function get_status_option_list_plugin($p_user_auth = 0, $p_current_value = 0, $p_show_current = true, $p_add_close = false, $p_project_id = ALL_PROJECTS) { $t_config_var_value = config_get('status_enum_string', null, null, $p_project_id); $t_enum_workflow = config_get('status_enum_workflow', null, null, $p_project_id); $t_enum_values = MantisEnum::getValues($t_config_var_value); $t_enum_list = array(); foreach ($t_enum_values as $t_enum_value) { if (($p_show_current || $p_current_value != $t_enum_value) && access_compare_level($p_user_auth, access_get_status_threshold($t_enum_value, $p_project_id))) { $t_enum_list[$t_enum_value] = get_enum_element('status', $t_enum_value); } } if ($p_show_current) { $t_enum_list[$p_current_value] = get_enum_element('status', $p_current_value); } if ($p_add_close && access_compare_level($p_current_value, config_get('bug_resolved_status_threshold', null, null, $p_project_id))) { $t_closed = config_get('bug_closed_status_threshold', null, null, $p_project_id); if ($p_show_current || $p_current_value != $t_closed) { $t_enum_list[$t_closed] = get_enum_element('status', $t_closed); } } return $t_enum_list; }
$t_cat = $t_row['old_value']; if ($t_cat == '') { $t_cat = 'none'; } if (in_array($t_cat, $t_category)) { $t_data[$t_ptr][$t_cat]++; } else { $t_data[$t_ptr][$t_cat] = 1; $t_category[] = $t_cat; } # change the category associated with the bug to match in case the bug was # created during the scan $t_bug_cat[$t_row['bug_id']] = $t_cat; } else { # change of status access_compare_level( $t_row['status'], $t_resolved ) if (access_compare_level($t_row['new_value'], $t_resolved) && !access_compare_level($t_row['old_value'], $t_resolved)) { # transition from open to closed $t_cat = $t_bug_cat[$t_row['bug_id']]; if ($t_cat == '') { $t_cat = 'none'; } if (in_array($t_cat, $t_category)) { $t_data[$t_ptr][$t_cat]++; } else { $t_data[$t_ptr][$t_cat] = 1; $t_category[] = $t_cat; } } } break; case 1:
/** * Build the bugnotes array for the given bug_id filtered by specified $p_user_access_level. * Bugnotes are sorted by date_submitted according to 'bugnote_order' configuration setting. * Return BugnoteData class object with raw values from the tables except the field * last_modified - it is UNIX_TIMESTAMP. * @param int $p_bug_id bug id * @param int $p_user_bugnote_order sort order * @param int $p_user_bugnote_limit number of bugnotes to display to user * @param int $p_user_id user id * @return array array of bugnotes * @access public */ function bugnote_get_all_visible_bugnotes($p_bug_id, $p_user_bugnote_order, $p_user_bugnote_limit, $p_user_id = null) { if ($p_user_id === null) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = $p_user_id; } $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_user_access_level = user_get_access_level($t_user_id, $t_project_id); $t_all_bugnotes = bugnote_get_all_bugnotes($p_bug_id); $t_private_bugnote_threshold = config_get('private_bugnote_threshold'); $t_private_bugnote_visible = access_compare_level($t_user_access_level, config_get('private_bugnote_threshold')); $t_time_tracking_visible = access_compare_level($t_user_access_level, config_get('time_tracking_view_threshold')); $t_bugnotes = array(); $t_bugnote_count = count($t_all_bugnotes); $t_bugnote_limit = $p_user_bugnote_limit > 0 ? $p_user_bugnote_limit : $t_bugnote_count; $t_bugnotes_found = 0; # build a list of the latest bugnotes that the user can see for ($i = 0; $i < $t_bugnote_count && $t_bugnotes_found < $t_bugnote_limit; $i++) { $t_bugnote = array_pop($t_all_bugnotes); if ($t_private_bugnote_visible || $t_bugnote->reporter_id == $t_user_id || VS_PUBLIC == $t_bugnote->view_state) { # If the access level specified is not enough to see time tracking information # then reset it to 0. if (!$t_time_tracking_visible) { $t_bugnote->time_tracking = 0; } $t_bugnotes[$t_bugnotes_found++] = $t_bugnote; } } # reverse the list for users with ascending view preferences if ('ASC' == $p_user_bugnote_order) { $t_bugnotes = array_reverse($t_bugnotes); } return $t_bugnotes; }
