Exemplo n.º 1
0
 /**
  * Checks whether the users access level or the access level from
  * a group a user is in is higher. Return the user id with higher
  * access level.
  * @param object $p_event
  * @param array $p_chained_param array(array(user_project_level, user_id, project_id))
  * @return int user id
  */
 function group_access_has_bug_level($p_event, $p_chained_param)
 {
     $t_user_project_level = $p_chained_param[0];
     $t_user_id = $p_chained_param[1];
     $t_project_id = $p_chained_param[2];
     $t_group_user_id = 0;
     $t_group_access_level = 0;
     $t_users = plugin_table('users');
     $query = "SELECT group_user_id FROM {$t_users} WHERE user=" . db_param();
     $result = db_query_bound($query, array((int) $t_user_id));
     $count = db_num_rows($result);
     for ($i = 0; $i < $count; $i++) {
         $row = db_fetch_array($result);
         $t_level = access_get_project_level($t_project_id, $row['group_user_id']);
         if ($t_level >= $t_group_access_level) {
             $t_group_access_level = $t_level;
             $t_group_user_id = $row['group_user_id'];
         }
     }
     if ($t_user_project_level < $t_group_access_level) {
         return $t_group_user_id;
     } else {
         return $t_user_id;
     }
 }
function print_status_option_list_plugin($p_select_label, $p_current_value = 0, $p_allow_close = false, $p_project_id = ALL_PROJECTS)
{
    $t_current_auth = access_get_project_level($p_project_id);
    #Changement de la fonction de récupération des statuts
    $t_enum_list = get_status_option_list_plugin($t_current_auth, $p_current_value, true, $p_allow_close, $p_project_id);
    if (count($t_enum_list) > 1) {
        # resort the list into ascending order
        ksort($t_enum_list);
        reset($t_enum_list);
        echo '<select ', helper_get_tab_index(), ' name="' . $p_select_label . '">';
        foreach ($t_enum_list as $key => $val) {
            #On ne veut pas afficher la valeur @0@
            if ($val == '@0@') {
                continue;
            }
            echo '<option value="' . $key . '"';
            check_selected($key, $p_current_value, false);
            #fix 1.3.0
            echo '>' . $val . '</option>';
        }
        echo '</select>';
    } else {
        if (count($t_enum_list) == 1) {
            echo array_pop($t_enum_list);
        } else {
            echo MantisEnum::getLabel(lang_get('status_enum_string'), $p_current_value);
        }
    }
}
Exemplo n.º 3
0
/**
 * Print Change Status to: AJAXified button
 * This code is similar to button_bug_change_status except that the 
 * button is AJAXified.
 * Uses projax.php
 *
 * @param int $p_bug_id
 * @param int $t_project_id
 * @param int $t_user_id
 * @return null
 */
function kanban_ajax_button_bug_change_status($p_bug_id, $t_project_id, $t_user_id)
{
    global $g_projax;
    $t_bug_project_id = bug_get_field($p_bug_id, 'project_id');
    $t_bug_current_state = bug_get_field($p_bug_id, 'status');
    $t_current_access = access_get_project_level($t_bug_project_id);
    $t_enum_list = get_status_option_list($t_current_access, $t_bug_current_state, false, bug_get_field($p_bug_id, 'reporter_id') == auth_get_current_user_id() && ON == config_get('allow_reporter_close'), $t_bug_project_id);
    if (count($t_enum_list) > 0) {
        # resort the list into ascending order after noting the key from the first element (the default)
        $t_default_arr = each($t_enum_list);
        $t_default = $t_default_arr['key'];
        ksort($t_enum_list);
        reset($t_enum_list);
        echo "<div id=\"ajax_statuschange\"><form method=\"post\" id=\"ajax_status_form\" action=\"xmlhttprequest.php\">";
        # CSRF protection not required here - form does not result in modifications
        echo "<input type=\"hidden\" name=\"project_id\" id=\"project_id\" value=\"{$t_project_id}\" />";
        echo "<input type=\"hidden\" name=\"user_id\" id=\"user_id\" value=\"{$t_user_id}\" />";
        echo "<input type=\"hidden\" name=\"entrypoint\" id=\"entrypoint\" value=\"bug_update_status\" />";
        $t_button_text = lang_get('bug_status_to_button');
        // AJAX button options
        $options = array('url' => plugin_page('kanban_ajax_request'), 'with' => true, 'confirm' => lang_get('confirm_change_status'), 'success' => 'location.reload()', 'failure' => 'alert("Error: " ' + request . status + ')');
        echo $g_projax->submit_to_remote('ajax_status', $t_button_text, $options);
        echo " <select name=\"new_status\">";
        # space at beginning of line is important
        foreach ($t_enum_list as $key => $val) {
            echo "<option value=\"{$key}\" ";
            check_selected($key, $t_default);
            echo ">{$val}</option>";
        }
        echo '</select>';
        $t_bug_id = string_attribute($p_bug_id);
        echo "<input type=\"hidden\" name=\"id\" value=\"{$t_bug_id}\" />\n";
        echo "</form></div>\n";
    }
}
function custom_function_override_print_bug_view_page_custom_buttons($p_bug_id)
{
    # Zuerst die lokalierten Buttontexte auslesen
    if (lang_get_current() === 'german') {
        $t_bfe_clone_issue_button = 'Klon in anderes Projekt...';
