From: <gi...@ma...> - 2009-06-19 14:55:30
|
The branch, master has been updated via 5824bb70420b2ca0a474d2cde06d6b9118957c4d (commit) from 545da5fc106c1c0919799319b23cae8b774ddb29 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5824bb70420b2ca0a474d2cde06d6b9118957c4d Author: David Hicks <hic...@op...> Date: Wed Jun 17 05:56:19 2009 +1000 Remove hardcoded uses of ADMINISTRATOR constant In custom installations it may be possible to have different administrator access levels. An existing configuration option $g_admin_site_threshold is used, alongside existing user_is_administrator and current_user_is_administrator functions to remove all hardcoded uses of the ADMINISTRATOR constant. It is now possible to create your own administrator access level using the custom_*_inc.php files. In some setups, you may even want to define multiple different administrator access levels - even if it's just for cosmetic reasons (different access level names appearing under each user). Signed-off-by: John Reese <jr...@le...> ----------------------------------------------------------------------- Summary of changes: account_prefs_update.php | 2 +- admin/check.php | 2 +- admin/copy_field.php | 2 +- admin/db_stats.php | 2 +- admin/email_queue.php | 4 ++-- admin/index.php | 2 +- admin/move_db2disk.php | 2 +- admin/system_utils.php | 4 ++-- admin/test_email.php | 2 +- admin/test_icons.php | 2 +- admin/test_langs.php | 2 +- admin/upgrade_warning.php | 2 +- api/soap/mc_project_api.php | 2 +- core/access_api.php | 3 ++- core/config_api.php | 14 +++++++++++--- core/filter_api.php | 2 +- core/html_api.php | 2 +- core/plugin_api.php | 6 +++++- core/print_api.php | 4 ++-- core/user_api.php | 4 ++-- manage_overview_page.php | 3 +-- manage_user_edit_page.php | 4 ++-- manage_user_update.php | 10 ++++++---- news_edit_page.php | 2 +- news_menu_page.php | 2 +- proj_doc_page.php | 4 ++-- 26 files changed, 52 insertions(+), 38 deletions(-) ----------------------------------------------------------------------- commit 5824bb70420b2ca0a474d2cde06d6b9118957c4d Author: David Hicks <hic...@op...> Date: Wed Jun 17 05:56:19 2009 +1000 Remove hardcoded uses of ADMINISTRATOR constant In custom installations it may be possible to have different administrator access levels. An existing configuration option $g_admin_site_threshold is used, alongside existing user_is_administrator and current_user_is_administrator functions to remove all hardcoded uses of the ADMINISTRATOR constant. It is now possible to create your own administrator access level using the custom_*_inc.php files. In some setups, you may even want to define multiple different administrator access levels - even if it's just for cosmetic reasons (different access level names appearing under each user). Signed-off-by: John Reese <jr...@le...> diff --git a/account_prefs_update.php b/account_prefs_update.php index 9e08c2f..5dfae33 100644 --- a/account_prefs_update.php +++ b/account_prefs_update.php @@ -86,7 +86,7 @@ # prevent users from changing other user's accounts if ( $f_user_id != auth_get_current_user_id() ) { - access_ensure_project_level( ADMINISTRATOR ); + access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); } # make sure the delay isn't too low diff --git a/admin/check.php b/admin/check.php index 58afea5..e6e95ce 100644 --- a/admin/check.php +++ b/admin/check.php @@ -317,7 +317,7 @@ $t_anon_user = false; print_test_row( 'check configuration: anonymous_account is a valid username if set', ( (strlen( config_get_global( 'anonymous_account') ) > 0 ) ? ( ($t_anon_user = user_get_id_by_name( config_get_global( 'anonymous_account') ) ) !