View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0005932mantisbtadministrationpublic2005-07-13 05:342005-09-11 08:12
Reportermasala Assigned Tothraxisp  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.0.0a3 
Fixed in Version1.0.0rc2 
Summary0005932: Manage eMail notification access rigths
Description

I configured mantis to enable managers to change the e-mail notification configuration.
My first problem is that only users with a global access level 'Manager' are now allowed to open the page 'Manage configuration', if a user has a global access level of 'Tester' and on certain projects 'Manager'-rights, she is not able to manage configuration for the projects she acutally should be allowed to.

On the other hand, if a user has global access level of 'Manager' she can alter the configuration for the projects, she is a 'Manager' in and she only can see the configuration of the projects she has minimum access level of 'Viewer'. Further she can alter configuration of 'all projects'.

I would prefer it, if a user may manage certain projects, but is not allowed to change configuration of 'all projects'.

Additional Information

thanks..

TagsNo tags attached.
Attached Files
x.diff (1,443 bytes)    
--- manage_config_workflow_page.php.orig	2005-07-29 11:25:09.000000000 +0200
+++ manage_config_workflow_page.php	2005-07-29 11:27:35.000000000 +0200
@@ -24,6 +24,13 @@
 	$t_project = helper_get_current_project();
 	$t_can_change_flags = $t_access >= config_get_access( 'status_enum_workflow' );
 
+	$t_show_submit_button = 
+		( $t_access >= config_get_access( 'set_status_threshold' ) ) ||
+		( $t_access >= config_get_access( 'status_enum_workflow' ) ) ||
+		( $t_access >= config_get_access( 'bug_submit_status' ) ) ||
+		( $t_access >= config_get_access( 'bug_resolved_status_threshold' ) ) ||
+		( $t_access >= config_get_access( 'bug_reopen_status' ) );
+					
 	function parse_workflow( $p_enum_workflow ) {
         $t_status_arr  = get_enum_to_array( config_get( 'status_enum_string' ) );
         if ( 0 == count( $p_enum_workflow ) ) {
@@ -346,7 +353,7 @@
 	$t_colour_project = config_get( 'colour_project');
 	$t_colour_global = config_get( 'colour_global');
 
-	if ( $t_can_change_flags ) {
+	if ( $t_show_submit_button ) {
 		echo "<form name=\"workflow_config_action\" method=\"post\" action=\"manage_config_workflow_set.php\">\n";
 	}
 	if ( ALL_PROJECTS == $t_project ) {
@@ -407,7 +414,7 @@
 		echo '</select> </p><br />';
 	}
 
-	if ( $t_can_change_flags ) {
+	if ( $t_show_submit_button ) {
 		echo "<input type=\"submit\" class=\"button\" value=\"" . lang_get( 'change_configuration' ) . "\" />\n";
 
 		echo "</form>\n";
x.diff (1,443 bytes)   

Relationships

Relationship GraphDependency Graph
related to 0006015 closedthraxisp setting 'who can change notifications' fails 

Activities

thraxisp

thraxisp

2005-07-13 17:14

reporter   ~0010761

When you changed the access level to configure email, was the setting for "All Projects" or for the specific project. I believe that the latter will do what you are looking for. That is, select the specific project, then update the notification settings to lower the access level.
masala

masala

2005-07-14 05:58

reporter   ~0010769

Thanks, the limitation not to configure email of "All Projects" works:
-> access level to configure email notif. for 'All Projects' = Admin.
-> access level to configure email ntoif. for certain project = Manager
That's ok..

The problem is that a user with global access level < Manager never sees the link 'Email Notification'. If a user changes to a project he has access level = Manager, and then follows the link 'Manage', there appears the link 'Manage Configuration' which must be followed to configure email, but the result of the link is 'access denied'.
I did not found an option to configure access rights to visit the 'Manage Configuration' site.
masala

masala

2005-07-14 08:06

reporter   ~0010771

similar problems occur on custom fields:

in the config_inc.php I set $g_manage_custom_fields_threshold = MANAGER and as a result, if the user switches to a project he is a manager in and clicks on 'Manage', the link 'Manage Custom Fields' appears, but when clicked, there is an 'Access Denied'
thraxisp

thraxisp

2005-07-14 13:44

reporter   ~0010776

Last edited: 2005-07-14 13:50

The manage configuration pages should be shown if the user meets the view_configuration_threshold (default DEVELOPER). The thresholds to show the controls vs just the settings are done in an individual control basis based on the current project settings.

