function mci_file_can_download_bug_attachments($p_bug_id, $p_user_id) { $t_can_download = access_has_bug_level(config_get('download_attachments_threshold'), $p_bug_id); if ($t_can_download) { return true; } $t_reported_by_me = bug_is_user_reporter($p_bug_id, $p_user_id); return $t_reported_by_me && config_get('allow_download_own_attachments'); }
/** * Check if the user can upload files for this bug * return true if they can, false otherwise * the user defaults to the current user * * if the bug null (the default) we answer whether the user can * upload a file to a new bug in the current project * @param integer $p_bug_id A bug identifier. * @param integer $p_user_id A user identifier. * @return boolean */ function file_allow_bug_upload($p_bug_id = null, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } # If uploads are disbled just return false if (!file_is_uploading_enabled()) { return false; } if (null === $p_bug_id) { # new bug $t_project_id = helper_get_current_project(); # the user must be the reporter if they're reporting a new bug $t_reporter = true; } else { # existing bug $t_project_id = bug_get_field($p_bug_id, 'project_id'); # check if the user is the reporter of the bug $t_reporter = bug_is_user_reporter($p_bug_id, $p_user_id); } if ($t_reporter && ON == config_get('allow_reporter_upload')) { return true; } # Check the access level against the config setting return access_has_project_level(config_get('upload_bug_file_threshold'), $t_project_id, $p_user_id); }
if ( bug_is_readonly( $f_bug_id ) ) { error_parameters( $f_bug_id ); trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR ); } access_ensure_bug_level( config_get( 'bug_reminder_threshold' ), $f_bug_id ); # Automically add recipients to monitor list if they are above the monitor # threshold, option is enabled, and not reporter or handler. foreach ( $f_to as $t_recipient ) { if ( ON == config_get( 'reminder_recipients_monitor_bug' ) && access_has_bug_level( config_get( 'monitor_bug_threshold' ), $f_bug_id ) && !bug_is_user_handler( $f_bug_id, $t_recipient ) && !bug_is_user_reporter( $f_bug_id, $t_recipient ) ) { bug_monitor( $f_bug_id, $t_recipient ); } } $result = email_bug_reminder( $f_to, $f_bug_id, $f_body ); # Add reminder as bugnote if store reminders option is ON. if ( ON == config_get( 'store_reminders' ) ) { if ( count( $f_to ) > 50 ) { # too many recipients to log, truncate the list $t_to = array(); for ( $i=0; $i<50; $i++ ) { $t_to[] = $f_to[$i]; } $f_to = $t_to; }
function file_allow_bug_upload($p_bug_id = null, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } # If uploads are disbled just return false if (!file_is_uploading_enabled()) { return false; } if (null === $p_bug_id) { # new bug $t_project_id = helper_get_current_project(); # If reporting a new bug, the user is the reporter by definition $t_is_reporter = true; } else { # existing bug $t_project_id = bug_get_field($p_bug_id, 'project_id'); # check if the user is the reporter of the bug # and still has reporter access to it $t_is_reporter = bug_is_user_reporter($p_bug_id, $p_user_id) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug_id, $p_user_id); } # Check the access level against the config setting $t_can_upload = $t_is_reporter && ON == config_get('allow_reporter_upload') || access_has_project_level(config_get('upload_bug_file_threshold'), $t_project_id, $p_user_id); return $t_can_upload; }
