
* for each status under the user table
*
* @param $stat_issue_count
*/
function print_option_panel($stat_issue_count)
{
global $print;
$user_has_level = false;
$project_ids = array();
$current_project_id = helper_get_current_project();
array_push($project_ids, $current_project_id);
$sub_project_ids = project_hierarchy_get_all_subprojects($current_project_id);
foreach ($sub_project_ids as $sub_project_id) {
array_push($project_ids, $sub_project_id);
}
foreach ($project_ids as $project_id) {
$access_level = user_get_access_level(auth_get_current_user_id(), $project_id);
if ($access_level >= plugin_config_get('UserProjectAccessLevel')) {
$user_has_level = true;
}
}
echo '<tr>' . PHP_EOL;
echo '<td colspan="' . userprojectapi::get_project_hierarchy_spec_colspan(6, true) . '">';
if (!$print) {
if ($user_has_level) {
echo '<label for="option"></label>';
echo '<select id="option" name="option">';
echo '<option value="removeSingle">' . plugin_lang_get('remove_selectSingle') . '</option>';
echo '<option value="removeAll">' . plugin_lang_get('remove_selectAll') . '</option>';
echo '</select>';
echo ' <input type="submit" name="formSubmit" class="button" value="' . lang_get('ok') . '"/>';
}
}
echo '</td>' . PHP_EOL;
for ($stat_index = 1; $stat_index <= userprojectapi::get_stat_count(); $stat_index++) {
echo '<td>' . $stat_issue_count[$stat_index] . '</td>' . PHP_EOL;
}
echo '<td></td>' . PHP_EOL;
echo '</tr>' . PHP_EOL;
}
function project_add_user($p_project_id, $p_user_id, $p_access_level)
{
$t_project_user_list_table = db_get_table('project_user_list');
$c_project_id = db_prepare_int($p_project_id);
$c_user_id = db_prepare_int($p_user_id);
$c_access_level = db_prepare_int($p_access_level);
if (DEFAULT_ACCESS_LEVEL == $p_access_level) {
# Default access level for this user
$c_access_level = db_prepare_int(user_get_access_level($p_user_id));
}
$query = "INSERT\n\t\t\t\t INTO {$t_project_user_list_table}\n\t\t\t\t ( project_id, user_id, access_level )\n\t\t\t\t VALUES\n\t\t\t\t ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ')';
db_query_bound($query, array($c_project_id, $c_user_id, $c_access_level));
# db_query errors on failure so:
return true;
}
/**
* Check with a user has administrative access to the webservice
* @param integer $p_user_id User id.
* @param integer $p_project_id Project Id ( Default All Projects ).
* @return boolean indicating whether user has the required access
*/
function mci_has_administrator_access($p_user_id, $p_project_id = ALL_PROJECTS)
{
$t_access_level = user_get_access_level($p_user_id, $p_project_id);
return $t_access_level >= config_get('webservice_admin_access_level_threshold');
}
<?php
/**
* ReleaseMgt plugin
*
* Original author Vincent DEBOUT
* modified for new Mantis plugin system by Jiri Hron
*
* Created: 2008-01-05
* Last update: 2012-05-23
*
* @link http://deboutv.free.fr/mantis/
* @copyright
* @author Vincent DEBOUT <*****@*****.**>
* @author Jiri Hron <*****@*****.**>
*/
require_once 'core.php';
require_once 'bug_api.php';
require_once 'releasemgt_api.php';
$t_id = gpc_get_int('id');
$t_current_user_id = auth_get_current_user_id();
if (user_get_access_level($t_current_user_id) < plugin_config_get('upload_threshold_level', PLUGINS_RELEASEMGT_UPLOAD_THRESHOLD_LEVEL_DEFAULT)) {
access_denied();
}
plugins_releasemgt_file_delete($t_id);
release_mgt_successful_redirect(plugin_page('releases', true));
/**
* add user with the specified access level to a project
* @param integer $p_project_id A project identifier.
* @param integer $p_user_id A valid user id identifier.
* @param integer $p_access_level The access level to add the user with.
