0009300: bugnote_set_view_state looks for "bugnote_update" instead of 'private_bugnote_threshold' and 'change_view_status_threshold' - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0009300	mantisbt	security	public	2008-06-25 08:19	2014-11-07 16:26

Reporter	polzin	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open

Summary	0009300: bugnote_set_view_state looks for "bugnote_update" instead of 'private_bugnote_threshold' and 'change_view_status_threshold'
Description	bugnote_set_view_state ensures for "bugnote_update", while the display of the "Make public/internal" button asks for 'private_bugnote_threshold' and 'change_view_status_threshold' http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/trunk/mantisbt/bugnote_set_view_state.php?revision=5366&view=markup#l_47 http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/trunk/mantisbt/bugnote_view_inc.php?revision=5307&view=markup#l_162 Suggestion: access_ensure_bugnote_level( config_get( 'update_bugnote_threshold' ), $f_bugnote_id ); access_ensure_bug_level( config_get( 'private_bugnote_threshold' ), $f_bug_id ); access_ensure_bug_level( config_get( 'change_view_status_threshold' ), $f_bug_id ); This makes more sense in an environment, where some people may have the right to set bugnote to internal(for security reasons) but not to change others' bugnotes.
Tags	No tags attached.

polzin 2008-06-30 03:13 reporter ~0018227	The above suggestion has an obvious error: $f_bug_id is not defined in bugnote_set_view.php. It should read "$t_bug_id".

Zamolxis 2009-12-23 21:26 reporter ~0023980	Is the issue reported here the actual cause of the bug that is causing the whole issue not visible for reporters, if we mark just one of the notes as private?

vboctor 2009-12-28 03:04 manager ~0023992	@Zamolxis, I assume you are referring to 0010655.

Zamolxis 2009-12-31 10:42 reporter ~0024015 Last edited: 2009-12-31 10:44	Indeed. And I see that's meanwhile fixed in rc2. Thanks. :)