0036515: Hardcoded role instead of config in access level check on Manage Columns page

ID	Project	Category	View Status	Date Submitted	Last Update
0036515	mantisbt	administration	public	2025-10-20 08:54	2025-11-01 07:49

Reporter	dregad	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	N/A
Status	closed	Resolution	fixed
Target Version	2.27.2	Fixed in Version	2.27.2

Summary	0036515: Hardcoded role instead of config in access level check on Manage Columns page
Description	The access level checks in manage_columns_copy.php to determine whether the user is allowed to copy columns configuration are done against a hardcoded value of MANAGER, instead of using the manage_project_threshold configuration option.
Tags	No tags attached.

MantisBT: master-2.27 7befcfd9 2025-10-20 09:06 dregad Details Diff	Use config threshold instead of hardcoded value The access level checks to determine whether the user is allowed to copy columns were done against a hardcoded value of MANAGER, instead of using the `manage_project_threshold` configuration option. Fixes 0036515		Affected Issues 0036515
	mod - manage_columns_copy.php		Diff File

related to	0036502	closed	atrol	CVE-2025-62520: Ability to copy private project configurations (Columns)
related to	0009050	closed	vboctor	Add support for "Copy Columns From/To" when customizing columns to view in View Issues, Print Issues, CSV, Excel