* @return void
*/
function project_add_user($p_project_id, $p_user_id, $p_access_level)
{
$t_access_level = (int) $p_access_level;
if (DEFAULT_ACCESS_LEVEL == $t_access_level) {
# Default access level for this user
$t_access_level = user_get_access_level($p_user_id);
}
$t_query = 'INSERT INTO {project_user_list}
( project_id, user_id, access_level )
VALUES
( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')';
db_query($t_query, array((int) $p_project_id, (int) $p_user_id, $t_access_level));
}
*
* @uses check_api.php
* @uses config_api.php
* @uses user_api.php
*/
if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('user_api.php');
check_print_section_header_row('Anonymous access');
$t_anonymous_access_enabled = config_get_global('allow_anonymous_login');
check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No');
if (!$t_anonymous_access_enabled) {
return;
}
$t_anonymous_account = config_get_global('anonymous_account');
check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.'));
if ($t_anonymous_account === '') {
return;
}
$t_anonymous_user_id = user_get_id_by_name($t_anonymous_account);
check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.'));
check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.'));
check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.'));
check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
function getWriteLevel()
{
$project_id = helper_get_current_project();
$user_id = auth_get_current_user_id();
return user_get_access_level($user_id, $project_id) >= plugin_config_get('WriteAccessLevel', PLUGINS_SPECMANAGEMENT_WRITE_LEVEL_DEFAULT);
}
require_api('authentication_api.php');
require_api('config_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('manage_proj_update');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_name = gpc_get_string('name');
$f_description = gpc_get_string('description');
$f_status = gpc_get_int('status');
$f_view_state = gpc_get_int('view_state');
$f_file_path = gpc_get_string('file_path', '');
$f_enabled = gpc_get_bool('enabled');
$f_inherit_global = gpc_get_bool('inherit_global', 0);
$t_manage_project_threshold = config_get('manage_project_threshold');
access_ensure_project_level($t_manage_project_threshold, $f_project_id);
# Save current access level to that project, so we can restore it if needed
$t_user_id = auth_get_current_user_id();
$t_access_level = user_get_access_level($t_user_id, $f_project_id);
project_update($f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global);
# User just locked themselves out of the project by making it private,
# so we add them to the project with their previous access level
if (VS_PRIVATE == $f_view_state && !access_has_project_level($t_manage_project_threshold, $f_project_id)) {
project_add_user($f_project_id, $t_user_id, $t_access_level);
}
event_signal('EVENT_MANAGE_PROJECT_UPDATE', array($f_project_id));
form_security_purge('manage_proj_update');
print_header_redirect('manage_proj_page.php');
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
/**
* Process $p_string, looking for bugnote ID references and creating bug view
* links for them.
*
* Returns the processed string.
*
* If $p_include_anchor is true, include the href tag, otherwise just insert
* the URL
*
* The bugnote tag ('~' by default) must be at the beginning of the string or
* preceeded by a character that is not a letter, a number or an underscore
*
* if $p_include_anchor = false, $p_fqdn is ignored and assumed to true.
* @param string $p_string String to be processed.
* @param boolean $p_include_anchor Whether to include the href tag or just the URL.
* @param boolean $p_detail_info Whether to include more detailed information (e.g. title attribute / project) in the returned string.
* @param boolean $p_fqdn Whether to return an absolute or relative link.
* @return string
*/
function string_process_bugnote_link($p_string, $p_include_anchor = true, $p_detail_info = true, $p_fqdn = false)
{
static $s_bugnote_link_callback = array();
$t_tag = config_get('bugnote_link_tag');
