View Issue Details

IDProjectCategoryView StatusLast Update
0009622mantisbtotherpublic2008-10-09 13:18
Reporterssimpson Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version1.1.2 
Target VersionFixed in Version 
Summary0009622: Global users cannot view private project documentation
Description

I have global users that should have the ability to see project documentation (for private projects) that cannot. They don't have specific permission to the projects but can view bugs, and should be able to work with the project.

So my settings are:
private_project_threshold=DEVELOPER
view_proj_doc_threshold=REPORTER

Administrators & anyone with specific project permissions > REPORTER can view issues just not my developers. (BAD...)

I am still using 1.1.1 but have looked at the files for 1.1.2 and just checked out the latest svn trunk and this is still going to be an issue.

Additional Information

fix is simple (attached my diff file)
proj_doc_page.php

line 47 //$t_admin = ADMINISTRATOR;
$t_view_proj_doc_threshold = config_get('view_proj_doc_threshold');
$t_private_project_threshold = config_get('private_project_threshold');
$t_global = max($t_view_proj_doc_threshold, $t_private_project_threshold);

then in the query change t_admin to t_global (line 79)

TagsNo tags attached.

Activities

2008-09-10 14:49

 

proj_doc_page.diff (1,975 bytes)
--- C:\DOCUME~1\ssimpson\LOCALS~1\Temp\proj_doc_page.php-revBASE.svn000.tmp.php	Wed Sep 10 14:43:48 2008
+++ W:\csacheck\trunk\mantis\proj_doc_page.php	Wed Sep 10 14:28:32 2008
@@ -43,8 +43,16 @@
 	$t_project_user_list_table = config_get( 'mantis_project_user_list_table' );
 	$t_user_table = config_get( 'mantis_user_table' );
 	$t_pub = VS_PUBLIC;
-	$t_priv = VS_PRIVATE;
-	$t_admin = ADMINISTRATOR;
+	$t_priv = VS_PRIVATE;
+/** WCISC Modification -- There is an issue with viewing project documentation if you have global account that
+ * has both permissions to view_private_project and view_project_doc
+ * by Steve Simpson, 9/10/2008
+ */ 	
+	$t_view_proj_doc_threshold = config_get('view_proj_doc_threshold');
+	$t_private_project_threshold = config_get('private_project_threshold');
+	//$t_admin = ADMINISTRATOR;
+	$t_global = max($t_view_proj_doc_threshold, $t_private_project_threshold);
+/*** END 20080910 Mod (other than 1 line below t_admin to t_global) ***/
 
 	if ( $f_project_id == ALL_PROJECTS ) {
 		# Select all the projects that the user has access to
@@ -66,7 +74,7 @@
 	} else {
 		$t_access_clause = ">= $t_reqd_access ";
 	}			
-
+// WCISC MOD 20080910 Steve Simpson - see above, changed t_admin to t_global
 	$query = "SELECT pft.id, pft.project_id, pft.filename, pft.filesize, pft.title, pft.description, pft.date_added
 				FROM $t_project_file_table pft
 					LEFT JOIN $t_project_table pt ON pft.project_id = pt.id
@@ -76,7 +84,7 @@
 				WHERE pft.project_id in (" . implode( ',', $t_projects ) . ") AND
 					( ( ( pt.view_state = $t_pub OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level $t_access_clause ) OR
 						( ( pult.user_id = $t_user_id ) AND ( pult.access_level $t_access_clause ) ) OR
-						( ut.access_level = $t_admin ) )
+						( ut.access_level = $t_global ) )
 				ORDER BY pt.name ASC, pft.title ASC";
 	$result = db_query( $query );
 	$num_files = db_num_rows( $result );
proj_doc_page.diff (1,975 bytes)

Issue History

Date Modified Username Field Change
2008-09-10 14:49 ssimpson New Issue
2008-09-10 14:49 ssimpson File Added: proj_doc_page.diff
2008-10-09 13:18 giallu category_id 47 => 27