Ensure default_project pref is a valid project

It was possible for a user's default project setting to contain an invalid project id (user_pref_table.default_project). This can happen when the user is removed from the list of allowed users on a private project, or when a project becomes private or is deleted. While this does not impact the MantisBT UI which transparently copes with it, in terms of data integrity this should not happen. We now set default_project to ALL_PROJECTS (0) when users no longer have access to their default project. Fixes #27144
mantisbt · Aug 17, 2020 · 6023c6b · 6023c6b
1 parent 5acff67
commit 6023c6b
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/core/project_api.php b/core/project_api.php
@@ -391,6 +391,9 @@ function project_delete( $p_project_id ) {
 	# Delete the project files
 	project_delete_all_files( $p_project_id );
 
+	# Set default to ALL_PROJECTS for all users who had the project as default
+	user_pref_clear_project_default( $p_project_id );
+
 	# Delete the records assigning users to this project
 	project_remove_all_users( $p_project_id );
 
@@ -474,6 +477,10 @@ function project_update( $p_project_id, $p_name, $p_description, $p_status, $p_v
 	if( $t_is_becoming_private && !access_has_project_level( $t_manage_project_threshold, $p_project_id ) ) {
 		project_add_user( $p_project_id, $t_user_id, $t_access_level );
 	}
+
+	if( $t_is_becoming_private ) {
+		user_pref_clear_invalid_project_default( $p_project_id );
+	}
 }
 
 /**
@@ -840,6 +847,10 @@ function project_remove_user( $p_project_id, $p_user_id ) {
 
 /**
  * Remove multiple users from project.
+ *
+ * The user's default_project preference will be set to ALL_PROJECTS if they
+ * no longer have access to the project.
+
  * @param integer $p_project_id  A project identifier.
  * @param array $p_user_ids      Array of user identifiers.
  * @return void
@@ -859,13 +870,19 @@ function project_remove_users( $p_project_id, array $p_user_ids ) {
 			. ' AND ' . $t_query->sql_in( 'user_id', $t_user_ids );
 	$t_query->sql( $t_sql );
 	$t_query->execute();
+
+	user_pref_clear_invalid_project_default( $p_project_id );
 }
 
 /**
  * Delete all users from the project user list for a given project. This is
  * useful when deleting or closing a project. The $p_access_level_limit
  * parameter can be used to only remove users from a project if their access
  * level is below or equal to the limit.
+ *
+ * The user's default_project preference will be set to ALL_PROJECTS if they
+ * no longer have access to the project.
+ *
  * @param integer $p_project_id         A project identifier.
  * @param integer $p_access_level_limit Access level limit (null = no limit).
  * @return void
@@ -880,6 +897,8 @@ function project_remove_all_users( $p_project_id, $p_access_level_limit = null )
 	} else {
 		db_query( $t_query, array( (int)$p_project_id ) );
 	}
+
+	user_pref_clear_invalid_project_default( $p_project_id );
 }
 
 /**