View Issue Details

IDProjectCategoryView StatusLast Update
0023031mantisbtauditingpublic2020-06-02 04:41
Reporteraavagyan Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version2.3.1 
Summary0023031: "Issue History" not showing certain data
Description

We have noticed that sometimes users receive email alerts that note was added to the ticket, but when looking on that ticket in Mantis UI they cannot find such a note. "Issue History" also not showing that note was added or deleted. Even with ADMIN account you are not seeing this in "Issue History".

While digging I discovered these details:

User A adds note. User B (monitoring the ticket) receives email alert that note was added to the ticket. Then User A deletes the note. User A can see in the "Issue History" that s/he added and then removed the note. User B goes to Mantis UI and cannot see the note and cannot see lines in "Issue History" about addition and deletion of note.

This is confusing experience. People feel that there is something happening in Mantis, which there are unable to see. The other strange thing is that even with ADMIN rights one cannot see these lines in "Issue History".

I then went to the code and found this in core/history_api.php:

                # bugnotes
                if( $t_user_id != $v_user_id ) {
                        # bypass if user originated note
                        if( ( $v_type == BUGNOTE_ADDED ) || ( $v_type == BUGNOTE_UPDATED ) || ( $v_type == BUGNOTE_DELETED ) ) {
                                if( !bugnote_exists( $v_old_value ) ) {
                                        continue;
                                }
...

Can this be changed so users see that note was added and removed? Otherwise "puzzle" of getting email alerts and then not seeing what was that will continue.

Thank you.

EDIT: dregad fix markdown

TagsNo tags attached.

Relationships

related to 0021878 closedvboctor Improve issue note caching 
has duplicate 0023457 closedatrol Administrators can't see deleted notes 

Activities

atrol

atrol

2017-06-19 07:48

developer   ~0057096

The checking for bugnote existence has been added when implementing 0021878.
This is needed, as we need to get the privateflag information of the note later on.
I see no clean way to get what you want, at least as long as notes are deleted and not marked as deleted.

aavagyan

aavagyan

2017-06-19 10:38

reporter   ~0057099

I understand the complexity and that it is mostly caused by the fact that information on PUBLIC-PRIVATE is gone when bugnote is deleted. In this regards, can we at least show relevant lines in "Issue History" when user has rights to see PRIVATE notes? I understand this is not very clean, but at least power users (and admins) will be able to "solve" puzzle for lower-right users. Otherwise even with admin account there is no way to figure out what is going on.

PantsManUK

PantsManUK

2018-01-26 09:30

reporter   ~0058617

@atrol: Yes, this is the issue we noticed as well (I'm "MLCrane" on the forum).

Would I be correct in assuming that this affects all bugnote actions in history when a bugnote has been deleted? Given there is no direct link in the history to the note in question (in 1.3.X, certainly), what harm could there be in (effectively) removing the "if( !bugnote_exists( $v_old_value ) ) {" test entirely? That reinstates the "missing" history lines for the users that should be able to see it, and as far as I can tell has no adverse side-effects.

atrol

atrol

2018-01-26 10:16

developer   ~0058618

what harm could there

See 0023031:0057096
You could see history entries for deleted private notes even if you are not allowed to view private notes.
Probably for most of the users just a minor security issue.

PantsManUK

PantsManUK

2018-01-26 10:32

reporter   ~0058620

@atrol many thanks. We've commented out the "continue"s for now and left the calls to bugnote_exists() intact, and for us that's a workable solution; our installation is behind our firewall, so we don't need to hide things overly. I'll keep thinking on a better solution; "extra pair of eyes" and all that.

polzin

polzin

2020-05-28 12:13

reporter   ~0064032

What about the solution suggested in 0023031:0057099: show relevant lines in "Issue History" when user has rights to see PRIVATE notes

This would be a helpful workaround.

maturbet

maturbet

2020-06-02 04:28

reporter   ~0064053

We also are wating for it !

Issue History

Date Modified Username Field Change
2017-06-19 05:51 aavagyan New Issue
2017-06-19 07:48 atrol Status new => feedback
2017-06-19 07:48 atrol Note Added: 0057096
2017-06-19 07:48 atrol Relationship added related to 0021878
2017-06-19 10:38 aavagyan Note Added: 0057099
2017-06-19 10:38 aavagyan Status feedback => new
2017-10-10 05:58 atrol Relationship added has duplicate 0023457
2018-01-26 09:30 PantsManUK Note Added: 0058617
2018-01-26 10:16 atrol Note Added: 0058618
2018-01-26 10:32 PantsManUK Note Added: 0058620
2019-08-25 13:18 vboctor Category bugtracker => auditing
2020-05-28 12:13 polzin Note Added: 0064032
2020-05-29 03:37 dregad Description Updated View Revisions
2020-06-02 04:28 maturbet Note Added: 0064053