        $t_bfe_edit_failure_class_button = 'Fehlerklasse bearbeiten...';
    } else {
        $t_bfe_clone_issue_button = 'Clone To Other Project...';
        $t_bfe_edit_failure_class_button = 'Edit Failure Class...';
    }
    # Wenn Zugriff mindestens onsite developer, dann darf er Issues klonen
    if (access_has_project_level(50)) {
        echo '<td>';
        html_button_bug_clone_to_project($p_bug_id, $t_bfe_clone_issue_button);
        echo '</td>';
    }
    # Wenn Zugriff ändern von Fehlerklasse erlaubt, dann darf er sie ändern
    # Aber nur bis Status 'bestätigt' (40=confirmed)
    # Und nur für QS-Reporter (30) und ab Entwickler vor Ort (50) aufwärts
    if (custom_field_has_write_access(1, $p_bug_id)) {
        if (bug_get_field($p_bug_id, 'status') < 40) {
            if (access_compare_level(access_get_project_level(), array(30, 50, 55, 70, 90))) {
                echo '<td>';
                $t_bfe_bugs[] = $p_bug_id;
                $t_src = relationship_get_all_src($p_bug_id);
                $t_src_count = count($t_src);
                $t_dest = relationship_get_all_dest($p_bug_id);
                $t_dest_count = count($t_dest);
                if ($t_src_count || $t_dest_count) {
                    # Zunächst die Destination Bug IDs
                    for ($x = 0; $x < $t_src_count; $x++) {
                        $t_thisbugid = $t_src[$x]->dest_bug_id;
                        if (access_has_bug_level(50, $t_thisbugid)) {
                            $t_bfe_bugs[] = $t_thisbugid;
                        }
                    }
                    # und jetzt die Source Bug IDs
                    for ($y = 0; $y < $t_dest_count; $y++) {
                        $t_thisbugid = $t_dest[$y]->src_bug_id;
                        if (access_has_bug_level(50, $t_thisbugid)) {
                            $t_bfe_bugs[] = $t_thisbugid;
                        }
                    }
                }
                if (count($t_bfe_bugs) > 1) {
                    bfe_fehlerklasse_button('bug_actiongroup_page.php', $t_bfe_edit_failure_class_button, $t_bfe_bugs);
                } else {
                    html_button('bug_actiongroup_page.php', $t_bfe_edit_failure_class_button, array('bug_arr[]' => $p_bug_id, 'action' => 'custom_field_1'));
                }
                echo '</td>';
            }
        }
    }
}
Exemplo n.º 5
0
function html_button_bug_change_status($p_bug_id)
{
    $t_bug_project_id = bug_get_field($p_bug_id, 'project_id');
    $t_bug_current_state = bug_get_field($p_bug_id, 'status');
    $t_current_access = access_get_project_level($t_bug_project_id);
    $t_enum_list = get_status_option_list($t_current_access, $t_bug_current_state, false, bug_get_field($p_bug_id, 'reporter_id') == auth_get_current_user_id() && ON == config_get('allow_reporter_close'));
    if (count($t_enum_list) > 0) {
        # resort the list into ascending order after noting the key from the first element (the default)
        $t_default_arr = each($t_enum_list);
        $t_default = $t_default_arr['key'];
        ksort($t_enum_list);
        reset($t_enum_list);
        echo "<form method=\"post\" action=\"bug_change_status_page.php\">";
        $t_button_text = lang_get('bug_status_to_button');
        echo "<input type=\"submit\" class=\"button\" value=\"{$t_button_text}\" />";
        echo " <select name=\"new_status\">";
        # space at beginning of line is important
        foreach ($t_enum_list as $key => $val) {
            echo "<option value=\"{$key}\" ";
            check_selected($key, $t_default);
            echo ">{$val}</option>";
        }
        echo '</select>';
        $t_bug_id = string_attribute($p_bug_id);
        echo "<input type=\"hidden\" name=\"bug_id\" value=\"{$t_bug_id}\" />\n";
        echo "</form>\n";
    }
}
            $t_project_ids[] = $t_project_id;
        }
    }
} else {
    access_ensure_project_level(config_get('view_changelog_threshold'), $t_project_id);
    $t_project_ids = user_get_all_accessible_subprojects($t_user_id, $t_project_id);
    array_unshift($t_project_ids, $t_project_id);
}
$t_project_index = 0;
version_cache_array_rows($t_project_ids);
category_cache_array_rows_by_project($t_project_ids);
foreach ($t_project_ids as $t_project_id) {
    $t_project_name = project_get_field($t_project_id, 'name');
    $t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
    $t_limit_reporters = config_get('limit_reporters');
    $t_user_access_level_is_reporter = REPORTER == access_get_project_level($t_project_id);
    $t_resolved = config_get('bug_resolved_status_threshold');
    $t_bug_table = db_get_table('mantis_bug_table');
    $t_relation_table = db_get_table('mantis_bug_relationship_table');
    # grab version info for later use
    $t_version_rows = version_get_all_rows($t_project_id, null, false);
    # cache category info, but ignore the results for now
    category_get_all_rows($t_project_id);
    $t_project_header_printed = false;
    foreach ($t_version_rows as $t_version_row) {
        $t_version_header_printed = false;
        $t_version = $t_version_row['version'];
        $t_version_id = $t_version_row['id'];