/** * Get history details about an issue. * * @param string $p_username The name of the user trying to access the issue. * @param string $p_password The password of the user. * @param integer $p_issue_id The id of the issue to retrieve. * @return array that represents a HistoryDataArray structure */ function mc_issue_get_history($p_username, $p_password, $p_issue_id) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } if (!bug_exists($p_issue_id)) { return SoapObjectsFactory::newSoapFault('Client', 'Issue does not exist'); } $t_project_id = bug_get_field($p_issue_id, 'project_id'); if (!mci_has_readonly_access($t_user_id, $t_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $g_project_override = $t_project_id; if (!access_has_bug_level(config_get('view_bug_threshold', null, null, $t_project_id), $p_issue_id, $t_user_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_user_access_level = user_get_access_level($t_user_id, $t_project_id); if (!access_compare_level($t_user_access_level, config_get('view_history_threshold'))) { return mci_soap_fault_access_denied($t_user_id); } log_event(LOG_WEBSERVICE, 'retrieving history for issue \'' . $p_issue_id . '\''); $t_bug_history = history_get_raw_events_array($p_issue_id, $t_user_id); return $t_bug_history; }
?> </td> </tr> <?php } test_bug_download_threshold(); test_bug_attachments_allow_flags(); print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email')); print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password')); print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language')); print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0); $t_anon_user = false; print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE); print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !access_compare_level(user_get_field($t_anon_user, 'access_level'), ADMINISTRATOR) : TRUE); print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag')); print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag')); print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript')); ?> </table> <!-- register_globals check --> <?php if (ini_get_bool('register_globals')) { ?> <br /> <table width="100%" bgcolor="#222222" border="0" cellpadding="20" cellspacing="1"> <tr> <td bgcolor="#ffcc22">
/** * Build the bug raw data visible for specified user to be translated and sent by email to the user * (Filter the bug data according to user access level) * return array with bug data. See usage in email_format_bug_message(...) * @param int $p_user_id * @param int $p_bug_id * @param string $p_message_id * @return array */ function email_build_visible_bug_data($p_user_id, $p_bug_id, $p_message_id) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_user_access_level = user_get_access_level($p_user_id, $t_project_id); $t_user_bugnote_order = user_pref_get_pref($p_user_id, 'bugnote_order'); $t_user_bugnote_limit = user_pref_get_pref($p_user_id, 'email_bugnote_limit'); $row = bug_get_extended_row($p_bug_id); $t_bug_data = array(); $t_bug_data['email_bug'] = $p_bug_id; if ($p_message_id !== 'email_notification_title_for_action_bug_deleted') { $t_bug_data['email_bug_view_url'] = string_get_bug_view_url_with_fqdn($p_bug_id); } if (access_compare_level($t_user_access_level, config_get('view_handler_threshold'))) { if (0 != $row['handler_id']) { $t_bug_data['email_handler'] = user_get_name($row['handler_id']); } else { $t_bug_data['email_handler'] = ''; } } $t_bug_data['email_reporter'] = user_get_name($row['reporter_id']); $t_bug_data['email_project_id'] = $row['project_id']; $t_bug_data['email_project'] = project_get_field($row['project_id'], 'name'); $t_category_name = category_full_name($row['category_id'], false); $t_bug_data['email_category'] = $t_category_name; $t_bug_data['email_date_submitted'] = $row['date_submitted']; $t_bug_data['email_last_modified'] = $row['last_updated']; $t_bug_data['email_status'] = $row['status']; $t_bug_data['email_severity'] = $row['severity']; $t_bug_data['email_priority'] = $row['priority']; $t_bug_data['email_reproducibility'] = $row['reproducibility']; $t_bug_data['email_resolution'] = $row['resolution']; $t_bug_data['email_fixed_in_version'] = $row['fixed_in_version']; if (!is_blank($row['target_version']) && access_compare_level($t_user_access_level, config_get('roadmap_view_threshold'))) { $t_bug_data['email_target_version'] = $row['target_version']; } $t_bug_data['email_summary'] = $row['summary']; $t_bug_data['email_description'] = $row['description']; $t_bug_data['email_additional_information'] = $row['additional_information']; $t_bug_data['email_steps_to_reproduce'] = $row['steps_to_reproduce']; $t_bug_data['set_category'] = '[' . $t_bug_data['email_project'] . '] ' . $t_category_name; $t_bug_data['custom_fields'] = custom_field_get_linked_fields($p_bug_id, $t_user_access_level); $t_bug_data['bugnotes'] = bugnote_get_all_visible_bugnotes($p_bug_id, $t_user_bugnote_order, $t_user_bugnote_limit, $p_user_id); # put history data if (ON == config_get('history_default_visible') && access_compare_level($t_user_access_level, config_get('view_history_threshold'))) { $t_bug_data['history'] = history_get_raw_events_array($p_bug_id, $p_user_id); } # Sponsorship Information if (config_get('enable_sponsorship') == ON && access_has_bug_level(config_get('view_sponsorship_total_threshold'), $p_bug_id, $p_user_id)) { $t_sponsorship_ids = sponsorship_get_all_ids($p_bug_id); $t_bug_data['sponsorship_total'] = sponsorship_get_amount($t_sponsorship_ids); if (access_has_bug_level(config_get('view_sponsorship_details_threshold'), $p_bug_id, $p_user_id)) { $t_bug_data['sponsorships'] = array(); foreach ($t_sponsorship_ids as $id) { $t_bug_data['sponsorships'][] = sponsorship_get($id); } } } $t_bug_data['relations'] = relationship_get_summary_text($p_bug_id); return $t_bug_data; }
/** * Process $p_string, looking for bugnote ID references and creating bug view * links for them. * * Returns the processed string. * * If $p_include_anchor is true, include the href tag, otherwise just insert * the URL * * The bugnote tag ('~' by default) must be at the beginning of the string or * preceeded by a character that is not a letter, a number or an underscore * * if $p_include_anchor = false, $p_fqdn is ignored and assumed to true. * @param string $p_string String to be processed. * @param boolean $p_include_anchor Whether to include the href tag or just the URL. * @param boolean $p_detail_info Whether to include more detailed information (e.g. title attribute / project) in the returned string. * @param boolean $p_fqdn Whether to return an absolute or relative link. * @return string */ function string_process_bugnote_link($p_string, $p_include_anchor = true, $p_detail_info = true, $p_fqdn = false) { static $s_bugnote_link_callback = array(); $t_tag = config_get('bugnote_link_tag'); # bail if the link tag is blank if ('' == $t_tag || $p_string == '') { return $p_string; } if (!isset($s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn])) { if ($p_include_anchor) { $s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn] = function ($p_array) use($p_detail_info, $p_fqdn) { global $g_project_override; if (bugnote_exists((int) $p_array[2])) { $t_bug_id = bugnote_get_field((int) $p_array[2], 'bug_id'); if (bug_exists($t_bug_id)) { $g_project_override = bug_get_field($t_bug_id, 'project_id'); if (access_compare_level(user_get_access_level(auth_get_current_user_id(), bug_get_field($t_bug_id, 'project_id')), config_get('private_bugnote_threshold')) || bugnote_get_field((int) $p_array[2], 'reporter_id') == auth_get_current_user_id() || bugnote_get_field((int) $p_array[2], 