require_api('error_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('string_api.php');
form_security_validate('bugnote_update');
$f_bugnote_id = gpc_get_int('bugnote_id');
$f_bugnote_text = gpc_get_string('bugnote_text', '');
$f_time_tracking = gpc_get_string('time_tracking', '0:00');
# Check if the current user is allowed to edit the bugnote
$t_user_id = auth_get_current_user_id();
$t_reporter_id = bugnote_get_field($f_bugnote_id, 'reporter_id');
if ($t_user_id == $t_reporter_id) {
access_ensure_bugnote_level(config_get('bugnote_user_edit_threshold'), $f_bugnote_id);
} else {
access_ensure_bugnote_level(config_get('update_bugnote_threshold'), $f_bugnote_id);
}
# Check if the bug is readonly
$t_bug_id = bugnote_get_field($f_bugnote_id, 'bug_id');
if (bug_is_readonly($t_bug_id)) {
error_parameters($t_bug_id);
trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
$f_bugnote_text = trim($f_bugnote_text) . "\n\n";
bugnote_set_text($f_bugnote_id, $f_bugnote_text);
bugnote_set_time_tracking($f_bugnote_id, $f_time_tracking);
# Plugin integration
event_signal('EVENT_BUGNOTE_EDIT', array($t_bug_id, $f_bugnote_id));
form_security_purge('bugnote_update');
print_successful_redirect(string_get_bug_view_url($t_bug_id) . '#bugnotes');
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* @param string $p_password The password of the user.
* @param stdClass $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, stdClass $p_note)
{
global $g_project_override;
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
$p_note = SoapObjectsFactory::unwrapObject($p_note);
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note id must not be blank.');
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note text must not be blank.');
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return SoapObjectsFactory::newSoapFault('Client', 'Issue note \'' . $t_issue_note_id . '\' does not exist.');
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
$g_project_override = $t_project_id;
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_user_edit_threshold', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, 'Issue \'' . $t_issue_id . '\' is readonly');
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id == VS_PRIVATE);
}
log_event(LOG_WEBSERVICE, 'updating bugnote id \'' . $t_issue_note_id . '\'');
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* param string $p_password The password of the user.
* @param IssueNoteData $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update( $p_username, $p_password, $p_note ) {
$t_user_id = mci_check_login( $p_username, $p_password );
if( $t_user_id === false ) {
return mci_soap_fault_login_failed();
}
if ( !isset( $p_note['id'] ) || is_blank( $p_note['id'] ) ) {
return new soap_fault( 'Client', '', "Issue id must not be blank." );
}
if ( !isset( $p_note['text'] ) || is_blank( $p_note['text'] ) ) {
return new soap_fault( 'Client', '', "Issue note text must not be blank." );
}
$t_issue_note_id = $p_note['id'];
if( !bugnote_exists( $t_issue_note_id ) ) {
return new soap_fault( 'Server', '', "Issue note '$t_issue_note_id' does not exist." );
}
$t_issue_id = bugnote_get_field( $t_issue_note_id, 'bug_id' );
$t_project_id = bug_get_field( $t_issue_id, 'project_id' );
if( !mci_has_readwrite_access( $t_user_id, $t_project_id ) ) {
return mci_soap_fault_access_denied( $t_user_id );
}
if( !access_has_bug_level( config_get( 'add_bugnote_threshold' ), $t_issue_id, $t_user_id ) ) {
return mci_soap_fault_access_denied( $t_user_id, "You do not have access rights to add notes to this issue" );
}
if( bug_is_readonly( $t_issue_id ) ) {
return mci_soap_fault_access_denied( $t_user_id, "Issue ' . $t_issue_id . ' is readonly" );
}
if( isset( $p_note['view_state'] )) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref( 'view_state', $t_view_state );
bugnote_set_view_state( $t_issue_note_id, $t_view_state_id );
}
bugnote_set_text( $t_issue_note_id, $p_note['text'] );
return bugnote_date_update( $t_issue_note_id );
}
public function put($request)
{
/**
* Updates the note.
*
* Only the text and view state of the note can be altered.
