Exemplo n.º 1
0
/**
 * Update a note
 *
 * @param string $p_username  The name of the user trying to add a note to an issue.
 * param string $p_password  The password of the user.
 * @param IssueNoteData $p_note  The note to update.
 * @return true on success, false on failure
 */
function mc_issue_note_update( $p_username, $p_password, $p_note ) {
    $t_user_id = mci_check_login( $p_username, $p_password );
    
    if( $t_user_id === false ) {
        return mci_soap_fault_login_failed();
    }

    if ( !isset( $p_note['id'] ) || is_blank( $p_note['id'] ) ) {
        return new soap_fault( 'Client', '', "Issue id must not be blank." );
    }
    
    if ( !isset( $p_note['text'] ) || is_blank( $p_note['text'] ) ) {
        return new soap_fault( 'Client', '', "Issue note text must not be blank." );
    }
    
    $t_issue_note_id = $p_note['id'];

    if( !bugnote_exists( $t_issue_note_id ) ) {
        return new soap_fault( 'Server', '', "Issue note '$t_issue_note_id' does not exist." );
    }
    
	$t_issue_id = bugnote_get_field( $t_issue_note_id, 'bug_id' );
	
	$t_project_id = bug_get_field( $t_issue_id, 'project_id' );

    if( !mci_has_readwrite_access( $t_user_id, $t_project_id ) ) {
        return mci_soap_fault_access_denied( $t_user_id );
    }

    if( !access_has_bug_level( config_get( 'add_bugnote_threshold' ), $t_issue_id, $t_user_id ) ) {
        return mci_soap_fault_access_denied( $t_user_id, "You do not have access rights to add notes to this issue" );
    }

    if( bug_is_readonly( $t_issue_id ) ) {
        return mci_soap_fault_access_denied( $t_user_id, "Issue ' . $t_issue_id . ' is readonly" );
    }

    if( isset( $p_note['view_state'] )) {
        $t_view_state = $p_note['view_state'];
        $t_view_state_id = mci_get_enum_id_from_objectref( 'view_state', $t_view_state );
        bugnote_set_view_state( $t_issue_note_id, $t_view_state_id );
    }

    bugnote_set_text( $t_issue_note_id, $p_note['text'] );

    return bugnote_date_update( $t_issue_note_id );
}
Exemplo n.º 2
0
/**
 * @todo yarick123: email_collect_recipients(...) will be completely rewritten to provide additional information such as language, user access,..
 * @todo yarick123:sort recipients list by language to reduce switches between different languages
 * @param int $p_bug_id
 * @param string $p_notify_type
 * @param array $p_extra_user_ids_to_email
 * @return array
 */
function email_collect_recipients($p_bug_id, $p_notify_type, $p_extra_user_ids_to_email = array())
{
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_recipients = array();
    # add explicitly specified users
    if (ON == email_notify_flag($p_notify_type, 'explicit')) {
        foreach ($p_extra_user_ids_to_email as $t_user_id) {
            $t_recipients[$t_user_id] = true;
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add explicitly specified user = @U%d', $p_bug_id, $t_user_id));
        }
    }
    # add Reporter
    if (ON == email_notify_flag($p_notify_type, 'reporter')) {
        $t_reporter_id = bug_get_field($p_bug_id, 'reporter_id');
        $t_recipients[$t_reporter_id] = true;
        log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Reporter = @U%d', $p_bug_id, $t_reporter_id));
    }
    # add Handler
    if (ON == email_notify_flag($p_notify_type, 'handler')) {
        $t_handler_id = bug_get_field($p_bug_id, 'handler_id');
        if ($t_handler_id > 0) {
            $t_recipients[$t_handler_id] = true;
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Handler = @U%d', $p_bug_id, $t_handler_id));
        }
    }
    $t_project_id = bug_get_field($p_bug_id, 'project_id');
    # add users monitoring the bug
    $t_bug_monitor_table = db_get_table('mantis_bug_monitor_table');
    if (ON == email_notify_flag($p_notify_type, 'monitor')) {
        $query = "SELECT DISTINCT user_id\n\t\t\t\t\t  FROM {$t_bug_monitor_table}\n\t\t\t\t\t  WHERE bug_id=" . db_param();
        $result = db_query_bound($query, array($c_bug_id));
        $count = db_num_rows($result);
        for ($i = 0; $i < $count; $i++) {
            $t_user_id = db_result($result, $i);
            $t_recipients[$t_user_id] = true;
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Monitor = @U%d', $p_bug_id, $t_user_id));
        }
    }
    # add users who contributed bugnotes
    $t_bugnote_id = bugnote_get_latest_id($p_bug_id);
    $t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state');
    $t_bugnote_date = bugnote_get_field($t_bugnote_id, 'last_modified');
    $t_bug = bug_get($p_bug_id);
    $t_bug_date = $t_bug->last_updated;
    $t_bugnote_table = db_get_table('mantis_bugnote_table');
    if (ON == email_notify_flag($p_notify_type, 'bugnotes')) {
        $query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t  FROM {$t_bugnote_table}\n\t\t\t\t\t  WHERE bug_id = " . db_param();
        $result = db_query_bound($query, array($c_bug_id));
        $count = db_num_rows($result);
        for ($i = 0; $i < $count; $i++) {
            $t_user_id = db_result($result, $i);
            $t_recipients[$t_user_id] = true;
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Note Author = @U%d', $p_bug_id, $t_user_id));
        }
    }
    # add project users who meet the thresholds
    $t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE;
    $t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min');
    $t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max');
    $t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min);
    foreach ($t_threshold_users as $t_user) {
        if ($t_user['access_level'] <= $t_threshold_max) {
            if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) {
                $t_recipients[$t_user['id']] = true;
                log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Project User = @U%d', $p_bug_id, $t_user['id']));
            }
        }
    }
    # add users as specified by plugins
    $t_recipients_include_data = event_signal('EVENT_NOTIFY_USER_INCLUDE', array($p_bug_id, $p_notify_type));
    foreach ($t_recipients_include_data as $t_plugin => $t_recipients_include_data2) {
        foreach ($t_recipients_include_data2 as $t_callback => $t_recipients_included) {
            # only handle if we get an array from the callback
            if (is_array($t_recipients_included)) {
                foreach ($t_recipients_included as $t_user_id) {
                    $t_recipients[$t_user_id] = true;
                    log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin added user @U%d', $p_bug_id, $t_plugin, $t_user_id));
                }
            }
        }
    }
    # FIXME: the value of $p_notify_type could at this stage be either a status
    # or a built-in actions such as 'owner and 'sponsor'. We have absolutely no
    # idea whether 'new' is indicating a new bug has been filed, or if the
    # status of an existing bug has been changed to 'new'. Therefore it is best
    # to just assume built-in actions have precedence over status changes.
    switch ($p_notify_type) {
        case 'new':
        case 'feedback':
            # This isn't really a built-in action (delete me!)
        # This isn't really a built-in action (delete me!)
        case 'reopened':
        case 'resolved':
        case 'closed':
        case 'bugnote':
            $t_pref_field = 'email_on_' . $p_notify_type;
            break;
        case 'owner':
            # The email_on_assigned notification type is now effectively
            # email_on_change_of_handler.
            $t_pref_field = 'email_on_assigned';
            break;
        case 'deleted':
        case 'updated':
        case 'sponsor':
        case 'relation':
        case 'monitor':
        case 'priority':
