View Issue Details

IDProjectCategoryView StatusLast Update
0023087mantisbtfilterspublic2017-09-03 18:41
ReporterpsbarronAssigned Toatrol 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.5 
Target Version2.6.0Fixed in Version2.6.0 
Summary0023087: Removing "Report an issue" permission removes user from Monitoring filter dropdown
Description

I have set the Updater profile so that an Updater is not permitted to report an issue. (The specific use case is that an outside vendor has access to read and update existing issues but not create new ones.) Certain Updaters are also added as monitors on issues.
When I try to filter by specific monitors in the View Issues screen, these users with the revised Updater profile are not on the dropdown to select.
There is no problem in assigning these users as monitors as they still have permissions set to allow monitoring.
We have MantisBT 2.4.0 in our test environment and I have been able to replicate the issue there.

Steps To Reproduce
  1. Assign user to a project with Updater access level
  2. Uncheck "Report an issue" for Updater access level
  3. Go to View Issues screen
  4. Click on Monitored By filter
  5. User will no longer be available on the dropdown
Additional Information

Expected Behavior: User should still appear on dropdown and be available to filter by

TagsNo tags attached.

Activities

atrol

atrol

2017-07-07 03:09

developer   ~0057197

I have no time to try myself at the moment.

Could you check if changing filter_form_api.php around line 288 (latest 2.6.0 developer code)

from

        print_reporter_option_list( $p_filter[FILTER_PROPERTY_MONITOR_USER_ID] );

to

        print_user_option_list( $p_filter[FILTER_PROPERTY_MONITOR_USER_ID], null, config_get( 'monitor_bug_threshold' ) );

fixes the issue?

For version 1.3.x it should be filter_api.php around line 3721 (latest 1.3.11 version)

BTW, you really should not go on using 1.3.5 as there are serious security issues in it.
I recommend to upgrade at least to 1.3.11 in a first step.

atrol

atrol

2017-07-23 06:09

developer   ~0057292

@psbarron can you confirm that the proposed change fixes the issue?

psbarron

psbarron

2017-07-25 10:51

reporter   ~0057320

@atrol - For some reason I have not been able to add a note to this issue to update it. I've added it but it disappears. I even cloned this issue to a new report in the hopes that you would see my update, but that doesn't appear to be visible either. So let's try again...

We made the suggested code change in our test environment running 2.4.0: it was successful and resolved the problem.

We then upgraded our production environment to 1.3.11 as you recommended and made the second code change there. Unfortunately, that did not work. When we clicked on the Monitor By filter we received an error message in the field that read (as best I can remember at this point) "Error: Bed Request".

Any further suggestions would be appreciated.

Thanks.

atrol

atrol

2017-07-25 15:33

developer   ~0057322

There is a small difference in 1.3.x code.
This should work in 1.3.11.

        print_user_option_list( $g_filter[FILTER_PROPERTY_MONITOR_USER_ID], null, config_get( 'monitor_bug_threshold' ) );
psbarron

psbarron

2017-07-25 16:38

reporter   ~0057326

@atrol - We made the change in 1.3.11 and it has now resolved the problem.

You can now mark this issue resolved.

Thank you again!

atrol

atrol

2017-07-25 16:48

developer   ~0057327

Fix will be included in versions >= 2.6.0

PR https://github.com/mantisbt/mantisbt/pull/1134

Related Changesets

MantisBT: master df80e3a0

2017-07-25 16:41:16

atrol

Details Diff
Display "Monitored By" user list based on monitor_bug_threshold

Fixes 0023087
mod - core/filter_form_api.php Diff File

Issue History

Date Modified Username Field Change
2017-07-06 17:42 psbarron New Issue
2017-07-07 03:09 atrol Assigned To => atrol
2017-07-07 03:09 atrol Status new => feedback
2017-07-07 03:09 atrol Note Added: 0057197
2017-07-12 18:44 psbarron Issue cloned: 0023108
2017-07-23 06:09 atrol Note Added: 0057292
2017-07-25 10:51 psbarron Note Added: 0057320
2017-07-25 10:51 psbarron Status feedback => assigned
2017-07-25 15:33 atrol Status assigned => feedback
2017-07-25 15:33 atrol Note Added: 0057322
2017-07-25 16:38 psbarron Note Added: 0057326
2017-07-25 16:38 psbarron Status feedback => assigned
2017-07-25 16:48 atrol Target Version => 2.6.0
2017-07-25 16:48 atrol Note Added: 0057327
2017-07-26 03:58 atrol Changeset attached => MantisBT master df80e3a0
2017-07-26 03:58 atrol Status assigned => resolved
2017-07-26 03:58 atrol Resolution open => fixed
2017-07-26 03:58 atrol Fixed in Version => 2.6.0
2017-09-03 18:41 vboctor Status resolved => closed