*
* @param $request - The request we're responding to
*/
$this->note_id = Bugnote::get_mantis_id_from_url($request->url);
if (!bugnote_exists($this->note_id)) {
throw new HTTPException(404, "No such bug note: {$this->note_id}");
}
# Check if the current user is allowed to edit the bugnote
# (This comes from Mantis's bugnote_update.php)
$user_id = auth_get_current_user_id();
$reporter_id = bugnote_get_field($this->note_id, 'reporter_id');
$bug_id = bugnote_get_field($this->note_id, 'bug_id');
if ($user_id != $reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) {
if (!access_has_bugnote_level(config_get('update_bugnote_threshold'), $this->note_id)) {
throw new HTTPException(403, "Access denied");
}
}
if (bug_is_readonly($bug_id)) {
throw new HTTPException(500, "Can't edit a note on a read-only bug");
}
$this->populate_from_repr($request->body);
bugnote_set_view_state($this->note_id, !!$this->_get_rsrc_attr('private'));
bugnote_set_text($this->note_id, $this->_get_mantis_attr('note'));
$resp = new Response();
$resp->status = 204;
return $resp;
}
/**
* Update Issue in database
*
* Created By KGB
* @param string $p_username The name of the user trying to add the issue.
* @param string $p_password The password of the user.
* @param Array $p_issue A IssueData structure containing information about the new issue.
* @return integer The id of the created issue.
*/
function mc_issue_update($p_username, $p_password, $p_issue_id, $p_issue)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if (!bug_exists($p_issue_id)) {
return new soap_fault('Client', '', "Issue '{$p_issue_id}' does not exist.");
}
$t_project_id = bug_get_field($p_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_project_id = mci_get_project_id($p_issue['project']);
$t_handler_id = isset($p_issue['handler']) ? mci_get_user_id($p_issue['handler']) : 0;
$t_priority_id = isset($p_issue['priority']) ? mci_get_priority_id($p_issue['priority']) : config_get('default_bug_priority');
$t_severity_id = isset($p_issue['severity']) ? mci_get_severity_id($p_issue['severity']) : config_get('default_bug_severity');
$t_status_id = isset($p_issue['status']) ? mci_get_status_id($p_issue['status']) : config_get('bug_submit_status');
$t_reproducibility_id = isset($p_issue['reproducibility']) ? mci_get_reproducibility_id($p_issue['reproducibility']) : config_get('default_bug_reproducibility');
$t_resolution_id = isset($p_issue['resolution']) ? mci_get_resolution_id($p_issue['resolution']) : config_get('default_bug_resolution');
$t_projection_id = isset($p_issue['projection']) ? mci_get_projection_id($p_issue['projection']) : config_get('default_bug_resolution');
$t_eta_id = isset($p_issue['eta']) ? mci_get_eta_id($p_issue['eta']) : config_get('default_bug_eta');
$t_view_state_id = isset($p_issue['view_state']) ? mci_get_view_state_id($p_issue['view_state']) : config_get('default_bug_view_status');
$t_reporter_id = isset($p_issue['reporter']) ? mci_get_user_id($p_issue['reporter']) : 0;
$t_project = $p_issue['project'];
$t_summary = isset($p_issue['summary']) ? $p_issue['summary'] : '';
$t_description = isset($p_issue['description']) ? $p_issue['description'] : '';
$t_additional_information = isset($p_issue['additional_information']) ? $p_issue['additional_information'] : '';
$t_steps_to_reproduce = isset($p_issue['steps_to_reproduce']) ? $p_issue['steps_to_reproduce'] : '';
$t_build = isset($p_issue['build']) ? $p_issue['build'] : '';
$t_platform = isset($p_issue['platform']) ? $p_issue['platform'] : '';
$t_os = isset($p_issue['os']) ? $p_issue['os'] : '';
$t_os_build = isset($p_issue['os_build']) ? $p_issue['os_build'] : '';
$t_sponsorship_total = isset($p_issue['sponsorship_total']) ? $p_issue['sponsorship_total'] : 0;
if ($t_reporter_id == 0) {
