Fix #3917: Ability to delete other users from bug monitor list

A new configuration option $g_monitor_delete_others_bug_threshold was added. This option defines the access level required to delete other users from the list of users monitoring a bug. If the current user is in an access level above or equal to $g_monitor_delete_others_bug_threshold they will see a [Delete] link next to each username in the bug monitor list for each bug. Clicking on this link will stop a user from monitoring a bug.
mantisbt · Jul 15, 2009 · 33f859c · 33f859c
1 parent 45547dd
commit 33f859c
Show file tree

Hide file tree

Showing 9 changed files with 143 additions and 28 deletions.
diff --git a/bug_monitor.php → bug_monitor_add.php b/bug_monitor.php → bug_monitor_add.php
@@ -29,9 +29,9 @@
 
 	require_once( 'bug_api.php' );
 
-	form_security_validate( 'bug_monitor' );
+	form_security_validate( 'bug_monitor_add' );
 
-	$f_bug_id	= gpc_get_int( 'bug_id' );
+	$f_bug_id = gpc_get_int( 'bug_id' );
 	$t_bug = bug_get( $f_bug_id, true );
 	$f_username = gpc_get_string( 'username', '' );
 
@@ -43,30 +43,30 @@
 		$t_user_id = user_get_id_by_name( $f_username );
 		if ( $t_user_id === false ) {
 			error_parameters( $f_username );
-			trigger_error( ERROR_USER_BY_NAME_NOT_FOUND, ERROR );
+			trigger_error( ERROR_USER_BY_NAME_NOT_FOUND, E_USER_ERROR );
 		}
 	}
 
+	if ( user_is_anonymous( $t_user_id ) ) {
+		trigger_error( ERROR_PROTECTED_ACCOUNT, E_USER_ERROR );
+	}
+
+	bug_ensure_exists( $f_bug_id );
+
 	if( $t_bug->project_id != helper_get_current_project() ) {
 		# in case the current project is not the same project of the bug we are viewing...
 		# ... override the current project. This to avoid problems with categories and handlers lists etc.
 		$g_project_override = $t_bug->project_id;
 	}
 
-	$f_action	= gpc_get_string( 'action' );
-
 	if ( $t_logged_in_user_id == $t_user_id ) {
 		access_ensure_bug_level( config_get( 'monitor_bug_threshold' ), $f_bug_id );
 	} else {
 		access_ensure_bug_level( config_get( 'monitor_add_others_bug_threshold' ), $f_bug_id );
 	}
 
-	if ( 'delete' == $f_action ) {
-		bug_unmonitor( $f_bug_id, $t_user_id );
-	} else { # should be 'add' but we have to account for other values
-		bug_monitor( $f_bug_id, $t_user_id );
-	}
+	bug_monitor( $f_bug_id, $t_user_id );
 
-	form_security_purge( 'bug_monitor' );
+	form_security_purge( 'bug_monitor_add' );
 