            # This is never used, but exists in the database!
            # FIXME: these notification actions are not actually implemented
            # in the database and therefore aren't adjustable on a per-user
            # basis! The exception is 'monitor' that makes no sense being a
            # customisable per-user preference.
            $t_pref_field = false;
            break;
        default:
            # Anything not built-in is probably going to be a status
            $t_pref_field = 'email_on_status';
            break;
    }
    # @@@ we could optimize by modifiying user_cache() to take an array
    #  of user ids so we could pull them all in.  We'll see if it's necessary
    $t_final_recipients = array();
    $t_user_ids = array_keys($t_recipients);
    user_cache_array_rows($t_user_ids);
    user_pref_cache_array_rows($t_user_ids);
    user_pref_cache_array_rows($t_user_ids, $t_bug->project_id);
    # Check whether users should receive the emails
    # and put email address to $t_recipients[user_id]
    foreach ($t_recipients as $t_id => $t_ignore) {
        # Possibly eliminate the current user
        if (auth_get_current_user_id() == $t_id && OFF == config_get('email_receive_own')) {
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (own)', $p_bug_id, $t_id));
            continue;
        }
        # Eliminate users who don't exist anymore or who are disabled
        if (!user_exists($t_id) || !user_is_enabled($t_id)) {
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (disabled)', $p_bug_id, $t_id));
            continue;
        }
        # Exclude users who have this notification type turned off
        if ($t_pref_field) {
            $t_notify = user_pref_get_pref($t_id, $t_pref_field);
            if (OFF == $t_notify) {
                log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref %s off)', $p_bug_id, $t_id, $t_pref_field));
                continue;
            } else {
                # Users can define the severity of an issue before they are emailed for
                # each type of notification
                $t_min_sev_pref_field = $t_pref_field . '_min_severity';
                $t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field);
                $t_bug_severity = bug_get_field($p_bug_id, 'severity');
                if ($t_bug_severity < $t_min_sev_notify) {
                    log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref threshold)', $p_bug_id, $t_id));
                    continue;
                }
            }
        }
        # exclude users who don't have at least viewer access to the bug,
        # or who can't see bugnotes if the last update included a bugnote
        if (!access_has_bug_level(VIEWER, $p_bug_id, $t_id) || $t_bug_date == $t_bugnote_date && !access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) {
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (access level)', $p_bug_id, $t_id));
            continue;
        }
        # check to exclude users as specified by plugins
        $t_recipient_exclude_data = event_signal('EVENT_NOTIFY_USER_EXCLUDE', array($p_bug_id, $p_notify_type, $t_id));
        $t_exclude = false;
        foreach ($t_recipient_exclude_data as $t_plugin => $t_recipient_exclude_data2) {
            foreach ($t_recipient_exclude_data2 as $t_callback => $t_recipient_excluded) {
                # exclude if any plugin returns true (excludes the user)
                if ($t_recipient_excluded) {
                    $t_exclude = true;
                    log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin dropped user @U%d', $p_bug_id, $t_plugin, $t_id));
                }
            }
        }
        # user was excluded by a plugin
        if ($t_exclude) {
            continue;
        }
        # Finally, let's get their emails, if they've set one
        $t_email = user_get_email($t_id);
        if (is_blank($t_email)) {
            log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (no email)', $p_bug_id, $t_id));
        } else {
            # @@@ we could check the emails for validity again but I think
            #   it would be too slow
            $t_final_recipients[$t_id] = $t_email;
        }
    }
    return $t_final_recipients;
}
Exemplo n.º 3
0
function email_collect_recipients($p_bug_id, $p_notify_type)
{
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_recipients = array();
    # add Reporter
    if (ON == email_notify_flag($p_notify_type, 'reporter')) {
        $t_reporter_id = bug_get_field($p_bug_id, 'reporter_id');
        $t_recipients[$t_reporter_id] = true;
        log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, add reporter={$t_reporter_id}");
    }
    # add Handler
    if (ON == email_notify_flag($p_notify_type, 'handler')) {
        $t_handler_id = bug_get_field($p_bug_id, 'handler_id');
        $t_recipients[$t_handler_id] = true;
        log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, add handler={$t_handler_id}");
    }
    $t_project_id = bug_get_field($p_bug_id, 'project_id');
    # add users monitoring the bug
    $t_bug_monitor_table = config_get('mantis_bug_monitor_table');
    if (ON == email_notify_flag($p_notify_type, 'monitor')) {
        $query = "SELECT DISTINCT user_id\n\t\t\t\t\t  FROM {$t_bug_monitor_table}\n\t\t\t\t\t  WHERE bug_id={$c_bug_id}";
        $result = db_query($query);
        $count = db_num_rows($result);
        for ($i = 0; $i < $count; $i++) {
            $t_user_id = db_result($result, $i);
            $t_recipients[$t_user_id] = true;
            log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, add monitor={$t_user_id}");
        }
    }
    # add users who contributed bugnotes
    $t_bugnote_id = bugnote_get_latest_id($p_bug_id);
    $t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state');
    $t_bugnote_date = db_unixtimestamp(bugnote_get_field($t_bugnote_id, 'last_modified'));
    $t_bug_date = bug_get_field($p_bug_id, 'last_updated');
    $t_bugnote_table = config_get('mantis_bugnote_table');
    if (ON == email_notify_flag($p_notify_type, 'bugnotes')) {
        $query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t  FROM {$t_bugnote_table}\n\t\t\t\t\t  WHERE bug_id = {$c_bug_id}";
        $result = db_query($query);
        $count = db_num_rows($result);
        for ($i = 0; $i < $count; $i++) {
            $t_user_id = db_result($result, $i);
            $t_recipients[$t_user_id] = true;
            log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, add note={$t_user_id}");
        }
    }
    # add project users who meet the thresholds
    $t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE;
    $t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min');
    $t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max');
    $t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min);
    foreach ($t_threshold_users as $t_user) {
        if ($t_user['access_level'] <= $t_threshold_max) {
            if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) {
                $t_recipients[$t_user['id']] = true;
                log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, add project=" . $t_user['id']);
            }
        }
    }
    # set up to eliminate unwanted users
    #  get list of status values that are not covered specifically in the prefs
    #  These are handled by email_on_status generically
    #  @@@ thraxisp note that email_on_assigned was co-opted to handle change in handler
    $t_status_change = get_enum_to_array(config_get('status_enum_string'));
    unset($t_status_change[NEW_]);
    unset($t_status_change[FEEDBACK]);
    unset($t_status_change[RESOLVED]);
    unset($t_status_change[CLOSED]);
    if ('owner' == $p_notify_type) {
        $t_pref_field = 'email_on_assigned';
    } else {
        if (in_array($p_notify_type, $t_status_change)) {
            $t_pref_field = 'email_on_status';
        } else {
            $t_pref_field = 'email_on_' . $p_notify_type;
        }
    }
    $t_user_pref_table = config_get('mantis_user_pref_table');
    if (!db_field_exists($t_pref_field, $t_user_pref_table)) {
        $t_pref_field = false;
    }
    # @@@ we could optimize by modifiying user_cache() to take an array
    #  of user ids so we could pull them all in.  We'll see if it's necessary
    $t_final_recipients = array();
    # Check whether users should receive the emails
    # and put email address to $t_recipients[user_id]
    foreach ($t_recipients as $t_id => $t_ignore) {
        # Possibly eliminate the current user
        if (auth_get_current_user_id() == $t_id && OFF == config_get('email_receive_own')) {
            log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, drop {$t_id} (own)");
            continue;
        }
        # Eliminate users who don't exist anymore or who are disabled
        if (!user_exists($t_id) || !user_is_enabled($t_id)) {
            log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, drop {$t_id} (disabled)");
            continue;
        }
        # Exclude users who have this notification type turned off
        if ($t_pref_field) {
            $t_notify = user_pref_get_pref($t_id, $t_pref_field);
            if (OFF == $t_notify) {
                log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, drop {$t_id} (pref {$t_pref_field} off)");
                continue;
            } else {
                # Users can define the severity of an issue before they are emailed for
                # each type of notification
                $t_min_sev_pref_field = $t_pref_field . '_min_severity';
                $t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field);
                $t_bug_severity = bug_get_field($p_bug_id, 'severity');
                if ($t_bug_severity < $t_min_sev_notify) {
                    log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, drop {$t_id} (pref threshold)");
                    continue;
                }
            }
        }
        # check that user can see bugnotes if the last update included a bugnote
        if ($t_bug_date == $t_bugnote_date) {
            if (!access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) {
                log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, drop {$t_id} (access level)");
                continue;
            }
        }
        # Finally, let's get their emails, if they've set one
        $t_email = user_get_email($t_id);
        if (is_blank($t_email)) {
            log_event(LOG_EMAIL_RECIPIENT, "bug= {$p_bug_id}, drop {$t_id} (no email)");
        } else {
            # @@@ we could check the emails for validity again but I think
            #   it would be too slow
            $t_final_recipients[$t_id] = $t_email;
        }
    }
    return $t_final_recipients;
}
Exemplo n.º 4
0
/**
 * Retrieves the raw history events for the specified bug id and returns it in an array
 * The array is indexed from 0 to N-1.  The second dimension is: 'date', 'userid', 'username',
 * 'field','type','old_value','new_value'
 * @param integer $p_bug_id  A valid bug identifier.