$t_reporter_id = $t_user_id;
}
if ($t_project_id == 0 || !project_exists($t_project_id)) {
if ($t_project_id == 0) {
return new soap_fault('Client', '', "Project '" . $t_project['name'] . "' does not exist.");
}
return new soap_fault('Client', '', "Project '{$t_project_id}' does not exist.");
}
if (!access_has_bug_level(config_get('update_bug_threshold'), $p_issue_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id, "Not enough rights to update issues");
}
if ($t_handler_id != 0 && !user_exists($t_handler_id)) {
return new soap_fault('Client', '', "User '{$t_handler_id}' does not exist.");
}
$t_category = isset($p_issue['category']) ? $p_issue['category'] : null;
$t_category_id = translate_category_name_to_id($t_category, $t_project_id);
if ($t_category_id == 0 && !config_get('allow_no_category')) {
if (isset($p_issue['category']) && !is_blank($p_issue['category'])) {
return new soap_fault('Client', '', "Category field must be supplied.");
} else {
return new soap_fault('Client', '', "Category '" . $p_issue['category'] . "' not found for project '{$t_project_name}'.");
}
}
if (isset($p_issue['version']) && !is_blank($p_issue['version']) && !version_get_id($p_issue['version'], $t_project_id)) {
$t_error_when_version_not_found = config_get('mc_error_when_version_not_found');
if ($t_error_when_version_not_found == ON) {
$t_project_name = project_get_name($t_project_id);
return new soap_fault('Client', '', "Version '" . $p_issue['version'] . "' does not exist in project '{$t_project_name}'.");
} else {
$t_version_when_not_found = config_get('mc_version_when_not_found');
$p_issue['version'] = $t_version_when_not_found;
}
}
if (is_blank($t_summary)) {
return new soap_fault('Client', '', "Mandatory field 'summary' is missing.");
}
if (is_blank($t_description)) {
return new soap_fault('Client', '', "Mandatory field 'description' is missing.");
}
if ($t_priority_id == 0) {
$t_priority_id = config_get('default_bug_priority');
}
if ($t_severity_id == 0) {
$t_severity_id = config_get('default_bug_severity');
}
if ($t_view_state_id == 0) {
$t_view_state_id = config_get('default_bug_view_status');
}
if ($t_reproducibility_id == 0) {
$t_reproducibility_id = config_get('default_bug_reproducibility');
}
$t_bug_data = new BugData();
$t_bug_data->id = $p_issue_id;
$t_bug_data->project_id = $t_project_id;
$t_bug_data->reporter_id = $t_reporter_id;
$t_bug_data->handler_id = $t_handler_id;
$t_bug_data->priority = $t_priority_id;
$t_bug_data->severity = $t_severity_id;
$t_bug_data->reproducibility = $t_reproducibility_id;
$t_bug_data->status = $t_status_id;
$t_bug_data->resolution = $t_resolution_id;
$t_bug_data->projection = $t_projection_id;
$t_bug_data->category_id = $t_category_id;
$t_bug_data->date_submitted = isset($v_date_submitted) ? $v_date_submitted : '';
$t_bug_data->last_updated = isset($v_last_updated) ? $v_last_updated : '';
$t_bug_data->eta = $t_eta_id;
$t_bug_data->os = $t_os;
$t_bug_data->os_build = $t_os_build;
$t_bug_data->platform = $t_platform;
$t_bug_data->version = isset($p_issue['version']) ? $p_issue['version'] : '';
$t_bug_data->fixed_in_version = isset($p_issue['fixed_in_version']) ? $p_issue['fixed_in_version'] : '';
$t_bug_data->build = $t_build;
$t_bug_data->view_state = $t_view_state_id;
$t_bug_data->summary = $t_summary;
$t_bug_data->sponsorship_total = $t_sponsorship_total;
if (isset($p_issue['due_date']) && access_has_global_level(config_get('due_date_update_threshold'))) {
$t_bug_data->due_date = mci_iso8601_to_timestamp($p_issue['due_date']);
} else {
$t_bug_data->due_date = date_get_null();
}
if (access_has_project_level(config_get('roadmap_update_threshold'), $t_bug_data->project_id, $t_user_id)) {
$t_bug_data->target_version = isset($p_issue['target_version']) ? $p_issue['target_version'] : '';
