diff --git a/adm_config_delete.php b/adm_config_delete.php
index d4e85f1282..59677ecc20 100644
--- a/adm_config_delete.php
+++ b/adm_config_delete.php
@@ -31,10 +31,10 @@
$f_project_id = gpc_get_int( 'project_id' );
$f_config_option = gpc_get_string( 'config_option' );
- if ( $f_project_id == ALL_PROJECTS ) {
- access_ensure_global_level( config_get( 'set_configuration_threshold' ) );
- } else {
- access_ensure_project_level( config_get( 'set_configuration_threshold' ), $f_project_id );
+ access_ensure_global_level( config_get( 'set_configuration_threshold' ) );
+
+ if ( $f_project_id != ALL_PROJECTS ) {
+ project_ensure_exists( $f_project_id );
}
helper_ensure_confirmed( lang_get( 'delete_config_sure_msg' ), lang_get( 'delete_link' ) );
diff --git a/adm_config_report.php b/adm_config_report.php
index 95abde0e6b..29ee66e9e2 100644
--- a/adm_config_report.php
+++ b/adm_config_report.php
@@ -25,7 +25,9 @@
*/
require_once( 'core.php' );
- access_ensure_project_level( config_get( 'view_configuration_threshold' ) );
+ access_ensure_global_level( config_get( 'view_configuration_threshold' ) );
+
+ $t_read_write_access = access_has_global_level( config_get('set_configuration_threshold' ) );
html_page_top( lang_get( 'configuration_report' ) );
@@ -121,9 +123,11 @@ function print_config_value_as_string( $p_type, $p_value ) {
|
+
|
+
+
|
+
diff --git a/adm_config_set.php b/adm_config_set.php
index 28e9a76fac..adc76d87f0 100644
--- a/adm_config_set.php
+++ b/adm_config_set.php
@@ -40,11 +40,10 @@
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
- if ( $f_project_id == ALL_PROJECTS ) {
- access_ensure_global_level( config_get('set_configuration_threshold' ) );
- } else {
+ access_ensure_global_level( config_get( 'set_configuration_threshold' ) );
+
+ if ( $f_project_id != ALL_PROJECTS ) {
project_ensure_exists( $f_project_id );
- access_ensure_project_level( config_get('set_configuration_threshold' ), $f_project_id );
}
# make sure that configuration option specified is a valid one.
diff --git a/adm_permissions_report.php b/adm_permissions_report.php
index 2af046254b..c6d729a7cb 100644
--- a/adm_permissions_report.php
+++ b/adm_permissions_report.php
@@ -26,7 +26,7 @@
*/
require_once( 'core.php' );
- access_ensure_project_level( config_get( 'view_configuration_threshold' ) );
+ access_ensure_project_level( config_get( 'manage_configuration_threshold' ) );
html_page_top( lang_get( 'permissions_summary_report' ) );
diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index 702b5dc878..4aad19eacc 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -2762,6 +2762,12 @@
*/
$g_csv_separator = ',';
+/**
+ * The threshold required for users to be able to manage configuration of a project.
+ * This includes workflow, email notifications, columns to view, and others.
+ */
+$g_manage_configuration_threshold = MANAGER;
+
/**
* threshold for users to view the system configurations
* @global int $g_view_configuration_threshold
diff --git a/core/html_api.php b/core/html_api.php
index 4bdf300a71..c4a52b8be3 100644
--- a/core/html_api.php
+++ b/core/html_api.php
@@ -926,6 +926,7 @@ function print_manage_menu( $p_page = '' ) {
$t_manage_custom_field_page = 'manage_custom_field_page.php';
$t_manage_plugin_page = 'manage_plugin_page.php';
$t_manage_config_page = 'adm_config_report.php';
+ $t_permissions_summary_report = 'adm_permissions_report.php';
$t_manage_prof_menu_page = 'manage_prof_menu_page.php';
$t_manage_tags_page = 'manage_tags_page.php';
@@ -942,6 +943,9 @@ function print_manage_menu( $p_page = '' ) {
case $t_manage_config_page:
$t_manage_config_page = '';
break;
+ case $t_permissions_summary_report:
+ $t_permissions_summary_report = '';
+ break;
case $t_manage_plugin_page:
$t_manage_plugin_page = '';
break;
@@ -972,8 +976,15 @@ function print_manage_menu( $p_page = '' ) {
if( access_has_global_level( config_get( 'manage_plugin_threshold' ) ) ) {
print_bracket_link( helper_mantis_url( $t_manage_plugin_page ), lang_get( 'manage_plugin_link' ) );
}
- if( access_has_project_level( config_get( 'view_configuration_threshold' ) ) ) {
- print_bracket_link( helper_mantis_url( $t_manage_config_page ), lang_get( 'manage_config_link' ) );
+
+ if ( access_has_project_level( config_get( 'manage_configuration_threshold' ) ) ) {
+ if ( access_has_global_level( config_get( 'view_configuration_threshold' ) ) ) {
+ $t_config_page = $t_manage_config_page;
+ } else {
+ $t_config_page = $t_permissions_summary_report;
+ }
+
+ print_bracket_link( helper_mantis_url( $t_config_page ), lang_get( 'manage_config_link' ) );
}
# Plugin / Event added options
@@ -1034,16 +1045,21 @@ function print_manage_config_menu( $p_page = '' ) {
break;
}
- echo '
';
- if( access_has_project_level( config_get( 'view_configuration_threshold' ) ) ) {
- print_bracket_link( helper_mantis_url( $t_configuration_report ), lang_get_defaulted( 'configuration_report' ) );
+ if ( access_has_project_level( config_get( 'manage_configuration_threshold' ) ) ) {
+ echo '
';
+
+ if ( access_has_global_level( config_get( 'view_configuration_threshold' ) ) ) {
+ print_bracket_link( helper_mantis_url( $t_configuration_report ), lang_get_defaulted( 'configuration_report' ) );
+ }
+
print_bracket_link( helper_mantis_url( $t_permissions_summary_report ), lang_get( 'permissions_summary_report' ) );
print_bracket_link( helper_mantis_url( $t_manage_work_threshold ), lang_get( 'manage_threshold_config' ) );
print_bracket_link( helper_mantis_url( $t_manage_workflow ), lang_get( 'manage_workflow_config' ) );
print_bracket_link( helper_mantis_url( $t_manage_email ), lang_get( 'manage_email_config' ) );
print_bracket_link( $t_manage_columns, lang_get( 'manage_columns_config' ) );
+
+ echo '
';
}
- echo '
';
}
/**
diff --git a/docbook/adminguide/en/configuration.sgml b/docbook/adminguide/en/configuration.sgml
index bce4bdd048..842fdc81d8 100644
--- a/docbook/adminguide/en/configuration.sgml
+++ b/docbook/adminguide/en/configuration.sgml
@@ -2206,6 +2206,32 @@
+
+ $g_manage_configuration_threshold
+
+ The threshold required for users to be able to manage configuration of a project.
+ This includes workflow, email notifications, columns to view, and others. Default is MANAGER.
+
+
+
+
+ $g_view_configuration_threshold
+
+ Threshold for users to view the raw system configurations as stored in the database.
+ Default is DEVELOPER.
+
+
+
+
+ $g_set_configuration_threshold
+
+ Threshold for users to set the system configurations generically via MantisBT web interface.
+ WARNING: Users who have access to set configuration via the interface MUST be trusted. This is due
+ to the fact that such users can set configurations to PHP code and hence there can be a security
+ risk if such users are not trusted.
+
+
+