 * @param integer $p_user_id A valid user identifier.
 * @param integer $p_start_time The start time to filter by, or null for all.
 * @param integer $p_end_time   The end time to filter by, or null for all.
 * @return array
 */
function history_get_raw_events_array($p_bug_id, $p_user_id = null, $p_start_time = null, $p_end_time = null)
{
    $t_history_order = config_get('history_order');
    $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id;
    $t_roadmap_view_access_level = config_get('roadmap_view_threshold');
    $t_due_date_view_threshold = config_get('due_date_view_threshold');
    # grab history and display by date_modified then field_name
    # @@@ by MASC I guess it's better by id then by field_name. When we have more history lines with the same
    # date, it's better to respect the storing order otherwise we should risk to mix different information
    # I give you an example. We create a child of a bug with different custom fields. In the history of the child
    # bug we will find the line related to the relationship mixed with the custom fields (the history is creted
    # for the new bug with the same timestamp...)
    $t_params = array($p_bug_id);
    $t_query = 'SELECT * FROM {bug_history} WHERE bug_id=' . db_param();
    $t_where = array();
    if ($p_start_time !== null) {
        $t_where[] = 'date_modified >= ' . db_param();
        $t_params[] = $p_start_time;
    }
    if ($p_end_time !== null) {
        $t_where[] = 'date_modified < ' . db_param();
        $t_params[] = $p_end_time;
    }
    if (count($t_where) > 0) {
        $t_query .= ' AND ' . implode(' AND ', $t_where);
    }
    $t_query .= ' ORDER BY date_modified ' . $t_history_order . ',id';
    $t_result = db_query($t_query, $t_params);
    $t_raw_history = array();
    $t_private_bugnote_visible = access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $t_user_id);
    $t_tag_view_threshold = config_get('tag_view_threshold');
    $t_view_attachments_threshold = config_get('view_attachments_threshold');
    $t_show_monitor_list_threshold = config_get('show_monitor_list_threshold');
    $t_show_handler_threshold = config_get('view_handler_threshold');
    $t_standard_fields = columns_get_standard();
    $j = 0;
    while ($t_row = db_fetch_array($t_result)) {
        extract($t_row, EXTR_PREFIX_ALL, 'v');
        if ($v_type == NORMAL_TYPE) {
            if (!in_array($v_field_name, $t_standard_fields)) {
                # check that the item should be visible to the user
                $t_field_id = custom_field_get_id_from_name($v_field_name);
                if (false !== $t_field_id && !custom_field_has_read_access($t_field_id, $p_bug_id, $t_user_id)) {
                    continue;
                }
            }
            if ($v_field_name == 'target_version' && !access_has_bug_level($t_roadmap_view_access_level, $p_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'due_date' && !access_has_bug_level($t_due_date_view_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'handler_id' && !access_has_bug_level($t_show_handler_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        # bugnotes
        if ($t_user_id != $v_user_id) {
            # bypass if user originated note
            if ($v_type == BUGNOTE_ADDED || $v_type == BUGNOTE_UPDATED || $v_type == BUGNOTE_DELETED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_old_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
            if ($v_type == BUGNOTE_STATE_CHANGED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_new_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
        }
        # tags
        if ($v_type == TAG_ATTACHED || $v_type == TAG_DETACHED || $v_type == TAG_RENAMED) {
            if (!access_has_bug_level($t_tag_view_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        # attachments
        if ($v_type == FILE_ADDED || $v_type == FILE_DELETED) {
            if (!access_has_bug_level($t_view_attachments_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        # monitoring
        if ($v_type == BUG_MONITOR || $v_type == BUG_UNMONITOR) {
            if (!access_has_bug_level($t_show_monitor_list_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        # relationships
        if ($v_type == BUG_ADD_RELATIONSHIP || $v_type == BUG_DEL_RELATIONSHIP || $v_type == BUG_REPLACE_RELATIONSHIP) {
            $t_related_bug_id = $v_new_value;
            # If bug doesn't exist, then we don't know whether to expose it or not based on the fact whether it was
            # accessible to user or not.  This also simplifies client code that is accessing the history log.
            if (!bug_exists($t_related_bug_id) || !access_has_bug_level(config_get('view_bug_threshold'), $t_related_bug_id, $t_user_id)) {
                continue;
            }
        }
        $t_raw_history[$j]['date'] = $v_date_modified;
        $t_raw_history[$j]['userid'] = $v_user_id;
        # user_get_name handles deleted users, and username vs realname
        $t_raw_history[$j]['username'] = user_get_name($v_user_id);
        $t_raw_history[$j]['field'] = $v_field_name;
        $t_raw_history[$j]['type'] = $v_type;
        $t_raw_history[$j]['old_value'] = $v_old_value;
        $t_raw_history[$j]['new_value'] = $v_new_value;
        $j++;
    }
    # end for loop
    return $t_raw_history;
}
Exemplo n.º 5
0
/**
 * Set the view state of the bugnote
 * @param int $p_bugnote_id bugnote id
 * @param bool $p_private
 * @return bool
 * @access public
 */
function bugnote_set_view_state($p_bugnote_id, $p_private)
{
    $c_bugnote_id = db_prepare_int($p_bugnote_id);
    $t_bug_id = bugnote_get_field($p_bugnote_id, 'bug_id');
    if ($p_private) {
        $t_view_state = VS_PRIVATE;
    } else {
        $t_view_state = VS_PUBLIC;
    }
    $t_bugnote_table = db_get_table('mantis_bugnote_table');
    $query = "UPDATE {$t_bugnote_table}\n\t\t          \tSET view_state=" . db_param() . "\n\t\t          \tWHERE id=" . db_param();
    db_query_bound($query, array($t_view_state, $c_bugnote_id));
    history_log_event_special($t_bug_id, BUGNOTE_STATE_CHANGED, $t_view_state, bugnote_format_id($p_bugnote_id));
    return true;
}
Exemplo n.º 6
0
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
$f_bug_id = gpc_get_int('bug_id', 0);
$f_bugnote_id = gpc_get_int('bugnote_id', 0);
$f_rev_id = gpc_get_int('rev_id', 0);
$t_title = '';
if ($f_bug_id) {
    $t_bug_id = $f_bug_id;
    $t_bug_data = bug_get($t_bug_id, true);
    $t_bug_revisions = array_reverse(bug_revision_list($t_bug_id), true);
    $t_title = lang_get('issue_id') . $t_bug_id;
} else {
    if ($f_bugnote_id) {
        $t_bug_id = bugnote_get_field($f_bugnote_id, 'bug_id');
        $t_bug_data = bug_get($t_bug_id, true);
        $t_bug_revisions = bug_revision_list($t_bug_id, REV_ANY, $f_bugnote_id);
        $t_title = lang_get('bugnote') . ' ' . $f_bugnote_id;
    } else {
        if ($f_rev_id) {
            $t_bug_revisions = bug_revision_like($f_rev_id);
            if (count($t_bug_revisions) < 1) {
                trigger_error(ERROR_GENERIC, ERROR);
            }
            $t_bug_id = $t_bug_revisions[$f_rev_id]['bug_id'];
            $t_bug_data = bug_get($t_bug_id, true);
            $t_title = lang_get('issue_id') . $t_bug_id;
        } else {
            trigger_error(ERROR_GENERIC, ERROR);
        }
Exemplo n.º 7
0
/**
 * Retrieves the raw history events for the specified bug id and returns it in an array
 * The array is indexed from 0 to N-1.  The second dimension is: 'date', 'userid', 'username',
 * 'field','type','old_value','new_value'
 * @param int $p_bug_id
 * @param int $p_user_id
 * @return array
 */
function history_get_raw_events_array($p_bug_id, $p_user_id = null)
{
    $t_history_order = config_get('history_order');
    $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id;
    $t_roadmap_view_access_level = config_get('roadmap_view_threshold');
    $t_due_date_view_threshold = config_get('due_date_view_threshold');
