From: <gi...@ma...> - 2009-07-01 02:23:29
|
The branch, master has been updated via c2ef5a6cdee3732f4c3faccc7581488d944cf233 (commit) from ee1ac756fbb90b983b52257a24156a66f33d6b0d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c2ef5a6cdee3732f4c3faccc7581488d944cf233 Author: David Hicks <hic...@op...> Date: Wed Jul 1 12:17:38 2009 +1000 Fix #10647: check permissions before updating target_version Related to bd5076906d7c8596dc3ba9ce5352c9be9c85f4b3 The new BugData class has access checks built into __set so we can't update a field without permission to do so. We need to ensure that target_version is only updated when the current user has permission to do so. ----------------------------------------------------------------------- Summary of changes: api/soap/mc_issue_api.php | 10 ++++++++-- bug_update.php | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) ----------------------------------------------------------------------- commit c2ef5a6cdee3732f4c3faccc7581488d944cf233 Author: David Hicks <hic...@op...> Date: Wed Jul 1 12:17:38 2009 +1000 Fix #10647: check permissions before updating target_version Related to bd5076906d7c8596dc3ba9ce5352c9be9c85f4b3 The new BugData class has access checks built into __set so we can't update a field without permission to do so. We need to ensure that target_version is only updated when the current user has permission to do so. diff --git a/api/soap/mc_issue_api.php b/api/soap/mc_issue_api.php index 38674c8..f3a6000 100644 --- a/api/soap/mc_issue_api.php +++ b/api/soap/mc_issue_api.php @@ -511,13 +511,16 @@ function mc_issue_add( $p_username, $p_password, $p_issue ) { $t_bug_data->platform = isset( $p_issue['platform'] ) ? $p_issue['platform'] : ''; $t_bug_data->version = isset( $p_issue['version'] ) ? $p_issue['version'] : ''; $t_bug_data->fixed_in_version = isset( $p_issue['fixed_in_version'] ) ? $p_issue['fixed_in_version'] : ''; - $t_bug_data->target_version = isset( $p_issue['target_version'] ) ? $p_issue['target_version'] : ''; $t_bug_data->build = isset( $p_issue['build'] ) ? $p_issue['build'] : ''; $t_bug_data->view_state = $t_view_state_id; $t_bug_data->summary = $t_summary; $t_bug_data->sponsorship_total = isset( $p_issue['sponsorship_total'] ) ? $p_issue['sponsorship_total'] : 0; $t_bug_data->due_date = date_get_null(); + if( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_bug_data->project_id, $t_user_id ) ) { + $t_bug_data->target_version = isset( $p_issue['target_version'] ) ? $p_issue['target_version'] : ''; + } + # omitted: # var $bug_text_id # $t_bug_data->profile_id; @@ -672,13 +675,16 @@ function mc_issue_update( $p_username, $p_password, $p_issue_id, $p_issue ) { $t_bug_data->platform = isset( $v_platform ) ? $v_platform : ''; $t_bug_data->version = isset( $p_issue['version'] ) ? $p_issue['version'] : ''; $t_bug_data->fixed_in_version = isset( $p_issue['fixed_in_version'] ) ? $p_issue['fixed_in_version'] : ''; - $t_bug_data->target_version = isset( $p_issue['target_version'] ) ? $p_issue['target_version'] : ''; $t_bug_data->build = isset( $v_build ) ? $v_build : ''; $t_bug_data->view_state = $t_view_state_id; $t_bug_data->summary = $t_summary; $t_bug_data->sponsorship_total = isset( $v_sponsorship_total ) ? $v_sponsorship_total : 0; $t_bug_data->due_date = date_get_null(); + if( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_bug_data->project_id, $t_user_id ) ) { + $t_bug_data->target_version = isset( $p_issue['target_version'] ) ? $p_issue['target_version'] : ''; + } + # omitted: # var $bug_text_id # $t_bug_data->profile_id; diff --git a/bug_update.php b/bug_update.php index 339365a..e11ba62 100644 --- a/bug_update.php +++ b/bug_update.php @@ -74,10 +74,13 @@ $t_bug_data->version = gpc_get_string( 'version', $t_bug_data->version ); $t_bug_data->build = gpc_get_string( 'build', $t_bug_data->build ); $t_bug_data->fixed_in_version = gpc_get_string( 'fixed_in_version', $t_bug_data->fixed_in_version ); - $t_bug_data->target_version = gpc_get_string( 'target_version', $t_bug_data->target_version ); $t_bug_data->view_state = gpc_get_int( 'view_state', $t_bug_data->view_state ); $t_bug_data->summary = gpc_get_string( 'summary', $t_bug_data->summary ); $t_due_date = gpc_get_string( 'due_date', null ); + + if( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_bug_data->project_id ) ) { + $t_bug_data->target_version = gpc_get_string( 'target_version', $t_bug_data->target_version ); + } if( $t_due_date !== null) { if ( is_blank ( $t_due_date ) ) { ----------------------------------------------------------------------- -- Mantis Bug Tracker |