0005210: Manager of one Project can see / manage all others - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0005210	mantisbt	administration	public	2005-02-04 05:58	2005-04-18 10:39

Reporter	kohlp	Assigned To	thraxisp
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	0.19.2

Summary	0005210: Manager of one Project can see / manage all others
Description	I have an Mantis installation with a lot of private projects. Any Manager of one of the private Projects can see all other Projects via the "manage" Link. Thus he is able to declare himself Manager in any other Project.
Tags	No tags attached.

kohlp 2005-02-04 08:37 reporter ~0009210	I fixed this by changing line 245 of core/access_api.php to `return ( intval($t_access_level) >= intval($p_access_level) );` It seemes there are single digit Access Levels. These are not compated correctly.

thraxisp 2005-04-05 21:54 reporter ~0009738	I think that this was fixed as part of the fix for 0005396.

related to	0004937	closed	vboctor	Mantis 1.0.0a1 Release
related to	0005396	closed	thraxisp	It shows only administrators in "assign to" dropdown and "manage project" page for private projects