    # grab history and display by date_modified then field_name
    # @@@ by MASC I guess it's better by id then by field_name. When we have more history lines with the same
    # date, it's better to respect the storing order otherwise we should risk to mix different information
    # I give you an example. We create a child of a bug with different custom fields. In the history of the child
    # bug we will find the line related to the relationship mixed with the custom fields (the history is creted
    # for the new bug with the same timestamp...)
    $t_mantis_bug_history_table = db_get_table('bug_history');
    $query = "SELECT *\n\t\t\t\tFROM {$t_mantis_bug_history_table}\n\t\t\t\tWHERE bug_id=" . db_param() . "\n\t\t\t\tORDER BY date_modified {$t_history_order},id";
    $result = db_query_bound($query, array($p_bug_id));
    $raw_history = array();
    $t_private_bugnote_threshold = config_get('private_bugnote_threshold');
    $t_private_bugnote_visible = access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $t_user_id);
    $t_tag_view_threshold = config_get('tag_view_threshold');
    $t_show_monitor_list_threshold = config_get('show_monitor_list_threshold');
    $t_show_handler_threshold = config_get('view_handler_threshold');
    $t_standard_fields = columns_get_standard();
    $j = 0;
    while ($t_row = db_fetch_array($result)) {
        extract($t_row, EXTR_PREFIX_ALL, 'v');
        if ($v_type == NORMAL_TYPE) {
            if (!in_array($v_field_name, $t_standard_fields)) {
                # check that the item should be visible to the user
                $t_field_id = custom_field_get_id_from_name($v_field_name);
                if (false !== $t_field_id && !custom_field_has_read_access($t_field_id, $p_bug_id, $t_user_id)) {
                    continue;
                }
            }
            if ($v_field_name == 'target_version' && !access_has_bug_level($t_roadmap_view_access_level, $p_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'due_date' && !access_has_bug_level($t_due_date_view_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'handler_id' && !access_has_bug_level($t_show_handler_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        // bugnotes
        if ($t_user_id != $v_user_id) {
            // bypass if user originated note
            if ($v_type == BUGNOTE_ADDED || $v_type == BUGNOTE_UPDATED || $v_type == BUGNOTE_DELETED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_old_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
            if ($v_type == BUGNOTE_STATE_CHANGED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_new_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
        }
        // tags
        if ($v_type == TAG_ATTACHED || $v_type == TAG_DETACHED || $v_type == TAG_RENAMED) {
            if (!access_has_bug_level($t_tag_view_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        // monitoring
        if ($v_type == BUG_MONITOR || $v_type == BUG_UNMONITOR) {
            if (!access_has_bug_level($t_show_monitor_list_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        $raw_history[$j]['date'] = $v_date_modified;
        $raw_history[$j]['userid'] = $v_user_id;
        # user_get_name handles deleted users, and username vs realname
        $raw_history[$j]['username'] = user_get_name($v_user_id);
        $raw_history[$j]['field'] = $v_field_name;
        $raw_history[$j]['type'] = $v_type;
        $raw_history[$j]['old_value'] = $v_old_value;
        $raw_history[$j]['new_value'] = $v_new_value;
        $j++;
    }
    # end for loop
    return $raw_history;
}
Exemplo n.º 8
0
/**
 * Retrieves the raw history events for the specified bug id and returns it in an array
 * The array is indexed from 0 to N-1.  The second dimension is: 'date', 'userid', 'username',
 * 'field','type','old_value','new_value'
 * @param int $p_bug_id
 * @param int $p_user_id
 * @return array
 */
function history_get_raw_events_array($p_bug_id, $p_user_id = null)
{
    $t_mantis_bug_history_table = db_get_table('mantis_bug_history_table');
    $t_mantis_user_table = db_get_table('mantis_user_table');
    $t_history_order = config_get('history_order');
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id;
    $t_roadmap_view_access_level = config_get('roadmap_view_threshold');
    $t_due_date_view_threshold = config_get('due_date_view_threshold');
    # grab history and display by date_modified then field_name
    # @@@ by MASC I guess it's better by id then by field_name. When we have more history lines with the same
    # date, it's better to respect the storing order otherwise we should risk to mix different information
    # I give you an example. We create a child of a bug with different custom fields. In the history of the child
    # bug we will find the line related to the relationship mixed with the custom fields (the history is creted
    # for the new bug with the same timestamp...)
    $query = "SELECT *\n\t\t\t\tFROM {$t_mantis_bug_history_table}\n\t\t\t\tWHERE bug_id=" . db_param() . "\n\t\t\t\tORDER BY date_modified {$t_history_order},id";
    $result = db_query_bound($query, array($c_bug_id));
    $raw_history_count = db_num_rows($result);
    $raw_history = array();
    $t_private_bugnote_threshold = config_get('private_bugnote_threshold');
    $t_private_bugnote_visible = access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $t_user_id);
    $t_tag_view_threshold = config_get('tag_view_threshold');
    $t_view_attachments_threshold = config_get('view_attachments_threshold');
    $t_show_monitor_list_threshold = config_get('show_monitor_list_threshold');
    $t_show_handler_threshold = config_get('view_handler_threshold');
    $t_standard_fields = columns_get_standard();
    for ($i = 0, $j = 0; $i < $raw_history_count; ++$i) {
        $t_row = db_fetch_array($result);
        $v_type = $t_row['type'];
        $v_field_name = $t_row['field_name'];
        $v_user_id = $t_row['user_id'];
        $v_new_value = $t_row['new_value'];
        $v_old_value = $t_row['old_value'];
        $v_date_modified = $t_row['date_modified'];
        if ($v_type == NORMAL_TYPE) {
            if (!in_array($v_field_name, $t_standard_fields)) {
                # check that the item should be visible to the user
                # We are passing 32 here to notify the custom field API
                # that legacy history entries for field names longer than
                # 32 chars created when the db column was of that size were
                # truncated (no longer the case since 1.1.0a4, see #8002)
                $t_field_id = custom_field_get_id_from_name($v_field_name, 32);
                if (false !== $t_field_id && !custom_field_has_read_access($t_field_id, $p_bug_id, $t_user_id)) {
                    continue;
                }
            }
            if ($v_field_name == 'target_version' && !access_has_bug_level($t_roadmap_view_access_level, $p_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'due_date' && !access_has_bug_level($t_due_date_view_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'handler_id' && !access_has_bug_level($t_show_handler_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        // bugnotes
        if ($t_user_id != $v_user_id) {
            // bypass if user originated note
            if ($v_type == BUGNOTE_ADDED || $v_type == BUGNOTE_UPDATED || $v_type == BUGNOTE_DELETED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_old_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
            if ($v_type == BUGNOTE_STATE_CHANGED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_new_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
        }
        // tags
        if ($v_type == TAG_ATTACHED || $v_type == TAG_DETACHED || $v_type == TAG_RENAMED) {
            if (!access_has_bug_level($t_tag_view_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        # attachments
        if ($v_type == FILE_ADDED || $v_type == FILE_DELETED) {
            if (!access_has_bug_level($t_view_attachments_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        // monitoring
        if ($v_type == BUG_MONITOR || $v_type == BUG_UNMONITOR) {
            if (!access_has_bug_level($t_show_monitor_list_threshold, $p_bug_id, $t_user_id)) {
                continue;
            }
        }
        # relationships
        if ($v_type == BUG_ADD_RELATIONSHIP || $v_type == BUG_DEL_RELATIONSHIP || $v_type == BUG_REPLACE_RELATIONSHIP) {
            $t_related_bug_id = $v_new_value;
            # If bug doesn't exist, then we don't know whether to expose it or not based on the fact whether it was
            # accessible to user or not.  This also simplifies client code that is accessing the history log.
            if (!bug_exists($t_related_bug_id) || !access_has_bug_level(VIEWER, $t_related_bug_id, $t_user_id)) {
                continue;
            }
        }
        $raw_history[$j]['date'] = $v_date_modified;
        $raw_history[$j]['userid'] = $v_user_id;
        # user_get_name handles deleted users, and username vs realname
        $raw_history[$j]['username'] = user_get_name($v_user_id);
        $raw_history[$j]['field'] = $v_field_name;
        $raw_history[$j]['type'] = $v_type;
        $raw_history[$j]['old_value'] = $v_old_value;
        $raw_history[$j]['new_value'] = $v_new_value;
        $j++;
    }
    # end for loop
    return $raw_history;
}
Exemplo n.º 9
0
 public function put($request)
 {
     /**
      * 	Updates the note.
