View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0016182 | mantisbt | public | 2013-07-16 01:19 | 2014-01-09 13:05 | |
Reporter | kaese | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | confirmed | Resolution | reopened | ||
Product Version | 1.2.15 | ||||
Summary | 0016182: User specific settings not taken into account when emails are send | ||||
Description | Viewing an issue via webinterface: The history is missing from the issue (as configured). If UserX get an issue assigned to him the email being send shows the issues history which should not be shown according to our configuration. | ||||
Steps To Reproduce | userX is a DEVELOPER in ProjectY. The project is configured with: config_defaults_inc.php: $g_view_history_threshold = VIEWER; (default) Database configuration: UserX ProjectY view_history_threshold integer 70 (MANAGER) Can be reproduced in our environment. | ||||
Additional Information | Adding some debug output to core/email_api.php around line 1447: 1447 # put history data Result:
| ||||
Tags | patch | ||||
Attached Files | get_correct_user_setting_for_mail_history.diff (724 bytes)
--- ../../../source/mantisbt-1.2.15/core/email_api.php 2013-04-12 15:37:02.000000000 +0200 +++ email_api.php 2013-07-16 15:33:15.000000000 +0200 @@ -1444,7 +1444,7 @@ $t_bug_data['bugnotes'] = bugnote_get_all_visible_bugnotes( $p_bug_id, $t_user_bugnote_order, $t_user_bugnote_limit, $p_user_id ); # put history data - if(( ON == config_get( 'history_default_visible' ) ) && access_compare_level( $t_user_access_level, config_get( 'view_history_threshold' ) ) ) { + if(( ON == config_get( 'history_default_visible' ) ) && access_compare_level( $t_user_access_level, config_get( 'view_history_threshold', null, $p_user_id ) ) ) { $t_bug_data['history'] = history_get_raw_events_array( $p_bug_id, $p_user_id ); } | ||||
Using access_has_bug_level instead of access_compare_level in function email_build_visible_bug_data should fix the issue. Sorry, no time to test and fix it at the moment. There is also some kind of conceptual issue. |
|
Setting threshold for individual users seems to work, at least when using the webinterface. I didn't succeed with your suggestion, but succeeded with the following change: email_build_visible_bug_data(): changing the config_get( 'view_history_threshold') to config_get( 'view_history_threshold' , null, $p_user_id). This way config_get return the correct per user and per project setting for view_history_threshold. Simple config_get('view_history_threshold') would return the configured setting for the user who initiated the email (usually not the user who gets this email). |
|
@kaese I think yours is the correct solution but can't test at the moment |
|
thanks; patch attached (applies to 1.2.15) |
|
I recommended at 0016182:0037473 to use access_has_bug_level because access to sponsorship information in the same function is checked with it. Maybe access_compare_level is also enough for sponsorship checking, maybe access_compare_level is not restrictive enough for history checking. access_compare_level is faster than access_has_bug_level but not that restrictive in terms of private isues and limit_reporters setting. We should have a deeper look at it before commiting changes. |
|
Reopening, as the issue was accidentally set to resolved due to a typo in the commit message to fix 0016812. |
|