Permalink
Browse files

Fixes #16573: mc_projects_get_user_accessible requires read/write api…

… access where it shouldn't.
  • Loading branch information...
1 parent d2ea74c commit b4131c921c48c8ea00898db101536e8de082a566 @vboctor vboctor committed Nov 3, 2013
Showing with 0 additions and 4 deletions.
  1. +0 −4 api/soap/mc_project_api.php
View
4 api/soap/mc_project_api.php
@@ -129,10 +129,6 @@ function mc_projects_get_user_accessible( $p_username, $p_password ) {
return mci_soap_fault_login_failed();
}
- if( !mci_has_readonly_access( $t_user_id ) ) {
- return mci_soap_fault_access_denied( $t_user_id );
- }
-
$t_lang = mci_get_user_lang( $t_user_id );
$t_result = array();

3 comments on commit b4131c9

@atrol
Mantis Bug Tracker member

Is this what you want?
You removed the access check for readonly (mci_has_readonly_access) but wrote that read/write has been required (mci_has_readwrite_access)

Edit: I see you reverted

@vboctor
Mantis Bug Tracker member

Yes, I already reverted the two changes - I was confused for a few minutes :)

@atrol
Mantis Bug Tracker member

If course there is a problem concerning SOAP write access checks. e.g. we have to set $g_mc_readwrite_access_level_threshold = REPORTER; to allow reporters to report.

But that's another story and covered by http://www.mantisbt.org/bugs/view.php?id=12328

Please sign in to comment.