      *
      * 	Only the text and view state of the note can be altered.
      *
      *      @param $request - The request we're responding to
      */
     $this->note_id = Bugnote::get_mantis_id_from_url($request->url);
     if (!bugnote_exists($this->note_id)) {
         throw new HTTPException(404, "No such bug note: {$this->note_id}");
     }
     # Check if the current user is allowed to edit the bugnote
     # (This comes from Mantis's bugnote_update.php)
     $user_id = auth_get_current_user_id();
     $reporter_id = bugnote_get_field($this->note_id, 'reporter_id');
     $bug_id = bugnote_get_field($this->note_id, 'bug_id');
     if ($user_id != $reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) {
         if (!access_has_bugnote_level(config_get('update_bugnote_threshold'), $this->note_id)) {
             throw new HTTPException(403, "Access denied");
         }
     }
     if (bug_is_readonly($bug_id)) {
         throw new HTTPException(500, "Can't edit a note on a read-only bug");
     }
     $this->populate_from_repr($request->body);
     bugnote_set_view_state($this->note_id, !!$this->_get_rsrc_attr('private'));
     bugnote_set_text($this->note_id, $this->_get_mantis_attr('note'));
     $resp = new Response();
     $resp->status = 204;
     return $resp;
 }
Exemplo n.º 10
0
function bugnote_set_view_state($p_bugnote_id, $p_private)
{
    $c_bugnote_id = db_prepare_int($p_bugnote_id);
    $t_bug_id = bugnote_get_field($p_bugnote_id, 'bug_id');
    if ($p_private) {
        $t_view_state = VS_PRIVATE;
    } else {
        $t_view_state = VS_PUBLIC;
    }
    $t_bugnote_table = config_get('mantis_bugnote_table');
    # update view_state
    $query = "UPDATE {$t_bugnote_table}\r\n\t\t          \tSET view_state='{$t_view_state}'\r\n\t\t          \tWHERE id='{$c_bugnote_id}'";
    db_query($query);
    history_log_event_special($t_bug_id, BUGNOTE_STATE_CHANGED, bugnote_format_id($t_view_state), $p_bugnote_id);
    return true;
}
Exemplo n.º 11
0
/**
 * Delete a note given its id.
 *
 * @param string $p_username  The name of the user trying to add a note to an issue.
 * @param string $p_password  The password of the user.
 * @param integer $p_issue_note_id  The id of the note to be deleted.
 * @return true: success, false: failure
 */
function mc_issue_note_delete($p_username, $p_password, $p_issue_note_id)
{
    $t_user_id = mci_check_login($p_username, $p_password);
    if ($t_user_id === false) {
        return new soap_fault('Client', '', 'Access Denied');
    }
    if ((int) $p_issue_note_id < 1) {
        return new soap_fault('Client', '', "Invalid issue note id '{$p_issue_note_id}'.");
    }
    if (!bugnote_exists($p_issue_note_id)) {
        return new soap_fault('Server', '', "Issue note '{$p_issue_note_id}' does not exist.");
    }
    $t_issue_id = bugnote_get_field($p_issue_note_id, 'bug_id');
    $t_project_id = bug_get_field($t_issue_id, 'project_id');
    if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
        return new soap_fault('Client', '', 'Access Denied');
    }
    return bugnote_delete($p_issue_note_id);
}
Exemplo n.º 12
0
/**
 * Update a note
 *
 * @param string $p_username  The name of the user trying to add a note to an issue.
 * param string $p_password  The password of the user.
 * @param IssueNoteData $p_note  The note to update.
 * @return true on success, false on failure
 */
function mc_issue_note_update($p_username, $p_password, $p_note)
{
    $t_user_id = mci_check_login($p_username, $p_password);
    if ($t_user_id === false) {
        return mci_soap_fault_login_failed();
    }
    if (!isset($p_note['id']) || is_blank($p_note['id'])) {
        return new soap_fault('Client', '', "Issue note id must not be blank.");
    }
    if (!isset($p_note['text']) || is_blank($p_note['text'])) {
        return new soap_fault('Client', '', "Issue note text must not be blank.");
    }
    $t_issue_note_id = $p_note['id'];
    if (!bugnote_exists($t_issue_note_id)) {
        return new soap_fault('Server', '', "Issue note '{$t_issue_note_id}' does not exist.");
    }
    $t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
    $t_project_id = bug_get_field($t_issue_id, 'project_id');
    if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
        return mci_soap_fault_access_denied($t_user_id);
    }
    $t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
    # Check if the user owns the bugnote and is allowed to update their own bugnotes
    # regardless of the update_bugnote_threshold level.
    $t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
    $t_user_can_update_own_bugnote = config_get('bugnote_allow_user_edit_delete', null, $t_user_id, $t_project_id);
    if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
        return mci_soap_fault_access_denied($t_user_id);
    }
    # Check if the user has an access level beyond update_bugnote_threshold for the
    # project containing the bugnote to update.
    $t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
    if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
        return mci_soap_fault_access_denied($t_user_id);
    }
    # Check if the bug is readonly
    if (bug_is_readonly($t_issue_id)) {
        return mci_soap_fault_access_denied($t_user_id, "Issue ' . {$t_issue_id} . ' is readonly");
    }
    if (isset($p_note['view_state'])) {
        $t_view_state = $p_note['view_state'];
        $t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
        bugnote_set_view_state($t_issue_note_id, $t_view_state_id);
    }
    bugnote_set_text($t_issue_note_id, $p_note['text']);
    return bugnote_date_update($t_issue_note_id);
}
Exemplo n.º 13
0
 function bugnote_is_private($bug_id, $bugnote_id)
 {
     return bugnote_get_field($bugnote_id, 'view_state') == VS_PRIVATE || bug_get($bug_id)->view_state == VS_PRIVATE;
 }
Exemplo n.º 14
0
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('print_api.php');
require_api('string_api.php');
form_security_validate('bugnote_set_view_state');
$f_bugnote_id = gpc_get_int('bugnote_id');
$f_private = gpc_get_bool('private');
$t_bug_id = bugnote_get_field($f_bugnote_id, 'bug_id');
$t_bug = bug_get($t_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
# Check if the bug is readonly
if (bug_is_readonly($t_bug_id)) {
    error_parameters($t_bug_id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
# Check if the current user is allowed to change the view state of this bugnote
$t_user_id = bugnote_get_field($f_bugnote_id, 'reporter_id');
if ($t_user_id == auth_get_current_user_id()) {
    access_ensure_bugnote_level(config_get('bugnote_user_change_view_state_threshold'), $f_bugnote_id);
} else {
    access_ensure_bugnote_level(config_get('update_bugnote_threshold'), $f_bugnote_id);
    access_ensure_bugnote_level(config_get('change_view_status_threshold'), $f_bugnote_id);
}
bugnote_set_view_state($f_bugnote_id, $f_private);
form_security_purge('bugnote_set_view_state');
print_successful_redirect(string_get_bug_view_url($t_bug_id) . '#bugnotes');
}
# Check if the current user is allowed to edit the bugnote
$t_user_id = auth_get_current_user_id();
$t_reporter_id = bugnote_get_field($f_bugnote_id, 'reporter_id');
if ($t_user_id != $t_reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) {
    access_ensure_bugnote_level(config_get('update_bugnote_threshold'), $f_bugnote_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_bug_id)) {
    error_parameters($t_bug_id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
$t_bugnote_text = string_textarea(bugnote_get_text($f_bugnote_id));
# No need to gather the extra information if not used
if (config_get('time_tracking_enabled') && access_has_bug_level(config_get('time_tracking_edit_threshold'), $t_bug_id)) {
    $t_time_tracking = bugnote_get_field($f_bugnote_id, "time_tracking");
    $t_time_tracking = db_minutes_to_hhmm($t_time_tracking);