/** * Print Change Status to: button * This code is similar to print_status_option_list except * there is no masking, except for the current state * * @param BugData $p_bug Bug object * @return null */ function html_button_bug_change_status($p_bug) { $t_current_access = access_get_project_level($p_bug->project_id); $t_enum_list = get_status_option_list($t_current_access, $p_bug->status, false, bug_is_user_reporter($p_bug->id, auth_get_current_user_id()) && ON == config_get('allow_reporter_close'), $p_bug->project_id); if (count($t_enum_list) > 0) { # resort the list into ascending order after noting the key from the first element (the default) $t_default_arr = each($t_enum_list); $t_default = $t_default_arr['key']; ksort($t_enum_list); reset($t_enum_list); echo "<form method=\"post\" action=\"bug_change_status_page.php\">"; # CSRF protection not required here - form does not result in modifications $t_button_text = lang_get('bug_status_to_button'); echo "<input type=\"submit\" class=\"button\" value=\"{$t_button_text}\" />"; echo " <select name=\"new_status\">"; # space at beginning of line is important foreach ($t_enum_list as $key => $val) { echo "<option value=\"{$key}\" "; check_selected($key, $t_default); echo ">{$val}</option>"; } echo '</select>'; $t_bug_id = string_attribute($p_bug->id); echo "<input type=\"hidden\" name=\"id\" value=\"{$t_bug_id}\" />\n"; echo "</form>\n"; } }
$query = "SELECT sbt.*, dbt.fixed_in_version AS parent_version, rt.source_bug_id\n FROM {$t_bug_table} AS sbt\n LEFT JOIN {$t_relation_table} AS rt\n ON sbt.id=rt.destination_bug_id AND rt.relationship_type=" . BUG_DEPENDANT . "\n LEFT JOIN {$t_bug_table} AS dbt ON dbt.id=rt.source_bug_id\n WHERE sbt.project_id=" . db_param() . "\n AND sbt.fixed_in_version=" . db_param() . "\n ORDER BY sbt.status ASC, sbt.last_updated DESC"; $t_description = version_get_field($t_version_id, 'description'); $t_first_entry = true; $t_issue_ids = array(); $t_issue_parents = array(); $t_issue_handlers = array(); $t_result = db_query_bound($query, array($t_project_id, $t_version)); while ($t_row = db_fetch_array($t_result)) { # hide private bugs if user doesn't have access to view them. if (!$t_can_view_private && $t_row['view_state'] == VS_PRIVATE) { continue; } bug_cache_database_result($t_row); # check limit_Reporter (Issue #4770) # reporters can view just issues they reported if (ON === $t_limit_reporters && $t_user_access_level_is_reporter && !bug_is_user_reporter($t_row['id'], $t_user_id)) { continue; } $t_issue_id = $t_row['id']; $t_issue_parent = $t_row['source_bug_id']; $t_parent_version = $t_row['parent_version']; if (!helper_call_custom_function('changelog_include_issue', array($t_issue_id))) { continue; } if (0 === strcasecmp($t_parent_version, $t_version)) { $t_issue_ids[] = $t_issue_id; $t_issue_parents[] = $t_issue_parent; } else { if (!in_array($t_issue_id, $t_issue_ids)) { $t_issue_ids[] = $t_issue_id; $t_issue_parents[] = null;
$t_issue_handlers = array(); $t_result = db_query_bound( $query, Array( $t_project_id, $t_version ) ); while ( $t_row = db_fetch_array( $t_result ) ) { # hide private bugs if user doesn't have access to view them. if ( !$t_can_view_private && ( $t_row['view_state'] == VS_PRIVATE ) ) { continue; } bug_cache_database_result( $t_row ); # check limit_Reporter (Issue #4770) # reporters can view just issues they reported if ( ON === $t_limit_reporters && $t_user_access_level_is_reporter && !bug_is_user_reporter( $t_row['id'], $t_user_id )) { continue; } $t_issue_id = $t_row['id']; $t_issue_parent = $t_row['source_bug_id']; $t_parent_version = $t_row['parent_version']; if ( !helper_call_custom_function( 'changelog_include_issue', array( $t_issue_id ) ) ) { continue; } $t_issues_resolved++; if ( 0 === strcasecmp( $t_parent_version, $t_version ) ) { $t_issue_ids[] = $t_issue_id;
