Dependency Graph

View IssueRelationship GraphVerticalShow Summary
Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0012541mantisbtapi soappublic2010-11-18 12:082014-12-08 00:33
Reporterdominik Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.2.17 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0012541: mc_issue_note_add function not honoring reporter data
Description

When using the function mc_issue_note_add() the submitted reporter data aren't used. The attached patch will resolve this (patch is againgst master-1.2.x)...

Tagspatch
Attached Files
mc_issue_note_add.patch (1,789 bytes)    
From f6b3cefd42d0e5990794da35376dd559293f890e Mon Sep 17 00:00:00 2001
From: Dominik Blunk <dominik@blunk.ch>
Date: Thu, 18 Nov 2010 17:55:21 +0100
Subject: [PATCH] Fixed mc_issue_note_add to include submitted reporter data

---
 api/soap/mc_issue_api.php |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/api/soap/mc_issue_api.php b/api/soap/mc_issue_api.php
index f62a925..4d40985 100644
--- a/api/soap/mc_issue_api.php
+++ b/api/soap/mc_issue_api.php
@@ -865,9 +865,22 @@ function mc_issue_note_add( $p_username, $p_password, $p_issue_id, $p_note ) {
 			'id' => config_get( 'default_bug_view_status' ),
 		);
 	}
+	$t_reporter_id = isset( $p_note['reporter'] ) ? mci_get_user_id( $p_note['reporter'] )  : 0;
+	if( $t_reporter_id == 0 ) {
+		$t_reporter_id = $t_user_id;
+	} else {
+		if( $t_reporter_id != $t_user_id ) {
+
+			# Make sure that active user has access level required to specify a different reporter.
+			$t_specify_reporter_access_level = config_get( 'mc_specify_reporter_on_add_access_level_threshold' );
+			if( !access_has_project_level( $t_specify_reporter_access_level, $t_project_id, $t_user_id ) ) {
+				return mci_soap_fault_access_denied( $t_user_id, "Active user does not have access level required to specify a different issue note reporter" );
+			}
+		}
+	}
 	
 	$t_view_state_id = mci_get_enum_id_from_objectref( 'view_state', $t_view_state );
-	return bugnote_add( $p_issue_id, $p_note['text'], mci_get_time_tracking_from_note( $p_issue_id, $p_note ), $t_view_state_id == VS_PRIVATE, BUGNOTE, '', $t_user_id );
+	return bugnote_add( $p_issue_id, $p_note['text'], mci_get_time_tracking_from_note( $p_issue_id, $p_note ), $t_view_state_id == VS_PRIVATE, BUGNOTE, '', $t_reporter_id );
 }
 
 /**
-- 
1.7.3.1.msysgit.0
mc_issue_note_add.patch (1,789 bytes)   

Relationships

Relationship GraphDependency Graph
parent of 0017777 new Add test case for mc_issue_add() and mc_issue_note_add() reporter override 
related to 0012412 closeddregad "Reporter" should be editable by access level 
related to 0011274 acknowledged mc_issue_note_add function not honoring CreationDate 
Not all the children of this issue are yet resolved or closed.

Activities

dhx

dhx

2010-11-30 09:16

reporter   ~0027513

Last edited: 2010-11-30 09:19

I agree with the principle of this patch.

However the configuration value "mc_specify_reporter_on_add_access_level_threshold" needs to be more generic, such as "specify_reporter_threshold". This configuration value then needs to be added to config_defaults_inc.php and documented both there and in the docbook documentation.

This functionality can then be extended/merged with 0012412 that requests the ability for people to change the reporter of an issue via the web UI.
atrol

atrol

2013-04-27 18:41

developer   ~0036710

Removed assignment. dhx will not contribute to this issue in near future.
Chewits

Chewits

2014-07-03 10:20

reporter   ~0040873

Hello guys,

is it planned to integrate ever?
dregad

dregad

2014-07-04 11:29

developer   ~0040876

I guess it will be, someday (probably) but it is not planned at the moment.

We need to consider a global patch covering also the GUI functionality (bug report page), and also applying the threshold in mc_issue_add() too.
vboctor

vboctor

2014-10-13 03:42

manager   ~0041562

Thanks @dominik for your patch. I've submitted a pull request for this with some updates.
https://github.com/mantisbt/mantisbt/pull/381

Related Changesets

MantisBT: master 666b56c7

2014-10-12 14:38

dominik

Committer: vboctor


Details Diff		 Fix 0012541: mc_issue_note_add function not honoring reporter data

When using the function mc_issue_note_add() the submitted reporter data aren't used.
This fixes allows users with 'webservice_specify_reporter_on_add_access_level_threshold'
access level to override reporter when submitting notes. This makes it consistent
with mc_issue_add() api.		 Affected Issues
0012541
mod - api/soap/mc_issue_api.php Diff File