View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0013085 | mantisbt | tagging | public | 2011-06-16 06:32 | 2014-09-23 18:05 |
Reporter | dregad | Assigned To | dhx | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.3 | ||||
Target Version | 1.2.6 | Fixed in Version | 1.2.6 | ||
Summary | 0013085: Manage Tag menu should only work for users with global role | ||||
Description | Considering that tags are a global feature (as mentioned by jreese in 0009716:0019618), an option to Manage Tags globally should never be given to a user with a global role < Manager even if their project role is Manager. Assume the following users are defined: In view.php, both users see the tag hyperlinked, the tag_view_page.php is read-only for projmgr and globmgr can update or delete the tag ==> this works as expected However, when selecting the "Manage" option in the top menu (manage_overview_page.php) and the active Project is "A", a "Manage Tags" sub-menu item appears. I think this menu item should not be displayed, since projmgr has no rights to edit tags (his global role is Reporter). Clicking on "Manage Tags" shows the list of tags (manage_tags_page.php); it is fully functional for globmgr as expected (allowing them to create, update and delete tags), but for projmgr it is a read-only list - which is also expected, but in that case why is a (non-functional) "Create Tag" link displayed ? In my opinion, the correct resolution for this would be to not display the "Manage Tags" sub-menu item when the global role is < Manager (and deny access to the corresponding pages), or at least to not display the "Create Tag" link. | ||||
Additional Information | In my installation, global roles are not really used, as there are multiple projects and subprojects, which are managed by different groups of people; all users have a global role of Reporter, they are granted additional privileges in specific projects depending on their function within that project. The only people with a global role higher than Reporter are the Administrators. | ||||
Tags | patch | ||||
Attached Files | 0001-Fix-13085-do-not-display-Create-Tag-link-when-user-c.patch (1,071 bytes)
From 11963e9f74c7bff149bd538ef8ad2ee5d10607bc Mon Sep 17 00:00:00 2001 From: Damien Regad <damien.regad@merckserono.net> Date: Thu, 16 Jun 2011 13:23:44 +0200 Subject: [PATCH 1/2] Fix #13085: do not display "Create Tag" link when user can't edit tags --- manage_tags_page.php | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/manage_tags_page.php b/manage_tags_page.php index 4ec6db0..c33d5d0 100644 --- a/manage_tags_page.php +++ b/manage_tags_page.php @@ -132,8 +132,12 @@ $t_result = db_query_bound( $t_query, $t_where_params, $t_per_page, $t_offset ); <table class="width100" cellspacing="1"> <tr> <td class="form-title" colspan="4"> - <?php echo lang_get( 'manage_tags_link' ) ?> [<?php echo $t_total_tag_count ?>] - <?php print_link( '#tagcreate', lang_get( 'tag_create' ) ) ?> + <?php + echo lang_get( 'manage_tags_link' ) . ' [' . $t_total_tag_count . '] '; + if ( $t_can_edit ) { + print_link( '#tagcreate', lang_get( 'tag_create' ) ); + } + ?> </td> </tr> <tr class="row-category"> -- 1.7.4.1 0002-Fix-13085-Allow-Manage-Tags-only-for-global-level-ta.patch (1,886 bytes)
From cab1f6d6aeffa354de2f48289ac20b9bfb118c03 Mon Sep 17 00:00:00 2001 From: Damien Regad <damien.regad@merckserono.net> Date: Thu, 16 Jun 2011 14:17:18 +0200 Subject: [PATCH 2/2] Fix #13085: Allow Manage Tags only for global level >= tag_edit_threshold Previously the level check in function print_manage_menu was made at project level, which is not consistent with globally managed Tags. The access level check change in manage_tags_page.php is for consistency, only to avoid users without the proper access level trying to reach the page directly, even though it would only display a read-only list of tags. --- core/html_api.php | 2 +- manage_tags_page.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/html_api.php b/core/html_api.php index c3920bc..40611a0 100644 --- a/core/html_api.php +++ b/core/html_api.php @@ -967,7 +967,7 @@ function print_manage_menu( $p_page = '' ) { if( access_has_project_level( config_get( 'manage_project_threshold' ) ) ) { print_bracket_link( helper_mantis_url( $t_manage_project_menu_page ), lang_get( 'manage_projects_link' ) ); } - if( access_has_project_level( config_get( 'tag_edit_threshold' ) ) ) { + if( access_has_global_level( config_get( 'tag_edit_threshold' ) ) ) { print_bracket_link( helper_mantis_url( $t_manage_tags_page ), lang_get( 'manage_tags_link' ) ); } if( access_has_global_level( config_get( 'manage_custom_fields_threshold' ) ) ) { diff --git a/manage_tags_page.php b/manage_tags_page.php index c33d5d0..0718160 100644 --- a/manage_tags_page.php +++ b/manage_tags_page.php @@ -32,7 +32,7 @@ require_once( 'tag_api.php' ); require_once( 'user_pref_api.php' ); require_once( 'form_api.php' ); -access_ensure_global_level( config_get( 'tag_view_threshold' ) ); +access_ensure_global_level( config_get( 'tag_edit_threshold' ) ); compress_enable(); -- 1.7.4.1 | ||||
Can you please edit the issue's title to "Manage Tag menu should only work for users with global role", I inadvertantly clicked submit while updating it. Thanks. |
|
I attached two patch files to address this issue. The first one is the "minimalist" fix, i.e. not to display the "Create Tag" link when user is not allowed to edit tags The second patch prevents display of the "Manage Tags" sub-menu item and denies access to manage_tags_page.php when user does not have the access level defined in tag_edit_threshold. |
|
Agreed with the need for tag management to use global settings (rather than per-project). Thanks for the patches Damien. I've committed them to master and master-1.2.x branches. |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master 4e6dfbad 2011-06-16 07:23 Damien Regad Committer: dhx Details Diff |
Fix 0013085: do not display "Create Tag" link when user can't edit tags Forward ported from master-1.2.x to master by David Hicks. Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0013085 |
|
mod - manage_tags_page.php | Diff File | ||
MantisBT: master-1.2.x c0ceefd2 2011-06-16 07:23 Damien Regad Committer: dhx Details Diff |
Fix 0013085: do not display "Create Tag" link when user can't edit tags Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0013085 |
|
mod - manage_tags_page.php | Diff File | ||
MantisBT: master 570b0d2f 2011-06-16 08:17 Damien Regad Committer: dhx Details Diff |
Fix 0013085: Allow Manage Tags only for global level >= tag_edit_threshold Previously the level check in function print_manage_menu was made at project level, which is not consistent with globally managed Tags. The access level check change in manage_tags_page.php is for consistency, only to avoid users without the proper access level trying to reach the page directly, even though it would only display a read-only list of tags. Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0013085 |
|
mod - manage_tags_page.php | Diff File | ||
mod - core/html_api.php | Diff File | ||
MantisBT: master-1.2.x 208b59f6 2011-06-16 08:17 Damien Regad Committer: dhx Details Diff |
Fix 0013085: Allow Manage Tags only for global level >= tag_edit_threshold Previously the level check in function print_manage_menu was made at project level, which is not consistent with globally managed Tags. The access level check change in manage_tags_page.php is for consistency, only to avoid users without the proper access level trying to reach the page directly, even though it would only display a read-only list of tags. Signed-off-by: David Hicks <d@hx.id.au> |
Affected Issues 0013085 |
|
mod - manage_tags_page.php | Diff File | ||
mod - core/html_api.php | Diff File |