ORDER BY sbt.status ASC, sbt.last_updated DESC'; $t_description = version_get_field($t_version_id, 'description'); $t_first_entry = true; $t_issue_ids = array(); $t_issue_parents = array(); $t_issue_handlers = array(); $t_result = db_query($t_query, array($t_project_id, $t_version)); while ($t_row = db_fetch_array($t_result)) { # hide private bugs if user doesn't have access to view them. if (!$t_can_view_private && $t_row['view_state'] == VS_PRIVATE) { continue; } bug_cache_database_result($t_row); # check limit_Reporter (Issue #4770) # reporters can view just issues they reported if (ON == $t_limit_reporters && $t_access_limit_reporters_applies && !bug_is_user_reporter($t_row['id'], $t_user_id)) { continue; } $t_issue_id = $t_row['id']; $t_issue_parent = $t_row['source_bug_id']; $t_parent_version = $t_row['parent_version']; if (!helper_call_custom_function('changelog_include_issue', array($t_issue_id))) { continue; } if (0 === strcasecmp($t_parent_version, $t_version)) { $t_issue_ids[] = $t_issue_id; $t_issue_parents[] = $t_issue_parent; } else { if (!in_array($t_issue_id, $t_issue_ids)) { $t_issue_ids[] = $t_issue_id; $t_issue_parents[] = null;
/** * Check if the specified bug can be reopened * @param BugData $p_bug Bug to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access to reopen bugs * @access public */ function access_can_reopen_bug($p_bug, $p_user_id = null) { if (!bug_is_resolved($p_bug->id)) { # Can't reopen a bug that's not resolved return false; } if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # If allow_reporter_reopen is enabled, then reporters can always reopen their own bugs if (ON == config_get('allow_reporter_reopen', null, null, $p_bug->project_id) && bug_is_user_reporter($p_bug->id, $p_user_id)) { return true; } $t_reopen_status = config_get('reopen_bug_threshold', null, null, $p_bug->project_id); $t_reopen_status_threshold = access_get_status_threshold($t_reopen_status, $p_bug->project_id); return access_has_bug_level($t_reopen_status_threshold, $p_bug->id, $p_user_id); }
$f_body = gpc_get_string('body'); if (bug_is_readonly($f_bug_id)) { error_parameters($f_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } access_ensure_bug_level(config_get('bug_reminder_threshold'), $f_bug_id); $t_bug = bug_get($f_bug_id, true); if ($t_bug->project_id != helper_get_current_project()) { # in case the current project is not the same project of the bug we are viewing... # ... override the current project. This to avoid problems with categories and handlers lists etc. $g_project_override = $t_bug->project_id; } # Automically add recipients to monitor list if they are above the monitor # threshold, option is enabled, and not reporter or handler. foreach ($f_to as $t_recipient) { if (ON == config_get('reminder_recipents_monitor_bug') && access_has_bug_level(config_get('monitor_bug_threshold'), $f_bug_id) && !bug_is_user_handler($f_bug_id, $t_recipient) && !bug_is_user_reporter($f_bug_id, $t_recipient)) { bug_monitor($f_bug_id, $t_recipient); } } $result = email_bug_reminder($f_to, $f_bug_id, $f_body); # Add reminder as bugnote if store reminders option is ON. if (ON == config_get('store_reminders')) { if (count($f_to) > 50) { # too many recipients to log, truncate the list $t_to = array(); for ($i = 0; $i < 50; $i++) { $t_to[] = $f_to[$i]; } $f_to = $t_to; } $t_attr = '|' . implode('|', $f_to) . '|';
function write_bug_rows($p_rows) { $user_array = get_user_array(); $alive_user_ids = array(); $issues_array_html = ''; $allowed_statuses_html = ''; print '<div id="taskodrome_data" hidden="true"> '; $users = ''; $user_number = count($user_array); for ($i = 0; $i != $user_number; $i++) { $users .= '<p hidden="true" class="user_data" '; $users .= 'name="' . $user_array[$i]->name . '" '; $users .= 'id="' . $user_array[$i]->id . '"'; $users .= '></p>'; $alive_user_ids[$user_array[$i]->id] = 1; } print $users; $t_rows = count($p_rows); for ($i = 0; $i < $t_rows; $i++) { $t_row = $p_rows[$i]; $handler_id = $t_row->handler_id; if (!array_key_exists($t_row->handler_id, $alive_user_ids)) { $handler_id = 0; } $issues_array_html .= '<p hidden="true" class="issue_data" '; $issues_array_html .= 'id="' . $t_row->id . '" '; $issues_array_html .