        # Skip all versions except the specified one (if any).
        if ($f_version_id != -1 && $f_version_id != $t_version_id) {
            continue;
Exemplo n.º 7
0
/**
 * Print Change Status to: button
 * This code is similar to print_status_option_list except
 * there is no masking, except for the current state
 *
 * @param BugData $p_bug Bug object
 * @return null
 */
function html_button_bug_change_status($p_bug)
{
    $t_current_access = access_get_project_level($p_bug->project_id);
    # User must have rights to change status to use this button
    if (!access_has_bug_level(config_get('update_bug_status_threshold'), $p_bug->id)) {
        return;
    }
    $t_enum_list = get_status_option_list($t_current_access, $p_bug->status, false, bug_is_user_reporter($p_bug->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug->id) && ON == config_get('allow_reporter_close'), $p_bug->project_id);
    if (count($t_enum_list) > 0) {
        # resort the list into ascending order after noting the key from the first element (the default)
        $t_default_arr = each($t_enum_list);
        $t_default = $t_default_arr['key'];
        ksort($t_enum_list);
        reset($t_enum_list);
        echo "<form method=\"post\" action=\"bug_change_status_page.php\">";
        # CSRF protection not required here - form does not result in modifications
        $t_button_text = lang_get('bug_status_to_button');
        echo "<input type=\"submit\" class=\"button\" value=\"{$t_button_text}\" />";
        echo " <select name=\"new_status\">";
        # space at beginning of line is important
        foreach ($t_enum_list as $key => $val) {
            echo "<option value=\"{$key}\" ";
            check_selected($key, $t_default);
            echo ">{$val}</option>";
        }
        echo '</select>';
        $t_bug_id = string_attribute($p_bug->id);
        echo "<input type=\"hidden\" name=\"id\" value=\"{$t_bug_id}\" />\n";
        echo "</form>\n";
    }
}
Exemplo n.º 8
0
/**
 * Build the bug info part of the message
 * @param array $p_visible_bug_data
 * @return string
 */
function email_format_bug_message($p_visible_bug_data)
{
    $t_normal_date_format = config_get('normal_date_format');
    $t_complete_date_format = config_get('complete_date_format');
    $t_email_separator1 = config_get('email_separator1');
    $t_email_separator2 = config_get('email_separator2');
    $t_email_padding_length = config_get('email_padding_length');
    $t_status = $p_visible_bug_data['email_status'];
    $p_visible_bug_data['email_date_submitted'] = date($t_complete_date_format, $p_visible_bug_data['email_date_submitted']);
    $p_visible_bug_data['email_last_modified'] = date($t_complete_date_format, $p_visible_bug_data['email_last_modified']);
    $p_visible_bug_data['email_status'] = get_enum_element('status', $t_status);
    $p_visible_bug_data['email_severity'] = get_enum_element('severity', $p_visible_bug_data['email_severity']);
    $p_visible_bug_data['email_priority'] = get_enum_element('priority', $p_visible_bug_data['email_priority']);
    $p_visible_bug_data['email_reproducibility'] = get_enum_element('reproducibility', $p_visible_bug_data['email_reproducibility']);
    $t_message = $t_email_separator1 . " \n";
    if (isset($p_visible_bug_data['email_bug_view_url'])) {
        $t_message .= $p_visible_bug_data['email_bug_view_url'] . " \n";
        $t_message .= $t_email_separator1 . " \n";
    }
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_reporter');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_handler');
    $t_message .= $t_email_separator1 . " \n";
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_project');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_bug');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_category');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_reproducibility');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_severity');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_priority');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_status');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_target_version');
    # custom fields formatting
    foreach ($p_visible_bug_data['custom_fields'] as $t_custom_field_name => $t_custom_field_data) {
        $t_message .= utf8_str_pad(lang_get_defaulted($t_custom_field_name, null) . ': ', $t_email_padding_length, ' ', STR_PAD_RIGHT);
        $t_message .= string_custom_field_value_for_email($t_custom_field_data['value'], $t_custom_field_data['type']);
        $t_message .= " \n";
    }
    # end foreach custom field
    if (config_get('bug_resolved_status_threshold') <= $t_status) {
        $p_visible_bug_data['email_resolution'] = get_enum_element('resolution', $p_visible_bug_data['email_resolution']);
        $t_message .= email_format_attribute($p_visible_bug_data, 'email_resolution');
        $t_message .= email_format_attribute($p_visible_bug_data, 'email_fixed_in_version');
    }
    $t_message .= $t_email_separator1 . " \n";
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_date_submitted');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_last_modified');
    $t_message .= $t_email_separator1 . " \n";
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_summary');
    $t_message .= lang_get('email_description') . ": \n" . $p_visible_bug_data['email_description'] . "\n";