}
# Determine which view page to redirect back to.
$t_redirect_url = string_get_bug_view_url($t_bug_id);
html_page_top(bug_format_summary($t_bug_id, SUMMARY_CAPTION));
?>
<br />
<div align="center">
<form method="post" action="bugnote_update.php">
<?php 
echo form_security_field('bugnote_update');
?>
<table class="width75" cellspacing="1">
<tr>
	<td class="form-title">
Exemplo n.º 16
0
/**
 * return an href anchor that links to a bug VIEW page for the given bug
 * account for the user preference and site override
 * @param integer $p_bug_id      A bug identifier.
 * @param integer $p_bugnote_id  A bugnote identifier.
 * @param integer $p_user_id     A valid user identifier.
 * @param boolean $p_detail_info Whether to include more detailed information (e.g. title attribute / project) in the returned string.
 * @param boolean $p_fqdn        Whether to return an absolute or relative link.
 * @return string
 */
function string_get_bugnote_view_link($p_bug_id, $p_bugnote_id, $p_user_id = null, $p_detail_info = true, $p_fqdn = false)
{
    $t_bug_id = (int) $p_bug_id;
    if (bug_exists($t_bug_id) && bugnote_exists($p_bugnote_id)) {
        $t_link = '<a href="';
        if ($p_fqdn) {
            $t_link .= config_get_global('path');
        } else {
            $t_link .= config_get_global('short_path');
        }
        $t_link .= string_get_bugnote_view_url($p_bug_id, $p_bugnote_id, $p_user_id) . '"';
        if ($p_detail_info) {
            $t_reporter = string_attribute(user_get_name(bugnote_get_field($p_bugnote_id, 'reporter_id')));
            $t_update_date = string_attribute(date(config_get('normal_date_format'), bugnote_get_field($p_bugnote_id, 'last_modified')));
            $t_link .= ' title="' . bug_format_id($t_bug_id) . ': [' . $t_update_date . '] ' . $t_reporter . '"';
        }
        $t_link .= '>' . bug_format_id($t_bug_id) . ':' . bugnote_format_id($p_bugnote_id) . '</a>';
    } else {
        $t_link = bugnote_format_id($t_bug_id) . ':' . bugnote_format_id($p_bugnote_id);
    }
    return $t_link;
}
Exemplo n.º 17
0
function email_format_bug_message($p_visible_bug_data)
{
    $t_normal_date_format = config_get('normal_date_format');
    $t_complete_date_format = config_get('complete_date_format');
    $t_email_separator1 = config_get('email_separator1');
    $t_email_separator2 = config_get('email_separator2');
    $t_email_padding_length = config_get('email_padding_length');
    $t_status = $p_visible_bug_data['email_status'];
    $p_visible_bug_data['email_date_submitted'] = date($t_complete_date_format, $p_visible_bug_data['email_date_submitted']);
    $p_visible_bug_data['email_last_modified'] = date($t_complete_date_format, $p_visible_bug_data['email_last_modified']);
    $p_visible_bug_data['email_status'] = get_enum_element('status', $t_status);
    $p_visible_bug_data['email_severity'] = get_enum_element('severity', $p_visible_bug_data['email_severity']);
    $p_visible_bug_data['email_priority'] = get_enum_element('priority', $p_visible_bug_data['email_priority']);
    $p_visible_bug_data['email_reproducibility'] = get_enum_element('reproducibility', $p_visible_bug_data['email_reproducibility']);
    $t_message = $t_email_separator1 . " \n";
    if (isset($p_visible_bug_data['email_bug_view_url'])) {
        $t_message .= $p_visible_bug_data['email_bug_view_url'] . " \n";
        $t_message .= $t_email_separator1 . " \n";
    }
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_reporter');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_handler');
    $t_message .= $t_email_separator1 . " \n";
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_project');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_bug');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_category');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_reproducibility');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_severity');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_priority');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_status');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_target_version');
    # custom fields formatting
    foreach ($p_visible_bug_data['custom_fields'] as $t_custom_field_name => $t_custom_field_data) {
        $t_message .= str_pad(lang_get_defaulted($t_custom_field_name, null) . ': ', $t_email_padding_length, ' ', STR_PAD_RIGHT);
        $t_message .= string_custom_field_value_for_email($t_custom_field_data['value'], $t_custom_field_data['type']);
        $t_message .= " \n";
    }
    # end foreach custom field
    if (config_get('bug_resolved_status_threshold') <= $t_status) {
        $p_visible_bug_data['email_resolution'] = get_enum_element('resolution', $p_visible_bug_data['email_resolution']);
        $t_message .= email_format_attribute($p_visible_bug_data, 'email_resolution');
        $t_message .= email_format_attribute($p_visible_bug_data, 'email_duplicate');
        $t_message .= email_format_attribute($p_visible_bug_data, 'email_fixed_in_version');
    }
    $t_message .= $t_email_separator1 . " \n";
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_date_submitted');
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_last_modified');
    $t_message .= $t_email_separator1 . " \n";
    $t_message .= email_format_attribute($p_visible_bug_data, 'email_summary');
    $t_message .= lang_get('email_description') . ": \n" . wordwrap($p_visible_bug_data['email_description']) . "\n";
    # MASC RELATIONSHIP
    if (ON == config_get('enable_relationship')) {
        if (isset($p_visible_bug_data['relations'])) {
            $t_message .= $p_visible_bug_data['relations'];
        }
    }
    # MASC RELATIONSHIP
    # Sponsorship
    if (isset($p_visible_bug_data['sponsorship_total']) && $p_visible_bug_data['sponsorship_total'] > 0) {
        $t_message .= $t_email_separator1 . " \n";
        $t_message .= sprintf(lang_get('total_sponsorship_amount'), sponsorship_format_amount($p_visible_bug_data['sponsorship_total'])) . "\n" . "\n";
        if (isset($p_visible_bug_data['sponsorships'])) {
            foreach ($p_visible_bug_data['sponsorships'] as $t_sponsorship) {
                $t_date_added = date(config_get('normal_date_format'), $t_sponsorship->date_submitted);
                $t_message .= $t_date_added . ': ';
                $t_message .= user_get_name($t_sponsorship->user_id);
                $t_message .= ' (' . sponsorship_format_amount($t_sponsorship->amount) . ')' . " \n";
            }
        }
    }
    $t_message .= $t_email_separator1 . " \n\n";
    # format bugnotes
    foreach ($p_visible_bug_data['bugnotes'] as $t_bugnote) {
        $t_last_modified = date($t_normal_date_format, $t_bugnote->last_modified);
        $t_formatted_bugnote_id = bugnote_format_id($t_bugnote->id);
        $t_bugnote_link = string_process_bugnote_link(config_get('bugnote_link_tag') . $t_bugnote->id, false, false, true);
        $t_time_tracking = '';