= 'summary="' . htmlentities($t_row->summary) . '" '; $issues_array_html .= 'status="' . $t_row->status . '" '; $issues_array_html .= 'handler_id="' . $handler_id . '" '; $issues_array_html .= 'topColor="#0000FF" '; $issues_array_html .= 'bottomColor="#FF0000" '; $issues_array_html .= 'updateTime="' . $t_row->last_updated . '"'; $issues_array_html .= '></p>'; $t_all_statuses = get_status_option_list(access_get_project_level($t_row->project_id), $t_row->status, true, false, $t_row->project_id); $allowed_statuses_html .= '<p hidden="true" class="status_pair" '; $allowed_statuses_html .= 'id="' . $t_row->id . '" '; $src_status_str = ''; $dst_status_str = ''; foreach ($t_all_statuses as $src_status => $src_st) { $src_status_str .= $src_status . ';'; $t_enum_list = get_status_option_list(access_get_project_level($t_row->project_id), $src_status, true, bug_is_user_reporter($t_row->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $t_row->id) && ON == config_get('allow_reporter_close'), $t_row->project_id); foreach ($t_enum_list as $dst_status => $dst_st) { $dst_status_str .= $dst_status . ','; } $dst_status_str .= ';'; } $allowed_statuses_html .= 'src_status="' . $src_status_str . '" '; $allowed_statuses_html .= 'dst_status="' . $dst_status_str . '"'; $allowed_statuses_html .= '></p>'; } print $issues_array_html; print $allowed_statuses_html; $status_order = null; foreach (plugin_config_get("status_board_order") as $t_value) { $status_order .= $t_value . ';'; } print '<p hidden="true" class="status_board_order" value="' . $status_order . '"></p>'; print '<p hidden="true" id="cooldown_period_days" value="' . plugin_config_get("cooldown_period_days") . '"></p>'; print '<p hidden="true" id="cooldown_period_hours" value="' . plugin_config_get("cooldown_period_hours") . '"></p>'; print '</div>'; print '<section class="tabs"> <br> <input type="radio" id="radio_dg" name="group" > <input type="radio" id="radio_sg" name="group" > [ <label id="label_dg" class="radio_label" for="radio_dg" >' . plugin_lang_get("assignment_board") . '</label> ] [ <label id="label_sg" class="radio_label" for="radio_sg" >' . plugin_lang_get("status_board") . '</label> ] <div class="tabs_cont"> <div id="tab_c1"> '; print '<div id="dev-grid" class="grid"> <canvas id="panel"> </canvas> </div> '; print '</div>'; print '<div id="tab_c2"> <div id="st-grid" class="grid"> <canvas id="panel_st"> </canvas> </div> '; html_page_bottom(); print '</div>'; print '</div> </section> '; }
$t_resolve_issue = false; $t_close_issue = false; $t_reopen_issue = false; if ($t_existing_bug->status < $t_resolved_status && $t_updated_bug->status >= $t_resolved_status && $t_updated_bug->status < $t_closed_status) { $t_resolve_issue = true; } else { if ($t_existing_bug->status < $t_closed_status && $t_updated_bug->status >= $t_closed_status) { $t_close_issue = true; } else { if ($t_existing_bug->status >= $t_resolved_status && $t_updated_bug->status <= config_get('bug_reopen_status')) { $t_reopen_issue = true; } } } $t_reporter_closing = $f_update_type == BUG_UPDATE_TYPE_CLOSE && bug_is_user_reporter($f_bug_id, $t_current_user_id) && access_can_close_bug($t_existing_bug, $t_current_user_id); $t_reporter_reopening = ($f_update_type == BUG_UPDATE_TYPE_REOPEN || $t_reopen_issue) && bug_is_user_reporter($f_bug_id, $t_current_user_id) && access_can_reopen_bug($t_existing_bug, $t_current_user_id); if (!$t_reporter_reopening && !$t_reporter_closing) { # Ensure that the user has permission to update bugs. This check also factors # in whether the user has permission to view private bugs. The # $g_limit_reporters option is also taken into consideration. access_ensure_bug_level(config_get('update_bug_threshold'), $f_bug_id); # Check if the bug is in a read-only state and whether the current user has # permission to update read-only bugs. if (bug_is_readonly($f_bug_id)) { error_parameters($f_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } } # If resolving or closing, ensure that all dependant issues have been resolved. if (($t_resolve_issue || $t_close_issue) && !relationship_can_resolve_bug($f_bug_id)) { trigger_error(ERROR_BUG_RESOLVE_DEPENDANTS_BLOCKING, ERROR);
