Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mantisbt/mantisbt
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d8f5faf
Choose a base ref
...
head repository: mantisbt/mantisbt
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 04bf9d6
Choose a head ref
  • 2 commits
  • 4 files changed
  • 1 contributor

Commits on Jan 2, 2012

  1. User must have global access to update global categories 

    The user's global access level must be >= $g_manage_site_threshold to
be allowed to add, edit or delete global categories.

Prior to this, once a user had been defined as Manager on at least one
project, they could freely update global categories.

Also prevents such updates through URL manipulation.

Fixes #13561
    @dregad
    dregad committed Jan 2, 2012
    Copy the full SHA
    9443258 View commit details

  2. Fix undefined variable notice in print_manage_menu() 

    When the manage_proj_page.php is called for a user with minimal rights
(e.g. a reporter granted manager role on a single project), the
print_manage_menu() function issues a couple of messages (depending on
$g_display_errors settings):

SYSTEM NOTICE: Undefined variable: t_pages
SYSTEM WARNING: Invalid argument supplied for foreach()

This commit prevents these errors by initializing $t_pages to an empty
array.
    @dregad
    dregad committed Jan 2, 2012
    Copy the full SHA
    04bf9d6 View commit details
Showing with 14 additions and 5 deletions.
  1. +1 −0 core/html_api.php
  2. +2 −2 manage_proj_cat_delete.php
  3. +2 −2 manage_proj_cat_edit_page.php
  4. +9 −1 manage_proj_page.php
1 change: 1 addition & 0 deletions core/html_api.php
View file
Original file line number Diff line number Diff line change
@@ -950,6 +950,7 @@ function print_summary_submenu() {
* @return null
*/
function print_manage_menu( $p_page = '' ) {
$t_pages = array();
if( access_has_global_level( config_get( 'manage_user_threshold' ) ) ) {
$t_pages['manage_user_page.php'] = array( 'url' => 'manage_user_page.php', 'label' => 'manage_users_link' );
}
4 changes: 2 additions & 2 deletions manage_proj_cat_delete.php
View file
Original file line number Diff line number Diff line change
@@ -60,12 +60,12 @@
$f_category_id = gpc_get_int( 'id' );
$f_project_id = gpc_get_int( 'project_id' );

access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );

$t_row = category_get_row( $f_category_id );
$t_name = category_full_name( $f_category_id );
$t_project_id = $t_row['project_id'];

access_ensure_project_level( config_get( 'manage_project_threshold' ), $t_project_id );

# Get a bug count
$t_bug_table = db_get_table( 'bug' );
$t_query = "SELECT COUNT(id) FROM $t_bug_table WHERE category_id=" . db_param();
4 changes: 2 additions & 2 deletions manage_proj_cat_edit_page.php
View file
Original file line number Diff line number Diff line change
@@ -55,13 +55,13 @@
$f_category_id = gpc_get_int( 'id' );
$f_project_id = gpc_get_int( 'project_id' );

access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );

$t_row = category_get_row( $f_category_id );
$t_assigned_to = $t_row['user_id'];
$t_project_id = $t_row['project_id'];
$t_name = $t_row['name'];

access_ensure_project_level( config_get( 'manage_project_threshold' ), $t_project_id );

html_page_top();

print_manage_menu( 'manage_proj_cat_edit_page.php' ); ?>
10 changes: 9 additions & 1 deletion manage_proj_page.php
View file
Original file line number Diff line number Diff line change
@@ -164,20 +164,25 @@
<h2><?php echo lang_get( 'global_categories' ) ?></h2>
<table cellspacing="1" cellpadding="5" border="1"><?php
$t_categories = category_get_all_rows( ALL_PROJECTS );
$t_can_update_global_cat = access_has_global_level( config_get( 'manage_site_threshold' ) );

if ( count( $t_categories ) > 0 ) { ?>
<tr class="row-category">
<td><?php echo lang_get( 'category' ) ?></td>
<td><?php echo lang_get( 'assign_to' ) ?></td>
<?php if( $t_can_update_global_cat ) { ?>
<td class="center"><?php echo lang_get( 'actions' ) ?></td>
<?php } ?>
</tr><?php
}

foreach ( $t_categories as $t_category ) {
foreach( $t_categories as $t_category ) {
$t_id = $t_category['id'];
?>
<tr <?php echo helper_alternate_class() ?>>
<td><?php echo string_display( category_full_name( $t_id, false ) ) ?></td>
<td><?php echo prepare_user_name( $t_category['user_id'] ) ?></td>
<?php if( $t_can_update_global_cat ) { ?>
<td class="center">
<?php
$t_id = urlencode( $t_id );
@@ -188,10 +193,12 @@
print_button( "manage_proj_cat_delete.php?id=$t_id&project_id=$t_project_id", lang_get( 'delete_link' ) );
?>
</td>
<?php } ?>
</tr><?php
} # end for loop ?>
</table>

<?php if( $t_can_update_global_cat ) { ?>
<form method="post" action="manage_proj_cat_add.php">
<fieldset>
<?php echo form_security_field( 'manage_proj_cat_add' ) ?>
@@ -200,6 +207,7 @@
<input type="submit" class="button" value="<?php echo lang_get( 'add_category_button' ) ?>" />
</fieldset>
</form>
<?php } ?>
</div>

<?php