/** * Check the current user's access against the given value and return true * if the user's access is equal to or higher, false otherwise. * This function looks up the bug's project and performs an access check * against that project * @param integer $p_access_level Integer representing access level. * @param integer $p_bug_id Integer representing bug id to check access against. * @param integer|null $p_user_id Integer representing user id, defaults to null to use current user. * @return boolean whether user has access level specified * @access public */ function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case # @@@ we may be able to remove this and just error # and once we default to anon login, we can remove it for sure if (empty($p_user_id) && !auth_is_user_authenticated()) { return false; } $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id); $t_access_level = access_get_project_level($t_project_id, $p_user_id); # check limit_Reporter (Issue #4769) # reporters can view just issues they reported $t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id); if ($t_limit_reporters && !$t_bug_is_user_reporter) { # Here we only need to check that the current user has an access level # higher than the lowest needed to report issues (report_bug_threshold). # To improve performance, esp. when processing for several projects, we # build a static array holding that threshold for each project static $s_thresholds = array(); if (!isset($s_thresholds[$t_project_id])) { $t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id); if (empty($t_report_bug_threshold)) { $s_thresholds[$t_project_id] = NOBODY; } else { $s_thresholds[$t_project_id] = access_threshold_min_level($t_report_bug_threshold) + 1; } } if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) { return false; } } # If the bug is private and the user is not the reporter, then # they must also have higher access than private_bug_threshold if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) { $t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id); return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level); } return access_compare_level($t_access_level, $p_access_level); }
echo '<tr class="spacer"><td colspan="6"></td></tr>'; echo '<tr class="hidden"></tr>'; } # # Reporter # if ($t_show_reporter) { echo '<tr>'; $t_spacer = 4; if ($t_show_reporter) { # Reporter echo '<th class="category"><label for="reporter_id">' . lang_get('reporter') . '</label></th>'; echo '<td>'; # Do not allow the bug's reporter to edit the Reporter field # when limit_reporters is ON if (ON == config_get('limit_reporters') && !access_has_project_level(access_threshold_min_level(config_get('report_bug_threshold', null, null, $t_bug->project_id)) + 1, $t_bug->project_id)) { echo string_attribute(user_get_name($t_bug->reporter_id)); } else { if ($f_reporter_edit) { echo '<select ' . helper_get_tab_index() . ' id="reporter_id" name="reporter_id">'; print_reporter_option_list($t_bug->reporter_id, $t_bug->project_id); echo '</select>'; } else { echo string_attribute(user_get_name($t_bug->reporter_id)); echo ' [<a href="#reporter_edit" class="click-url" url="' . string_get_bug_update_url($f_bug_id) . '&reporter_edit=true">' . lang_get('edit_link') . '</a>]'; } } echo '</td>'; } else { $t_spacer += 2; }
/** * Print the reporter field * @return void */ function print_filter_reporter_id() { global $g_select_modifier, $g_filter; ?> <select<?php echo $g_select_modifier; ?> name="<?php echo FILTER_PROPERTY_REPORTER_ID; ?> []"> <?php # if current user is a reporter, and limited reports set to ON, only display that name # @@@ thraxisp - access_has_project_level checks greater than or equal to, # this assumed that there aren't any holes above REPORTER where the limit would apply # if (ON === config_get('limit_reporters') && !access_has_project_level(access_threshold_min_level(config_get('report_bug_threshold')) + 1)) { $t_id = auth_get_current_user_id(); $t_username = user_get_field($t_id, 'username'); $t_realname = user_get_field($t_id, 'realname'); $t_display_name = string_attribute($t_username); if (isset($t_realname) && $t_realname > '' && ON == config_get('show_realname')) { $t_display_name = string_attribute($t_realname); } echo '<option value="' . $t_id . '" selected="selected">' . $t_display_name . '</option>'; } else { ?> <option value="<?php echo META_FILTER_ANY; ?> "<?php check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_ANY); ?> >[<?php echo lang_get('any'); ?> ]</option> <?php if (access_has_project_level(config_get('report_bug_threshold'))) { echo '<option value="' . META_FILTER_MYSELF . '" '; check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_MYSELF); echo '>[' . lang_get('myself') . ']</option>'; } print_reporter_option_list($g_filter[FILTER_PROPERTY_REPORTER_ID]); } ?> </select> <?php }
