Fix invalid access denied error caused by access_has_bug_level()

Commit d42e80c changed the code in access_has_bug_level() function, and introduced a bug in the call to access_compare_level() when access is limited to issue reporter (inverted parameters caused an incorrect access denied error). See also 9ec47a0. Issue #15538
mantisbt · Mar 5, 2013 · f583a45 · f583a45
1 parent 910546d
commit f583a45
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/core/access_api.php b/core/access_api.php
@@ -427,15 +427,15 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) {
 		if( !isset( $s_thresholds[$t_project_id] ) ) {
 			$t_report_bug_threshold = config_get( 'report_bug_threshold', null, $p_user_id, $t_project_id );
 			if( !is_array( $t_report_bug_threshold ) ) {
-				$s_thresholds[$t_project_id] = $t_report_bug_threshold;
+				$s_thresholds[$t_project_id] = $t_report_bug_threshold + 1;
 			} else if ( empty( $t_report_bug_threshold ) ) {
 				$s_thresholds[$t_project_id] = NOBODY;
 			} else {
 				sort( $t_report_bug_threshold );
-				$s_thresholds[$t_project_id] = $t_report_bug_threshold[0];
+				$s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1;
 			}
 		}
-		if( !access_compare_level( $s_thresholds[$t_project_id], $t_access_level ) ) {
+		if( !access_compare_level( $t_access_level, $s_thresholds[$t_project_id] ) ) {
 			return false;
 		}
 	}