== false ) : TRUE ) ); print_test_row( 'check configuration: anonymous_account should not be an administrator', - ( $t_anon_user ? ( !access_compare_level( user_get_field( $t_anon_user, 'access_level' ), ADMINISTRATOR) ) : TRUE ) ); + ( $t_anon_user ? ( !user_is_administrator( $t_anon_user ) ) : TRUE ) ); print_test_row( '$g_bug_link_tag is not empty ("' . config_get_global( 'bug_link_tag' ) . '")', '' <> config_get_global( 'bug_link_tag' ) ); print_test_row( '$g_bugnote_link_tag is not empty ("' . config_get_global( 'bugnote_link_tag' ) . '")', diff --git a/admin/copy_field.php b/admin/copy_field.php index 019a9fc..1498b78 100644 --- a/admin/copy_field.php +++ b/admin/copy_field.php @@ -26,7 +26,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); $f_source_field_id = gpc_get_int( 'source_id' ); $f_dest_field = gpc_get( 'dest_id' ); diff --git a/admin/db_stats.php b/admin/db_stats.php index 36da127..e26fdda 100644 --- a/admin/db_stats.php +++ b/admin/db_stats.php @@ -25,7 +25,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); # -------------------- function helper_table_row_count( $p_table ) { diff --git a/admin/email_queue.php b/admin/email_queue.php index ccbc4e9..0af9ebf 100644 --- a/admin/email_queue.php +++ b/admin/email_queue.php @@ -25,7 +25,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); $f_to = gpc_get( 'send', null ); @@ -72,4 +72,4 @@ if( count( $t_ids ) > 0 ) { } html_button( 'email_queue.php', 'Send All', array( 'send' => 'all') ); -html_button( 'email_queue.php', 'Send Or Delete All', array( 'send' => 'sendordelall') ); \ No newline at end of file +html_button( 'email_queue.php', 'Send Or Delete All', array( 'send' => 'sendordelall') ); diff --git a/admin/index.php b/admin/index.php index 746f926..c21ab20 100644 --- a/admin/index.php +++ b/admin/index.php @@ -26,7 +26,7 @@ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); require_once( 'schema.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); html_page_top( 'MantisBT Administration' ); diff --git a/admin/move_db2disk.php b/admin/move_db2disk.php index 5673c94..82081dc 100644 --- a/admin/move_db2disk.php +++ b/admin/move_db2disk.php @@ -26,7 +26,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); // Move type should be attachment or project. $f_move_type = gpc_get( 'doc' ); diff --git a/admin/system_utils.php b/admin/system_utils.php index 867c714..a2d3d2d 100644 --- a/admin/system_utils.php +++ b/admin/system_utils.php @@ -26,7 +26,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); html_page_top( 'MantisBT Administration - System Utilities' ); @@ -95,4 +95,4 @@ foreach( $t_dest_ids as $t_id ) { </table> <? - html_page_bottom( __FILE__ ); \ No newline at end of file + html_page_bottom( __FILE__ ); diff --git a/admin/test_email.php b/admin/test_email.php index 4c6de4b..ee4aff8 100644 --- a/admin/test_email.php +++ b/admin/test_email.php @@ -25,7 +25,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); $f_mail_test = gpc_get_bool( 'mail_test' ); diff --git a/admin/test_icons.php b/admin/test_icons.php index 49fe4a7..d002eab 100644 --- a/admin/test_icons.php +++ b/admin/test_icons.php @@ -25,7 +25,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); html_page_top(); diff --git a/admin/test_langs.php b/admin/test_langs.php index fd6d6b2..77e0c10 100644 --- a/admin/test_langs.php +++ b/admin/test_langs.php @@ -48,7 +48,7 @@ if (!checkfile( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'lang' . unset( $g_skip_lang_load ) ; lang_push( 'english' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); set_time_limit( 0 ); diff --git a/admin/upgrade_warning.php b/admin/upgrade_warning.php index 3d4fe80..d0e60be 100644 --- a/admin/upgrade_warning.php +++ b/admin/upgrade_warning.php @@ -25,7 +25,7 @@ */ require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' ); -access_ensure_global_level( ADMINISTRATOR ); +access_ensure_global_level( config_get_global( 'admin_site_threshold' ) ); $g_error_send_page_header = false; # suppress page headers in the error handler diff --git a/api/soap/mc_project_api.php b/api/soap/mc_project_api.php index 06d63a9..dda0b78 100644 --- a/api/soap/mc_project_api.php +++ b/api/soap/mc_project_api.php @@ -526,7 +526,7 @@ function mc_project_get_attachments( $p_username, $p_password, $p_project_id ) { $t_user_table = db_get_table( 'mantis_user_table' ); $t_pub = VS_PUBLIC; $t_priv = VS_PRIVATE; - $t_admin = ADMINISTRATOR; + $t_admin = config_get_global( 'admin_site_threshold' ); if( $p_project_id == ALL_PROJECTS ) { # Select all the projects that the user has access to diff --git a/core/access_api.php b/core/access_api.php index ef860e7..f626d5f 100644 --- a/core/access_api.php +++ b/core/access_api.php @@ -293,7 +293,8 @@ function access_get_project_level( $p_project_id = null, $p_user_id = null ) { } $t_global_access_level = access_get_global_level( $p_user_id ); - if(( ALL_PROJECTS == $p_project_id ) || ( ADMINISTRATOR == $t_global_access_level ) ) { + + if( ALL_PROJECTS == $p_project_id || user_is_administrator( $p_user_id ) ) { return $t_global_access_level; } else { $t_project_access_level = access_get_local_level( $p_user_id, $p_project_id ); diff --git a/core/config_api.php b/core/config_api.php index 9f09d57..071a52e 100644 --- a/core/config_api.php +++ b/core/config_api.php @@ -242,7 +242,7 @@ function config_get_access( $p_option, $p_user = null, $p_project = null ) { } } - return $t_found ? $t_access : ADMINISTRATOR; + return $t_found ? $t_access : config_get_global( 'admin_site_threshold' ); } # ------------------ @@ -302,7 +302,10 @@ function config_is_set( $p_option, $p_user = null, $p_project = null ) { # ------------------ # Sets the value of the given config option to the given value # If the config option does not exist, an ERROR is triggered -function config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = ADMINISTRATOR ) { +function config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = DEFAULT_ACCESS_LEVEL ) { + if( $p_access == DEFAULT_ACCESS_LEVEL ) { + $p_access = config_get_global( 'admin_site_threshold' ); + } if( is_array( $p_value ) || is_object( $p_value ) ) { $t_type = CONFIG_TYPE_COMPLEX; $c_value = serialize( $p_value ); @@ -383,8 +386,13 @@ function config_set_global( $p_option, $p_value, $p_override = true ) { # ------------------ # Sets the value of the given config option to the given value # If the config option does not exist, an ERROR is triggered -function config_set_cache( $p_option, $p_value, $p_type, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = ADMINISTRATOR ) { +function config_set_cache( $p_option, $p_value, $p_type, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = DEFAULT_ACCESS_LEVEL ) { global $g_cache_config, $g_cache_config_access; + + if( $p_access == DEFAULT_ACCESS_LEVEL ) { + $p_access = config_get_global( 'admin_site_threshold' ); + } + $g_cache_config[$p_option][$p_user][$p_project] = $p_type . ';' . $p_value; $g_cache_config_access[$p_option][$p_user][$p_project] = $p_access; diff --git a/core/filter_api.php b/core/filter_api.php index 9455af9..7fee1cc 100644 --- a/core/filter_api.php +++ b/core/filter_api.php @@ -4493,7 +4493,7 @@ function filter_db_can_delete_filter( $p_filter_id ) { $t_user_id = auth_get_current_user_id(); # Administrators can delete any filter - if( access_has_global_level( ADMINISTRATOR ) ) { + if( user_is_administrator( $t_user_id ) ) { return true; } diff --git a/core/html_api.php b/core/html_api.php index d73a034..0aed3f3 100644 --- a/core/html_api.php +++ b/core/html_api.php @@ -804,7 +804,7 @@ function print_menu() { if ( news_is_enabled() && access_has_project_level( config_get( 'manage_news_threshold' ) ) ) { # Admin can edit news for All Projects (site-wide) - if(( ALL_PROJECTS != helper_get_current_project() ) || ( access_has_project_level( ADMINISTRATOR ) ) ) { + if( ALL_PROJECTS != helper_get_current_project() || current_user_is_administrator() ) { $t_menu_options[] = '<a href="' . helper_mantis_url( 'news_menu_page.php">' ) . lang_get( 'edit_news_link' ) . '</a>'; } else { $t_menu_options[] = '<a href="' . helper_mantis_url( 'login_select_proj_page.php">' ) . lang_get( 'edit_news_link' ) . '</a>'; diff --git a/core/plugin_api.php b/core/plugin_api.php index 2f3c035..9521fc3 100644 --- a/core/plugin_api.php +++ b/core/plugin_api.php @@ -177,7 +177,11 @@ function plugin_config_get( $p_option, $p_default = null, $p_global = false ) { * @param int Project ID * @param int Access threshold */ -function plugin_config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = ADMINISTRATOR ) { +function plugin_config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = DEFAULT_ACCESS_LEVEL ) { + if( $p_access == DEFAULT_ACCESS_LEVEL ) { + $p_access = config_get_global( 'admin_site_threshold' ); + } + $t_basename = plugin_get_current(); $t_full_option = 'plugin_' . $t_basename . '_' . $p_option; diff --git a/core/print_api.php b/core/print_api.php index 673a5b5..83bc0f3 100644 --- a/core/print_api.php +++ b/core/print_api.php @@ -326,7 +326,7 @@ function print_news_item_option_list() { $t_project_id = helper_get_current_project(); - $t_global = access_has_global_level( ADMINISTRATOR ); + $t_global = access_has_global_level( config_get_global( 'admin_site_threshold' ) ); if( $t_global ) { $query = "SELECT id, headline, announcement, view_state FROM $t_mantis_news_table @@ -1035,7 +1035,7 @@ function print_project_user_list_option_list( $p_project_id = null ) { } $c_project_id = (int) $p_project_id; - $t_adm = ADMINISTRATOR; + $t_adm = config_get_global( 'admin_site_threshold' ); $query = "SELECT DISTINCT u.id, u.username, u.realname FROM $t_mantis_user_table u LEFT JOIN $t_mantis_project_user_list_table p diff --git a/core/user_api.php b/core/user_api.php index 1b35e6e..9287c5b 100644 --- a/core/user_api.php +++ b/core/user_api.php @@ -338,7 +338,7 @@ function user_is_monitoring_bug( $p_user_id, $p_bug_id ) { function user_is_administrator( $p_user_id ) { $t_access_level = user_get_field( $p_user_id, 'access_level' ); - if( $t_access_level >= ADMINISTRATOR ) { + if( $t_access_level >= config_get_global( 'admin_site_threshold' ) ) { return true; } else { return false; @@ -801,7 +801,7 @@ function user_get_avatar( $p_user_id, $p_size = 80 ) { function user_get_access_level( $p_user_id, $p_project_id = ALL_PROJECTS ) { $t_access_level = user_get_field( $p_user_id, 'access_level' ); - if( $t_access_level >= ADMINISTRATOR ) { + if( user_is_administrator( $p_user_id ) ) { return $t_access_level; } diff --git a/manage_overview_page.php b/manage_overview_page.php index 669cfea..6251e83 100644 --- a/manage_overview_page.php +++ b/manage_overview_page.php @@ -26,7 +26,6 @@ auth_reauthenticate(); access_ensure_global_level( config_get( 'manage_site_threshold' ) ); - $t_is_admin = access_has_global_level( config_get( 'admin_site_threshold' ) ); $t_version_suffix = config_get_global( 'version_suffix' ); @@ -56,7 +55,7 @@ <td></td> </tr> -<?php if ( $t_is_admin ) { ?> +<?php if ( current_user_is_administrator() ) { ?> <tr <?php echo helper_alternate_class() ?>> <td class="category"><?php echo lang_get( 'site_path' ) ?></td> <td><?php echo config_get( 'absolute_path' ) ?></td> diff --git a/manage_user_edit_page.php b/manage_user_edit_page.php index 0105aeb..1bda085 100644 --- a/manage_user_edit_page.php +++ b/manage_user_edit_page.php @@ -149,7 +149,7 @@ </form> <!