Remove hardcoded uses of ADMINISTRATOR constant

In custom installations it may be possible to have different administrator access levels. An existing configuration option $g_admin_site_threshold is used, alongside existing user_is_administrator and current_user_is_administrator functions to remove all hardcoded uses of the ADMINISTRATOR constant. It is now possible to create your own administrator access level using the custom_*_inc.php files. In some setups, you may even want to define multiple different administrator access levels - even if it's just for cosmetic reasons (different access level names appearing under each user). Signed-off-by: John Reese <jreese@leetcode.net>
mantisbt · Jun 19, 2009 · 5824bb7 · 5824bb7
1 parent 545da5f
commit 5824bb7
Show file tree

Hide file tree

Showing 26 changed files with 52 additions and 38 deletions.
diff --git a/account_prefs_update.php b/account_prefs_update.php
@@ -86,7 +86,7 @@
 
 	# prevent users from changing other user's accounts
 	if ( $f_user_id != auth_get_current_user_id() ) {
-		access_ensure_project_level( ADMINISTRATOR );
+		access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 	}
 
 	# make sure the delay isn't too low

diff --git a/admin/check.php b/admin/check.php
@@ -317,7 +317,7 @@ function test_database_utf8() {
 print_test_row( 'check configuration: anonymous_account is a valid username if set',
 	( (strlen( config_get_global( 'anonymous_account') ) > 0 ) ? ( ($t_anon_user = user_get_id_by_name( config_get_global( 'anonymous_account') ) ) !== false ) : TRUE ) );
 print_test_row( 'check configuration: anonymous_account should not be an administrator',
-	( $t_anon_user ? ( !access_compare_level( user_get_field( $t_anon_user, 'access_level' ), ADMINISTRATOR) ) : TRUE ) );
+	( $t_anon_user ? ( !user_is_administrator( $t_anon_user ) ) : TRUE ) );
 print_test_row( '$g_bug_link_tag is not empty ("' . config_get_global( 'bug_link_tag' ) . '")',
 	'' <> config_get_global( 'bug_link_tag' ) );
 print_test_row( '$g_bugnote_link_tag is not empty ("' . config_get_global( 'bugnote_link_tag' ) . '")',

diff --git a/admin/copy_field.php b/admin/copy_field.php
@@ -26,7 +26,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 $f_source_field_id = gpc_get_int( 'source_id' );
 $f_dest_field = gpc_get( 'dest_id' );

diff --git a/admin/db_stats.php b/admin/db_stats.php
@@ -25,7 +25,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 # --------------------
 function helper_table_row_count( $p_table ) {

diff --git a/admin/email_queue.php b/admin/email_queue.php
@@ -25,7 +25,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 $f_to = gpc_get( 'send', null );
 
@@ -72,4 +72,4 @@
 }
 
 html_button( 'email_queue.php', 'Send All', array( 'send' => 'all') );
-html_button( 'email_queue.php', 'Send Or Delete All', array( 'send' => 'sendordelall') );
+html_button( 'email_queue.php', 'Send Or Delete All', array( 'send' => 'sendordelall') );
diff --git a/admin/index.php b/admin/index.php
@@ -26,7 +26,7 @@
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 require_once( 'schema.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 html_page_top( 'MantisBT Administration' );
 

diff --git a/admin/move_db2disk.php b/admin/move_db2disk.php
@@ -26,7 +26,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 // Move type should be attachment or project.
 $f_move_type = gpc_get( 'doc' );

diff --git a/admin/system_utils.php b/admin/system_utils.php
@@ -26,7 +26,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 html_page_top( 'MantisBT Administration - System Utilities' );
 
@@ -95,4 +95,4 @@
 
 </table>
 <?
-	html_page_bottom( __FILE__ );
+	html_page_bottom( __FILE__ );
diff --git a/admin/test_email.php b/admin/test_email.php
@@ -25,7 +25,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 $f_mail_test = gpc_get_bool( 'mail_test' );
 

diff --git a/admin/test_icons.php b/admin/test_icons.php
@@ -25,7 +25,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 html_page_top();
 

diff --git a/admin/test_langs.php b/admin/test_langs.php
@@ -48,7 +48,7 @@
 unset( $g_skip_lang_load ) ;
 lang_push( 'english' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 set_time_limit( 0 );
 

diff --git a/admin/upgrade_warning.php b/admin/upgrade_warning.php
@@ -25,7 +25,7 @@
  */
 require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'core.php' );
 
