Allow mass-assign of issues to Updaters

dregad · dregad · commit 297c79300503 · 2011-12-14T01:41:18.000+01:00
The code handling assignment in bug_actiongroup.php had an incorrect
check for the access level of the user the issues are being assigned
to. It was checked against $t_threshold, which is the minimum access
level required of the current user to perform the action, instead of
the access level to be assigned issues to (handle_bug_threshold).

This affects MantisBT instances where Updaters (or aother role) is
allowed to handle issues (through custom Workflow Thresholds)

Fixes #12324
diff --git a/bug_actiongroup.php b/bug_actiongroup.php
@@ -167,8 +167,8 @@
 		#  that current user has rights to assign the issue
 		$t_threshold = access_get_status_threshold( $t_assign_status, bug_get_field( $t_bug_id, 'project_id' ) );
 		if ( access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $t_bug_id ) ) {
-			if ( access_has_bug_level( $t_threshold , $t_bug_id, $f_assign ) ) {
-				if ( bug_check_workflow($t_status, $t_assign_status ) ) {
+			if ( access_has_bug_level( config_get( 'handle_bug_threshold' ), $t_bug_id, $f_assign ) ) {
+				if ( bug_check_workflow( $t_status, $t_assign_status ) ) {
 					/** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
 					bug_assign( $t_bug_id, $f_assign, $f_bug_notetext, $f_bug_noteprivate );
 					helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
