[phpBT-dev] CVS: phpbt attachment.php,1.25,1.26 bug.php,1.143,1.144

[Ulf E. <ulf...@us...>]

Update of /cvsroot/phpbt/phpbt
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29692/phpbt

Modified Files:
	attachment.php bug.php 
Log Message:
Various permission related fixes.


Index: attachment.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/attachment.php,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- attachment.php	20 Jul 2005 18:48:01 -0000	1.25
+++ attachment.php	27 Aug 2005 13:14:28 -0000	1.26
@@ -156,7 +156,7 @@
 }
 
 if (isset($_GET['del'])) {
-	if (!$perm->have_perm('Administrator')) {
+	if (!$perm->have_perm('Admin')) {
 		show_text(translate("You do not have the permissions required for that function"));
 	} else {
 		del_attachment($_GET['del']);

Index: bug.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/bug.php,v
retrieving revision 1.143
retrieving revision 1.144
diff -u -r1.143 -r1.144
--- bug.php	22 Aug 2005 20:54:43 -0000	1.143
+++ bug.php	27 Aug 2005 13:14:28 -0000	1.144
@@ -355,7 +355,7 @@
 
 	// Should we allow changes to be made to this bug by this user?
 	if (STRICT_UPDATING and !($u == $buginfo['assigned_to'] or
-		$u == $buginfo['created_by'] or $perm->have_perm('Manager'))) {
+		$u == $buginfo['created_by'] or $perm->have_perm_proj($project_id))) {
 		show_bug($bugid,array('status' => translate("You can not change this bug")));
 		return;
 	}
@@ -558,7 +558,7 @@
 }
 
 function show_form($bugid = 0, $error = '') {
-	global $db, $t;
+	global $db, $t, $u;
 
 	$projectname = $db->getOne("select project_name from ".TBL_PROJECT." where project_id = '{$_GET['project']}'");
 	if ($bugid && !$error) {
@@ -566,6 +566,7 @@
 	} else {
 		$t->assign($_POST);
 		$t->assign(array(
+			'u' => $u,
 			'error' => $error,
 			'project' => $_GET['project'],
 			'projectname' => $projectname