    if (!is_blank($p_visible_bug_data['email_steps_to_reproduce'])) {
        $t_message .= "\n" . lang_get('email_steps_to_reproduce') . ": \n" . $p_visible_bug_data['email_steps_to_reproduce'] . "\n";
    }
    if (!is_blank($p_visible_bug_data['email_additional_information'])) {
        $t_message .= "\n" . lang_get('email_additional_information') . ": \n" . $p_visible_bug_data['email_additional_information'] . "\n";
    }
    if (isset($p_visible_bug_data['relations'])) {
        if ($p_visible_bug_data['relations'] != '') {
            $t_message .= $t_email_separator1 . "\n" . str_pad(lang_get('bug_relationships'), 20) . str_pad(lang_get('id'), 8) . lang_get('summary') . "\n" . $t_email_separator2 . "\n" . $p_visible_bug_data['relations'];
        }
    }
    # Sponsorship
    if (isset($p_visible_bug_data['sponsorship_total']) && $p_visible_bug_data['sponsorship_total'] > 0) {
        $t_message .= $t_email_separator1 . " \n";
        $t_message .= sprintf(lang_get('total_sponsorship_amount'), sponsorship_format_amount($p_visible_bug_data['sponsorship_total'])) . "\n" . "\n";
        if (isset($p_visible_bug_data['sponsorships'])) {
            foreach ($p_visible_bug_data['sponsorships'] as $t_sponsorship) {
                $t_date_added = date(config_get('normal_date_format'), $t_sponsorship->date_submitted);
                $t_message .= $t_date_added . ': ';
                $t_message .= user_get_name($t_sponsorship->user_id);
                $t_message .= ' (' . sponsorship_format_amount($t_sponsorship->amount) . ')' . " \n";
            }
        }
    }
    $t_message .= $t_email_separator1 . " \n\n";
    # format bugnotes
    foreach ($p_visible_bug_data['bugnotes'] as $t_bugnote) {
        $t_last_modified = date($t_normal_date_format, $t_bugnote->last_modified);
        $t_formatted_bugnote_id = bugnote_format_id($t_bugnote->id);
        $t_bugnote_link = string_process_bugnote_link(config_get('bugnote_link_tag') . $t_bugnote->id, false, false, true);
        if ($t_bugnote->time_tracking > 0) {
            $t_time_tracking = ' ' . lang_get('time_tracking') . ' ' . db_minutes_to_hhmm($t_bugnote->time_tracking) . "\n";
        } else {
            $t_time_tracking = '';
        }
        if (user_exists($t_bugnote->reporter_id)) {
            $t_access_level = access_get_project_level($p_visible_bug_data['email_project_id'], $t_bugnote->reporter_id);
            $t_access_level_string = ' (' . get_enum_element('access_levels', $t_access_level) . ') - ';
        } else {
            $t_access_level_string = '';
        }
        $t_string = ' (' . $t_formatted_bugnote_id . ') ' . user_get_name($t_bugnote->reporter_id) . $t_access_level_string . $t_last_modified . "\n" . $t_time_tracking . ' ' . $t_bugnote_link;
        $t_message .= $t_email_separator2 . " \n";
        $t_message .= $t_string . " \n";
        $t_message .= $t_email_separator2 . " \n";
        $t_message .= $t_bugnote->note . " \n\n";
    }
    # format history
    if (array_key_exists('history', $p_visible_bug_data)) {
        $t_message .= lang_get('bug_history') . " \n";
        $t_message .= utf8_str_pad(lang_get('date_modified'), 17) . utf8_str_pad(lang_get('username'), 15) . utf8_str_pad(lang_get('field'), 25) . utf8_str_pad(lang_get('change'), 20) . " \n";
        $t_message .= $t_email_separator1 . " \n";
        foreach ($p_visible_bug_data['history'] as $t_raw_history_item) {
            $t_localized_item = history_localize_item($t_raw_history_item['field'], $t_raw_history_item['type'], $t_raw_history_item['old_value'], $t_raw_history_item['new_value'], false);
            $t_message .= utf8_str_pad(date($t_normal_date_format, $t_raw_history_item['date']), 17) . utf8_str_pad($t_raw_history_item['username'], 15) . utf8_str_pad($t_localized_item['note'], 25) . utf8_str_pad($t_localized_item['change'], 20) . "\n";
        }
        $t_message .= $t_email_separator1 . " \n\n";
    }
    return $t_message;
}
Exemplo n.º 9
0
/**
 * For a list of bug ids, returns an array of bugnote stats.
 * If a bug has no visible bugnotes, returns "false" as the stats item for that bug id.
 * @param array $p_bugs_id         Array of Integer representing bug identifiers.
 * @param integer|null $p_user_id  User for checking access levels. null defaults to current user
 * @return array                   Array of bugnote stats
 * @access public
 * @uses database_api.php
 */
function bug_get_bugnote_stats_array(array $p_bugs_id, $p_user_id = null)
{
    $t_id_array = array();
    foreach ($p_bugs_id as $t_id) {
        $t_id_array[$t_id] = (int) $t_id;
    }
    if (empty($t_id_array)) {
        return array();
    }
    if (null === $p_user_id) {
        $t_user_id = auth_get_current_user_id();
    } else {
        $t_user_id = $p_user_id;
    }
    db_param_push();
    $t_params = array();
    $t_in_clause_elems = array();
    foreach ($t_id_array as $t_id) {
        $t_in_clause_elems[] = db_param();
        $t_params[] = $t_id;
    }
    $t_query = 'SELECT n.id, n.bug_id, n.reporter_id, n.view_state, n.last_modified, n.date_submitted, b.project_id' . ' FROM {bugnote} n JOIN {bug} b ON (n.bug_id = b.id)' . ' WHERE n.bug_id IN (' . implode(', ', $t_in_clause_elems) . ')' . ' ORDER BY b.project_id, n.bug_id, n.last_modified';
    # perform query
    $t_result = db_query($t_query, $t_params);
    $t_counter = 0;
    $t_stats = array();