require_once 'bug_api.php'; require_once 'bugnote_api.php'; require_once 'custom_field_api.php'; form_security_validate('bug_update'); $f_bug_id = gpc_get_int('bug_id'); $t_bug_data = bug_get($f_bug_id, true); $f_update_mode = gpc_get_bool('update_mode', FALSE); # set if called from generic update page $f_new_status = gpc_get_int('status', $t_bug_data->status); if ($t_bug_data->project_id != helper_get_current_project()) { # in case the current project is not the same project of the bug we are viewing... # ... override the current project. This to avoid problems with categories and handlers lists etc. $g_project_override = $t_bug_data->project_id; } $t_user = auth_get_current_user_id(); if (!(access_has_bug_level(access_get_status_threshold($f_new_status, bug_get_field($f_bug_id, 'project_id')), $f_bug_id) || access_has_bug_level(config_get('update_bug_threshold'), $f_bug_id) || bug_is_user_reporter($f_bug_id, $t_user) && access_has_bug_level(config_get('report_bug_threshold'), $f_bug_id, $t_user) && (ON == config_get('allow_reporter_reopen') || ON == config_get('allow_reporter_close')))) { access_denied(); } # extract current extended information $t_old_bug_status = $t_bug_data->status; $t_bug_data->reporter_id = gpc_get_int('reporter_id', $t_bug_data->reporter_id); $t_bug_data->handler_id = gpc_get_int('handler_id', $t_bug_data->handler_id); $t_bug_data->duplicate_id = gpc_get_int('duplicate_id', $t_bug_data->duplicate_id); $t_bug_data->priority = gpc_get_int('priority', $t_bug_data->priority); $t_bug_data->severity = gpc_get_int('severity', $t_bug_data->severity); $t_bug_data->reproducibility = gpc_get_int('reproducibility', $t_bug_data->reproducibility); $t_bug_data->status = gpc_get_int('status', $t_bug_data->status); $t_bug_data->resolution = gpc_get_int('resolution', $t_bug_data->resolution); $t_bug_data->projection = gpc_get_int('projection', $t_bug_data->projection); $t_bug_data->category_id = gpc_get_int('category_id', $t_bug_data->category_id); $t_bug_data->eta = gpc_get_int('eta', $t_bug_data->eta);
function access_can_reopen_bug($p_bug_id, $p_user_id = null) { if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # If allow_reporter_reopen is enabled, then reporters can always reopen # their own bugs if (ON == config_get('allow_reporter_reopen') && bug_is_user_reporter($p_bug_id, $p_user_id)) { return true; } return access_has_bug_level(config_get('reopen_bug_threshold'), $p_bug_id, $p_user_id); }
/** * Print Change Status to: button * This code is similar to print_status_option_list except * there is no masking, except for the current state * * @param BugData $p_bug A valid bug object. * @return void */ function html_button_bug_change_status(BugData $p_bug) { $t_current_access = access_get_project_level($p_bug->project_id); # User must have rights to change status to use this button if (!access_has_bug_level(config_get('update_bug_status_threshold'), $p_bug->id)) { return; } $t_enum_list = get_status_option_list($t_current_access, $p_bug->status, false, bug_is_user_reporter($p_bug->id, auth_get_current_user_id()) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug->id) && ON == config_get('allow_reporter_close'), $p_bug->project_id); if (count($t_enum_list) > 0) { # resort the list into ascending order after noting the key from the first element (the default) $t_default_arr = each($t_enum_list); $t_default = $t_default_arr['key']; ksort($t_enum_list); reset($t_enum_list); echo '<form method="post" action="bug_change_status_page.php">'; # CSRF