'view_state') == VS_PUBLIC) { $g_project_override = null; return $p_array[1] . string_get_bugnote_view_link($t_bug_id, (int) $p_array[2], (bool) $p_detail_info, (bool) $p_fqdn); } $g_project_override = null; } } return $p_array[0]; }; # end of bugnote link callback closure } else { $s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn] = function ($p_array) { $t_bug_id = bugnote_get_field((int) $p_array[2], 'bug_id'); if ($t_bug_id && bug_exists($t_bug_id)) { return $p_array[1] . string_get_bugnote_view_url_with_fqdn($t_bug_id, (int) $p_array[2]); } else { return $p_array[0]; } }; # end of bugnote link callback closure } } $p_string = preg_replace_callback('/(^|[^\\w])' . preg_quote($t_tag, '/') . '(\\d+)\\b/', $s_bugnote_link_callback[$p_include_anchor][$p_detail_info][$p_fqdn], $p_string); return $p_string; }
function get_status_option_list($p_user_auth = 0, $p_current_value = 0, $p_show_current = true, $p_add_close = false) { $t_config_var_value = config_get('status_enum_string'); $t_enum_workflow = config_get('status_enum_workflow'); if (count($t_enum_workflow) < 1) { # workflow not defined, use default enum $t_arr = explode_enum_string($t_config_var_value); } else { # workflow defined - find allowed states if (isset($t_enum_workflow[$p_current_value])) { $t_arr = explode_enum_string($t_enum_workflow[$p_current_value]); } else { # workflow was not set for this status, this shouldn't happen $t_arr = explode_enum_string($t_config_var_value); } } $t_enum_count = count($t_arr); $t_enum_list = array(); for ($i = 0; $i < $t_enum_count; $i++) { $t_elem = explode_enum_arr($t_arr[$i]); if (access_compare_level($p_user_auth, access_get_status_threshold($t_elem[0])) && !(false == $p_show_current && $p_current_value == $t_elem[0])) { $t_enum_list[$t_elem[0]] = get_enum_element('status', $t_elem[0]); } } # end for if (true == $p_show_current) { $t_enum_list[$p_current_value] = get_enum_element('status', $p_current_value); } if (true == $p_add_close && access_compare_level($p_current_value, config_get('bug_resolved_status_threshold'))) { $t_enum_list[CLOSED] = get_enum_element('status', CLOSED); } return $t_enum_list; }
function custom_function_override_print_bug_view_page_custom_buttons($p_bug_id) { # Zuerst die lokalierten Buttontexte auslesen if (lang_get_current() === 'german') { $t_bfe_clone_issue_button = 'Klon in anderes Projekt...'; $t_bfe_edit_failure_class_button = 'Fehlerklasse bearbeiten...'; } else { $t_bfe_clone_issue_button = 'Clone To Other Project...'; $t_bfe_edit_failure_class_button = 'Edit Failure Class...'; } # Wenn Zugriff mindestens onsite developer, dann darf er Issues klonen if (access_has_project_level(50)) { echo '<td>'; html_button_bug_clone_to_project($p_bug_id, $t_bfe_clone_issue_button); echo '</td>'; } # Wenn Zugriff ändern von Fehlerklasse erlaubt, dann darf er sie ändern # Aber nur bis Status 'bestätigt' (40=confirmed) # Und nur für QS-Reporter (30) und ab Entwickler vor Ort (50) aufwärts if (custom_field_has_write_access(1, $p_bug_id)) { if (bug_get_field($p_bug_id, 'status') < 40) { if (access_compare_level(access_get_project_level(), array(30, 50, 55, 70, 90))) { echo '<td>'; $t_bfe_bugs[] = $p_bug_id; $t_src = relationship_get_all_src($p_bug_id); $t_src_count = count($t_src); $t_dest = relationship_get_all_dest($p_bug_id); $t_dest_count = count($t_dest); if ($t_src_count || $t_dest_count) { # Zunächst die Destination Bug IDs for ($x = 0; $x < $t_src_count; $x++) { $t_thisbugid = $t_src[$x]->dest_bug_id; if (access_has_bug_level(50, $t_thisbugid)) { $t_bfe_bugs[] = $t_thisbugid; } } # und jetzt die Source Bug IDs for ($y = 0; $y < $t_dest_count; $y++) { $t_thisbugid = $t_dest[$y]->src_bug_id; if (access_has_bug_level(50, $t_thisbugid)) { $t_bfe_bugs[] = $t_thisbugid; } } } if (count($t_bfe_bugs) > 1) { bfe_fehlerklasse_button('bug_actiongroup_page.php', $t_bfe_edit_failure_class_button, $t_bfe_bugs); } else { html_button('bug_actiongroup_page.php', $t_bfe_edit_failure_class_button, array('bug_arr[]' => $p_bug_id, 'action' => 'custom_field_1')); } echo '</td>'; } } } }
