From bec46ca7ac33be9cbba7eaa5e887067cb78377d8 Mon Sep 17 00:00:00 2001 From: halibut Date: Sat, 19 Apr 2025 19:11:58 +0200 Subject: [PATCH 1/2] #5702 - Allow users access to private bugs they are monitoring --- core/access_api.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/access_api.php b/core/access_api.php index cacc1cbd7..553af20b1 100644 --- a/core/access_api.php +++ b/core/access_api.php @@ -527,7 +527,8 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) { # Check if the bug is private $t_bug_is_user_reporter = bug_is_user_reporter( $p_bug_id, $p_user_id ); - if( !$t_bug_is_user_reporter && bug_get_field( $p_bug_id, 'view_state' ) == VS_PRIVATE ) { + $t_bug_is_user_monitor = user_is_monitoring_bug( $p_user_id, $p_bug_id ); + if( !$t_bug_is_user_reporter && !$t_bug_is_user_monitor && bug_get_field( $p_bug_id, 'view_state' ) == VS_PRIVATE ) { $t_private_bug_threshold = config_get( 'private_bug_threshold', null, $p_user_id, $t_project_id ); if( !access_compare_level( $t_access_level, $t_private_bug_threshold ) ) { return false; -- 2.49.0 From c490e4b3f5d2af3a992b6b9d1f81cd4e5d7eaaa1 Mon Sep 17 00:00:00 2001 From: halibut Date: Sat, 19 Apr 2025 19:11:59 +0200 Subject: [PATCH 2/2] #5702 - Allow users to view private bugs they are monitoring in lists --- core/classes/BugFilterQuery.class.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/core/classes/BugFilterQuery.class.php b/core/classes/BugFilterQuery.class.php index b16b8036f..ac531044e 100644 --- a/core/classes/BugFilterQuery.class.php +++ b/core/classes/BugFilterQuery.class.php @@ -552,8 +552,8 @@ class BugFilterQuery extends DbQuery { # this array is populated with projects to search only public issues. $t_public_only_project_ids = array(); # this array is populated with projects to search only accesible private - # issues by being the reporter of those. - $t_private_is_reporter_project_ids = array(); + # issues by being either monitoring them, or being the reporter. + $t_private_is_reporter_or_monitor_project_ids = array(); # these arrays are populated with projects where the user has limited view, # with 'limit_view_unless_threshold' configuration @@ -598,7 +598,7 @@ class BugFilterQuery extends DbQuery { $t_limited_public_only_project_ids[] = $t_pid; # private issues can be seen by the reporter, which is also a valid # case for the limited view configuration - $t_private_is_reporter_project_ids[] = $t_pid; + $t_private_is_reporter_or_monitor_project_ids[] = $t_pid; } } } else { @@ -607,7 +607,7 @@ class BugFilterQuery extends DbQuery { $t_private_and_public_project_ids[] = $t_pid; } else { $t_public_only_project_ids[] = $t_pid; - $t_private_is_reporter_project_ids[] = $t_pid; + $t_private_is_reporter_or_monitor_project_ids[] = $t_pid; } } } @@ -624,11 +624,13 @@ class BugFilterQuery extends DbQuery { . ' AND {bug}.view_state = ' . $this->param( VS_PUBLIC ); } - # for these projects, search private issues where the user is reporter - if( !empty( $t_private_is_reporter_project_ids ) ) { - $t_query_projects_or[] = $this->sql_in( '{bug}.project_id', $t_private_is_reporter_project_ids ) + # for these projects, search private issues where the user is reporter or monitoring + if( !empty( $t_private_is_reporter_or_monitor_project_ids ) ) { + $t_query_projects_or[] = $this->sql_in( '{bug}.project_id', $t_private_is_reporter_or_monitor_project_ids ) . ' AND {bug}.view_state <> ' . $this->param( VS_PUBLIC ) - . ' AND {bug}.reporter_id = ' . $this->param( $t_user_id ); + . ' AND ({bug}.reporter_id = ' . $this->param( $t_user_id ) + . ' OR ' . $this->param( $t_user_id ) + . ' IN ( SELECT user_id FROM {bug_monitor} WHERE bug_id = {bug}.id ) )'; } # for these projects, search any issue (public or private) valid for the old 'limit_reporters' configuration -- 2.49.0