 	print_successful_redirect_to_bug( $f_bug_id );
diff --git a/bug_monitor_delete.php b/bug_monitor_delete.php
@@ -0,0 +1,69 @@
+<?php
+# MantisBT - a php based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+	/**
+	 * This file turns monitoring on or off for a bug for the current user
+	 *
+	 * @package MantisBT
+	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+	 * @copyright Copyright (C) 2002 - 2009  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+	 * @link http://www.mantisbt.org
+	 */
+	 /**
+	  * MantisBT Core API's
+	  */
+	require_once( 'core.php' );
+
+	require_once( 'bug_api.php' );
+
+	form_security_validate( 'bug_monitor_delete' );
+
+	$f_bug_id = gpc_get_int( 'bug_id' );
+	$t_bug = bug_get( $f_bug_id, true );
+	$f_user_id = gpc_get_int( 'user_id', NO_USER );
+
+	$t_logged_in_user_id = auth_get_current_user_id();
+
+	if ( $f_user_id === NO_USER ) {
+		$t_user_id = $t_logged_in_user_id;
+	} else {
+		user_ensure_exists( $f_user_id );
+		$t_user_id = $f_user_id;
+	}
+
+	if ( user_is_anonymous( $t_user_id ) ) {
+		trigger_error( ERROR_PROTECTED_ACCOUNT, E_USER_ERROR );
+	}
+
+	bug_ensure_exists( $f_bug_id );
+
+	if( $t_bug->project_id != helper_get_current_project() ) {
+		# in case the current project is not the same project of the bug we are viewing...
+		# ... override the current project. This to avoid problems with categories and handlers lists etc.
+		$g_project_override = $t_bug->project_id;
+	}
+
+	if ( $t_logged_in_user_id == $t_user_id ) {
+		access_ensure_bug_level( config_get( 'monitor_bug_threshold' ), $f_bug_id );
+	} else {
+		access_ensure_bug_level( config_get( 'monitor_delete_others_bug_threshold' ), $f_bug_id );
+	}
+
+	bug_unmonitor( $f_bug_id, $t_user_id );
+
+	form_security_purge( 'bug_monitor_delete' );
+
+	print_successful_redirect_to_bug( $f_bug_id );
diff --git a/bug_monitor_list_view_inc.php b/bug_monitor_list_view_inc.php
@@ -66,22 +66,25 @@
 		if ( 0 == $num_users ) {
 			echo lang_get( 'no_users_monitoring_bug' );
 		} else {
+			$t_can_delete_others = access_has_bug_level( config_get( 'monitor_delete_others_bug_threshold' ), $f_bug_id ); 
 	 		for ( $i = 0; $i < $num_users; $i++ ) {
 				echo ($i > 0) ? ', ' : '';
 				echo print_user( $t_users[$i] );
+				if ( $t_can_delete_others ) {
+					echo ' [<a class="small" href="' . helper_mantis_url( 'bug_monitor_delete.php' ) . '?bug_id=' . $f_bug_id . '&user_id=' . $t_users[$i] . form_security_param( 'bug_monitor_delete' ) . '">' . lang_get( 'delete_link' ) . '</a>]';
+				}
 	 		}
  		}
 
 		if ( access_has_bug_level( config_get( 'monitor_add_others_bug_threshold' ), $f_bug_id ) ) {
 			echo '<br /><br />', lang_get( 'username' );
 ?>
- 		<form method="get" action="bug_monitor.php">
-		<?php echo form_security_field( 'bug_monitor' ) ?>
- 			<input type="hidden" name="bug_id" value="<?php echo (integer)$f_bug_id; ?>" />
- 			<input type="hidden" name="action" value="add" />
- 			<input type="text" name="username" />
+		<form method="get" action="bug_monitor_add.php">
+		<?php echo form_security_field( 'bug_monitor_add' ) ?>
+			<input type="hidden" name="bug_id" value="<?php echo (integer)$f_bug_id; ?>" />
+			<input type="text" name="username" />
 			<input type="submit" class="button" value="<?php echo lang_get( 'add_user_to_monitor' ) ?>" />
- 		</form>
+		</form>
 		<?php } ?>
 	</td>
 </tr>

diff --git a/config_defaults_inc.php b/config_defaults_inc.php
@@ -2178,18 +2178,27 @@
 	$g_update_bug_threshold			= UPDATER;
 
 	/**
-	 * access level needed to monitor bugs
-	 * Look in the constant_inc.php file if you want to set a different value
+	 * Access level needed to monitor bugs.
+	 * Look in the constant_inc.php file if you want to set a different value.
 	 * @global int $g_monitor_bug_threshold
 	 */
-	$g_monitor_bug_threshold		= REPORTER;
+	$g_monitor_bug_threshold = REPORTER;
 
 	/**
-	 * access level needed to add other users to monitor bugs
-	 * Look in the constant_inc.php file if you want to set a different value
+	 * Access level needed to add other users to the list of users monitoring
+	 * a bug.
+	 * Look in the constant_inc.php file if you want to set a different value.
+	 * @global int $g_monitor_add_others_bug_threshold
+	 */
+	$g_monitor_add_others_bug_threshold = DEVELOPER;
+
+	/**
+	 * Access level needed to delete other users from the list of users
+	 * monitoring a bug.
+	 * Look in the constant_inc.php file if you want to set a different value.
 	 * @global int $g_monitor_add_others_bug_threshold
 	 */
-	$g_monitor_add_others_bug_threshold		= DEVELOPER;
+	$g_monitor_delete_others_bug_threshold = DEVELOPER;
 
