From 4ea3f5486071b34b16acd6d2a1beddd45e3d935b Mon Sep 17 00:00:00 2001 From: Kenzaburo Ito Date: Wed, 16 Jan 2002 05:22:24 +0000 Subject: [PATCH] Fixed access checks to see if viewer has permission to view the bug. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@653 f5dc347c-c33d-0410-90a0-b07cc1902cb9 --- core_user_API.php | 27 +++++++++++++++++++++------ doc/ChangeLog | 1 + 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/core_user_API.php b/core_user_API.php index bf07240c8e..c9e4696cc0 100644 --- a/core_user_API.php +++ b/core_user_API.php @@ -295,20 +295,35 @@ function project_access_check( $p_bug_id, $p_project_id="0" ) { project_check( $p_bug_id ); + #if ( 0 == $p_project_id ) { + # $p_project_id = $g_project_cookie_val; + #} + # access_level check $t_project_id = get_bug_field( "project_id", $p_bug_id ); $t_user_id = get_current_user_field( "id" ); $t_project_access_level = get_project_access_level( $t_project_id ); - $t_access_level = get_current_user_field( "access_level" ); - if ( -1 != $t_project_access_level ) { - if ( 0 ) { - print_header_redirect( $g_login_select_proj_page ); - } else { + + #echo $t_project_id."
"; + #echo $g_project_cookie_val."
"; + #echo $t_project_access_level."
"; + + if ( -1 == $t_project_access_level ) { + # user is not in the user lists + $t_access_level = get_current_user_field( "access_level" ); + $t_access_threshold = get_project_field( $t_project_id, "access_min" ); + #echo $t_access_level."
"; + #echo $t_access_threshold."
"; + #exit; + if ( $t_access_level >= $t_access_threshold ) { return; + } else { + print_header_redirect( $g_login_select_proj_page ); } } else { + # user is in the user lists + # being in the lists means they have access return; - #print_header_redirect( $g_logout_page ); } } # -------------------- diff --git a/doc/ChangeLog b/doc/ChangeLog index 67c0dce93e..8a927f0d5d 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -9,6 +9,7 @@ Mantis * Fixed database and file to no longer use TIMESTAMPS. * Fixed password reset to blank to work for other encryption types. * Fixed admin_upgrade.php to honor the $g_php global. + * Fixed access checks to see if viewer has permission to view the bug. * Modified many files for extensive use of CSS. * Modified BLOB field to LONGBLOB. * Modified bug action buttons to be more consistent.