} $t_cat = $row['old_value']; if ($t_cat == '') $t_cat = 'none'; if (in_array($t_cat, $t_category)) { $t_data[$t_ptr][$t_cat] ++; } else { $t_data[$t_ptr][$t_cat] = 1; $t_category[] = $t_cat; } // change the category associated with the bug to match in case the bug was // created during the scan $t_bug_cat[$row['bug_id']] = $t_cat; } else { // change of status access_compare_level( $t_row['status'], $t_resolved ) if ( access_compare_level( $row['new_value'], $t_resolved ) && !access_compare_level( $row['old_value'], $t_resolved ) ) { // transition from open to closed $t_cat = $t_bug_cat[$row['bug_id']]; if ($t_cat == '') $t_cat = 'none'; if (in_array($t_cat, $t_category)) { $t_data[$t_ptr][$t_cat] ++; } else { $t_data[$t_ptr][$t_cat] = 1; $t_category[] = $t_cat; } } } break; case 1: // new bug $t_cat = $t_bug_cat[$row['bug_id']];
function bugnote_get_all_visible_bugnotes($p_bug_id, $p_user_access_level, $p_user_bugnote_order, $p_user_bugnote_limit) { $t_all_bugnotes = bugnote_get_all_bugnotes($p_bug_id, $p_user_bugnote_order, $p_user_bugnote_limit); $t_private_bugnote_threshold = config_get('private_bugnote_threshold'); $t_private_bugnote_visible = access_compare_level($p_user_access_level, config_get('private_bugnote_threshold')); $t_time_tracking_visible = access_compare_level($p_user_access_level, config_get('time_tracking_view_threshold')); $t_bugnotes = array(); foreach ($t_all_bugnotes as $t_note_index => $t_bugnote) { if ($t_private_bugnote_visible || VS_PUBLIC == $t_bugnote->view_state) { # If the access level specified is not enough to see time tracking information # then reset it to 0. if (!$t_time_tracking_visible) { $t_bugnote->time_tracking = 0; } $t_bugnotes[$t_note_index] = $t_bugnote; } } return $t_bugnotes; }
function access_has_project_level($p_access_level, $p_project_id = null, $p_user_id = null) { # Short circuit the check in this case if (NOBODY == $p_access_level) { return false; } if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } if (null === $p_project_id) { $p_project_id = helper_get_current_project(); } $t_access_level = access_get_project_level($p_project_id, $p_user_id); return access_compare_level($t_access_level, $p_access_level); }
/** * For a list of bug ids, returns an array of bugnote stats. * If a bug has no visible bugnotes, returns "false" as the stats item for that bug id. * @param array $p_bugs_id Array of Integer representing bug identifiers. * @param integer|null $p_user_id User for checking access levels. null defaults to current user * @return array Array of bugnote stats * @access public * @uses database_api.php */ function bug_get_bugnote_stats_array(array $p_bugs_id, $p_user_id = null) { $t_id_array = array(); foreach ($p_bugs_id as $t_id) { $t_id_array[$t_id] = (int) $t_id; } if (empty($t_id_array)) { return array(); } if (null === $p_user_id) { $t_user_id = auth_get_current_user_id(); } else { $t_user_id = $p_user_id; } db_param_push(); $t_params = array(); $t_in_clause_elems = array(); foreach ($t_id_array as $t_id) { $t_in_clause_elems[] = db_param(); $t_params[] = $t_id; } $t_query = 'SELECT n.id, n.bug_id, n.reporter_id, n.view_state, n.last_modified, n.date_submitted, b.project_id' . ' FROM {bugnote} n JOIN {bug} b ON (n.bug_id = b.id)' . ' WHERE n.bug_id IN (' . implode(', ', $t_in_clause_elems) . ')' . ' ORDER BY b.project_id, n.bug_id, n.last_modified'; # perform query $t_result = db_query($t_query, $t_params); $t_counter = 0; $t_stats = array(); # We need to check for each bugnote if it has permissions to view in respective project. # bugnotes are grouped by project_id and bug_id to save calls to config_get $t_current_project_id = null; $t_current_bug_id = null; while ($t_query_row = db_fetch_array($t_result)) { $c_bug_id = (int) $t_query_row['bug_id']; if (0 == $t_counter || $t_current_project_id !