View Issue Details

IDProjectCategoryView StatusLast Update
0026107mantisbtauthorizationpublic2019-09-16 16:35
Reporterfabio.sirchia Assigned Todregad  
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionduplicate 
Summary0026107: Mantis 2.21 - Bug on project_add_users
Description

Hi,

there is a bug on the new project_add_users function inside the project_api.php.
Seems that the update code is not taking care about the project_id:

if( !empty( $t_updating ) ) {
$t_update = new DbQuery( 'UPDATE {project_user_list} SET access_level = :new_value WHERE user_id = :user_id' );
foreach( $t_updating as $t_id ) {
$t_params = array( 'user_id' => (int)$t_id, 'new_value' => $t_changes[$t_id] );
$t_update->execute( $t_params );
unset( $t_changes[$t_id] );
}
}

In this way like you can see you will update the role of the user for ALL the project where the user is enabled.
i Think this is a big update bug, please could you insert the project_id on the where condition?

Thank you

Fabio

TagsNo tags attached.

Relationships

duplicate of 0025722 closedcproensa Wrong access_level settings when updating rights in the project admin page 

Activities

fabio.sirchia

fabio.sirchia

2019-09-03 10:09

reporter   ~0062714

Last edited: 2019-09-03 10:12

View 2 revisions

ok on the 2.22 seems resolved.
you can close the issue

dregad

dregad

2019-09-03 11:35

developer   ~0062716

Next time, please check before reporting a bug ;-)

Issue History

Date Modified Username Field Change
2019-09-03 09:33 fabio.sirchia New Issue
2019-09-03 10:09 fabio.sirchia Note Added: 0062714
2019-09-03 10:12 fabio.sirchia Note Edited: 0062714 View Revisions
2019-09-03 11:27 dregad Assigned To => dregad
2019-09-03 11:27 dregad Status new => resolved
2019-09-03 11:27 dregad Resolution open => duplicate
2019-09-03 11:27 dregad Relationship added duplicate of 0025722
2019-09-03 11:35 dregad Note Added: 0062716
2019-09-16 14:30 atrol Status resolved => closed