The Manage custom fields page does mix the project and global settings. It should use the global settings since CFs are global in nature and affect all projects.
masala

masala

2005-07-26 10:07

reporter   ~0010968

the link 'Manage Configuration' is shown when
project-access-level >= view_configuration_threshold (DEVELOPER - default - in my case)
(core/html_api.php, line 642, rc1)

but the linked page adm_permissions_report.php shows itself only if
global-access-level >= view_configuration_threshold
(line 18, rc1)

which does not make sense in my opinion (maybe you now better.. :) )

so i changed adm_permissions_report.php as follows an it works for me:

--- mantis-1.0.0rc1.orig/adm_permissions_report.php 2005-07-26 15:37:54.000000000 +0200
+++ mantis-1.0.0rc1/adm_permissions_report.php 2005-07-26 15:36:54.000000000 +0200
@@ -15,7 +15,7 @@

    require_once( 'core.php' );
  • access_ensure_global_level( config_get( 'view_configuration_threshold' ) );

  • access_ensure_project_level( config_get( 'view_configuration_threshold' ) );

    $t_core_path = config_get( 'core_path' );

..now a user can view configuration for projects he is manager in, also if global access level is e.g. viewer

what do you think about this patch?
thraxisp

thraxisp

2005-07-27 13:44

reporter   ~0010981

The reports noted in the last message have been fixed.

adm_permissions_report.php ->1.11
core/html_api.php -> 1.181

Does the problem with the email configuration still exist?
masala

masala

2005-07-28 08:37

reporter   ~0011001

in manage_config_email.set.php ~ line 18 (v1.6)

access_ensure_global_level( $t_can_change_level );

must be changed to

access_ensure_project_level( $t_can_change_level );

to be able to edit project specifc email-configs ..

i guess manage_config_workflow_set.php needs to be changed the same way
masala

masala

2005-07-28 09:31

reporter   ~0011003

Last edited: 2005-07-28 10:18

another problem with access rights:

the page manage_config_work_threshold_page.php works well, but manage_config_workflow_page.php seems to have some errors, propably based on a not so perfect use of var t_can_change_flags.. (?):

the submit button on the page end (in fact the form-tags) depends on $t_can_change_flags which seems to be true only if the user can change workflow settings
so if the user can change treshhold flags on this page, but now workflow settings there is no submit button to update the changes

another bug:

the code generating the combo-box to choose who can alter access-levels for status change at the page end has 2 bugs i guess:



if ( $t_access <= config_get_access( 'set_status_threshold' ) ) { # old


    if ( $t_access >= config_get_access( 'set_status_threshold' ) ) { # new


...


print_enum_string_option_list( 'access_levels', config_get_access( 'status_enum_workflow' ) );  # old


            print_enum_string_option_list( 'access_levels', config_get_access( 'set_status_threshold' ) );  # new


...

}

.. should be better (?)
thraxisp

thraxisp

2005-07-28 12:21

reporter   ~0011005

Fixes submitted to CVS. Thanks for the debugging.

core/html_api.php -> 1.182
manage_config_workflow_set.php -> 1.7
manage_config_workflow_page.php -> 1.14
manage_config_email_set.php -> 1.7
masala

masala

2005-07-29 05:36

reporter   ~0011011

the first bug of note 0011003 still exists (manage_config_workflow_page.php)

situaton:
a user is able to edit configs in section 'THRESHOLDS THAT AFFECT WORKFLOW'
and/or in section 'ACCESS LEVELS' but not in section 'WORKFLOW' -> then there is no submit button on the page. the submit button appears only if the user is able to edit something in section 'WORKFLOW'
masala

masala

2005-07-29 05:42

reporter   ~0011012

the attached file x.diff is a possible patch for manage_config_workflow_page.php (v1.14) to fix bug mentioned in note 0011011
thraxisp

thraxisp

2005-08-01 09:45

reporter   ~0011039

Fixed in CVS. I used a method similar to that used in manage_config_work_thresholds_page.php.

manage_config_workflow_page.php -> 1.15