From 823c592cc5f0f2b10cb2454b40b5b1d269df2136 Mon Sep 17 00:00:00 2001
From: Markus Schneider <schnueptus@schnueptus-d430.(none)>
Date: Wed, 26 Jan 2011 10:40:25 +0100
Subject: [PATCH] securty fix to soap api related to bug 12517

---
 api/soap/mc_issue_api.php |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/api/soap/mc_issue_api.php b/api/soap/mc_issue_api.php
index b11665e..b25d10a 100644
--- a/api/soap/mc_issue_api.php
+++ b/api/soap/mc_issue_api.php
@@ -61,6 +61,10 @@ function mc_issue_get( $p_username, $p_password, $p_issue_id ) {
 		return mci_soap_fault_access_denied( $t_user_id );
 	}
 
+    if( !access_has_bug_level( VIEWER, $p_issue_id, $t_user_id ) ){
+        return mci_soap_fault_access_denied( $t_user_id );
+    }
+
 	$t_bug = bug_get( $p_issue_id, true );
 	$t_issue_data = array();
 
-- 
1.7.1