From: Victor B. <vb...@us...> - 2004-03-18 14:12:08
|
Update of /cvsroot/mantisbt/mantisbt In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3558 Modified Files: config_defaults_inc.php file_download.php view_all_inc.php Log Message: Enh #3662: Provide more config vars to control viewing/downloading/deleting bug attachments. M core/bug_api.php - (bug_is_readonly): Added M config_defaults_inc.php - Group together all configs relating to bug attachments. - Added $g_view_attachments_threshold (default VIEWER). Access level needed to view bugs attachments. View means to see the file names sizes, and timestamps of the attachments. - Added $g_download_attachments_threshold (default VIEWER). Access level needed to download bug attachments. - Added $g_delete_attachments_threshold (default VIEWER). Access level needed to delete bug attachments. - Added $g_allow_view_own_attachments (default ON). Allow users to view attachments uploaded by themselves even if their access level is below view_attachments_threshold. - Added $g_allow_download_own_attachments (default ON). Allow users to download attachments uploaded by themselves even if their access level is below download_attachments_threshold. - Added $g_allow_delete_own_attachments (default OFF). Allow users to delete attachments uploaded by themselves even if their access level is below delete_attachments_threshold. M core/file_api.php - (file_can_view_bug_attachments): Added - (file_can_download_bug_attachments): Added - (file_can_delete_bug_attachments): Added - (file_list_attachments): Modified to use the above three functions. M file_download.php - Use file_can_download_bug_attachments() from file_api.php M view_all_inc.php - Replaced use of UPDATER with the use of config variable update_bug_threshold. - Use file_can_view_bug_attachments() M admin/check.php - Added checks to make sure that the settings for the new config vars make sense. For example, it shouldn't be possible to allow a user to delete an attachment without being able to download it or view its details. Index: file_download.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/file_download.php,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- file_download.php 18 Mar 2004 11:47:26 -0000 1.26 +++ file_download.php 18 Mar 2004 14:02:28 -0000 1.27 @@ -52,8 +52,8 @@ # Check access rights switch ( $f_type ) { case 'bug': - if ( ! bug_is_user_reporter( $v_bug_id, auth_get_current_user_id() ) ) { - access_ensure_bug_level( config_get( 'view_attachments_threshold' ), $v_bug_id ); + if ( !file_can_download_bug_attachments( $v_bug_id ) ) { + access_denied(); } break; case 'doc': Index: view_all_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/view_all_inc.php,v retrieving revision 1.131 retrieving revision 1.132 diff -u -d -r1.131 -r1.132 --- view_all_inc.php 5 Feb 2004 00:34:38 -0000 1.131 +++ view_all_inc.php 18 Mar 2004 14:02:28 -0000 1.132 @@ -27,6 +27,7 @@ $t_checkboxes_exist = false; $t_icon_path = config_get( 'icon_path' ); + $t_update_bug_threshold = config_get( 'update_bug_threshold' ); ?> <?php # -- ====================== FILTER FORM ========================= -- ?> <?php filter_draw_selection_area( $f_page_number ); ?> @@ -168,9 +169,7 @@ # Check for attachments $t_attachment_count = 0; - if ( ON == $t_show_attachments - && ( $v_reporter_id == auth_get_current_user_id() - || access_has_bug_level( config_get( 'view_attachments_threshold' ), $v_id ) ) ) { + if ( ( ON == $t_show_attachments ) && ( file_can_view_bug_attachments( $v_id ) ) ) { $t_attachment_count = file_bug_attachment_count( $v_id ); } @@ -184,7 +183,7 @@ <tr bgcolor="<?php echo $status_color ?>"> <?php # -- Checkbox -- ?> <?php - if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $v_id ) ) { + if ( access_has_bug_level( $t_update_bug_threshold, $v_id ) ) { $t_checkboxes_exist = true; ?> <td> @@ -199,7 +198,7 @@ <?php # -- Pencil shortcut -- ?> <td class="center"> <?php - if ( access_has_bug_level( UPDATER, $v_id ) ) { + if ( access_has_bug_level( $t_update_bug_threshold, $v_id ) ) { echo '<a href="' . string_get_bug_update_url( $v_id ) . '"><img border="0" src="' . $t_icon_path . 'update.png' . '" alt="' . lang_get( 'update_bug_button' ) . '" /></a>'; } else { echo ' '; Index: config_defaults_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/config_defaults_inc.php,v retrieving revision 1.151 retrieving revision 1.152 diff -u -d -r1.151 -r1.152 --- config_defaults_inc.php 17 Mar 2004 13:58:59 -0000 1.151 +++ config_defaults_inc.php 18 Mar 2004 14:02:28 -0000 1.152 @@ -329,14 +329,6 @@ # --- see constant_inc.php. (*: BOTTOM or TOP) $g_status_legend_position = STATUS_LEGEND_POSITION_BOTTOM; - # --- Show an attachment indicator on bug list --- - # Show a clickable attachment indicator on the bug - # list page if the bug has one or more files attached. - # Note: This option is disabled by default since it adds - # 1 database query per bug listed and thus might slow - # down the page display. - $g_show_attachment_indicator = OFF; - ############################ # Mantis JPGRAPH Addon ############################ @@ -540,11 +532,6 @@ # Eg: doc-001-myprojdoc.zip $g_document_files_prefix = 'doc'; - # Specifies the maximum size below which an attachment is previewed in the bug - # view pages. To disable this feature, set max size to 0. - # This feature applies to: bmp, png, gif, jpg - $g_preview_attachments_inline_max_size = 0; - ############################ # Mantis HTML Settings ############################ @@ -610,6 +597,45 @@ $g_auto_set_status_to_assigned = ON; ############################ + # Bug Attachments Settings + ############################ + + # Specifies the maximum size below which an attachment is previewed in the bug + # view pages. To disable this feature, set max size to 0. + # This feature applies to: bmp, png, gif, jpg + $g_preview_attachments_inline_max_size = 0; + + # --- Show an attachment indicator on bug list --- + # Show a clickable attachment indicator on the bug + # list page if the bug has one or more files attached. + # Note: This option is disabled by default since it adds + # 1 database query per bug listed and thus might slow + # down the page display. + $g_show_attachment_indicator = OFF; + + # access level needed to view bugs attachments. View means to see the file names + # sizes, and timestamps of the attachments. + $g_view_attachments_threshold = VIEWER; + + # access level needed to download bug attachments + $g_download_attachments_threshold = VIEWER; + + # access level needed to delete bug attachments + $g_delete_attachments_threshold = VIEWER; + + # allow users to view attachments uploaded by themselves even if their access + # level is below view_attachments_threshold. + $g_allow_view_own_attachments = ON; + + # allow users to download attachments uploaded by themselves even if their access + # level is below download_attachments_threshold. + $g_allow_download_own_attachments = ON; + + # allow users to delete attachments uploaded by themselves even if their access + # level is below delete_attachments_threshold. + $g_allow_delete_own_attachments = OFF; + + ############################ # Mantis Misc Settings ############################ @@ -644,9 +670,6 @@ # Look in the constant_inc.php file if you want to set a different value $g_private_bugnote_threshold = DEVELOPER; - # access level needed to view attachments to bugs reported by other users. - $g_view_attachments_threshold = VIEWER; - # access level needed to view handler in bug reports and notification email # @@@ yarick123: now it is implemented for notification email only $g_view_handler_threshold = VIEWER; |