Skip to content

Commit

Permalink
Let users add monitors even if they can't see them
Browse files Browse the repository at this point in the history 
In view.php, the 'Users monitoring this issue' box is only displayed
if the user has $g_show_monitor_list_threshold. If the same user had
$g_monitor_add_others_bug_threshold, they would not be able to adding
new monitors.

This is an uncommon situation, as monitor_add_others_bug_threshold is
expected to be >= show_monitor_list_threshold. Still it makes sense to
fix that since the configuration allows such setup.

With this change, an 'Access Denied' message is displayed instead of the
users' list if access level is below show_monitor_list_threshold and
>= monitor_add_others_bug_threshold, and the form to add new monitors is
shown.

If user's access level is lower than both thresholds, then the behavior
is unchanged, i.e. the whole box is hidden.

Fixes #25815
  • Loading branch information
@dregad
dregad committed May 31, 2019
1 parent e5da1a4 commit e5a8ca4
Showing 1 changed file with 67 additions and 46 deletions.
113 changes: 67 additions & 46 deletions bug_monitor_list_view_inc.php
View file
Expand Up @@ -48,75 +48,96 @@
require_api( 'print_api.php' );
require_api( 'user_api.php' );

if( access_has_bug_level( config_get( 'show_monitor_list_threshold' ), $f_bug_id ) ) {
$t_users = bug_get_monitors( $f_bug_id );
$t_num_users = sizeof( $t_users );

echo '<div class="col-md-12 col-xs-12">';
echo '<a id="monitors"></a>';
echo '<div class="space-10"></div>';
$t_can_see_monitors = access_has_bug_level( config_get( 'show_monitor_list_threshold' ), $f_bug_id );
$t_can_add_others = access_has_bug_level( config_get( 'monitor_add_others_bug_threshold' ), $f_bug_id );

if( $t_can_see_monitors || $t_can_add_others ) {
$t_collapse_block = is_collapsed( 'monitoring' );
$t_block_css = $t_collapse_block ? 'collapsed' : '';
$t_block_icon = $t_collapse_block ? 'fa-chevron-down' : 'fa-chevron-up';
?>
<div id="monitoring" class="widget-box widget-color-blue2 <?php echo $t_block_css ?>">
<div class="widget-header widget-header-small">
<h4 class="widget-title lighter">
<i class="ace-icon fa fa-users"></i>
<?php echo lang_get( 'users_monitoring_bug' ) ?>
</h4>
<div class="widget-toolbar">
<a data-action="collapse" href="#">
<i class="1 ace-icon fa <?php echo $t_block_icon ?> bigger-125"></i>
</a>
</div>
</div>
<div class="col-md-12 col-xs-12">
<a id="monitors"></a>
<div class="space-10"></div>

<div class="widget-body">
<div class="widget-main no-padding">
<div id="monitoring" class="widget-box widget-color-blue2 <?php echo $t_block_css ?>">
<div class="widget-header widget-header-small">
<h4 class="widget-title lighter">
<i class="ace-icon fa fa-users"></i>
<?php echo lang_get( 'users_monitoring_bug' ) ?>
</h4>
<div class="widget-toolbar">
<a data-action="collapse" href="#">
<i class="1 ace-icon fa <?php echo $t_block_icon ?> bigger-125"></i>
</a>
</div>
</div>

<div class="table-responsive">
<table class="table table-bordered table-condensed table-striped">
<tr>
<th class="category" width="15%">
<?php echo lang_get( 'monitoring_user_list' ); ?>
</th>
<td>
<div class="widget-body">
<div class="widget-main no-padding">
<div class="table-responsive">
<table class="table table-bordered table-condensed table-striped">
<tr>
<th class="category" width="15%">
<?php echo lang_get( 'monitoring_user_list' ); ?>
</th>
<td>
<div>
<?php
if( 0 == $t_num_users ) {
# List of users monitoring the issue
if( $t_can_see_monitors ) {
$t_users = bug_get_monitors( $f_bug_id );
if( count( $t_users ) == 0 ) {
echo lang_get( 'no_users_monitoring_bug' );
} else {
$t_can_delete_others = access_has_bug_level( config_get( 'monitor_delete_others_bug_threshold' ), $f_bug_id );
for( $i = 0; $i < $t_num_users; $i++ ) {
echo ($i > 0) ? ', ' : '';
print_user( $t_users[$i] );
if( $t_can_delete_others ) {
$t_button = '&nbsp;'
. '<a class="btn btn-xs btn-primary btn-white btn-round" '
. 'href="' . helper_mantis_url( 'bug_monitor_delete.php' )
. '?bug_id=' . $f_bug_id . '&amp;'
. 'user_id=%s'
. htmlspecialchars( form_security_param( 'bug_monitor_delete' ) )
. '"><i class="fa fa-times"></i></a>';
}

foreach( $t_users as $t_user ) {
$t_print = prepare_user_name( $t_user );
if( $t_can_delete_others ) {
echo ' <a class="btn btn-xs btn-primary btn-white btn-round" href="' . helper_mantis_url( 'bug_monitor_delete.php' ) . '?bug_id=' . $f_bug_id . '&amp;user_id=' . $t_users[$i] . htmlspecialchars(form_security_param( 'bug_monitor_delete' )) . '"><i class="fa fa-times"></i></a>';
$t_print .= sprintf( $t_button, $t_user );
}
}
$t_list[] = $t_print;
}
echo implode( ",\n", $t_list );
}
} else {
echo lang_get( 'access_denied' );
$t_users = null;
} # End users list
?>

if( access_has_bug_level( config_get( 'monitor_add_others_bug_threshold' ), $f_bug_id ) ) {
</div>
<?php
if( $t_can_add_others ) {
?>
<br /><br />

<div class="space-10"></div>
<form method="get" action="bug_monitor_add.php" class="form-inline noprint">
<?php echo form_security_field( 'bug_monitor_add' ) ?>
<?php echo form_security_field( 'bug_monitor_add' ) ?>
<input type="hidden" name="bug_id" value="<?php echo (integer)$f_bug_id; ?>" />
<label for="bug_monitor_list_username"><?php echo lang_get( 'username' ) ?></label>
<input type="text" class="input-sm" id="bug_monitor_list_username" name="username" />
<input type="submit" class="btn btn-primary btn-sm btn-white btn-round" value="<?php echo lang_get( 'add_user_to_monitor' ) ?>" />
</form>
<?php } ?>
</td>
</tr>
</table>
</div>
</div>
</div>
</div>
<?php } ?>
</td>
</tr>
</table>
</div>
</div>
</div>
</div>
</div>

<?php
} # show monitor list

0 comments on commit e5a8ca4

Please sign in to comment.