    # We need to check for each bugnote if it has permissions to view in respective project.
    # bugnotes are grouped by project_id and bug_id to save calls to config_get
    $t_current_project_id = null;
    $t_current_bug_id = null;
    while ($t_query_row = db_fetch_array($t_result)) {
        $c_bug_id = (int) $t_query_row['bug_id'];
        if (0 == $t_counter || $t_current_project_id !== $t_query_row['project_id']) {
            # evaluating a new project from the rowset
            $t_current_project_id = $t_query_row['project_id'];
            $t_user_access_level = access_get_project_level($t_query_row['project_id'], $t_user_id);
            $t_private_bugnote_visible = access_compare_level($t_user_access_level, config_get('private_bugnote_threshold', null, $t_user_id, $t_query_row['project_id']));
        }
        if (0 == $t_counter || $t_current_bug_id !== $c_bug_id) {
            # evaluating a new bug from the rowset
            $t_current_bug_id = $c_bug_id;
            $t_note_count = 0;
            $t_last_submit_date = 0;
        }
        $t_note_visible = $t_private_bugnote_visible || $t_query_row['reporter_id'] == $t_user_id || VS_PUBLIC == $t_query_row['view_state'];
        if ($t_note_visible) {
            # only count the bugnote if user has access
            $t_stats[$c_bug_id]['bug_id'] = $c_bug_id;
            $t_stats[$c_bug_id]['last_modified'] = $t_query_row['last_modified'];
            $t_stats[$c_bug_id]['count'] = ++$t_note_count;
            $t_stats[$c_bug_id]['last_modified_bugnote'] = $t_query_row['id'];
            if ($t_query_row['date_submitted'] > $t_last_submit_date) {
                $t_last_submit_date = $t_query_row['date_submitted'];
                $t_stats[$c_bug_id]['last_submitted_bugnote'] = $t_query_row['id'];
            }
            if (isset($t_id_array[$c_bug_id])) {
                unset($t_id_array[$c_bug_id]);
            }
        }
        $t_counter++;
    }
    # The remaining bug ids, are those without visible notes. Save false as cached value
    foreach ($t_id_array as $t_id) {
        $t_stats[$t_id] = false;
    }
    return $t_stats;
}
Exemplo n.º 10
0
/**
 * Check the current user's access against the given value and return true
 * if the user's access is equal to or higher, false otherwise.
 * This function looks up the bug's project and performs an access check
 * against that project
 * @param int $p_access_level integer representing access level
 * @param int $p_bug_id integer representing bug id to check access against
 * @param int|null $p_user_id integer representing user id, defaults to null to use current user
 * @return bool whether user has access level specified
 * @access public
 */
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    # Deal with not logged in silently in this case
    # @@@ we may be able to remove this and just error
    #     and once we default to anon login, we can remove it for sure
    if (empty($p_user_id) && !auth_is_user_authenticated()) {
        return false;
    }
    $t_project_id = bug_get_field($p_bug_id, 'project_id');
    $t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id);
    $t_access_level = access_get_project_level($t_project_id, $p_user_id);
    # check limit_Reporter (Issue #4769)
    # reporters can view just issues they reported
    $t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id);
    if ($t_limit_reporters && !$t_bug_is_user_reporter) {
        # Here we only need to check that the current user has an access level
        # higher than the lowest needed to report issues (report_bug_threshold).
        # To improve performance, esp. when processing for several projects, we
        # build a static array holding that threshold for each project
        static $s_thresholds = array();
        if (!isset($s_thresholds[$t_project_id])) {
            $t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id);
            if (!is_array($t_report_bug_threshold)) {
                $s_thresholds[$t_project_id] = $t_report_bug_threshold + 1;
            } else {
                if (empty($t_report_bug_threshold)) {
                    $s_thresholds[$t_project_id] = NOBODY;
                } else {
                    sort($t_report_bug_threshold);
                    $s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1;
                }
            }
        }
        if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) {
            return false;
        }
    }
    # If the bug is private and the user is not the reporter, then
    # they must also have higher access than private_bug_threshold
    if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) {
        $t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id);
        return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level);
    }
    return access_compare_level($t_access_level, $p_access_level);
}
Exemplo n.º 11
0
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
require_api('user_api.php');
form_security_validate('manage_proj_user_remove');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int('user_id', 0);
# We should check both since we are in the project section and an
#  admin might raise the first threshold and not realize they need
#  to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
if (0 == $f_user_id) {
    # Confirm with the user
    helper_ensure_confirmed(lang_get('remove_all_users_sure_msg'), lang_get('remove_all_users_button'));
    project_remove_all_users($f_project_id, access_get_project_level($f_project_id));
} else {
    # Don't allow removal of users from the project who have a higher access level than the current user
    access_ensure_project_level(access_get_project_level($f_project_id, $f_user_id), $f_project_id);
    $t_user = user_get_row($f_user_id);
    # Confirm with the user
    helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('remove_user_button'));
    project_remove_user($f_project_id, $f_user_id);
}
form_security_purge('manage_proj_user_remove');
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);
html_page_bottom();
Exemplo n.º 12
0
auth_reauthenticate();

$f_project_id		= gpc_get_int( 'project_id' );
$f_other_project_id	= gpc_get_int( 'other_project_id' );
$f_copy_from		= gpc_get_bool( 'copy_from' );
$f_copy_to			= gpc_get_bool( 'copy_to' );

if ( $f_copy_from ) {
	$t_src_project_id = $f_other_project_id;
	$t_dst_project_id = $f_project_id;
} else if ( $f_copy_to ) {
	$t_src_project_id = $f_project_id;
	$t_dst_project_id = $f_other_project_id;
} else {
	/** @todo Should this become a separate error? */
	trigger_error( ERROR_CATEGORY_NO_ACTION, ERROR );
}

# We should check both since we are in the project section and an
#  admin might raise the first threshold and not realize they need
#  to raise the second
access_ensure_project_level( config_get( 'manage_project_threshold' ), $t_dst_project_id );