== $t_query_row['project_id']) { # evaluating a new project from the rowset $t_current_project_id = $t_query_row['project_id']; $t_user_access_level = access_get_project_level($t_query_row['project_id'], $t_user_id); $t_private_bugnote_visible = access_compare_level($t_user_access_level, config_get('private_bugnote_threshold', null, $t_user_id, $t_query_row['project_id'])); } if (0 == $t_counter || $t_current_bug_id !== $c_bug_id) { # evaluating a new bug from the rowset $t_current_bug_id = $c_bug_id; $t_note_count = 0; $t_last_submit_date = 0; } $t_note_visible = $t_private_bugnote_visible || $t_query_row['reporter_id'] == $t_user_id || VS_PUBLIC == $t_query_row['view_state']; if ($t_note_visible) { # only count the bugnote if user has access $t_stats[$c_bug_id]['bug_id'] = $c_bug_id; $t_stats[$c_bug_id]['last_modified'] = $t_query_row['last_modified']; $t_stats[$c_bug_id]['count'] = ++$t_note_count; $t_stats[$c_bug_id]['last_modified_bugnote'] = $t_query_row['id']; if ($t_query_row['date_submitted'] > $t_last_submit_date) { $t_last_submit_date = $t_query_row['date_submitted']; $t_stats[$c_bug_id]['last_submitted_bugnote'] = $t_query_row['id']; } if (isset($t_id_array[$c_bug_id])) { unset($t_id_array[$c_bug_id]); } } $t_counter++; } # The remaining bug ids, are those without visible notes. Save false as cached value foreach ($t_id_array as $t_id) { $t_stats[$t_id] = false; } return $t_stats; }
/** * Check the current user's access against the given value and return true * if the user's access is equal to or higher, false otherwise. * This function looks up the bug's project and performs an access check * against that project * @param int $p_access_level integer representing access level * @param int $p_bug_id integer representing bug id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access level specified * @access public */ function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case # @@@ we may be able to remove this and just error # and once we default to anon login, we can remove it for sure if (empty($p_user_id) && !auth_is_user_authenticated()) { return false; } $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_is_user_reporter = bug_is_user_reporter($p_bug_id, $p_user_id); $t_access_level = access_get_project_level($t_project_id, $p_user_id); # check limit_Reporter (Issue #4769) # reporters can view just issues they reported $t_limit_reporters = config_get('limit_reporters', null, $p_user_id, $t_project_id); if ($t_limit_reporters && !$t_bug_is_user_reporter) { # Here we only need to check that the current user has an access level # higher than the lowest needed to report issues (report_bug_threshold). # To improve performance, esp. when processing for several projects, we # build a static array holding that threshold for each project static $s_thresholds = array(); if (!isset($s_thresholds[$t_project_id])) { $t_report_bug_threshold = config_get('report_bug_threshold', null, $p_user_id, $t_project_id); if (!is_array($t_report_bug_threshold)) { $s_thresholds[$t_project_id] = $t_report_bug_threshold + 1; } else { if (empty($t_report_bug_threshold)) { $s_thresholds[$t_project_id] = NOBODY; } else { sort($t_report_bug_threshold); $s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1; } } } if (!access_compare_level($t_access_level, $s_thresholds[$t_project_id])) { return false; } } # If the bug is private and the user is not the reporter, then # they must also have higher access than private_bug_threshold if (!$t_bug_is_user_reporter && bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE) { $t_private_bug_threshold = config_get('private_bug_threshold', null, $p_user_id, $t_project_id); return access_compare_level($t_access_level, $t_private_bug_threshold) && access_compare_level($t_access_level, $p_access_level); } return access_compare_level($t_access_level, $p_access_level); }