# bail if the link tag is blank
if ('' == $t_tag || $p_string == '') {
return $p_string;
}
if (!isset($s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn])) {
if ($p_include_anchor) {
$s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn] = function ($p_array) use($p_detail_info, $p_fqdn) {
global $g_project_override;
if (bugnote_exists((int) $p_array[2])) {
$t_bug_id = bugnote_get_field((int) $p_array[2], 'bug_id');
if (bug_exists($t_bug_id)) {
$g_project_override = bug_get_field($t_bug_id, 'project_id');
if (access_compare_level(user_get_access_level(auth_get_current_user_id(), bug_get_field($t_bug_id, 'project_id')), config_get('private_bugnote_threshold')) || bugnote_get_field((int) $p_array[2], 'reporter_id') == auth_get_current_user_id() || bugnote_get_field((int) $p_array[2], 'view_state') == VS_PUBLIC) {
$g_project_override = null;
return $p_array[1] . string_get_bugnote_view_link($t_bug_id, (int) $p_array[2], (bool) $p_detail_info, (bool) $p_fqdn);
}
$g_project_override = null;
}
}
return $p_array[0];
};
# end of bugnote link callback closure
} else {
$s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn] = function ($p_array) {
$t_bug_id = bugnote_get_field((int) $p_array[2], 'bug_id');
if ($t_bug_id && bug_exists($t_bug_id)) {
return $p_array[1] . string_get_bugnote_view_url_with_fqdn($t_bug_id, (int) $p_array[2]);
} else {
return $p_array[0];
}
};
# end of bugnote link callback closure
}
}
$p_string = preg_replace_callback('/(^|[^\\w])' . preg_quote($t_tag, '/') . '(\\d+)\\b/', $s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn], $p_string);
return $p_string;
}
function group_project_get_all_user_rows($p_event, $p_chained_param)
{
//prepare $p_chained_param
$t_users = array();
foreach ($p_chained_param as $t_user) {
$t_users[$t_user['id']] = $t_user;
}
$p_chained_param = $t_users;
//prepare $p_chained_param end
$t_users = array();
foreach ($p_chained_param as $key => $t_user) {
if (strpos($t_user['username'], plugin_config_get('group_prefix')) !== FALSE) {
//username is a group
$t_table_users = plugin_table('users');
$t_user_table = db_get_table('mantis_user_table');
$query = "SELECT u.id, u.username, u.realname FROM {$t_table_users} AS ug JOIN {$t_user_table} AS u ON (u.id=ug.user) WHERE group_user_id=" . db_param();
$result = db_query_bound($query, array((int) $t_user['id']));
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
//echo '<pre>'.print_r($row['username'], 1).'</pre>';
//if user has its own access level
if (array_key_exists($row['id'], $p_chained_param)) {
if ($p_chained_param[$row['id']]['access_level'] < $t_user['access_level']) {
//if user has lower level, adjust to group level
$t_users[$row['id']] = $p_chained_param[$row['id']];
$t_users[$row['id']]['access_level'] = $t_user['access_level'];
continue;
} else {
//if user has higher level, do nothing
continue;
}
}
if (plugin_config_get('nested_groups') === 1) {
if (strpos($row['username'], plugin_config_get('group_prefix')) !== FALSE) {
//username is a group
$t_group[$row['id']] = array('id' => $row['id'], 'username' => $row['username'], 'realname' => $row['realname'], 'access_level' => $t_user['access_level']);
//echo '<pre>'.print_r($t_group, 1).'</pre>';
$t_nested_group = $this->group_project_get_all_user_rows($p_event, $t_group);
$t_users = array_merge($t_users, $t_nested_group);
continue;
}
}
$t_users[$row['id']] = array('id' => $row['id'], 'username' => $row['username'], 'realname' => $row['realname'], 'access_level' => $t_user['access_level']);
}
if (plugin_config_get('assign_to_groups', '') == 1 && plugin_config_get('assign_group_threshold', '') <= user_get_access_level(auth_get_current_user_id(), helper_get_current_project())) {
$t_users[$key] = $t_user;
}
} else {
//username is not a group
$t_users[$key] = $t_user;
}
}
return $t_users;
}
/**
* Build the bug raw data visible for specified user to be translated and sent by email to the user
* (Filter the bug data according to user access level)
* return array with bug data. See usage in email_format_bug_message(...)