access_ensure_project_level( config_get( 'project_user_threshold' ), $t_dst_project_id );

project_copy_users( $t_dst_project_id, $t_src_project_id, access_get_project_level( $t_dst_project_id ) );

form_security_purge( 'manage_proj_user_copy' );

print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
Exemplo n.º 13
0
function write_bug_rows($p_rows)
{
    $user_array = get_user_array();
    $alive_user_ids = array();
    $issues_array_html = '';
    $allowed_statuses_html = '';
    print '<div id="taskodrome_data" hidden="true">
    ';
    $users = '';
    $user_number = count($user_array);
    for ($i = 0; $i != $user_number; $i++) {
        $users .= '<p hidden="true" class="user_data" ';
        $users .= 'name="' . $user_array[$i]->name . '" ';
        $users .= 'id="' . $user_array[$i]->id . '"';
        $users .= '></p>';
        $alive_user_ids[$user_array[$i]->id] = 1;
    }
    print $users;
    $t_rows = count($p_rows);
    for ($i = 0; $i < $t_rows; $i++) {
        $t_row = $p_rows[$i];
        $handler_id = $t_row->handler_id;
        if (!array_key_exists($t_row->handler_id, $alive_user_ids)) {
            $handler_id = 0;
        }
        $issues_array_html .= '<p hidden="true" class="issue_data" ';
        $issues_array_html .= 'id="' . $t_row->id . '" ';
        $issues_array_html .= 'summary="' . htmlentities($t_row->summary) . '" ';
        $issues_array_html .= 'status="' . $t_row->status . '" ';
        $issues_array_html .= 'handler_id="' . $handler_id . '" ';
        $issues_array_html .= 'topColor="#0000FF" ';
        $issues_array_html .= 'bottomColor="#FF0000" ';
        $issues_array_html .= 'updateTime="' . $t_row->last_updated . '"';
        $issues_array_html .= '></p>';
        $t_all_statuses = get_status_option_list(access_get_project_level($t_row->project_id), $t_row->status, true, false, $t_row->project_id);
        $allowed_statuses_html .= '<p hidden="true" class="status_pair" ';
        $allowed_statuses_html .= 'id="' . $t_row->id . '" ';
        $src_status_str = '';
        $dst_status_str = '';
        foreach ($t_all_statuses as $src_status => $src_st) {
            $src_status_str .= $src_status . ';';
            $t_enum_list = get_status_option_list(access_get_project_level($t_row->project_id), $src_status, true, bug_is_user_reporter($t_row->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $t_row->id) && ON == config_get('allow_reporter_close'), $t_row->project_id);
            foreach ($t_enum_list as $dst_status => $dst_st) {
                $dst_status_str .= $dst_status . ',';
            }
            $dst_status_str .= ';';
        }
        $allowed_statuses_html .= 'src_status="' . $src_status_str . '" ';
        $allowed_statuses_html .= 'dst_status="' . $dst_status_str . '"';
        $allowed_statuses_html .= '></p>';
    }
    print $issues_array_html;
    print $allowed_statuses_html;
    $status_order = null;
    foreach (plugin_config_get("status_board_order") as $t_value) {
        $status_order .= $t_value . ';';
    }
    print '<p hidden="true" class="status_board_order" value="' . $status_order . '"></p>';
    print '<p hidden="true" id="cooldown_period_days" value="' . plugin_config_get("cooldown_period_days") . '"></p>';
    print '<p hidden="true" id="cooldown_period_hours" value="' . plugin_config_get("cooldown_period_hours") . '"></p>';
    print '</div>';
    print '<section class="tabs">
    <br>

    <input type="radio" id="radio_dg" name="group" >
    <input type="radio" id="radio_sg" name="group" >

    [ <label id="label_dg" class="radio_label" for="radio_dg" >' . plugin_lang_get("assignment_board") . '</label> ]
    [ <label id="label_sg" class="radio_label" for="radio_sg" >' . plugin_lang_get("status_board") . '</label> ]

    <div class="tabs_cont">
    <div id="tab_c1">
    ';
    print '<div id="dev-grid" class="grid">
    <canvas id="panel">
    </canvas>
    </div>
    ';
    print '</div>';
    print '<div id="tab_c2">
    <div id="st-grid" class="grid">
    <canvas id="panel_st">
    </canvas>
    </div>
    ';
    html_page_bottom();
    print '</div>';
    print '</div>
    </section>
    ';
}
Exemplo n.º 14
0
/**
 * Print Change Status to: button
 * This code is similar to print_status_option_list except
 * there is no masking, except for the current state
 *
 * @param BugData $p_bug A valid bug object.
 * @return void
 */
function html_button_bug_change_status(BugData $p_bug)
{
    $t_current_access = access_get_project_level($p_bug->project_id);
    # User must have rights to change status to use this button
    if (!access_has_bug_level(config_get('update_bug_status_threshold'), $p_bug->id)) {
        return;
    }
    $t_enum_list = get_status_option_list($t_current_access, $p_bug->status, false, bug_is_user_reporter($p_bug->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug->id) && ON == config_get('allow_reporter_close'), $p_bug->project_id);
    if (count($t_enum_list) > 0) {
        # resort the list into ascending order after noting the key from the first element (the default)
        $t_default_arr = each($t_enum_list);
        $t_default = $t_default_arr['key'];
        ksort($t_enum_list);
        reset($t_enum_list);
        echo '<form method="post" action="bug_change_status_page.php">';
        # CSRF protection not required here - form does not result in modifications
        $t_button_text = lang_get('bug_status_to_button');
        echo '<input type="submit" class="button" value="' . $t_button_text . '" />';
        echo ' <select name="new_status">';
        # space at beginning of line is important
        foreach ($t_enum_list as $t_key => $t_val) {
            echo '<option value="' . $t_key . '" ';
            check_selected($t_key, $t_default);
            echo '>' . $t_val . '</option>';
        }
        echo '</select>';
        $t_bug_id = string_attribute($p_bug->id);
        echo '<input type="hidden" name="id" value="' . $t_bug_id . '" />' . "\n";
        echo '<input type="hidden" name="change_type" value="' . BUG_UPDATE_TYPE_CHANGE_STATUS . '" />' . "\n";
        echo '</form>' . "\n";
    }
}
Exemplo n.º 15
0
function access_has_project_level($p_access_level, $p_project_id = null, $p_user_id = null)
{
    # Short circuit the check in this case
    if (NOBODY == $p_access_level) {
        return false;
    }
    if (null === $p_user_id) {
        $p_user_id = auth_get_current_user_id();
    }
    if (null === $p_project_id) {
        $p_project_id = helper_get_current_project();
    }
    $t_access_level = access_get_project_level($p_project_id, $p_user_id);
    return access_compare_level($t_access_level, $p_access_level);
}
Exemplo n.º 16
0
function print_project_access_levels_option_list($p_val, $p_project_id = null)
{
    $t_current_user_access_level = access_get_project_level($p_project_id);
    $t_access_levels_enum_string = config_get('access_levels_enum_string');