 	/**
 	 * access level needed to view private bugs

diff --git a/core/bug_api.php b/core/bug_api.php
@@ -1696,7 +1696,7 @@ function bug_update_date( $p_bug_id ) {
  * enable monitoring of this bug for the user
  * @param int p_bug_id integer representing bug ids
  * @param int p_user_id integer representing user ids
- * @return bool (always true)
+ * @return true if successful, false if unsuccessful
  * @access public
  * @uses database_api.php
  * @uses history_api.php
@@ -1711,6 +1711,11 @@ function bug_monitor( $p_bug_id, $p_user_id ) {
 		return true;
 	}
 
+	# Don't let the anonymous user monitor bugs
+	if ( user_is_anonymous( $c_user_id ) ) {
+		return false;
+	}
+
 	$t_bug_monitor_table = db_get_table( 'mantis_bug_monitor_table' );
 
 	# Insert monitoring record

diff --git a/core/html_api.php b/core/html_api.php
@@ -1510,7 +1510,7 @@ function html_button_bug_reopen( $p_bug_id ) {
  */
 function html_button_bug_monitor( $p_bug_id ) {
 	if( access_has_bug_level( config_get( 'monitor_bug_threshold' ), $p_bug_id ) ) {
-		html_button( 'bug_monitor.php', lang_get( 'monitor_bug_button' ), array( 'bug_id' => $p_bug_id, 'action' => 'add' ) );
+		html_button( 'bug_monitor_add.php', lang_get( 'monitor_bug_button' ), array( 'bug_id' => $p_bug_id ) );
 	}
 }
 
@@ -1521,7 +1521,7 @@ function html_button_bug_monitor( $p_bug_id ) {
  * @return null
  */
 function html_button_bug_unmonitor( $p_bug_id ) {
-	html_button( 'bug_monitor.php', lang_get( 'unmonitor_bug_button' ), array( 'bug_id' => $p_bug_id, 'action' => 'delete' ) );
+	html_button( 'bug_monitor_delete.php', lang_get( 'unmonitor_bug_button' ), array( 'bug_id' => $p_bug_id ) );
 }
 
 /**

diff --git a/docbook/adminguide/en/configuration.sgml b/docbook/adminguide/en/configuration.sgml
@@ -2043,6 +2043,31 @@
     <section>
         <title>Misc</title>
         <variablelist>
+            <varlistentry>
+                <term>$g_monitor_bug_threshold</term>
+                <listitem>
+                    <para>Access level needed to monitor bugs. The default
+                        value is REPORTER.
+                    </para>
+                </listitem>
+            </varlistentry>
+            <varlistentry>
+                <term>$g_monitor_add_others_bug_threshold</term>
+                <listitem>
+                    <para>Access level needed to add other users to the list of
+                        users monitoring a bug. The default value is DEVELOPER.
+                    </para>
+                </listitem>
+            </varlistentry>
+            <varlistentry>
+                <term>$g_monitor_delete_others_bug_threshold</term>
+                <listitem>
+                    <para>Access level needed to delete other users from the
+                        list of users monitoring a bug. The default value is
+                        DEVELOPER.
+                    </para>
+                </listitem>
+            </varlistentry>
             <varlistentry>
                 <term>$g_limit_reporters</term>
                 <listitem>

diff --git a/lang/strings_english.txt b/lang/strings_english.txt
@@ -568,8 +568,10 @@ $s_bug_deleted_msg = 'Issue has been deleted...';
 $s_delete_bug_sure_msg = 'Are you sure you wish to delete this issue?';
 $s_delete_bug_button = 'Delete';
 
-# bug_monitor.php
+# bug_monitor_add.php
 $s_monitor_bug_button = 'Monitor';
+
+# bug_monitor_delete.php
 $s_unmonitor_bug_button = 'End Monitoring';
 
 # bug_file_add.php

diff --git a/lang/strings_german_eintrag.txt b/lang/strings_german_eintrag.txt
@@ -543,8 +543,10 @@ $s_bug_deleted_msg = 'Eintrag wurde gelöscht...';
 $s_delete_bug_sure_msg = 'Soll dieser Eintrag wirklich gelöscht werden?';
 $s_delete_bug_button = 'Eintrag löschen';
 
-# bug_monitor.php
+# bug_monitor_add.php
 $s_monitor_bug_button = 'Eintrag beobachten';
+
+# bug_monitor_delete.php
 $s_unmonitor_bug_button = 'Beobachtung beenden';
 
 # bug_file_add.php