View Issue Details

IDProjectCategoryView StatusLast Update
0024696mantisbtauthorizationpublic2018-09-04 01:23
ReporterokidoAssigned Toatrol 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.15.0 
Target Version2.17.0Fixed in Version2.17.0 
Summary0024696: Custom fields can be changed without having update_bug_threshold access rights
Description

Hi,
I have disable the permission for some user to update a report but they can modify the customs fields via selection button (see screenshot) maybe i have missing something in custom field configuration.

TagsNo tags attached.

Activities

okido

okido

2018-08-24 05:11

reporter  

img.png (30,665 bytes)
img.png (30,665 bytes)
img1.png (17,822 bytes)
img1.png (17,822 bytes)
atrol

atrol

2018-08-24 17:50

developer   ~0060491

There is a setting Write Access on custom fields property page.
You can set the minimal access level that is needed to change the field.

okido

okido

2018-08-27 03:19

reporter   ~0060498

Last edited: 2018-08-27 03:20

View 2 revisions

yes but if i change write access to developer, reporter can't use this field in their report, I just want all user under developer can't update anything in all report.

atrol

atrol

2018-08-27 13:45

developer   ~0060509

PR https://github.com/mantisbt/mantisbt/pull/1383

okido

okido

2018-08-29 05:51

reporter   ~0060521

I have to replace with this new file ?

atrol

atrol

2018-08-29 06:50

developer   ~0060523

@okido you could try the change by replacing the file.
But keep in mind that this is still in progress, waiting for other devs to review and approve.
After that, it will be part of official Mantis 2.17.0 or a later version.

okido

okido

2018-08-29 08:20

reporter   ~0060524

I tested it and it solve the problem, but im waiting for you to validate it before I use it
Thank you

Related Changesets

MantisBT: master 4e86afc4

2018-08-27 03:59:28

atrol

Details Diff
Add update_bug_threshold check for custom field bulk operations

Fixes 0024696
Affected Issues
0024696
mod - core/bug_group_action_api.php Diff File

MantisBT: master ef32cb91

2018-08-28 08:40:14

atrol

Details Diff
Code and performance enhancements

Issue 0024696
Affected Issues
0024696
mod - core/bug_group_action_api.php Diff File

Issue History

Date Modified Username Field Change
2018-08-24 05:11 okido New Issue
2018-08-24 05:11 okido File Added: img.png
2018-08-24 05:11 okido File Added: img1.png
2018-08-24 17:50 atrol Status new => feedback
2018-08-24 17:50 atrol Note Added: 0060491
2018-08-27 03:19 okido Note Added: 0060498
2018-08-27 03:19 okido Status feedback => new
2018-08-27 03:20 okido Note Edited: 0060498 View Revisions
2018-08-27 13:45 atrol Note Added: 0060509
2018-08-27 13:47 atrol Summary problem with custom field => Custom fields can be changed without having update_bug_threshold access rights
2018-08-27 13:57 atrol Assigned To => atrol
2018-08-27 13:57 atrol Status new => assigned
2018-08-27 13:57 atrol Target Version => 2.17.0
2018-08-29 05:51 okido Note Added: 0060521
2018-08-29 06:50 atrol Note Added: 0060523
2018-08-29 08:20 okido Note Added: 0060524
2018-08-30 11:19 atrol Changeset attached => MantisBT master 4e86afc4
2018-08-30 11:19 atrol Changeset attached => MantisBT master ef32cb91
2018-08-30 11:19 atrol Status assigned => resolved
2018-08-30 11:19 atrol Resolution open => fixed
2018-08-30 11:19 atrol Fixed in Version => 2.17.0
2018-09-04 01:23 vboctor Status resolved => closed