View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0012568 | mantisbt | bugtracker | public | 2010-11-29 06:50 | 2011-04-05 14:23 |
| Reporter | dregad | Assigned To | dhx | ||
| Priority | low | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | git trunk | ||||
| Target Version | 1.2.5 | Fixed in Version | 1.2.5 | ||
| Summary | 0012568: Visibility on who is monitoring an issue is not consistently enforced | ||||
| Description | Setting $g_show_monitor_list_threshold defines the access level needed to view the list of users who are monitoring an issue. This is fine, except that anyone who has visibility on issue history, has access to this information. Not a big deal, but it is inconsistent behavior; history display should only show what the user has access to. | ||||
| Steps To Reproduce | Tested with 1.2.x git trunk.
==> list of users monitored is not shown (OK) | ||||
| Tags | patch | ||||
| Attached Files | 0001-Fix-12568-Enforce-bug-monitoring-visibility-in-histo.patch (1,003 bytes)
From b1e9eb6d4d2b68b5c015d08173dade32d7653aad Mon Sep 17 00:00:00 2001
From: Damien Regad <damien.regad@merckserono.net>
Date: Tue, 30 Nov 2010 13:03:37 +0100
Subject: [PATCH] Fix #12568: Enforce bug monitoring visibility in history
Only users with access level above show_monitor_list_threshold should be
allowed to see monitoring-related events in the bug history.
---
core/history_api.php | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/core/history_api.php b/core/history_api.php
index a591382..15c2efb 100644
--- a/core/history_api.php
+++ b/core/history_api.php
@@ -210,6 +210,13 @@ function history_get_raw_events_array( $p_bug_id, $p_user_id = null ) {
}
}
+ // monitoring
+ if( $v_type == BUG_MONITOR || $v_type == BUG_UNMONITOR ) {
+ if( !access_has_global_level( config_get( 'show_monitor_list_threshold' ) ) ) {
+ continue;
+ }
+ }
+
$raw_history[$j]['date'] = $v_date_modified;
$raw_history[$j]['userid'] = $v_user_id;
--
1.7.1
| ||||
 |
Patch attached. |
 |
Thanks Damien. I have committed your patch... slightly modified. I don't see any need for restricting the visibility restrictions to a global level for tags and the monitor list. I have modified the code to allow (if administrators choose this setup) to allow certain users to see the monitor list and tags on a per-project basis. |
|
MantisBT: master 48a898c2 2010-11-30 07:03 Damien Regad Committer: dhx Details Diff |
Fix 0012568: Enforce bug monitoring visibility in history Only users with access level above show_monitor_list_threshold should be allowed to see monitoring-related events in the bug history. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012568 |
|
| mod - core/history_api.php | Diff File | ||
|
MantisBT: master-1.2.x 4db660f5 2010-11-30 07:03 Damien Regad Committer: dhx Details Diff |
Fix 0012568: Enforce bug monitoring visibility in history Only users with access level above show_monitor_list_threshold should be allowed to see monitoring-related events in the bug history. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012568 |
|
| mod - core/history_api.php | Diff File | ||
|
MantisBT: master bbcf0de0 2010-12-25 01:46 Details Diff |
Fix 0012568: Allow per-project control over visibility of tags/monitoring When printing the history of a bug we should apply visibility restrictions on a per-project basis so that people can specify that users can see the monitor list (or tags) in one project but not another. |
Affected Issues 0012568 |
|
| mod - core/history_api.php | Diff File | ||
|
MantisBT: master-1.2.x ac713ec7 2010-12-25 01:46 Details Diff |
Fix 0012568: Allow per-project control over visibility of tags/monitoring When printing the history of a bug we should apply visibility restrictions on a per-project basis so that people can specify that users can see the monitor list (or tags) in one project but not another. |
Affected Issues 0012568 |
|
| mod - core/history_api.php | Diff File | ||