        # the bugnote objects array is retrieved from bugnote_get_all_visible_bugnotes which already checks for
        # time_tracking_view_threshold.  If user does not have view permission the value is set to 0.
        if ($t_bugnote->time_tracking > 0) {
            $t_time_tracking_minutes = bugnote_get_field($t_bugnote->id, 'time_tracking');
            if ($t_time_tracking_minutes > 0) {
                $t_time_tracking = ' ' . lang_get('time_tracking') . ' ' . db_minutes_to_hhmm($t_time_tracking_minutes) . "\n";
            }
        }
        if (user_exists($t_bugnote->reporter_id)) {
            $t_access_level = access_get_project_level(null, $t_bugnote->reporter_id);
            $t_access_level_string = ' (' . get_enum_element('access_levels', $t_access_level) . ') - ';
        } else {
            $t_access_level_string = '';
        }
        $t_string = ' (' . $t_formatted_bugnote_id . ') ' . user_get_name($t_bugnote->reporter_id) . $t_access_level_string . $t_last_modified . "\n" . $t_time_tracking . ' ' . $t_bugnote_link;
        $t_message .= $t_email_separator2 . " \n";
        $t_message .= $t_string . " \n";
        $t_message .= $t_email_separator2 . " \n";
        $t_message .= wordwrap($t_bugnote->note) . " \n\n";
    }
    # format history
    if (array_key_exists('history', $p_visible_bug_data)) {
        $t_message .= lang_get('bug_history') . " \n";
        $t_message .= str_pad(lang_get('date_modified'), 17) . str_pad(lang_get('username'), 15) . str_pad(lang_get('field'), 25) . str_pad(lang_get('change'), 20) . " \n";
        $t_message .= $t_email_separator1 . " \n";
        foreach ($p_visible_bug_data['history'] as $t_raw_history_item) {
            $t_localized_item = history_localize_item($t_raw_history_item['field'], $t_raw_history_item['type'], $t_raw_history_item['old_value'], $t_raw_history_item['new_value']);
            $t_message .= str_pad(date($t_normal_date_format, $t_raw_history_item['date']), 17) . str_pad($t_raw_history_item['username'], 15) . str_pad($t_localized_item['note'], 25) . str_pad($t_localized_item['change'], 20) . "\n";
        }
        $t_message .= $t_email_separator1 . " \n\n";
    }
    return $t_message;
}
Exemplo n.º 18
0
/**
 * Update a note
 *
 * @param string   $p_username The name of the user trying to add a note to an issue.
 * @param string   $p_password The password of the user.
 * @param stdClass $p_note     The note to update.
 * @return true on success, false on failure
 */
function mc_issue_note_update($p_username, $p_password, stdClass $p_note)
{
    global $g_project_override;
    $t_user_id = mci_check_login($p_username, $p_password);
    if ($t_user_id === false) {
        return mci_soap_fault_login_failed();
    }
    $p_note = SoapObjectsFactory::unwrapObject($p_note);
    if (!isset($p_note['id']) || is_blank($p_note['id'])) {
        return SoapObjectsFactory::newSoapFault('Client', 'Issue note id must not be blank.');
    }
    if (!isset($p_note['text']) || is_blank($p_note['text'])) {
        return SoapObjectsFactory::newSoapFault('Client', 'Issue note text must not be blank.');
    }
    $t_issue_note_id = $p_note['id'];
    if (!bugnote_exists($t_issue_note_id)) {
        return SoapObjectsFactory::newSoapFault('Client', 'Issue note \'' . $t_issue_note_id . '\' does not exist.');
    }
    $t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
    $t_project_id = bug_get_field($t_issue_id, 'project_id');
    $g_project_override = $t_project_id;
    if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
        return mci_soap_fault_access_denied($t_user_id);
    }
    $t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
    # Check if the user owns the bugnote and is allowed to update their own bugnotes
    # regardless of the update_bugnote_threshold level.
    $t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
    $t_user_can_update_own_bugnote = config_get('bugnote_user_edit_threshold', null, $t_user_id, $t_project_id);
    if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
        return mci_soap_fault_access_denied($t_user_id);
    }
    # Check if the user has an access level beyond update_bugnote_threshold for the
    # project containing the bugnote to update.
    $t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
    if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
        return mci_soap_fault_access_denied($t_user_id);
    }
    # Check if the bug is readonly
    if (bug_is_readonly($t_issue_id)) {
        return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $t_issue_id . '\' is readonly');
    }
    if (isset($p_note['view_state'])) {
        $t_view_state = $p_note['view_state'];
        $t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
        bugnote_set_view_state($t_issue_note_id, $t_view_state_id == VS_PRIVATE);
    }
    log_event(LOG_WEBSERVICE, 'updating bugnote id \'' . $t_issue_note_id . '\'');
    bugnote_set_text($t_issue_note_id, $p_note['text']);
    return bugnote_date_update($t_issue_note_id);
}
Exemplo n.º 19
0
function history_get_raw_events_array($p_bug_id, $p_user_id = null)
{
    $t_mantis_bug_history_table = config_get('mantis_bug_history_table');
    $t_mantis_user_table = config_get('mantis_user_table');
    $t_history_order = config_get('history_order');
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id;
    $t_roadmap_view_access_level = config_get('roadmap_view_threshold');
    # grab history and display by date_modified then field_name
    # @@@ by MASC I guess it's better by id then by field_name. When we have more history lines with the same
    # date, it's better to respect the storing order otherwise we should risk to mix different information
    # I give you an example. We create a child of a bug with different custom fields. In the history of the child
    # bug we will find the line related to the relationship mixed with the custom fields (the history is creted
    # for the new bug with the same timestamp...)
    $query = "SELECT *\n\t\t\t\tFROM {$t_mantis_bug_history_table}\n\t\t\t\tWHERE bug_id='{$c_bug_id}'\n\t\t\t\tORDER BY date_modified {$t_history_order},id";
    $result = db_query($query);
    $raw_history_count = db_num_rows($result);
    $raw_history = array();
    $t_private_bugnote_threshold = config_get('private_bugnote_threshold');
    $t_private_bugnote_visible = access_has_bug_level(config_get('private_bugnote_threshold'), $p_bug_id, $t_user_id);
    for ($i = 0, $j = 0; $i < $raw_history_count; ++$i) {
        $row = db_fetch_array($result);
        extract($row, EXTR_PREFIX_ALL, 'v');
        // check that the item should be visible to the user
        // custom fields - we are passing 32 here to notify the API that the custom field name is truncated by the history column from 64 to 32 characters.
        $t_field_id = custom_field_get_id_from_name($v_field_name, 32);
        if (false !== $t_field_id && !custom_field_has_read_access($t_field_id, $p_bug_id, $t_user_id)) {
            continue;
        }
        if ($v_field_name == 'target_version' && !access_has_bug_level($t_roadmap_view_access_level, $p_bug_id, $t_user_id)) {
            continue;
        }
        // bugnotes
        if ($t_user_id != $v_user_id) {
            // bypass if user originated note
            if ($v_type == BUGNOTE_ADDED || $v_type == BUGNOTE_UPDATED || $v_type == BUGNOTE_DELETED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_old_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
            if ($v_type == BUGNOTE_STATE_CHANGED) {
                if (!$t_private_bugnote_visible && bugnote_get_field($v_new_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
        }
        // tags
        if ($v_type == TAG_ATTACHED || $v_type == TAG_DETACHED || $v_type == TAG_RENAMED) {
            if (!access_has_global_level(config_get('tag_view_threshold'))) {
                continue;
            }
        }
        $raw_history[$j]['date'] = db_unixtimestamp($v_date_modified);
        $raw_history[$j]['userid'] = $v_user_id;
        # user_get_name handles deleted users, and username vs realname
        $raw_history[$j]['username'] = user_get_name($v_user_id);
        $raw_history[$j]['field'] = $v_field_name;
        $raw_history[$j]['type'] = $v_type;
        $raw_history[$j]['old_value'] = $v_old_value;
        $raw_history[$j]['new_value'] = $v_new_value;
        $j++;
    }
    # end for loop
    return $raw_history;
}
Exemplo n.º 20
0
/**
 * Gets the next accessible history event for current user and specified db result.
 * @param  string  $p_result      The database result.
