diff --git a/adm_config_delete.php b/adm_config_delete.php index d4e85f1282..59677ecc20 100644 --- a/adm_config_delete.php +++ b/adm_config_delete.php @@ -31,10 +31,10 @@ $f_project_id = gpc_get_int( 'project_id' ); $f_config_option = gpc_get_string( 'config_option' ); - if ( $f_project_id == ALL_PROJECTS ) { - access_ensure_global_level( config_get( 'set_configuration_threshold' ) ); - } else { - access_ensure_project_level( config_get( 'set_configuration_threshold' ), $f_project_id ); + access_ensure_global_level( config_get( 'set_configuration_threshold' ) ); + + if ( $f_project_id != ALL_PROJECTS ) { + project_ensure_exists( $f_project_id ); } helper_ensure_confirmed( lang_get( 'delete_config_sure_msg' ), lang_get( 'delete_link' ) ); diff --git a/adm_config_report.php b/adm_config_report.php index 95abde0e6b..29ee66e9e2 100644 --- a/adm_config_report.php +++ b/adm_config_report.php @@ -25,7 +25,9 @@ */ require_once( 'core.php' ); - access_ensure_project_level( config_get( 'view_configuration_threshold' ) ); + access_ensure_global_level( config_get( 'view_configuration_threshold' ) ); + + $t_read_write_access = access_has_global_level( config_get('set_configuration_threshold' ) ); html_page_top( lang_get( 'configuration_report' ) ); @@ -121,9 +123,11 @@ function print_config_value_as_string( $p_type, $p_value ) { + + + +
diff --git a/adm_config_set.php b/adm_config_set.php index 28e9a76fac..adc76d87f0 100644 --- a/adm_config_set.php +++ b/adm_config_set.php @@ -40,11 +40,10 @@ trigger_error( ERROR_EMPTY_FIELD, ERROR ); } - if ( $f_project_id == ALL_PROJECTS ) { - access_ensure_global_level( config_get('set_configuration_threshold' ) ); - } else { + access_ensure_global_level( config_get( 'set_configuration_threshold' ) ); + + if ( $f_project_id != ALL_PROJECTS ) { project_ensure_exists( $f_project_id ); - access_ensure_project_level( config_get('set_configuration_threshold' ), $f_project_id ); } # make sure that configuration option specified is a valid one. diff --git a/adm_permissions_report.php b/adm_permissions_report.php index 2af046254b..c6d729a7cb 100644 --- a/adm_permissions_report.php +++ b/adm_permissions_report.php @@ -26,7 +26,7 @@ */ require_once( 'core.php' ); - access_ensure_project_level( config_get( 'view_configuration_threshold' ) ); + access_ensure_project_level( config_get( 'manage_configuration_threshold' ) ); html_page_top( lang_get( 'permissions_summary_report' ) ); diff --git a/config_defaults_inc.php b/config_defaults_inc.php index 702b5dc878..4aad19eacc 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -2762,6 +2762,12 @@ */ $g_csv_separator = ','; +/** + * The threshold required for users to be able to manage configuration of a project. + * This includes workflow, email notifications, columns to view, and others. + */ +$g_manage_configuration_threshold = MANAGER; + /** * threshold for users to view the system configurations * @global int $g_view_configuration_threshold diff --git a/core/html_api.php b/core/html_api.php index 4bdf300a71..c4a52b8be3 100644 --- a/core/html_api.php +++ b/core/html_api.php @@ -926,6 +926,7 @@ function print_manage_menu( $p_page = '' ) { $t_manage_custom_field_page = 'manage_custom_field_page.php'; $t_manage_plugin_page = 'manage_plugin_page.php'; $t_manage_config_page = 'adm_config_report.php'; + $t_permissions_summary_report = 'adm_permissions_report.php'; $t_manage_prof_menu_page = 'manage_prof_menu_page.php'; $t_manage_tags_page = 'manage_tags_page.php'; @@ -942,6 +943,9 @@ function print_manage_menu( $p_page = '' ) { case $t_manage_config_page: $t_manage_config_page = ''; break; + case $t_permissions_summary_report: + $t_permissions_summary_report = ''; + break; case $t_manage_plugin_page: $t_manage_plugin_page = ''; break; @@ -972,8 +976,15 @@ function print_manage_menu( $p_page = '' ) { if( access_has_global_level( config_get( 'manage_plugin_threshold' ) ) ) { print_bracket_link( helper_mantis_url( $t_manage_plugin_page ), lang_get( 'manage_plugin_link' ) ); } - if( access_has_project_level( config_get( 'view_configuration_threshold' ) ) ) { - print_bracket_link( helper_mantis_url( $t_manage_config_page ), lang_get( 'manage_config_link' ) ); + + if ( access_has_project_level( config_get( 'manage_configuration_threshold' ) ) ) { + if ( access_has_global_level( config_get( 'view_configuration_threshold' ) ) ) { + $t_config_page = $t_manage_config_page; + } else { + $t_config_page = $t_permissions_summary_report; + } + + print_bracket_link( helper_mantis_url( $t_config_page ), lang_get( 'manage_config_link' ) ); } # Plugin / Event added options @@ -1034,16 +1045,21 @@ function print_manage_config_menu( $p_page = '' ) { break; } - echo '
'; - if( access_has_project_level( config_get( 'view_configuration_threshold' ) ) ) { - print_bracket_link( helper_mantis_url( $t_configuration_report ), lang_get_defaulted( 'configuration_report' ) ); + if ( access_has_project_level( config_get( 'manage_configuration_threshold' ) ) ) { + echo '
'; + + if ( access_has_global_level( config_get( 'view_configuration_threshold' ) ) ) { + print_bracket_link( helper_mantis_url( $t_configuration_report ), lang_get_defaulted( 'configuration_report' ) ); + } + print_bracket_link( helper_mantis_url( $t_permissions_summary_report ), lang_get( 'permissions_summary_report' ) ); print_bracket_link( helper_mantis_url( $t_manage_work_threshold ), lang_get( 'manage_threshold_config' ) ); print_bracket_link( helper_mantis_url( $t_manage_workflow ), lang_get( 'manage_workflow_config' ) ); print_bracket_link( helper_mantis_url( $t_manage_email ), lang_get( 'manage_email_config' ) ); print_bracket_link( $t_manage_columns, lang_get( 'manage_columns_config' ) ); + + echo '
'; } - echo '
'; } /** diff --git a/docbook/adminguide/en/configuration.sgml b/docbook/adminguide/en/configuration.sgml index bce4bdd048..842fdc81d8 100644 --- a/docbook/adminguide/en/configuration.sgml +++ b/docbook/adminguide/en/configuration.sgml @@ -2206,6 +2206,32 @@ + + $g_manage_configuration_threshold + + The threshold required for users to be able to manage configuration of a project. + This includes workflow, email notifications, columns to view, and others. Default is MANAGER. + + + + + $g_view_configuration_threshold + + Threshold for users to view the raw system configurations as stored in the database. + Default is DEVELOPER. + + + + + $g_set_configuration_threshold + + Threshold for users to set the system configurations generically via MantisBT web interface. + WARNING: Users who have access to set configuration via the interface MUST be trusted. This is due + to the fact that such users can set configurations to PHP code and hence there can be a security + risk if such users are not trusted. + + +