Allow mass-assign of issues to Updaters

dregad · dregad · commit 0f702d58e931 · 2011-12-14T01:22:20.000+01:00
The code handling assignment in bug_actiongroup.php had an incorrect
check for the access level of the user the issues are being assigned
to. It was checked against $t_threshold, which is the minimum access
level required of the current user to perform the action, instead of
the access level to be assigned issues to (handle_bug_threshold).

This affects MantisBT instances where Updaters (or aother role) is
allowed to handle issues (through custom Workflow Thresholds)

Fixes #12324
diff --git a/bug_actiongroup.php b/bug_actiongroup.php
@@ -129,8 +129,8 @@
 			#  that current user has rights to assign the issue
 			$t_threshold = access_get_status_threshold( $t_assign_status, bug_get_field( $t_bug_id, 'project_id' ) );
 			if ( access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $t_bug_id ) ) {
-				if ( access_has_bug_level( $t_threshold , $t_bug_id, $f_assign ) ) {
-					if ( bug_check_workflow($t_status, $t_assign_status ) ) {
+				if ( access_has_bug_level( config_get( 'handle_bug_threshold' ), $t_bug_id, $f_assign ) ) {
+					if ( bug_check_workflow( $t_status, $t_assign_status ) ) {
 						/** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
 						bug_assign( $t_bug_id, $f_assign, $f_bug_notetext, $f_bug_noteprivate );
 						helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