 * @param  integer $p_user_id     The user id or null for logged in user.
 * @param  boolean $p_check_access_to_issue true: check that user has access to bugs,
 *                                          false otherwise.
 * @return array containing the history event or false if no more matches.
 */
function history_get_event_from_row($p_result, $p_user_id = null, $p_check_access_to_issue = true)
{
    static $s_bug_visible = array();
    $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id;
    $t_project_id = helper_get_current_project();
    while ($t_row = db_fetch_array($p_result)) {
        extract($t_row, EXTR_PREFIX_ALL, 'v');
        # Make sure the entry belongs to current project.
        if ($t_project_id != ALL_PROJECTS && $t_project_id != bug_get_field($v_bug_id, 'project_id')) {
            continue;
        }
        if ($p_check_access_to_issue) {
            if (!isset($s_bug_visible[$v_bug_id])) {
                $s_bug_visible[$v_bug_id] = access_has_bug_level(VIEWER, $v_bug_id);
            }
            if (!$s_bug_visible[$v_bug_id]) {
                continue;
            }
        }
        if ($v_type == NORMAL_TYPE) {
            if (!in_array($v_field_name, columns_get_standard())) {
                # check that the item should be visible to the user
                $t_field_id = custom_field_get_id_from_name($v_field_name);
                if (false !== $t_field_id && !custom_field_has_read_access($t_field_id, $v_bug_id, $t_user_id)) {
                    continue;
                }
            }
            if ($v_field_name == 'target_version' && !access_has_bug_level(config_get('roadmap_view_threshold'), $v_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'due_date' && !access_has_bug_level(config_get('due_date_view_threshold'), $v_bug_id, $t_user_id)) {
                continue;
            }
            if ($v_field_name == 'handler_id' && !access_has_bug_level(config_get('view_handler_threshold'), $v_bug_id, $t_user_id)) {
                continue;
            }
        }
        # bugnotes
        if ($t_user_id != $v_user_id) {
            # bypass if user originated note
            if ($v_type == BUGNOTE_ADDED || $v_type == BUGNOTE_UPDATED || $v_type == BUGNOTE_DELETED) {
                if (!access_has_bug_level(config_get('private_bugnote_threshold'), $v_bug_id, $t_user_id) && bugnote_get_field($v_old_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
            if ($v_type == BUGNOTE_STATE_CHANGED) {
                if (!access_has_bug_level(config_get('private_bugnote_threshold'), $v_bug_id, $t_user_id) && bugnote_get_field($v_new_value, 'view_state') == VS_PRIVATE) {
                    continue;
                }
            }
        }
        # tags
        if ($v_type == TAG_ATTACHED || $v_type == TAG_DETACHED || $v_type == TAG_RENAMED) {
            if (!access_has_bug_level(config_get('tag_view_threshold'), $v_bug_id, $t_user_id)) {
                continue;
            }
        }
        # attachments
        if ($v_type == FILE_ADDED || $v_type == FILE_DELETED) {
            if (!access_has_bug_level(config_get('view_attachments_threshold'), $v_bug_id, $t_user_id)) {
                continue;
            }
        }
        # monitoring
        if ($v_type == BUG_MONITOR || $v_type == BUG_UNMONITOR) {
            if (!access_has_bug_level(config_get('show_monitor_list_threshold'), $v_bug_id, $t_user_id)) {
                continue;
            }
        }
        # relationships
        if ($v_type == BUG_ADD_RELATIONSHIP || $v_type == BUG_DEL_RELATIONSHIP || $v_type == BUG_REPLACE_RELATIONSHIP) {
            $t_related_bug_id = $v_new_value;
            # If bug doesn't exist, then we don't know whether to expose it or not based on the fact whether it was
            # accessible to user or not.  This also simplifies client code that is accessing the history log.
            if (!bug_exists($t_related_bug_id) || !access_has_bug_level(config_get('view_bug_threshold'), $t_related_bug_id, $t_user_id)) {
                continue;
            }
        }
        $t_event = array();
        $t_event['bug_id'] = $v_bug_id;
        $t_event['date'] = $v_date_modified;
        $t_event['userid'] = $v_user_id;
        # user_get_name handles deleted users, and username vs realname
        $t_event['username'] = user_get_name($v_user_id);
        $t_event['field'] = $v_field_name;
        $t_event['type'] = $v_type;
        $t_event['old_value'] = $v_old_value;
        $t_event['new_value'] = $v_new_value;
        return $t_event;
    }
    return false;
}
Exemplo n.º 21
0
/**
 * Set the view state of the bugnote
 * @param integer $p_bugnote_id A bugnote identifier.
 * @param boolean $p_private    Whether bugnote should be set to private status.
 * @return boolean
 * @access public
 */
function bugnote_set_view_state($p_bugnote_id, $p_private)
{
    $t_bug_id = bugnote_get_field($p_bugnote_id, 'bug_id');
    if ($p_private) {
        $t_view_state = VS_PRIVATE;
    } else {
        $t_view_state = VS_PUBLIC;
    }
    $t_query = 'UPDATE {bugnote} SET view_state=' . db_param() . ' WHERE id=' . db_param();
    db_query($t_query, array($t_view_state, $p_bugnote_id));
    history_log_event_special($t_bug_id, BUGNOTE_STATE_CHANGED, $t_view_state, bugnote_format_id($p_bugnote_id));
    return true;
}
Exemplo n.º 22
0
/**
 * Check the current user's access against the given value and return true
 * if the user's access is equal to or higher, false otherwise.
 * This function looks up the bugnote's bug and performs an access check
 * against that bug
 * @param int $p_access_level integer representing access level
 * @param int $p_bugnote_id integer representing bugnote id to check access against
 * @param int|null $p_user_id integer representing user id, defaults to null to use current user
 * @return bool whether user has access level specified
 * @access public
 */
function access_has_bugnote_level($p_access_level, $p_bugnote_id, $p_user_id = null)
{
    if (null === $p_user_id) {
        $p_user_id = auth_get_current_user_id();
    }
    $t_bug_id = bugnote_get_field($p_bugnote_id, 'bug_id');
    $t_project_id = bug_get_field($t_bug_id, 'project_id');
    # If the bug is private and the user is not the reporter, then the
    # the user must also have higher access than private_bug_threshold
    if (bugnote_get_field($p_bugnote_id, 'view_state') == VS_PRIVATE && !bugnote_is_user_reporter($p_bugnote_id, $p_user_id)) {
        $t_private_bugnote_threshold = config_get('private_bugnote_threshold', null, $p_user_id, $t_project_id);
        $p_access_level = max($p_access_level, $t_private_bugnote_threshold);
    }
    return access_has_bug_level($p_access_level, $t_bug_id, $p_user_id);
}
Exemplo n.º 23
0
$t_user_id = auth_get_current_user_id();
$t_reporter_id = bugnote_get_field($f_bugnote_id, 'reporter_id');
if ($t_user_id == $t_reporter_id) {
    access_ensure_bugnote_level(config_get('bugnote_user_edit_threshold'), $f_bugnote_id);
} else {
    access_ensure_bugnote_level(config_get('update_bugnote_threshold'), $f_bugnote_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_bug_id)) {
    error_parameters($t_bug_id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
$t_bugnote_text = string_textarea(bugnote_get_text($f_bugnote_id));
# No need to gather the extra information if not used
if (config_get('time_tracking_enabled') && access_has_bug_level(config_get('time_tracking_edit_threshold'), $t_bug_id)) {
    $t_time_tracking = bugnote_get_field($f_bugnote_id, 'time_tracking');
    $t_time_tracking = db_minutes_to_hhmm($t_time_tracking);
}
# Determine which view page to redirect back to.
$t_redirect_url = string_get_bug_view_url($t_bug_id);
html_page_top(bug_format_summary($t_bug_id, SUMMARY_CAPTION));
?>
<br />
<div>
<form method="post" action="bugnote_update.php">
<?php 
echo form_security_field('bugnote_update');
?>
<table class="width75" cellspacing="1">
<tr>
	<td class="form-title">