View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0008368mantisbttaggingpublic2007-09-17 16:022007-10-04 01:37
Reporterjmunro Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.0a4 
Target Version1.1.0rc1Fixed in Version1.1.0rc1 
Summary0008368: "Access Denied." when trying to attach a tag to an issue I reported
Description

I tried to attach a tag to an issue I reported (0007750) and it sent me to a page that just said "Access Denied.".

If - as a reporter - I don't have permission to attach tags to issues I've reported, then shouldn't the "Attach Tags" row on the issue details screen be hidden?

The current way seems inconsistent with the rest of Mantis, where things just aren't there when you don't have permission, rather than letting you try to do it and showing an error message.

TagsNo tags attached.

Activities

jmunro

jmunro

2007-09-17 16:15

reporter   ~0015654

Last edited: 2007-09-17 16:20

Interestingly, although it didn't attach my tag to the issue it did create the tag (http://www.mantisbt.org/bugs/tag_view_page.php?tag_id=6 )
jreese

jreese

2007-09-17 22:07

reporter   ~0015656

I believe this is a file permissions error on this particular instance. I don't get access denied problems with any of my personal installations of Mantis.
vboctor

vboctor

2007-09-23 04:44

manager   ~0015695

Can we close this issue as Not Reproducible?
jreese

jreese

2007-09-23 10:11

reporter   ~0015697

No, it still happens on this specific site. I tried attaching the "patch" tag to 0008336 and I get the Access Denied error. Victor, you've got this site configured weird or something, because I can reproduce it at will here.
vboctor

vboctor

2007-09-25 00:28

manager   ~0015708

The problem reported here was caused by tag_bug_attach() checking for detach threshold rather than attach threshold. This causes a problem when the current user has access level < DEVELOPER and the default tagging thresholds are used.

Following are the implemented changes:

  • The tag_bug_attach() used to check for "detach" rather than "attach" threshold.
  • Remove some duplicate checking for bug / tag exits.
  • Restructured some error checking to check first for access level then for existence of tags and bugs and the relation between them.
  • The access check for creating tags is currently global, but I changed the access check for attaching/detaching to be dependent on the issue. We probably should only create a tag if the current user has access to attach it to the current issue. This check should be done in the bug_attach rather than the API.