-access_ensure_global_level( ADMINISTRATOR );
+access_ensure_global_level( config_get_global( 'admin_site_threshold' ) );
 
 $g_error_send_page_header = false; # suppress page headers in the error handler
 

diff --git a/api/soap/mc_project_api.php b/api/soap/mc_project_api.php
@@ -526,7 +526,7 @@ function mc_project_get_attachments( $p_username, $p_password, $p_project_id ) {
 	$t_user_table = db_get_table( 'mantis_user_table' );
 	$t_pub = VS_PUBLIC;
 	$t_priv = VS_PRIVATE;
-	$t_admin = ADMINISTRATOR;
+	$t_admin = config_get_global( 'admin_site_threshold' );
 
 	if( $p_project_id == ALL_PROJECTS ) {
 		# Select all the projects that the user has access to

diff --git a/core/access_api.php b/core/access_api.php
@@ -293,7 +293,8 @@ function access_get_project_level( $p_project_id = null, $p_user_id = null ) {
 	}
 
 	$t_global_access_level = access_get_global_level( $p_user_id );
-	if(( ALL_PROJECTS == $p_project_id ) || ( ADMINISTRATOR == $t_global_access_level ) ) {
+
+	if( ALL_PROJECTS == $p_project_id || user_is_administrator( $p_user_id ) ) {
 		return $t_global_access_level;
 	} else {
 		$t_project_access_level = access_get_local_level( $p_user_id, $p_project_id );

diff --git a/core/config_api.php b/core/config_api.php
@@ -242,7 +242,7 @@ function config_get_access( $p_option, $p_user = null, $p_project = null ) {
 		}
 	}
 
-	return $t_found ? $t_access : ADMINISTRATOR;
+	return $t_found ? $t_access : config_get_global( 'admin_site_threshold' );
 }
 
 # ------------------
@@ -302,7 +302,10 @@ function config_is_set( $p_option, $p_user = null, $p_project = null ) {
 # ------------------
 # Sets the value of the given config option to the given value
 #  If the config option does not exist, an ERROR is triggered
-function config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = ADMINISTRATOR ) {
+function config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = DEFAULT_ACCESS_LEVEL ) {
+	if( $p_access == DEFAULT_ACCESS_LEVEL ) {
+		$p_access = config_get_global( 'admin_site_threshold' );
+	}
 	if( is_array( $p_value ) || is_object( $p_value ) ) {
 		$t_type = CONFIG_TYPE_COMPLEX;
 		$c_value = serialize( $p_value );
@@ -383,8 +386,13 @@ function config_set_global( $p_option, $p_value, $p_override = true ) {
 # ------------------
 # Sets the value of the given config option to the given value
 #  If the config option does not exist, an ERROR is triggered
-function config_set_cache( $p_option, $p_value, $p_type, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = ADMINISTRATOR ) {
+function config_set_cache( $p_option, $p_value, $p_type, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = DEFAULT_ACCESS_LEVEL ) {
 	global $g_cache_config, $g_cache_config_access;
+
+	if( $p_access == DEFAULT_ACCESS_LEVEL ) {
+		$p_access = config_get_global( 'admin_site_threshold' );
+	}
+
 	$g_cache_config[$p_option][$p_user][$p_project] = $p_type . ';' . $p_value;
 	$g_cache_config_access[$p_option][$p_user][$p_project] = $p_access;
 

diff --git a/core/filter_api.php b/core/filter_api.php
@@ -4493,7 +4493,7 @@ function filter_db_can_delete_filter( $p_filter_id ) {
 	$t_user_id = auth_get_current_user_id();
 
 	# Administrators can delete any filter
-	if( access_has_global_level( ADMINISTRATOR ) ) {
+	if( user_is_administrator( $t_user_id ) ) {
 		return true;
 	}
 

diff --git a/core/html_api.php b/core/html_api.php
@@ -804,7 +804,7 @@ function print_menu() {
 		if ( news_is_enabled() && access_has_project_level( config_get( 'manage_news_threshold' ) ) ) {
 
