View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0022224||mantisbt||html||public||2017-01-19 17:47||2019-03-19 04:36|
|Target Version||Fixed in Version|
|Summary||0022224: Access Restrictions to "Print Reports", "CSV Export", "Excel Export" in view all bugs page|
Current Mantis version displays several options to export and print filtered bugs in view all bugs page, options displayed on top of bugs table.
This kind of options should be displayed only to a restricted list of users based on user rights on each project, at least in my company.
I see two solutions to restrict access to these options :
What is your opinion about these solutions?
I tried to implement the plugin but I didn't found any plugin that is used to "hide" or "delete" information displayed by Mantis, only plugins that adds more information.
My goal is to implement the functionality according to your wishes (with a minimum of help if plugin can be used) and post here or in github the implemented solution.
Thanks for your help
|Tags||No tags attached.|
Are you aware that restricting access to those pages does not restrict users from getting the same information by using other ways?
E.g. you could get the information by using the SOAP API or by using scripts to access "View Issue Details" page of all issues.
Yes, I am. My "rejected export access users" have no technical knowledge to use SOAP or scripts. And my goal is to hide "easy access" to unwanted export functions for non technical users (REPORTER). If they found an other way, their account deserve to be upgraded ;-)
Maybe that CSV export and Excel Export should become plugins? Because XML Import / Export is configurable :
This is the behaviour that I need and imagine for Excel and CSV exports. I have no idea for Print Reports. Your throughts?
Thanks for the tip. That will be my solution if nothing can be done in core or (new) plugins.
Having a configurable threshold for users that can execute a export may be a convenient feature.
Massive export can be a long running process, even if the same info can be accesed by the users, limiting the export execution could be used by some admin in some situations. For example: preventing server overload or DOS requests for small servers.
@atrol : did you change your mind with cproensa use case ?
Change my mind? Isn't 0022224:0055237 true?
you're right, wrong formulation, my mistake and my apologies.
Are you in favor of adding this new configuration option ?
I don't need it myself, but I see no reason why it should not be implemented.
The options should not just prevent the display of the buttons, but also the access to the pages.
So I would call the options
Not sure if 3 separate options are needed, maybe one is enough. Something like
I wasn't thinking in $g_print_report_threshold. I don't know if it falls in the same situation, if it can be easily used to output 1000s of issues at once.
I would define only one export threshold.
Thanks for your responses.
In hindsight, I'm not able to provide a good reason to hide "Print reports" option. I made the mistake to group print and export functions when I wrote the issue.
I'll provide ASAP a PR with one configuration variable '$g_export_issues_threshold' that will be used to check user rights for Export Excel and Export CSV functionalities (display menus and access to pages).
"Print reports" can easily be used to export all issues.
Should I add a second threshold ($g_print_report_threshold ?) for "Print Reports" option ? Or use the same threshold for the 3 options?
Has this issue been addressed ?
In my opinion, a single threshold is sufficient.
|2017-01-19 17:47||Mr.Bricodage||New Issue|
|2017-01-20 02:16||atrol||Status||new => feedback|
|2017-01-20 02:16||atrol||Note Added: 0055237|
|2017-01-20 03:38||cproensa||Note Added: 0055238|
|2017-01-23 05:33||Mr.Bricodage||Note Added: 0055261|
|2017-01-23 05:33||Mr.Bricodage||Status||feedback => new|
|2017-01-23 06:29||cproensa||Note Added: 0055264|
|2017-02-05 13:47||Mr.Bricodage||Note Added: 0055494|
|2017-02-05 14:00||atrol||Note Added: 0055495|
|2017-02-05 14:14||Mr.Bricodage||Note Added: 0055496|
|2017-02-06 07:47||atrol||Note Added: 0055504|
|2017-02-06 15:02||cproensa||Note Added: 0055512|
|2017-02-06 16:33||Mr.Bricodage||Note Added: 0055513|
|2017-02-07 17:43||Mr.Bricodage||Note Added: 0055569|
|2017-02-08 03:27||atrol||Note Added: 0055574|
|2017-02-08 16:44||Mr.Bricodage||Note Added: 0055593|
|2018-09-07 02:05||mak||Note Added: 0060618|
|2018-09-07 06:01||dregad||Note Edited: 0055593||View Revisions|
|2018-09-07 06:07||dregad||Note Edited: 0055574||View Revisions|
|2018-09-07 06:08||dregad||Note Added: 0060620|
|2019-02-19 15:42||atrol||Relationship added||related to 0025492|