* @param int $p_user_id
* @param int $p_bug_id
* @param string $p_message_id
* @return array
*/
function email_build_visible_bug_data($p_user_id, $p_bug_id, $p_message_id)
{
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_user_access_level = user_get_access_level($p_user_id, $t_project_id);
$t_user_bugnote_order = user_pref_get_pref($p_user_id, 'bugnote_order');
$t_user_bugnote_limit = user_pref_get_pref($p_user_id, 'email_bugnote_limit');
$row = bug_get_extended_row($p_bug_id);
$t_bug_data = array();
$t_bug_data['email_bug'] = $p_bug_id;
if ($p_message_id !== 'email_notification_title_for_action_bug_deleted') {
$t_bug_data['email_bug_view_url'] = string_get_bug_view_url_with_fqdn($p_bug_id);
}
if (access_compare_level($t_user_access_level, config_get('view_handler_threshold'))) {
if (0 != $row['handler_id']) {
$t_bug_data['email_handler'] = user_get_name($row['handler_id']);
} else {
$t_bug_data['email_handler'] = '';
}
}
$t_bug_data['email_reporter'] = user_get_name($row['reporter_id']);
$t_bug_data['email_project_id'] = $row['project_id'];
$t_bug_data['email_project'] = project_get_field($row['project_id'], 'name');
$t_category_name = category_full_name($row['category_id'], false);
$t_bug_data['email_category'] = $t_category_name;
$t_bug_data['email_date_submitted'] = $row['date_submitted'];
$t_bug_data['email_last_modified'] = $row['last_updated'];
$t_bug_data['email_status'] = $row['status'];
$t_bug_data['email_severity'] = $row['severity'];
$t_bug_data['email_priority'] = $row['priority'];
$t_bug_data['email_reproducibility'] = $row['reproducibility'];
$t_bug_data['email_resolution'] = $row['resolution'];
$t_bug_data['email_fixed_in_version'] = $row['fixed_in_version'];
if (!is_blank($row['target_version']) && access_compare_level($t_user_access_level, config_get('roadmap_view_threshold'))) {
$t_bug_data['email_target_version'] = $row['target_version'];
}
$t_bug_data['email_summary'] = $row['summary'];
$t_bug_data['email_description'] = $row['description'];
$t_bug_data['email_additional_information'] = $row['additional_information'];
$t_bug_data['email_steps_to_reproduce'] = $row['steps_to_reproduce'];
$t_bug_data['set_category'] = '[' . $t_bug_data['email_project'] . '] ' . $t_category_name;
$t_bug_data['custom_fields'] = custom_field_get_linked_fields($p_bug_id, $t_user_access_level);
$t_bug_data['bugnotes'] = bugnote_get_all_visible_bugnotes($p_bug_id, $t_user_bugnote_order, $t_user_bugnote_limit, $p_user_id);
# put history data
if (ON == config_get('history_default_visible') && access_compare_level($t_user_access_level, config_get('view_history_threshold'))) {
$t_bug_data['history'] = history_get_raw_events_array($p_bug_id, $p_user_id);
}
# Sponsorship Information
if (config_get('enable_sponsorship') == ON && access_has_bug_level(config_get('view_sponsorship_total_threshold'), $p_bug_id, $p_user_id)) {
$t_sponsorship_ids = sponsorship_get_all_ids($p_bug_id);
$t_bug_data['sponsorship_total'] = sponsorship_get_amount($t_sponsorship_ids);
if (access_has_bug_level(config_get('view_sponsorship_details_threshold'), $p_bug_id, $p_user_id)) {
$t_bug_data['sponsorships'] = array();
foreach ($t_sponsorship_ids as $id) {
$t_bug_data['sponsorships'][] = sponsorship_get($id);
}
}
}
$t_bug_data['relations'] = relationship_get_summary_text($p_bug_id);
return $t_bug_data;
}
require_api('constant_inc.php');
require_api('form_api.php');
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
require_api('string_api.php');
require_api('user_api.php');
auth_reauthenticate();
html_page_top(lang_get('manage_threshold_config'));
print_manage_menu('adm_permissions_report.php');
print_manage_config_menu('manage_config_work_threshold_page.php');
$t_user = auth_get_current_user_id();
$t_project_id = helper_get_current_project();
$t_access = user_get_access_level($t_user, $t_project_id);
$t_show_submit = false;
$t_access_levels = MantisEnum::getAssocArrayIndexedByValues(config_get('access_levels_enum_string'));
$t_overrides = array();
function set_overrides($p_config)
{
global $t_overrides;
if (!in_array($p_config, $t_overrides)) {
$t_overrides[] = $p_config;
}
}
function get_section_begin_mcwt($p_section_name)
{
global $t_access_levels;
echo '<table class="width100">';
echo '<tr><td class="form-title" colspan="' . (count($t_access_levels) + 2) . '">' . $p_section_name . '</td></tr>' . "\n";
function print_option_project_row($user_id, $project_id)
{
$access_level = user_get_access_level(auth_get_current_user_id(), $project_id);
if ($access_level >= plugin_config_get('UserProjectAccessLevel')) {
echo '<tr class="info" data-level="1" data-status="0">';
echo '<input type="hidden" name="recordset[]" value="' . $user_id . ',' . $project_id . '"/>';
echo '<td width="20px"></td>';
echo '<td class="user_row_bg" style="text-align: left" colspan="3">' . project_get_name($project_id) . '</td>';
echo '</tr>';
}
}