/** * Check the current user's access against the given value and return true * if the user's access is equal to or higher, false otherwise. * This function looks up the bug's project and performs an access check * against that project * @param int $p_access_level integer representing access level * @param int $p_bug_id integer representing bug id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access level specified * @access public */ function access_has_bug_level($p_access_level, $p_bug_id, $p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case # @@@ we may be able to remove this and just error # and once we default to anon login, we can remove it for sure if (empty($p_user_id) && !auth_is_user_authenticated()) { return false; } $t_project_id = bug_get_field($p_bug_id, 'project_id'); # check limit_Reporter (Issue #4769) # reporters can view just issues they reported $t_limit_reporters = config_get('limit_reporters'); if (ON === $t_limit_reporters && !bug_is_user_reporter($p_bug_id, $p_user_id) && !access_has_project_level(REPORTER + 1, $t_project_id, $p_user_id)) { return false; } # If the bug is private and the user is not the reporter, then # they must also have higher access than private_bug_threshold if (VS_PRIVATE == bug_get_field($p_bug_id, 'view_state') && !bug_is_user_reporter($p_bug_id, $p_user_id)) { $t_access_level = access_get_project_level($t_project_id, $p_user_id); return access_compare_level($t_access_level, config_get('private_bug_threshold')) && access_compare_level($t_access_level, $p_access_level); } return access_has_project_level($p_access_level, $t_project_id, $p_user_id); }
function get_status_option_list($p_user_auth = 0, $p_current_value = 0, $p_show_current = true, $p_add_close = false, $p_project_id = ALL_PROJECTS) { $t_config_var_value = config_get('status_enum_string', null, null, $p_project_id); $t_enum_workflow = config_get('status_enum_workflow', null, null, $p_project_id); if (count($t_enum_workflow) < 1) { # workflow not defined, use default enum $t_enum_values = MantisEnum::getValues($t_config_var_value); } else { # workflow defined - find allowed states if (isset($t_enum_workflow[$p_current_value])) { $t_enum_values = MantisEnum::getValues($t_enum_workflow[$p_current_value]); } else { # workflow was not set for this status, this shouldn't happen # caller should be able to handle empty list $t_enum_values = array(); } } $t_enum_list = array(); foreach ($t_enum_values as $t_enum_value) { if (($p_show_current || $p_current_value != $t_enum_value) && access_compare_level($p_user_auth, access_get_status_threshold($t_enum_value, $p_project_id))) { $t_enum_list[$t_enum_value] = get_enum_element('status', $t_enum_value); } } if ($p_show_current) { $t_enum_list[$p_current_value] = get_enum_element('status', $p_current_value); } if ($p_add_close && access_compare_level($p_current_value, config_get('bug_resolved_status_threshold', null, null, $p_project_id))) { $t_closed = config_get('bug_closed_status_threshold', null, null, $p_project_id); if ($p_show_current || $p_current_value != $t_closed) { $t_enum_list[$t_closed] = get_enum_element('status', $t_closed); } } return $t_enum_list; }
function bugnote_get_all_visible_bugnotes($p_bug_id, $p_user_access_level, $p_user_bugnote_order, $p_user_bugnote_limit) { $t_all_bugnotes = bugnote_get_all_bugnotes($p_bug_id, $p_user_bugnote_order, $p_user_bugnote_limit); $t_private_bugnote_threshold = config_get('private_bugnote_threshold'); $t_private_bugnote_visible = access_compare_level($p_user_access_level, config_get('private_bugnote_threshold')); $t_bugnotes = array(); foreach ($t_all_bugnotes as $t_note_index => $t_bugnote) { if ($t_private_bugnote_visible || VS_PUBLIC == $t_bugnote->view_state) { $t_bugnotes[$t_note_index] = $t_bugnote; } } return $t_bugnotes; }