From 9eb915c34fe0b300d551b9c5598b7cc337710ac3 Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Wed, 4 Nov 2015 00:48:21 +0100 Subject: [PATCH] Check workflow prior to reopening bug Add a check to access_can_reopen_bug() to ensure the reopen status is reachable by the current workflow configuration. If not, return false. Previously, the reopen operation would fail anyway when the status is changed. With this early check, failure is detected before the action is made. A direct benefit from this is that the "reopen" button is not shown to the user if the action is not possible. Fixes #20256 Signed-off-by: Damien Regad --- core/access_api.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/core/access_api.php b/core/access_api.php index 8e72bea02c..b7bc1090cb 100644 --- a/core/access_api.php +++ b/core/access_api.php @@ -560,6 +560,13 @@ function access_can_reopen_bug( BugData $p_bug, $p_user_id = null ) { $p_user_id = auth_get_current_user_id(); } + $t_reopen_status = config_get( 'bug_reopen_status', null, null, $p_bug->project_id ); + + # Reopen status must be reachable by workflow + if( !bug_check_workflow( $p_bug->status, $t_reopen_status ) ) { + return false; + } + # If allow_reporter_reopen is enabled, then reporters can always reopen # their own bugs as long as their access level is reporter or above if( ON == config_get( 'allow_reporter_reopen', null, null, $p_bug->project_id ) @@ -572,7 +579,6 @@ function access_can_reopen_bug( BugData $p_bug, $p_user_id = null ) { # Other users's access level must allow them to reopen bugs $t_reopen_bug_threshold = config_get( 'reopen_bug_threshold', null, null, $p_bug->project_id ); if( access_has_bug_level( $t_reopen_bug_threshold, $p_bug->id, $p_user_id ) ) { - $t_reopen_status = config_get( 'bug_reopen_status', null, null, $p_bug->project_id ); # User must be allowed to change status to reopen status $t_reopen_status_threshold = access_get_status_threshold( $t_reopen_status, $p_bug->project_id );