From 618ffb2ccae164ada41577913d75f9f86f24706b Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sun, 3 Nov 2013 14:25:03 +0100
Subject: [PATCH] Add user to project when locking themselves out

Automatically add the current user with their access level to the
project's user list if after updating it they can no longer access it
(i.e. by making it private).

Reimplements e08fc01af521334465e4cd356e8a55c8386960f7, but at the API
level (ie. the logic is now in project_update() function instead of
manage_proj_update.php), so Mantis behave consistently from GUI as well
as SOAP.

Fixes #16554
---
 core/project_api.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/core/project_api.php b/core/project_api.php
index 29d3e845d6..6319dca4ef 100644
--- a/core/project_api.php
+++ b/core/project_api.php
@@ -192,7 +192,7 @@ function project_cache_all() {
 	return $g_cache_project;
 }
 
-/** 
+/**
  * Clear the project cache (or just the given id if specified)
  * @param int $p_project_id project id
  * @return bool
@@ -444,6 +444,17 @@ function project_update( $p_project_id, $p_name, $p_description, $p_status, $p_v
 
 	$t_old_name = project_get_field( $p_project_id, 'name' );
 
+	# If project is becoming private, save current user's access level
+	# so we can add them to the project afterwards so they don't lock
+	# themselves out
+	$t_old_view_state = project_get_field( $p_project_id, 'view_state' );
+	$t_is_becoming_private = VS_PRIVATE == $p_view_state && VS_PRIVATE != $t_old_view_state;
+	if( $t_is_becoming_private ) {
+		$t_user_id = auth_get_current_user_id();
+		$t_access_level = user_get_access_level( $t_user_id, $p_project_id );
+		$t_manage_project_threshold = config_get( 'manage_project_threshold' );
+	}
+
 	if( strcasecmp( $p_name, $t_old_name ) != 0 ) {
 		project_ensure_name_unique( $p_name );
 	}
@@ -467,6 +478,12 @@ function project_update( $p_project_id, $p_name, $p_description, $p_status, $p_v
 
 	project_clear_cache( $p_project_id );
 
+	# User just locked themselves out of the project by making it private,
+	# so we add them to the project with their previous access level
+	if( $t_is_becoming_private && !access_has_project_level( $t_manage_project_threshold, $p_project_id ) ) {
+		project_add_user( $p_project_id, $t_user_id, $t_access_level );
+	}
+
 	# db_query_bound() errors on failure so:
 	return true;
 }