protection not required here - form does not result in modifications $t_button_text = lang_get('bug_status_to_button'); echo '<input type="submit" class="button" value="' . $t_button_text . '" />'; echo ' <select name="new_status">'; # space at beginning of line is important foreach ($t_enum_list as $t_key => $t_val) { echo '<option value="' . $t_key . '" '; check_selected($t_key, $t_default); echo '>' . $t_val . '</option>'; } echo '</select>'; $t_bug_id = string_attribute($p_bug->id); echo '<input type="hidden" name="id" value="' . $t_bug_id . '" />' . "\n"; echo '</form>' . "\n"; } }
/** * Check if the specified bug can be reopened * @param BugData $p_bug Bug to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return bool whether user has access to reopen bugs * @access public */ function access_can_reopen_bug($p_bug, $p_user_id = null) { if (!bug_is_resolved($p_bug->id)) { # Can't reopen a bug that's not resolved return false; } if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } # If allow_reporter_reopen is enabled, then reporters can always reopen # their own bugs as long as their access level is reporter or above if (ON == config_get('allow_reporter_reopen', null, null, $p_bug->project_id) && bug_is_user_reporter($p_bug->id, $p_user_id) && access_has_project_level(config_get('report_bug_threshold', null, $p_user_id, $p_bug->project_id), $p_bug->project_id, $p_user_id)) { return true; } # Other users's access level must allow them to reopen bugs $t_reopen_bug_threshold = config_get('reopen_bug_threshold', null, null, $p_bug->project_id); if (access_has_bug_level($t_reopen_bug_threshold, $p_bug->id, $p_user_id)) { $t_reopen_status = config_get('bug_reopen_status', null, null, $p_bug->project_id); # User must be allowed to change status to reopen status $t_reopen_status_threshold = access_get_status_threshold($t_reopen_status, $p_bug->project_id); return access_has_bug_level($t_reopen_status_threshold, $p_bug->id, $p_user_id); } return false; }
function gantt_get_issues_and_related_in_version($p_project_id, $p_version_name) { $t_bug_table = db_get_table('bug'); $t_relation_table = db_get_table('bug_relationship'); $t_bug_datas = array(); $t_project_id = db_prepare_int($p_project_id); $t_version_name = db_prepare_string($p_version_name); $t_can_view_private = access_has_project_level(config_get('private_bug_threshold'), $t_project_id); $t_limit_reporters = config_get('limit_reporters'); $t_user_access_level_is_reporter = REPORTER == access_get_project_level($t_project_id); $t_user_id = auth_get_current_user_id(); $query = "SELECT sbt.*, {$t_relation_table}.source_bug_id as parent_issue, dbt.target_version as parent_version FROM {$t_bug_table} AS sbt\n LEFT JOIN {$t_relation_table} ON sbt.id={$t_relation_table}.destination_bug_id AND {$t_relation_table}.relationship_type=2\n LEFT JOIN {$t_bug_table} AS dbt ON dbt.id={$t_relation_table}.source_bug_id\n WHERE sbt.project_id=" . db_param() . " AND sbt.target_version=" . db_param() . " ORDER BY sbt.status ASC, sbt.last_updated DESC"; $t_result = db_query_bound($query, array($t_project_id, $t_version_name)); // Filter ids according to level access while ($t_row = db_fetch_array($t_result)) { # hide private bugs if user doesn't have access to view them. if (!$t_can_view_private && $t_row['view_state'] == VS_PRIVATE) { continue; } bug_cache_database_result($t_row); # check limit_Reporter (Issue #4770) # reporters can view just issues they reported if (ON === $t_limit_reporters && $t_user_access_level_is_reporter && !bug_is_user_reporter($t_row['id'], $t_user_id)) { continue; } $t_issue_id = $t_row['id']; if (!helper_call_custom_function('roadmap_include_issue', array($t_issue_id))) { continue; } if (!isset($t_bug_datas[$t_issue_id])) { $t_bug_datas[$t_issue_id] = $t_row; } } return $t_bug_datas; }