View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009622 | mantisbt | other | public | 2008-09-10 14:49 | 2008-10-09 13:18 |
Reporter | ssimpson | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 1.1.2 | ||||
Summary | 0009622: Global users cannot view private project documentation | ||||
Description | I have global users that should have the ability to see project documentation (for private projects) that cannot. They don't have specific permission to the projects but can view bugs, and should be able to work with the project. So my settings are: Administrators & anyone with specific project permissions > REPORTER can view issues just not my developers. (BAD...) I am still using 1.1.1 but have looked at the files for 1.1.2 and just checked out the latest svn trunk and this is still going to be an issue. | ||||
Additional Information | fix is simple (attached my diff file) line 47 //$t_admin = ADMINISTRATOR; then in the query change t_admin to t_global (line 79) | ||||
Tags | No tags attached. | ||||
Attached Files | proj_doc_page.diff (1,975 bytes)
--- C:\DOCUME~1\ssimpson\LOCALS~1\Temp\proj_doc_page.php-revBASE.svn000.tmp.php Wed Sep 10 14:43:48 2008 +++ W:\csacheck\trunk\mantis\proj_doc_page.php Wed Sep 10 14:28:32 2008 @@ -43,8 +43,16 @@ $t_project_user_list_table = config_get( 'mantis_project_user_list_table' ); $t_user_table = config_get( 'mantis_user_table' ); $t_pub = VS_PUBLIC; - $t_priv = VS_PRIVATE; - $t_admin = ADMINISTRATOR; + $t_priv = VS_PRIVATE; +/** WCISC Modification -- There is an issue with viewing project documentation if you have global account that + * has both permissions to view_private_project and view_project_doc + * by Steve Simpson, 9/10/2008 + */ + $t_view_proj_doc_threshold = config_get('view_proj_doc_threshold'); + $t_private_project_threshold = config_get('private_project_threshold'); + //$t_admin = ADMINISTRATOR; + $t_global = max($t_view_proj_doc_threshold, $t_private_project_threshold); +/*** END 20080910 Mod (other than 1 line below t_admin to t_global) ***/ if ( $f_project_id == ALL_PROJECTS ) { # Select all the projects that the user has access to @@ -66,7 +74,7 @@ } else { $t_access_clause = ">= $t_reqd_access "; } - +// WCISC MOD 20080910 Steve Simpson - see above, changed t_admin to t_global $query = "SELECT pft.id, pft.project_id, pft.filename, pft.filesize, pft.title, pft.description, pft.date_added FROM $t_project_file_table pft LEFT JOIN $t_project_table pt ON pft.project_id = pt.id @@ -76,7 +84,7 @@ WHERE pft.project_id in (" . implode( ',', $t_projects ) . ") AND ( ( ( pt.view_state = $t_pub OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level $t_access_clause ) OR ( ( pult.user_id = $t_user_id ) AND ( pult.access_level $t_access_clause ) ) OR - ( ut.access_level = $t_admin ) ) + ( ut.access_level = $t_global ) ) ORDER BY pt.name ASC, pft.title ASC"; $result = db_query( $query ); $num_files = db_num_rows( $result ); | ||||