View Issue Details

IDProjectCategoryView StatusLast Update
0008324mantisbtadministrationpublic2007-10-04 01:38
ReporterJared_D Assigned Togiallu  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.0a4 
Fixed in Version1.1.0rc1 
Summary0008324: Rendering of "Manage Users" menu link ignores $g_manage_user_threshold
Description

The print_menu and print_manage_menu functions in html_api.php are hardcoded to only let administrators see the "Manage Users" menu link regardless of $g_manage_user_threshold.

e.g. If $g_manage_user_threshold is set to MANAGER in config_inc.php and you login as a manager: the "Manage Users" link in the menu is not rendered but you can access manage_user_page.php by typing it into the url bar of the browser.

I've made/attached a patch that should fix html_api.php so that the menu link is rendered for users with appropriate permission. The limited tests I've done on the patched code have shown no problems.

TagsNo tags attached.

Activities

2007-08-29 23:06

 

patch_html_api-manage_user_threshold.patch (1,344 bytes)   
--- html_api.php	2007-08-30 11:53:47.000000000 +1000
+++ html_api.php	2007-08-30 12:29:17.000000000 +1000
@@ -546,10 +546,10 @@
 				}
 
 				# Manage Users (admins) or Manage Project (managers) or Manage Custom Fields
-				$t_show_access = min( config_get( 'manage_project_threshold' ), config_get( 'manage_custom_fields_threshold' ), ADMINISTRATOR );
+				$t_show_access = min( config_get( 'manage_user_threshold' ), config_get( 'manage_project_threshold' ), config_get( 'manage_custom_fields_threshold' ) );
 				if ( access_has_global_level( $t_show_access) || access_has_any_project( $t_show_access ) )  {
 					$t_current_project = helper_get_current_project();
-					if ( access_has_project_level( ADMINISTRATOR, $t_current_project ) ) {
+					if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) ) {
 						$t_link = 'manage_user_page.php';
 					} else {
 						if ( access_has_project_level( config_get( 'manage_project_threshold' ), $t_current_project )
@@ -688,7 +688,7 @@
 		}
 
 		PRINT '<br /><div align="center">';
-		if ( access_has_global_level( ADMINISTRATOR ) ) {
+		if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) ) {
 			print_bracket_link( $t_manage_user_page, lang_get( 'manage_users_link' ) );
 		}
 		if ( access_has_project_level( config_get( 'manage_project_threshold' ) ) ) {
giallu

giallu

2007-08-30 04:19

reporter   ~0015552

Applied. Thanks a lot

Related Changesets

MantisBT: master fc79ffde

2007-08-30 08:18:47

giallu

Details Diff
Fix 8324: Rendering of "Manage Users" menu link ignores $g_manage_user_threshold

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@4564 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9
Affected Issues
0008324
mod - core/html_api.php Diff File

Issue History

Date Modified Username Field Change
2007-08-29 23:06 Jared_D New Issue
2007-08-29 23:06 Jared_D File Added: patch_html_api-manage_user_threshold.patch
2007-08-30 03:48 giallu Status new => assigned
2007-08-30 03:48 giallu Assigned To => giallu
2007-08-30 04:19 giallu Status assigned => resolved
2007-08-30 04:19 giallu Fixed in Version => 1.1.0rc1
2007-08-30 04:19 giallu Resolution open => fixed
2007-08-30 04:19 giallu Note Added: 0015552
2007-10-04 01:38 vboctor Status resolved => closed
2008-10-20 20:22 Changeset attached master-1.1.x 2024087a =>
2008-11-11 08:35 giallu Changeset attached master fc79ffde =>
2008-11-11 08:48 giallu Changeset attached master fc79ffde =>