/**
* Check the current user's access against the given value and return true
* if the user's access is equal to or higher, false otherwise.
* This function looks up the bug's project and performs an access check
* against that project
* @param integer $p_access_level Integer representing access level.
* @param integer $p_bug_id Integer representing bug id to check access against.
* @param integer|null $p_user_id Integer representing user id, defaults to null to use current user.
* @return boolean whether user has access level specified
* @access public
*/
function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null)
{
if ($p_user_id === null) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
# @@@ we may be able to remove this and just error
# and once we default to anon login, we can remove it for sure
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return false;
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id);
$t_access_level = access_get_project_level($t_project_id, $p_user_id);
# check limit_Reporter (Issue #4769)
# reporters can view just issues they reported
$t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id);
if ($t_limit_reporters && !$t_bug_is_user_reporter) {
# Here we only need to check that the current user has an access level
# higher than the lowest needed to report issues (report_bug_threshold).
# To improve performance, esp. when processing for several projects, we
# build a static array holding that threshold for each project
static $s_thresholds = array();
if (!isset($s_thresholds[$t_project_id])) {
$t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id);
if (empty($t_report_bug_threshold)) {
$s_thresholds[$t_project_id] = NOBODY;
} else {
$s_thresholds[$t_project_id] = access_threshold_min_level($t_report_bug_threshold) + 1;
}
}
if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) {
return false;
}
}
# If the bug is private and the user is not the reporter, then
# they must also have higher access than private_bug_threshold
if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) {
$t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id);
return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level);
}
return access_compare_level($t_access_level, $p_access_level);
}
echo '<tr class="spacer"><td colspan="6"></td></tr>';
echo '<tr class="hidden"></tr>';
}
#
# Reporter
#
if ($t_show_reporter) {
echo '<tr>';
$t_spacer = 4;
if ($t_show_reporter) {
# Reporter
echo '<th class="category"><label for="reporter_id">' . lang_get('reporter') . '</label></th>';
echo '<td>';
# Do not allow the bug's reporter to edit the Reporter field
# when limit_reporters is ON
if (ON == config_get('limit_reporters') && !access_has_project_level(access_threshold_min_level(config_get('report_bug_threshold', null, null, $t_bug->project_id)) + 1, $t_bug->project_id)) {
echo string_attribute(user_get_name($t_bug->reporter_id));
} else {
if ($f_reporter_edit) {
echo '<select ' . helper_get_tab_index() . ' id="reporter_id" name="reporter_id">';
print_reporter_option_list($t_bug->reporter_id, $t_bug->project_id);
echo '</select>';
} else {
echo string_attribute(user_get_name($t_bug->reporter_id));
echo ' [<a href="#reporter_edit" class="click-url" url="' . string_get_bug_update_url($f_bug_id) . '&reporter_edit=true">' . lang_get('edit_link') . '</a>]';
}
}
echo '</td>';
} else {
$t_spacer += 2;
}
/**
* Print the reporter field
* @return void
*/
function print_filter_reporter_id()
{
global $g_select_modifier, $g_filter;
?>
<select<?php
echo $g_select_modifier;
?>
name="<?php
echo FILTER_PROPERTY_REPORTER_ID;
?>
[]">
<?php
# if current user is a reporter, and limited reports set to ON, only display that name
# @@@ thraxisp - access_has_project_level checks greater than or equal to,
# this assumed that there aren't any holes above REPORTER where the limit would apply
#
if (ON === config_get('limit_reporters') && !access_has_project_level(access_threshold_min_level(config_get('report_bug_threshold')) + 1)) {
$t_id = auth_get_current_user_id();
$t_username = user_get_field($t_id, 'username');
$t_realname = user_get_field($t_id, 'realname');
$t_display_name = string_attribute($t_username);
if (isset($t_realname) && $t_realname > '' && ON == config_get('show_realname')) {
$t_display_name = string_attribute($t_realname);
}
echo '<option value="' . $t_id . '" selected="selected">' . $t_display_name . '</option>';
} else {
?>
<option value="<?php
echo META_FILTER_ANY;
?>
"<?php
check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_ANY);
?>
>[<?php
echo lang_get('any');
?>
]</option>
<?php
if (access_has_project_level(config_get('report_bug_threshold'))) {
echo '<option value="' . META_FILTER_MYSELF . '" ';
check_selected($g_filter[FILTER_PROPERTY_REPORTER_ID], META_FILTER_MYSELF);
echo '>[' . lang_get('myself') . ']</option>';
}
print_reporter_option_list($g_filter[FILTER_PROPERTY_REPORTER_ID]);
}
?>
</select>
<?php
}
$t_project_id_for_access_check = $t_project_id;
html_page_top(lang_get('changelog'));
version_cache_array_rows($t_project_ids);
category_cache_array_rows_by_project($t_project_ids);
foreach ($t_project_ids as $t_project_id) {
$t_project_name = project_get_field($t_project_id, 'name');
$t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id);
$t_resolved = config_get('bug_resolved_status_threshold');
# grab version info for later use
$t_version_rows = version_get_all_rows($t_project_id, null, false);
# cache category info, but ignore the results for now
category_get_all_rows($t_project_id);
$t_project_header_printed = false;
$t_limit_reporters = config_get('limit_reporters');
$t_report_bug_threshold = config_get('report_bug_threshold', null, null, $t_project_id);
$t_access_limit_reporters_applies = !access_has_project_level(access_threshold_min_level($t_report_bug_threshold) + 1, $t_project_id);
foreach ($t_version_rows as $t_version_row) {
$t_version_header_printed = false;
$t_version = $t_version_row['version'];
$t_version_id = $t_version_row['id'];