 			# Admin can edit news for All Projects (site-wide)
-			if(( ALL_PROJECTS != helper_get_current_project() ) || ( access_has_project_level( ADMINISTRATOR ) ) ) {
+			if( ALL_PROJECTS != helper_get_current_project() || current_user_is_administrator() ) {
 				$t_menu_options[] = '<a href="' . helper_mantis_url( 'news_menu_page.php">' ) . lang_get( 'edit_news_link' ) . '</a>';
 			} else {
 				$t_menu_options[] = '<a href="' . helper_mantis_url( 'login_select_proj_page.php">' ) . lang_get( 'edit_news_link' ) . '</a>';

diff --git a/core/plugin_api.php b/core/plugin_api.php
@@ -177,7 +177,11 @@ function plugin_config_get( $p_option, $p_default = null, $p_global = false ) {
  * @param int Project ID
  * @param int Access threshold
  */
-function plugin_config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = ADMINISTRATOR ) {
+function plugin_config_set( $p_option, $p_value, $p_user = NO_USER, $p_project = ALL_PROJECTS, $p_access = DEFAULT_ACCESS_LEVEL ) {
+	if( $p_access == DEFAULT_ACCESS_LEVEL ) {
+		$p_access = config_get_global( 'admin_site_threshold' );
+	}
+
 	$t_basename = plugin_get_current();
 	$t_full_option = 'plugin_' . $t_basename . '_' . $p_option;
 

diff --git a/core/print_api.php b/core/print_api.php
@@ -326,7 +326,7 @@ function print_news_item_option_list() {
 
 	$t_project_id = helper_get_current_project();
 
-	$t_global = access_has_global_level( ADMINISTRATOR );
+	$t_global = access_has_global_level( config_get_global( 'admin_site_threshold' ) );
 	if( $t_global ) {
 		$query = "SELECT id, headline, announcement, view_state
 				FROM $t_mantis_news_table
@@ -1035,7 +1035,7 @@ function print_project_user_list_option_list( $p_project_id = null ) {
 	}
 	$c_project_id = (int) $p_project_id;
 
-	$t_adm = ADMINISTRATOR;
+	$t_adm = config_get_global( 'admin_site_threshold' );
 	$query = "SELECT DISTINCT u.id, u.username, u.realname
 				FROM $t_mantis_user_table u
 				LEFT JOIN $t_mantis_project_user_list_table p

diff --git a/core/user_api.php b/core/user_api.php
@@ -338,7 +338,7 @@ function user_is_monitoring_bug( $p_user_id, $p_bug_id ) {
 function user_is_administrator( $p_user_id ) {
 	$t_access_level = user_get_field( $p_user_id, 'access_level' );
 
-	if( $t_access_level >= ADMINISTRATOR ) {
+	if( $t_access_level >= config_get_global( 'admin_site_threshold' ) ) {
 		return true;
 	} else {
 		return false;
@@ -801,7 +801,7 @@ function user_get_avatar( $p_user_id, $p_size = 80 ) {
 function user_get_access_level( $p_user_id, $p_project_id = ALL_PROJECTS ) {
 	$t_access_level = user_get_field( $p_user_id, 'access_level' );
 
-	if( $t_access_level >= ADMINISTRATOR ) {
+	if( user_is_administrator( $p_user_id ) ) {
 		return $t_access_level;
 	}
 

diff --git a/manage_overview_page.php b/manage_overview_page.php
@@ -26,7 +26,6 @@
 
 	auth_reauthenticate();
 	access_ensure_global_level( config_get( 'manage_site_threshold' ) );
-	$t_is_admin = access_has_global_level( config_get( 'admin_site_threshold' ) );
 
 	$t_version_suffix = config_get_global( 'version_suffix' );
 
@@ -56,7 +55,7 @@
 <td></td>
 </tr>
 
-<?php if ( $t_is_admin ) { ?>
+<?php if ( current_user_is_administrator() ) { ?>
 <tr <?php echo helper_alternate_class() ?>>
 <td class="category"><?php echo lang_get( 'site_path' ) ?></td>
 <td><?php echo config_get( 'absolute_path' ) ?></td>

diff --git a/manage_user_edit_page.php b/manage_user_edit_page.php
@@ -149,7 +149,7 @@
 	</form>
 