}
# omitted:
# var $bug_text_id
# $t_bug_data->profile_id;
# extended info
$t_bug_data->description = $t_description;
$t_bug_data->steps_to_reproduce = isset($t_steps_to_reproduce) ? $t_steps_to_reproduce : '';
$t_bug_data->additional_information = isset($t_additional_information) ? $t_additional_information : '';
# submit the issue
$t_is_success = $t_bug_data->update(true, true);
mci_issue_set_custom_fields($p_issue_id, $p_issue['custom_fields'], true);
if (isset($p_issue['notes']) && is_array($p_issue['notes'])) {
foreach ($p_issue['notes'] as $t_note) {
if (isset($t_note['view_state'])) {
$t_view_state = $t_note['view_state'];
} else {
$t_view_state = config_get('default_bugnote_view_status');
}
if (isset($t_note['id']) && (int) $t_note['id'] > 0) {
$t_bugnote_id = (int) $t_note['id'];
if (bugnote_exists($t_bugnote_id)) {
bugnote_set_text($t_bugnote_id, $t_note['text']);
bugnote_set_view_state($t_bugnote_id, $t_view_state_id == VS_PRIVATE);
bugnote_date_update($t_bugnote_id);
if (isset($t_note['time_tracking'])) {
bugnote_set_time_tracking($t_bugnote_id, mci_get_time_tracking_from_note($p_issue_id, $t_note));
}
}
} else {
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_add($p_issue_id, $t_note['text'], mci_get_time_tracking_from_note($p_issue_id, $t_note), $t_view_state_id == VS_PRIVATE, BUGNOTE, '', $t_user_id, FALSE);
}
}
}
return $t_is_success;
}
/**
* Update a note
*
* @param string $p_username The name of the user trying to add a note to an issue.
* param string $p_password The password of the user.
* @param IssueNoteData $p_note The note to update.
* @return true on success, false on failure
*/
function mc_issue_note_update($p_username, $p_password, $p_note)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
if (!isset($p_note['id']) || is_blank($p_note['id'])) {
return new soap_fault('Client', '', "Issue note id must not be blank.");
}
if (!isset($p_note['text']) || is_blank($p_note['text'])) {
return new soap_fault('Client', '', "Issue note text must not be blank.");
}
$t_issue_note_id = $p_note['id'];
if (!bugnote_exists($t_issue_note_id)) {
return new soap_fault('Server', '', "Issue note '{$t_issue_note_id}' does not exist.");
}
$t_issue_id = bugnote_get_field($t_issue_note_id, 'bug_id');
$t_project_id = bug_get_field($t_issue_id, 'project_id');
if (!mci_has_readwrite_access($t_user_id, $t_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_issue_author_id = bugnote_get_field($t_issue_note_id, 'reporter_id');
# Check if the user owns the bugnote and is allowed to update their own bugnotes
# regardless of the update_bugnote_threshold level.
$t_user_owns_the_bugnote = bugnote_is_user_reporter($t_issue_note_id, $t_user_id);
$t_user_can_update_own_bugnote = config_get('bugnote_allow_user_edit_delete', null, $t_user_id, $t_project_id);
if ($t_user_owns_the_bugnote && !$t_user_can_update_own_bugnote) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the user has an access level beyond update_bugnote_threshold for the
# project containing the bugnote to update.
$t_update_bugnote_threshold = config_get('update_bugnote_threshold', null, $t_user_id, $t_project_id);
if (!$t_user_owns_the_bugnote && !access_has_bugnote_level($t_update_bugnote_threshold, $t_issue_note_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
# Check if the bug is readonly
if (bug_is_readonly($t_issue_id)) {
return mci_soap_fault_access_denied($t_user_id, "Issue ' . {$t_issue_id} . ' is readonly");
}
if (isset($p_note['view_state'])) {
$t_view_state = $p_note['view_state'];
$t_view_state_id = mci_get_enum_id_from_objectref('view_state', $t_view_state);
bugnote_set_view_state($t_issue_note_id, $t_view_state_id);
}
bugnote_set_text($t_issue_note_id, $p_note['text']);
return bugnote_date_update($t_issue_note_id);
}