# Skip all versions except the specified one (if any).
if ($f_version_id != -1 && $f_version_id != $t_version_id) {
continue;
}
$t_query = 'SELECT sbt.*, dbt.fixed_in_version AS parent_version, rt.source_bug_id
FROM {bug} sbt
LEFT JOIN {bug_relationship} rt
ON sbt.id=rt.destination_bug_id AND rt.relationship_type=' . BUG_DEPENDANT . '
LEFT JOIN {bug} dbt ON dbt.id=rt.source_bug_id
WHERE sbt.project_id=' . db_param() . '
AND sbt.fixed_in_version=' . db_param() . '
/**
* access row
* @return void
*/
function access_row()
{
global $g_access, $g_can_change_flags;
$t_enum_status = MantisEnum::getAssocArrayIndexedByValues(config_get('status_enum_string'));
$t_file_new = config_get_global('report_bug_threshold');
$t_global_new = config_get('report_bug_threshold', null, ALL_USERS, ALL_PROJECTS);
$t_report_bug_threshold = config_get('report_bug_threshold');
$t_file_set = config_get_global('set_status_threshold');
$t_global_set = config_get('set_status_threshold', null, ALL_USERS, ALL_PROJECTS);
$t_project_set = config_get('set_status_threshold');
$t_submit_status = config_get('bug_submit_status');
# Print the table rows
foreach ($t_enum_status as $t_status => $t_status_label) {
echo "\t\t" . '<tr><td class="width30">' . string_no_break(MantisEnum::getLabel(lang_get('status_enum_string'), $t_status)) . '</td>' . "\n";
if ($t_status == $t_submit_status) {
# 'NEW' status
$t_threshold = $t_report_bug_threshold;
$t_can_change = $g_access >= config_get_access('report_bug_threshold');
$t_color = set_color_override($t_file_new, $t_global_new, $t_report_bug_threshold);
set_overrides('report_bug_threshold', $t_can_change, $t_color);
} else {
# Other statuses
# File level: fallback if set_status_threshold is not defined
if (isset($t_file_set[$t_status])) {
$t_level_file = $t_file_set[$t_status];
} else {
$t_level_file = config_get_global('update_bug_status_threshold');
}
$t_level_global = isset($t_global_set[$t_status]) ? $t_global_set[$t_status] : $t_level_file;
$t_threshold = isset($t_project_set[$t_status]) ? $t_project_set[$t_status] : $t_level_global;
$t_can_change = $g_access >= config_get_access('set_status_threshold');
$t_color = set_color_override($t_level_file, $t_level_global, $t_threshold);
set_overrides('set_status_threshold', $t_can_change, $t_color);
}
# If threshold is an array (instead of an integer value), the input is not editable
$t_can_edit = !is_array($t_threshold);
$t_min_level = access_threshold_min_level($t_threshold);
if ($t_can_change && $t_can_edit) {
echo '<td class="center ' . $t_color . '"><select name="access_change_' . $t_status . '">' . "\n";
print_enum_string_option_list('access_levels', $t_min_level);
echo '</select> </td>' . "\n";
$g_can_change_flags = true;
} else {
echo '<td class="center ' . $t_color . '">' . MantisEnum::getLabel(lang_get('access_levels_enum_string'), $t_min_level) . '</td>' . "\n";
}
echo '</tr>' . "\n";
}
}
