User names visible to anyone
Posted: 27 Jan 2006, 14:52
On the "View Issues" page (view_all_bug_page.php) it's possible to see all registered users.
Even if they are assigned to other projects.
Their names are listed in the "Reporter", "Monitored by" and "Assigned to" drop-down boxes, when the "All Projects" option is selected from the "Projects" drop-down box.
I don't know if this is a feature or if it's a bug.
In my opinion it's a bug.
I was not able to find a config setting for this stuff and so I made a change in the function "print_user_option_list" in "core/print_api.php".
Beginning on line 169
...
(The leading "+" marks the lines I added. Lines without "+" are unchanged original code.)
With this little modification the selextboxes will only contain users that are assigned to the same projects as the current logged in user.
Please tell me:
Is the an easier way (configuration setting) to get this done?
Is it possible to fix this problem (if you think it is a problem) in the next version of Mantis?
Greetings
Bill
Even if they are assigned to other projects.
Their names are listed in the "Reporter", "Monitored by" and "Assigned to" drop-down boxes, when the "All Projects" option is selected from the "Projects" drop-down box.
I don't know if this is a feature or if it's a bug.
In my opinion it's a bug.
I was not able to find a config setting for this stuff and so I made a change in the function "print_user_option_list" in "core/print_api.php".
Beginning on line 169
Code: Select all
...
if ( null === $p_project_id ) {
$p_project_id = helper_get_current_project();
}
+ /*
+ ** Cleanup the filter select boxes.
+ ** Remove user of other projects when the option "All Projects" is selected": */
+ if ($p_project_id == ALL_PROJECTS) {
+ $t_fix_project_ids = current_user_get_accessible_projects();
+
+ $t_fix_tmp_unique = array();
+
+ foreach ($t_fix_project_ids as $t_fix_project_id) {
+ $t_fix_tmp_users = array_merge($t_users, project_get_all_user_rows($t_fix_project_id));
+
+ foreach ($t_fix_tmp_users as $t_fix_tmp_user) {
+ if (!in_array($t_fix_tmp_user['id'], $t_fix_tmp_unique)) {
+ $t_users[] = $t_fix_tmp_user;
+ $t_fix_tmp_unique[] = $t_fix_tmp_user['id'];
+ }
+ }
+ }
+ } else {
$t_users = project_get_all_user_rows( $p_project_id, $p_access ); # handles ALL_PROJECTS case
+ }
$t_display = array();(The leading "+" marks the lines I added. Lines without "+" are unchanged original code.)
With this little modification the selextboxes will only contain users that are assigned to the same projects as the current logged in user.
Please tell me:
Is the an easier way (configuration setting) to get this done?
Is it possible to fix this problem (if you think it is a problem) in the next version of Mantis?
Greetings
Bill