$t_project_id_for_access_check = $t_project_id; html_page_top(lang_get('changelog')); version_cache_array_rows($t_project_ids); category_cache_array_rows_by_project($t_project_ids); foreach ($t_project_ids as $t_project_id) { $t_project_name = project_get_field($t_project_id, 'name'); $t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id); $t_resolved = config_get('bug_resolved_status_threshold'); # grab version info for later use $t_version_rows = version_get_all_rows($t_project_id, null, false); # cache category info, but ignore the results for now category_get_all_rows($t_project_id); $t_project_header_printed = false; $t_limit_reporters = config_get('limit_reporters'); $t_report_bug_threshold = config_get('report_bug_threshold', null, null, $t_project_id); $t_access_limit_reporters_applies = !access_has_project_level(access_threshold_min_level($t_report_bug_threshold) + 1, $t_project_id); foreach ($t_version_rows as $t_version_row) { $t_version_header_printed = false; $t_version = $t_version_row['version']; $t_version_id = $t_version_row['id']; # Skip all versions except the specified one (if any). if ($f_version_id != -1 && $f_version_id != $t_version_id) { continue; } $t_query = 'SELECT sbt.*, dbt.fixed_in_version AS parent_version, rt.source_bug_id FROM {bug} sbt LEFT JOIN {bug_relationship} rt ON sbt.id=rt.destination_bug_id AND rt.relationship_type=' . BUG_DEPENDANT . ' LEFT JOIN {bug} dbt ON dbt.id=rt.source_bug_id WHERE sbt.project_id=' . db_param() . ' AND sbt.fixed_in_version=' . db_param() . '
/** * access row * @return void */ function access_row() { global $g_access, $g_can_change_flags; $t_enum_status = MantisEnum::getAssocArrayIndexedByValues(config_get('status_enum_string')); $t_file_new = config_get_global('report_bug_threshold'); $t_global_new = config_get('report_bug_threshold', null, ALL_USERS, ALL_PROJECTS); $t_report_bug_threshold = config_get('report_bug_threshold'); $t_file_set = config_get_global('set_status_threshold'); $t_global_set = config_get('set_status_threshold', null, ALL_USERS, ALL_PROJECTS); $t_project_set = config_get('set_status_threshold'); $t_submit_status = config_get('bug_submit_status'); # Print the table rows foreach ($t_enum_status as $t_status => $t_status_label) { echo "\t\t" . '<tr><td class="width30">' . string_no_break(MantisEnum::getLabel(lang_get('status_enum_string'), $t_status)) . '</td>' . "\n"; if ($t_status == $t_submit_status) { # 'NEW' status $t_threshold = $t_report_bug_threshold; $t_can_change = $g_access >= config_get_access('report_bug_threshold'); $t_color = set_color_override($t_file_new, $t_global_new, $t_report_bug_threshold); set_overrides('report_bug_threshold', $t_can_change, $t_color); } else { # Other statuses # File level: fallback if set_status_threshold is not defined if (isset($t_file_set[$t_status])) { $t_level_file = $t_file_set[$t_status]; } else { $t_level_file = config_get_global('update_bug_status_threshold'); } $t_level_global = isset($t_global_set[$t_status]) ? $t_global_set[$t_status] : $t_level_file; $t_threshold = isset($t_project_set[$t_status]) ? $t_project_set[$t_status] : $t_level_global; $t_can_change = $g_access >= config_get_access('set_status_threshold'); $t_color = set_color_override($t_level_file, $t_level_global, $t_threshold); set_overrides('set_status_threshold', $t_can_change, $t_color); } # If threshold is an array (instead of an integer value), the input is not editable $t_can_edit = !is_array($t_threshold); $t_min_level = access_threshold_min_level($t_threshold); if ($t_can_change && $t_can_edit) { echo '<td class="center ' . $t_color . '"><select name="access_change_' . $t_status . '">' . "\n"; print_enum_string_option_list('access_levels', $t_min_level); echo '</select> </td>' . "\n"; $g_can_change_flags = true; } else { echo '<td class="center ' . $t_color . '">' . MantisEnum::getLabel(lang_get('access_levels_enum_string'), $t_min_level) . '</td>' . "\n"; } echo '</tr>' . "\n"; } }