 <!-- Delete Button -->
-<?php if ( !( ( ADMINISTRATOR <= $t_user['access_level'] ) && ( 1 >= user_count_level( ADMINISTRATOR ) ) ) ) { ?>
+<?php if ( !( ( user_is_administrator( $t_user ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) ) ) { ?>
 	<form method="post" action="manage_user_delete.php">
 <?php echo form_security_field( 'manage_user_delete' ) ?>
 
@@ -172,7 +172,7 @@
 
 <!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
 <?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) &&
-    !access_has_global_level( ADMINISTRATOR, $t_user['id'] ) ){
+    !user_is_administrator( $t_user_id ) ) {
 ?>
 <br />
 <div align="center">

diff --git a/manage_user_update.php b/manage_user_update.php
@@ -77,15 +77,17 @@
 	$t_old_protected = user_get_field( $f_user_id, 'protected' );
 
 	# check that we are not downgrading the last administrator
-	$t_old_access = user_get_field( $f_user_id, 'access_level' );
-	if ( ( ADMINISTRATOR == $t_old_access ) && ( $t_old_access <> $f_access_level ) && ( 1 >= user_count_level( ADMINISTRATOR ) ) ) {
+	$t_admin_threshold = config_get_global( 'admin_site_threshold' );
+	if ( user_is_administrator( $f_user_id ) &&
+	     $f_access_level < $t_admin_threshold &&
+	     user_count_level( $t_admin_threshold ) <= 1 ) {
 		trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
 	}
 
 	# Project specific access rights override global levels, hence, for users who are changed
 	# to be administrators, we have to remove project specific rights.
-    if ( ( $c_access_level >= ADMINISTRATOR ) && ( !user_is_administrator( $c_user_id ) ) ) {
-		user_delete_project_specific_access_levels( $c_user_id );
+    if ( ( $f_access_level >= $t_admin_threshold ) && ( !user_is_administrator( $f_user_id ) ) ) {
+		user_delete_project_specific_access_levels( $f_user_id );
 	}
 
 	# if the user is already protected and the admin is not removing the

diff --git a/news_edit_page.php b/news_edit_page.php
@@ -106,7 +106,7 @@
 		<select name="project_id">
 		<?php
 			$t_sitewide = false;
-			if ( access_has_project_level( ADMINISTRATOR ) ) {
+			if ( current_user_is_administrator() ) {
 				$t_sitewide = true;
 			}
 			print_project_option_list( $v_project_id, $t_sitewide );

diff --git a/news_menu_page.php b/news_menu_page.php
@@ -91,7 +91,7 @@
 <?php 
 	# Add News Form END
 	# Edit/Delete News Form BEGIN
-	if ( news_get_count( helper_get_current_project(), access_has_global_level( ADMINISTRATOR ) ) > 0 ) {
+	if ( news_get_count( helper_get_current_project(), current_user_is_administrator() ) > 0 ) {
 ?>
 <br />
 <div align="center">

diff --git a/proj_doc_page.php b/proj_doc_page.php
@@ -44,7 +44,7 @@
 	$t_user_table = db_get_table( 'mantis_user_table' );
 	$t_pub = VS_PUBLIC;
 	$t_priv = VS_PRIVATE;
-	$t_admin = ADMINISTRATOR;
+	$t_admin = config_get_global( 'admin_site_threshold' );
 
 	if ( $f_project_id == ALL_PROJECTS ) {
 		# Select all the projects that the user has access to
@@ -76,7 +76,7 @@
 				WHERE pft.project_id in (" . implode( ',', $t_projects ) . ") AND
 					( ( ( pt.view_state = $t_pub OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level $t_access_clause ) OR
 						( ( pult.user_id = $t_user_id ) AND ( pult.access_level $t_access_clause ) ) OR
-						( ut.access_level = $t_admin ) )
+						( ut.access_level >= $t_admin ) )
 				ORDER BY pt.name ASC, pft.title ASC";
 	$result = db_query( $query );
 	$num_files = db_num_rows( $result );