Give allow_reporter_* privileges only to users who still have reporter access to the bug.

diff --git a/bug_change_status_page.php b/bug_change_status_page.php
index 77cb099..c4efd5a 100644
--- a/bug_change_status_page.php
+++ b/bug_change_status_page.php
@@ -56,6 +56,7 @@
 
 	if ( !( ( access_has_bug_level( access_get_status_threshold( $f_new_status, bug_get_field( $f_bug_id, 'project_id' ) ), $f_bug_id ) ) ||
 				( ( bug_get_field( $f_bug_id, 'reporter_id' ) == $t_current_user_id ) &&
+					( access_has_bug_level( REPORTER, $f_bug_id ) ) &&
 						( ( ON == config_get( 'allow_reporter_reopen' ) ) ||
 								( ON == config_get( 'allow_reporter_close' ) ) ) ) ||
 				( ( ON == $f_reopen_flag ) && ( access_has_bug_level( config_get( 'reopen_bug_threshold' ), $f_bug_id ) ) )
diff --git a/bug_update_advanced_page.php b/bug_update_advanced_page.php
index 79fe390..fa8e26d 100644
--- a/bug_update_advanced_page.php
+++ b/bug_update_advanced_page.php
@@ -357,6 +357,7 @@ if ( $tpl_show_status || $tpl_show_resolution ) {
 		echo '<td bgcolor="', get_status_color( $tpl_bug->status ), '">';
 		print_status_option_list( 'status', $tpl_bug->status,
 							( $tpl_bug->reporter_id == auth_get_current_user_id() &&
+								access_has_bug_level( REPORTER, $f_bug_id ) &&
 									( ON == config_get( 'allow_reporter_close' ) ) ), $tpl_bug->project_id );
 		echo '</td>';
 	} else {
diff --git a/core/access_api.php b/core/access_api.php
index 7aa8db8..ba8fe2c 100644
--- a/core/access_api.php
+++ b/core/access_api.php
@@ -505,7 +505,8 @@ function access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id =
 	}
 
 	# If allow_reporter_close is enabled, then reporters can always close their own bugs
-	if( ON == config_get( 'allow_reporter_close' ) && bug_is_user_reporter( $p_bug_id, $p_user_id ) ) {
+	if( ON == config_get( 'allow_reporter_close' ) && bug_is_user_reporter( $p_bug_id, $p_user_id ) &&
+		access_has_bug_level( REPORTER, $p_bug_id, $p_user_id ) ) {
 		return true;
 	}
 
@@ -542,7 +543,8 @@ function access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id =
 	}
 
 	# If allow_reporter_reopen is enabled, then reporters can always reopen their own bugs
-	if( ON == config_get( 'allow_reporter_reopen' ) && bug_is_user_reporter( $p_bug_id, $p_user_id ) ) {
+	if( ON == config_get( 'allow_reporter_reopen' ) && bug_is_user_reporter( $p_bug_id, $p_user_id ) &&
+		access_has_bug_level( REPORTER, $p_bug_id, $p_user_id ) ) {
 		return true;
 	}
 
diff --git a/core/file_api.php b/core/file_api.php
index 4729d4d..cc62014 100644
--- a/core/file_api.php
+++ b/core/file_api.php
@@ -788,7 +788,8 @@ function file_allow_bug_upload( $p_bug_id = null, $p_user_id = null ) {
 	# *** If we ever wanted to have a per-project setting enabling file
 	#     uploads, we'd want to check it here before exempting the reporter
 
-	if( $t_reporter && ( ON == config_get( 'allow_reporter_upload' ) ) ) {
+	if( $t_reporter && ( ON == config_get( 'allow_reporter_upload' ) ) &&
+		( null === $p_bug_id || access_has_bug_level( REPORTER, $p_bug_id, $p_user_id ) ) ) {
 		return true;
 	}
 
diff --git a/core/html_api.php b/core/html_api.php
index 05a8587..023267f 100644
--- a/core/html_api.php
+++ b/core/html_api.php
@@ -1347,7 +1347,7 @@ function html_button_bug_change_status( $p_bug_id ) {
 	$t_bug_current_state = bug_get_field( $p_bug_id, 'status' );
 	$t_current_access = access_get_project_level( $t_bug_project_id );
 
-	$t_enum_list = get_status_option_list( $t_current_access, $t_bug_current_state, false, ( bug_get_field( $p_bug_id, 'reporter_id' ) == auth_get_current_user_id() && ( ON == config_get( 'allow_reporter_close' ) ) ), $t_bug_project_id );
+	$t_enum_list = get_status_option_list( $t_current_access, $t_bug_current_state, false, ( bug_get_field( $p_bug_id, 'reporter_id' ) == auth_get_current_user_id() && ( ON == config_get( 'allow_reporter_close' ) ) && access_has_bug_level( REPORTER, $p_bug_id ) ), $t_bug_project_id );
 
 	if( count( $t_enum_list ) > 0 ) {
 
@@ -1514,7 +1514,8 @@ function html_button_bug_reopen( $p_bug_id ) {
 	$t_reopen_status = config_get( 'bug_reopen_status', null, null, $t_project );
 
 	if( access_has_bug_level( config_get( 'reopen_bug_threshold', null, null, $t_project ), $p_bug_id ) ||
-			(( bug_get_field( $p_bug_id, 'reporter_id' ) == auth_get_current_user_id() ) && ( ON == config_get( 'allow_reporter_reopen', null, null, $t_project ) ) ) ) {
+			(( bug_get_field( $p_bug_id, 'reporter_id' ) == auth_get_current_user_id() ) && ( ON == config_get( 'allow_reporter_reopen', null, null, $t_project ) )
+				&& access_has_bug_level( REPORTER, $p_bug_id ) ) ) {
 		html_button( 'bug_change_status_page.php', lang_get( 'reopen_bug_button' ), array( 'id' => $p_bug_id, 'new_status' => $t_reopen_status, 'reopen_flag' => ON ) );
 	}
 }