From c9a8aca241443bed407b5c25294181bb67f9fc98 Mon Sep 17 00:00:00 2001 From: Damien Regad Date: Sun, 6 Dec 2020 13:27:59 +0100 Subject: [PATCH] New config $g_bug_revision_view_threshold Access level required to view bug history revisions. Note that users can always see the revisions for issues and bugnotes they reported, regardless of the new config's value. Two new Access API functions, access_can_view_bug_revisions() and access_can_view_bugnote_revisions(), can be used to check whether user has required access level. Fixes #20690 --- config_defaults_inc.php | 10 +++++++- core/access_api.php | 54 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 1 deletion(-) diff --git a/config_defaults_inc.php b/config_defaults_inc.php index 121870a0b0..f2b7b1e62f 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -2698,7 +2698,14 @@ $g_bug_reminder_threshold = DEVELOPER; /** - * Access lever required to drop bug history revisions + * Access level required to view bug history revisions. + * Users can always see revisions for the issues and bugnote they reported. + * @global integer $g_bug_revision_view_threshold + */ +$g_bug_revision_view_threshold = DEVELOPER; + +/** + * Access level required to drop bug history revisions. * @global integer $g_bug_revision_drop_threshold */ $g_bug_revision_drop_threshold = MANAGER; @@ -4379,6 +4386,7 @@ 'bug_resolution_fixed_threshold', 'bug_resolution_not_fixed_threshold', 'bug_resolved_status_threshold', + 'bug_revision_view_threshold', 'bug_revision_drop_threshold', 'bug_submit_status', 'bug_update_page_fields', diff --git a/core/access_api.php b/core/access_api.php index 37ff60dd4a..9213e45fb2 100644 --- a/core/access_api.php +++ b/core/access_api.php @@ -936,3 +936,57 @@ function access_has_limited_view( $p_project_id = null, $p_user_id = null ) { $t_project_level = access_get_project_level( $p_project_id, $p_user_id ); return !access_compare_level( $t_project_level, $t_threshold_can_view ); } + +/** + * Return true if user is allowed to view bug revisions. + * + * User must have $g_bug_revision_view_threshold or be the bug's reporter. + * + * @param int $p_bug_id + * @param int $p_user_id + * + * @return bool + */ +function access_can_view_bug_revisions( $p_bug_id, $p_user_id = null ) { + if( !bug_exists( $p_bug_id ) ) { + return false; + } + $t_project_id = bug_get_field( $p_bug_id, 'project_id' ); + $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id; + + $t_has_access = access_has_bug_level( + config_get( 'bug_revision_view_threshold', null, $t_user_id, $t_project_id ), + $p_bug_id, + $t_user_id + ); + + return $t_has_access || bug_is_user_reporter( $p_bug_id, $t_user_id ); +} + +/** + * Return true if user is allowed to view bugnote revisions. + * + * User must have $g_bug_revision_view_threshold or be the bugnote's reporter. + * + * @param int $p_bugnote_id + * @param int $p_user_id + * + * @return bool + */ +function access_can_view_bugnote_revisions( $p_bugnote_id, $p_user_id = null ) { + if( !bugnote_exists( $p_bugnote_id ) ) { + return false; + } + $t_bug_id = bugnote_get_field( $p_bugnote_id, 'bug_id' ); + $t_project_id = bug_get_field( $t_bug_id, 'project_id' ); + $t_user_id = null === $p_user_id ? auth_get_current_user_id() : $p_user_id; + + $t_has_access = access_has_bugnote_level( + config_get( 'bug_revision_view_threshold', null, $t_user_id, $t_project_id ), + $p_bugnote_id, + $t_user_id + ); + + + return $t_has_access || bugnote_is_user_reporter( $p_bugnote_id, $t_user_id ); +}