    # Add [default access level] to add the user to a project
    # with his default access level.
    print "<option value=\"" . DEFAULT_ACCESS_LEVEL . "\"";
    print ">[" . lang_get('default_access_level') . "]</option>";
    $t_arr = explode_enum_string($t_access_levels_enum_string);
    $enum_count = count($t_arr);
    for ($i = 0; $i < $enum_count; $i++) {
        $t_elem = explode_enum_arr($t_arr[$i]);
        # a user must not be able to assign another user an access level that is higher than theirs.
        if ($t_elem[0] > $t_current_user_access_level) {
            continue;
        }
        $t_access_level = get_enum_element('access_levels', $t_elem[0]);
        print "<option value=\"{$t_elem['0']}\"";
        check_selected($p_val, $t_elem[0]);
        print ">{$t_access_level}</option>";
    }
    # end for
}
Exemplo n.º 17
0
">
		<?php 
        if (ON == config_get("show_avatar")) {
            print_avatar($v3_reporter_id);
        }
        ?>
		<span class="small">(<?php 
        echo $t_bugnote_id_formatted;
        ?>
)</span><br />
		<?php 
        echo print_user($v3_reporter_id);
        ?>
		<span class="small"><?php 
        if (user_exists($v3_reporter_id)) {
            $t_access_level = access_get_project_level(null, $v3_reporter_id);
            echo '(', get_enum_element('access_levels', $t_access_level), ')';
        }
        ?>
</span>
		<?php 
        if (VS_PRIVATE == $v3_view_state) {
            ?>
		<span class="small">[ <?php 
            echo lang_get('private');
            ?>
 ]</span>
		<?php 
        }
        ?>
		<br />
Exemplo n.º 18
0
						<option value="0" selected="selected"></option>
						<?php print_assign_to_option_list( $f_handler_id ) ?>
					</select>
				</span>
				<span class="label-style"></span>
			</div>
<?php } ?>

<?php if( $t_show_status ) { ?>
			<div class="field-container">
				<label><span><?php echo lang_get( 'status' ) ?></span></label>
				<span class="select">
					<select <?php echo helper_get_tab_index() ?> name="status">
					<?php
					$t_resolution_options = get_status_option_list(
						access_get_project_level( $t_project_id ),
						config_get( 'bug_submit_status' ),
						true,
						ON == config_get( 'allow_reporter_close' ),
						$t_project_id );
					foreach ( $t_resolution_options as $t_key => $t_value ) {
					?>
						<option value="<?php echo $t_key ?>" <?php check_selected( $t_key, config_get( 'bug_submit_status' ) ); ?> >
							<?php echo $t_value ?>
						</option>
					<?php } ?>
					</select>
				</span>
				<span class="label-style"></span>
			</div>
<?php } ?>
Exemplo n.º 19
0
    ?>
" title="<?php 
    echo lang_get('bugnote_link_title');
    ?>
"><?php 
    echo htmlentities(config_get_global('bugnote_link_tag')) . $t_bugnote_id_formatted;
    ?>
</a></span><br />

		<span class="bugnote-reporter">
		<?php 
    echo print_user($t_bugnote->reporter_id);
    ?>
		<span class="small access-level"><?php 
    if (user_exists($t_bugnote->reporter_id)) {
        $t_access_level = access_get_project_level(null, (int) $t_bugnote->reporter_id);
        // Only display access level when higher than 0 (ANYBODY)
        if ($t_access_level > ANYBODY) {
            echo '(', get_enum_element('access_levels', $t_access_level), ')';
        }
    }
    ?>
</span>
		</span>

		<?php 
    if (VS_PRIVATE == $t_bugnote->view_state) {
        ?>
		<span class="small bugnote-view-state">[ <?php 
        echo lang_get('private');
        ?>
Exemplo n.º 20
0
        }
    }
} else {
    access_ensure_project_level(config_get('roadmap_view_threshold'), $t_project_id);
    $t_project_ids = user_get_all_accessible_subprojects($t_user_id, $t_project_id);
    array_unshift($t_project_ids, $t_project_id);
}
$t_project_id_for_access_check = $t_project_id;
html_page_top(lang_get('roadmap'));
version_cache_array_rows($t_project_ids);
category_cache_array_rows_by_project($t_project_ids);
foreach ($t_project_ids as $t_project_id) {
    $t_project_name = project_get_field($t_project_id, 'name');
    $t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
    $t_limit_reporters = config_get('limit_reporters');
    $t_user_access_level_is_reporter = config_get('report_bug_threshold', null, null, $t_project_id) == access_get_project_level($t_project_id);
    $t_resolved = config_get('bug_resolved_status_threshold');
    $t_version_rows = array_reverse(version_get_all_rows($t_project_id));
    # cache category info, but ignore the results for now
    category_get_all_rows($t_project_id);
    $t_project_header_printed = false;
    foreach ($t_version_rows as $t_version_row) {
        if ($t_version_row['released'] == 1) {
            continue;
