Anonymous user can change bug status
Posted: 19 Feb 2007, 17:00
Currently in our setup the anonymous account can change the status of the bugs. Uh, how do we go about turning this option off?
Mantis Bug Tracker - Forums
Anonymous user can change bug status
Page 1 of 1
Posted: 20 Feb 2007, 04:47
It seems that your anonymous user has a higher access level than they should. At the moment if a user has access to update a bug, then this user has access to change status. You should consider giving anonymous user reporter access rather than update access.
Anonymous user has a viewer level status
Posted: 20 Feb 2007, 15:16
Its not set to update status, its set to viewer. Our anonymous users are unable to report bugs, just view them.
any other ideas?
any other ideas?
Posted: 20 Feb 2007, 15:17
What are the steps that the anonymous user can use to change the issue status?
Posted: 20 Feb 2007, 15:53
If the user merely views the bug then there is a single option for them to change the status.
Posted: 20 Feb 2007, 16:02
Please report this in the bug tracker. I will check it out.
Posted: 20 Feb 2007, 16:37
Posted: 20 Apr 2007, 11:03
I also have this problem with anonymous users. I get an accessed denied error when I try to view the bug you have posted (7771). Is there any news on a fix for this issue?
Posted: 22 May 2007, 15:20
I am still having this problem. Should I file another bug report?
Posted: 22 May 2007, 15:56
I've posted some questions on the issue. Reporting another bug won't help. I am just wondering why not everyone is hitting this!
Posted: 22 May 2007, 16:00
Thanks. It's awkward as the issue seems to be marked as private so I cannot tell if it is the same issue.
Posted: 28 Jul 2007, 23:21
OK, so this is an old topic and I haven't found the solution for this issue for version 1.0.8 so here's a quick and ugly hack that seems to work for me...
First, find the user ID for your anonymous user account you set up. In my installation the "anonymous" user's user ID is "3". An easy way to find this is to navigate to Manage > Manage Users and hover over the "anonymous" username in the list of users. You will see a URL like this in your browser status bar...
FIND in core/html_api.php (function html_button_bug_change_status):
ADD ABOVE:
Be sure to replace the "3" in my example code with the actual user ID of your anonymous user.
FIND:
ADD BELOW:
FIND in bug_change_status_page.php:
ADD ABOVE:
Be sure to replace the "3" in my example code with the actual user ID of your anonymous user.
Hope that helps someone.
-=DKC=-
First, find the user ID for your anonymous user account you set up. In my installation the "anonymous" user's user ID is "3". An easy way to find this is to navigate to Manage > Manage Users and hover over the "anonymous" username in the list of users. You will see a URL like this in your browser status bar...
You can see that the user_id is 3 for this particular user.
FIND in core/html_api.php (function html_button_bug_change_status):
Code: Select all
echo "<form method=\"post\" action=\"bug_change_status_page.php\">";Code: Select all
if (auth_get_current_user_id() != 3) { // anonymous status button hackFIND:
Code: Select all
echo "</form>\n";Code: Select all
} // anonymous status button hackFIND in bug_change_status_page.php:
Code: Select all
) {
access_denied();Code: Select all
|| auth_get_current_user_id() == 3 // anonymous status button hackHope that helps someone.
-=DKC=-