Disable selection of projects in which user can't report issues

When the current project is 'All Projects' and user clicks on 'Report Issue', login_select_proj_page.php presents them with a list of projects, which includes those in which the user is not allowed to report issues. If one of these projects is selected, an 'Access Denied' error occurs. This commit makes the functionality more user-friendly by disabling these projects in the list, so users can't select them. To implement this, a new optional parameter was added to functions print_project_option_list() and print_subproject_option_list(). Fixes #16024 Conflicts: core/print_api.php
mantisbt · Oct 9, 2013 · ef31cc7 · ef31cc7
1 parent cf77314
commit ef31cc7
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 13 deletions.
diff --git a/core/print_api.php b/core/print_api.php
@@ -501,10 +501,13 @@ function print_note_option_list( $p_user_id = '', $p_project_id = null, $p_thres
  * @param bool $p_include_all_projects  true: include "All Projects", otherwise false.
  * @param mixed $p_filter_project_id  The id of a project to exclude or null.
  * @param string $p_trace  The current project trace, identifies the sub-project via a path from top to bottom.
+ * @param bool $p_can_report_only If true, disables projects in which user can't report issues; defaults to false (all projects enabled)
  * @return void
  */
-function print_project_option_list( $p_project_id = null, $p_include_all_projects = true, $p_filter_project_id = null, $p_trace = false ) {
-	$t_project_ids = current_user_get_accessible_projects();
+function print_project_option_list( $p_project_id = null, $p_include_all_projects = true, $p_filter_project_id = null, $p_trace = false, $p_can_report_only = false ) {
+	$t_user_id = auth_get_current_user_id();
+	$t_project_ids = user_get_accessible_projects( $t_user_id );
+	$t_can_report = true;
 	project_cache_array_rows( $t_project_ids );
 
 	if( $p_include_all_projects ) {
@@ -515,37 +518,54 @@ function print_project_option_list( $p_project_id = null, $p_include_all_project
 		echo '>' . lang_get( 'all_projects' ) . '</option>' . "\n";
 	}
 
-	$t_project_count = count( $t_project_ids );
-	for( $i = 0;$i < $t_project_count;$i++ ) {
-		$t_id = $t_project_ids[$i];
+	foreach( $t_project_ids as $t_id ) {
+		if( $p_can_report_only ) {
+			$t_report_bug_threshold = config_get( 'report_bug_threshold', null, $t_user_id, $t_id );
+			$t_can_report = access_has_project_level( $t_report_bug_threshold, $t_id, $t_user_id );
+		}
+
 		if( $t_id != $p_filter_project_id ) {
 			echo '<option value="' . $t_id . '"';
 			if ( $p_project_id !== null ) {
 				check_selected( (int)$p_project_id, $t_id, false );
+				check_disabled( !$t_can_report );
 			}
 			echo '>' . string_attribute( project_get_field( $t_id, 'name' ) ) . '</option>' . "\n";
-			print_subproject_option_list( $t_id, $p_project_id, $p_filter_project_id, $p_trace, array() );
+			print_subproject_option_list( $t_id, $p_project_id, $p_filter_project_id, $p_trace, $p_can_report_only );
 		}
 	}
 }
 
 # --------------------
 # List projects that the current user has access to
-function print_subproject_option_list( $p_parent_id, $p_project_id = null, $p_filter_project_id = null, $p_trace = false, $p_parents = array() ) {
+function print_subproject_option_list( $p_parent_id, $p_project_id = null, $p_filter_project_id = null, $p_trace = false, $p_can_report_only = false, $p_parents = array() ) {
 	array_push( $p_parents, $p_parent_id );
-	$t_project_ids = current_user_get_accessible_subprojects( $p_parent_id );
-	$t_project_count = count( $t_project_ids );
-	for( $i = 0;$i < $t_project_count;$i++ ) {
-		$t_full_id = $t_id = $t_project_ids[$i];
+	$t_user_id = auth_get_current_user_id();
+	$t_project_ids = user_get_accessible_subprojects( $t_user_id, $p_parent_id );
+	$t_can_report = true;
+
+	foreach( $t_project_ids as $t_id ) {
+		if( $p_can_report_only ) {
+			$t_report_bug_threshold = config_get( 'report_bug_threshold', null, $t_user_id, $t_id );
+			$t_can_report = access_has_project_level( $t_report_bug_threshold, $t_id, $t_user_id );
+		}
+
 		if( $t_id != $p_filter_project_id ) {
 			if( $p_trace ) {
 				$t_full_id = join( $p_parents, ";" ) . ';' . $t_id;
+			} else {
+				$t_full_id = $t_id;
 			}
 			echo '<option value="' . $t_full_id . '"';
 			if ( $p_project_id !== null ) {
 				check_selected( $p_project_id, $t_full_id, false );
+				check_disabled( !$t_can_report );
 			}
-			echo '>' . str_repeat( '&#160;', count( $p_parents ) ) . str_repeat( '&#187;', count( $p_parents ) ) . ' ' . string_attribute( project_get_field( $t_id, 'name' ) ) . '</option>' . "\n";
+			echo '>'
+				. str_repeat( '&#160;', count( $p_parents ) )
+				. str_repeat( '&#187;', count( $p_parents ) ) . ' '
+				. string_attribute( project_get_field( $t_id, 'name' ) )
+				. '</option>' . "\n";
 			print_subproject_option_list( $t_id, $p_project_id, $p_filter_project_id, $p_trace, $p_parents );
 		}
 	}

diff --git a/login_select_proj_page.php b/login_select_proj_page.php
@@ -74,7 +74,7 @@
 				<label for="select-project-id"><span><?php echo lang_get( 'select_project_button' ) ?></span></label>
 				<span class="select">
 					<select id="select-project-id" name="project_id">
-						<?php print_project_option_list( ALL_PROJECTS, false, null, true ) ?>
+						<?php print_project_option_list( ALL_PROJECTS, false, null, true, true ) ?>
 					</select>
 				</span>
 				<span class="label-style"></span>