View Issue Details

IDProjectCategoryView StatusLast Update
0009728mantisbtadministrationpublic2009-01-15 11:26
Reportereiben Assigned Tojreese  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformPCOSLinux 
Product Version1.2.0a2 
Fixed in Version1.2.0a3 
Summary0009728: Project-Manager cannot update Project-Categories
Description

I just stumbled across this error: I have a project with a project-manager assigned. While this manager can add new categories alright, whenever he tries to update an existing category he gets an ACCESS_DENIED error.

I figured, that in the manage_proj_cat_edit_page.php the project_id field is missing, so the

access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );

always tests for the permission on ALL_PROJECTS (because of

$f_project_id = gpc_get_int( 'project_id', ALL_PROJECTS );

However, by adding

<input type="hidden" name="project_id" value="<?php echo $f_project_id ?>" />

to the manage_proj_cat_edit_page.php the problem could be resolved :)

TagsNo tags attached.

Activities

eiben

eiben

2008-10-22 05:27

reporter   ~0019630

I attached a small patch for this bug :)

2008-10-22 05:36

 

cat_edit_page.patch (382 bytes)   
*** webroot/manage_proj_cat_edit_page.php.orig	Wed Oct 22 11:24:46 2008
--- webroot/manage_proj_cat_edit_page.php	Wed Oct 22 11:15:10 2008
***************
*** 53,56 ****
--- 53,57 ----
  <tr>
  	<td class="form-title" colspan="2">
+ 		<input type="hidden" name="project_id" value="<?php echo $f_project_id ?>" />
  		<?php echo lang_get( 'edit_project_category_title' ) ?>
  	</td>
cat_edit_page.patch (382 bytes)   
jreese

jreese

2008-10-22 08:42

reporter   ~0019633

Fixed in SVN trunk, r5709. Thanks for catching and reporting this.

Related Changesets

MantisBT: master 67313fa8

2008-10-22 12:41:37

jreese

Details Diff
Fix 0009728: Project ID was not passed when editing categories.

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5709 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9
Affected Issues
0009728
mod - manage_proj_cat_edit_page.php Diff File

Issue History

Date Modified Username Field Change
2008-10-22 05:22 eiben New Issue
2008-10-22 05:27 eiben Note Added: 0019630
2008-10-22 05:36 eiben File Added: cat_edit_page.patch
2008-10-22 08:42 jreese Note Added: 0019633
2008-10-22 08:42 jreese Status new => resolved
2008-10-22 08:42 jreese Fixed in Version => 1.2.2
2008-10-22 08:42 jreese Resolution open => fixed
2008-10-22 08:42 jreese Assigned To => jreese
2008-10-22 08:45 Changeset attached master b72c4651 =>
2008-11-11 08:31 jreese Changeset attached master 67313fa8 =>
2008-11-11 08:45 jreese Changeset attached master 67313fa8 =>
2008-12-30 22:00 jreese Fixed in Version 1.2.2 => 1.2.0a3
2009-01-15 11:26 jreese Status resolved => closed