-- Delete Button --> -<?php if ( !( ( ADMINISTRATOR <= $t_user['access_level'] ) && ( 1 >= user_count_level( ADMINISTRATOR ) ) ) ) { ?> +<?php if ( !( ( user_is_administrator( $t_user ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) ) ) { ?> <form method="post" action="manage_user_delete.php"> <?php echo form_security_field( 'manage_user_delete' ) ?> @@ -172,7 +172,7 @@ <!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR --> <?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) && - !access_has_global_level( ADMINISTRATOR, $t_user['id'] ) ){ + !user_is_administrator( $t_user_id ) ) { ?> <br /> <div align="center"> diff --git a/manage_user_update.php b/manage_user_update.php index b68c07c..773fd60 100644 --- a/manage_user_update.php +++ b/manage_user_update.php @@ -77,15 +77,17 @@ $t_old_protected = user_get_field( $f_user_id, 'protected' ); # check that we are not downgrading the last administrator - $t_old_access = user_get_field( $f_user_id, 'access_level' ); - if ( ( ADMINISTRATOR == $t_old_access ) && ( $t_old_access <> $f_access_level ) && ( 1 >= user_count_level( ADMINISTRATOR ) ) ) { + $t_admin_threshold = config_get_global( 'admin_site_threshold' ); + if ( user_is_administrator( $f_user_id ) && + $f_access_level < $t_admin_threshold && + user_count_level( $t_admin_threshold ) <= 1 ) { trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR ); } # Project specific access rights override global levels, hence, for users who are changed # to be administrators, we have to remove project specific rights. - if ( ( $c_access_level >= ADMINISTRATOR ) && ( !user_is_administrator( $c_user_id ) ) ) { - user_delete_project_specific_access_levels( $c_user_id ); + if ( ( $f_access_level >= $t_admin_threshold ) && ( !user_is_administrator( $f_user_id ) ) ) { + user_delete_project_specific_access_levels( $f_user_id ); } # if the user is already protected and the admin is not removing the diff --git a/news_edit_page.php b/news_edit_page.php index bf2a504..7fd282c 100644 --- a/news_edit_page.php +++ b/news_edit_page.php @@ -106,7 +106,7 @@ <select name="project_id"> <?php $t_sitewide = false; - if ( access_has_project_level( ADMINISTRATOR ) ) { + if ( current_user_is_administrator() ) { $t_sitewide = true; } print_project_option_list( $v_project_id, $t_sitewide ); diff --git a/news_menu_page.php b/news_menu_page.php index b8d0034..2c0b841 100644 --- a/news_menu_page.php +++ b/news_menu_page.php @@ -91,7 +91,7 @@ <?php # Add News Form END # Edit/Delete News Form BEGIN - if ( news_get_count( helper_get_current_project(), access_has_global_level( ADMINISTRATOR ) ) > 0 ) { + if ( news_get_count( helper_get_current_project(), current_user_is_administrator() ) > 0 ) { ?> <br /> <div align="center"> diff --git a/proj_doc_page.php b/proj_doc_page.php index 77f3393..5acdd4c 100644 --- a/proj_doc_page.php +++ b/proj_doc_page.php @@ -44,7 +44,7 @@ $t_user_table = db_get_table( 'mantis_user_table' ); $t_pub = VS_PUBLIC; $t_priv = VS_PRIVATE; - $t_admin = ADMINISTRATOR; + $t_admin = config_get_global( 'admin_site_threshold' ); if ( $f_project_id == ALL_PROJECTS ) { # Select all the projects that the user has access to @@ -76,7 +76,7 @@ WHERE pft.project_id in (" . implode( ',', $t_projects ) . ") AND ( ( ( pt.view_state = $t_pub OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level $t_access_clause ) OR ( ( pult.user_id = $t_user_id ) AND ( pult.access_level $t_access_clause ) ) OR - ( ut.access_level = $t_admin ) ) + ( ut.access_level >= $t_admin ) ) ORDER BY pt.name ASC, pft.title ASC"; $result = db_query( $query ); $num_files = db_num_rows( $result ); ----------------------------------------------------------------------- -- Mantis Bug Tracker |