        }
        # Skip all versions except the specified one (if any).
        if ($f_version_id != -1 && $f_version_id != $t_version_row['id']) {
            continue;
        }
        $t_issues_planned = 0;
        $t_issues_resolved = 0;
Exemplo n.º 21
0
if ($t_show_status) {
    ?>
	<tr>
		<th class="category">
			<label for="status"><?php 
    echo lang_get('status');
    ?>
</label>
		</th>
		<td>
			<select <?php 
    echo helper_get_tab_index();
    ?>
 name="status">
			<?php 
    $t_resolution_options = get_status_option_list(access_get_project_level($t_project_id), config_get('bug_submit_status'), true, ON == config_get('allow_reporter_close'), $t_project_id);
    foreach ($t_resolution_options as $t_key => $t_value) {
        ?>
				<option value="<?php 
        echo $t_key;
        ?>
" <?php 
        check_selected($t_key, config_get('bug_submit_status'));
        ?>
 >
					<?php 
        echo $t_value;
        ?>
				</option>
			<?php 
    }
Exemplo n.º 22
0
/**
 * Check the current user's access against the given value and return true
 * if the user's access is equal to or higher, false otherwise.
 * This function looks up the bug's project and performs an access check
 * against that project
 * @param int $p_access_level integer representing access level
 * @param int $p_bug_id integer representing bug id to check access against
 * @param int|null $p_user_id integer representing user id, defaults to null to use current user
 * @return bool whether user has access level specified
 * @access public
 */
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    # Deal with not logged in silently in this case
    # @@@ we may be able to remove this and just error
    #     and once we default to anon login, we can remove it for sure
    if (empty($p_user_id) && !auth_is_user_authenticated()) {
        return false;
    }
    $t_project_id = bug_get_field($p_bug_id, 'project_id');
    # check limit_Reporter (Issue #4769)
    # reporters can view just issues they reported
    $t_limit_reporters = config_get('limit_reporters');
    if (ON === $t_limit_reporters && !bug_is_user_reporter($p_bug_id, $p_user_id) && !access_has_project_level(REPORTER + 1, $t_project_id, $p_user_id)) {
        return false;
    }
    # If the bug is private and the user is not the reporter, then
    # they must also have higher access than private_bug_threshold
    if (VS_PRIVATE == bug_get_field($p_bug_id, 'view_state') && !bug_is_user_reporter($p_bug_id, $p_user_id)) {
        $t_access_level = access_get_project_level($t_project_id, $p_user_id);
        return access_compare_level($t_access_level, config_get('private_bug_threshold')) && access_compare_level($t_access_level, $p_access_level);
    }
    return access_has_project_level($p_access_level, $t_project_id, $p_user_id);
}
Exemplo n.º 23
0
function print_project_access_levels_option_list($p_val, $p_project_id = null)
{
    $t_current_user_access_level = access_get_project_level($p_project_id);
    $t_access_levels_enum_string = config_get('access_levels_enum_string');
    $t_enum_values = MantisEnum::getValues($t_access_levels_enum_string);
    foreach ($t_enum_values as $t_enum_value) {
        # a user must not be able to assign another user an access level that is higher than theirs.
        if ($t_enum_value > $t_current_user_access_level) {
            continue;
        }
        $t_access_level = get_enum_element('access_levels', $t_enum_value);
        echo '<option value="' . $t_enum_value . '"';
        check_selected($p_val, $t_enum_value);
        echo '>' . string_html_specialchars($t_access_level) . '</option>';
    }
}
Exemplo n.º 24
0
function gantt_get_issues_and_related_in_version($p_project_id, $p_version_name)
{
    $t_bug_table = db_get_table('bug');
    $t_relation_table = db_get_table('bug_relationship');
    $t_bug_datas = array();
    $t_project_id = db_prepare_int($p_project_id);
    $t_version_name = db_prepare_string($p_version_name);
    $t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
    $t_limit_reporters = config_get('limit_reporters');
    $t_user_access_level_is_reporter = REPORTER == access_get_project_level($t_project_id);
    $t_user_id = auth_get_current_user_id();
    $query = "SELECT sbt.*, {$t_relation_table}.source_bug_id as parent_issue, dbt.target_version as parent_version FROM {$t_bug_table} AS sbt\n              LEFT JOIN {$t_relation_table} ON sbt.id={$t_relation_table}.destination_bug_id AND {$t_relation_table}.relationship_type=2\n              LEFT JOIN {$t_bug_table} AS dbt ON dbt.id={$t_relation_table}.source_bug_id\n              WHERE sbt.project_id=" . db_param() . " AND sbt.target_version=" . db_param() . " ORDER BY sbt.status ASC, sbt.last_updated DESC";
    $t_result = db_query_bound($query, array($t_project_id, $t_version_name));
    // Filter ids according to level access
    while ($t_row = db_fetch_array($t_result)) {
        # hide private bugs if user doesn't have access to view them.
        if (!$t_can_view_private && $t_row['view_state'] == VS_PRIVATE) {
            continue;
        }
        bug_cache_database_result($t_row);
        # check limit_Reporter (Issue #4770)
        # reporters can view just issues they reported
        if (ON === $t_limit_reporters && $t_user_access_level_is_reporter && !bug_is_user_reporter($t_row['id'], $t_user_id)) {
            continue;
        }
        $t_issue_id = $t_row['id'];
        if (!helper_call_custom_function('roadmap_include_issue', array($t_issue_id))) {
            continue;
        }
        if (!isset($t_bug_datas[$t_issue_id])) {
            $t_bug_datas[$t_issue_id] = $t_row;
        }
    }
    return $t_bug_datas;
}