From ce3608b7116f6fbf1f49248ea7834deae54d6c7d Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Mon, 1 Aug 2016 23:55:47 +0200 Subject: [PATCH] Fix comparing threshold as an integer report_bug_threshold may be an integer or an array, but a check to see if an access level is "greater than" its value, was assuming that this threshold was an integer value. A new function is created to get an integer representation of a threshold, as the minimum integer value defined in the threshold. Fixes: #21579 --- bug_update_page.php | 2 +- core/access_api.php | 29 ++++++++++++++++++++++++----- core/filter_api.php | 4 ++-- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/bug_update_page.php b/bug_update_page.php index b3d31d53d3..b0f42674c1 100644 --- a/bug_update_page.php +++ b/bug_update_page.php @@ -285,7 +285,7 @@ # Do not allow the bug's reporter to edit the Reporter field # when limit_reporters is ON if( ON == config_get( 'limit_reporters' ) - && !access_has_project_level( config_get( 'report_bug_threshold', null, null, $t_bug->project_id ) + 1, $t_bug->project_id ) + && !access_has_project_level( access_threshold_min_level( config_get( 'report_bug_threshold', null, null, $t_bug->project_id ) ) + 1, $t_bug->project_id ) ) { echo string_attribute( user_get_name( $t_bug->reporter_id ) ); } else { diff --git a/core/access_api.php b/core/access_api.php index 7ac94a0ce2..812170f48a 100644 --- a/core/access_api.php +++ b/core/access_api.php @@ -414,13 +414,10 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) { static $s_thresholds = array(); if( !isset( $s_thresholds[$t_project_id] ) ) { $t_report_bug_threshold = config_get( 'report_bug_threshold', null, $p_user_id, $t_project_id ); - if( !is_array( $t_report_bug_threshold ) ) { - $s_thresholds[$t_project_id] = $t_report_bug_threshold + 1; - } else if( empty( $t_report_bug_threshold ) ) { + if( empty( $t_report_bug_threshold ) ) { $s_thresholds[$t_project_id] = NOBODY; } else { - sort( $t_report_bug_threshold ); - $s_thresholds[$t_project_id] = $t_report_bug_threshold[0] + 1; + $s_thresholds[$t_project_id] = access_threshold_min_level( $t_report_bug_threshold ) + 1; } } if( !access_compare_level( $t_access_level, $s_thresholds[$t_project_id] ) ) { @@ -709,3 +706,25 @@ function access_level_get_string( $p_access_level ) { } return $t_access_level_string; } + +/** + * Return the minimum access level, as integer, that matches the threshold. + * $p_threshold may be a single value, or an array. If it is a single + * value, returns that number. If it is an array, return the value of the + * smallest element + * @param integer|array $p_threshold Access threshold + * @return integer Integer value for an access level. + */ +function access_threshold_min_level( $p_threshold ) { + if( is_array( $p_threshold ) ) { + if( empty( $p_threshold ) ) { + return NOBODY; + } else { + sort( $p_threshold ); + return( reset( $p_threshold ) ); + } + } else { + return $p_threshold; + } + +} \ No newline at end of file diff --git a/core/filter_api.php b/core/filter_api.php index b7460e0bed..7b36193ede 100644 --- a/core/filter_api.php +++ b/core/filter_api.php @@ -1236,7 +1236,7 @@ function filter_get_bug_rows( &$p_page_number, &$p_per_page, &$p_page_count, &$p foreach( $t_project_ids as $t_pid ) { # limit reporters to visible projects - if( ( ON === $t_limit_reporters ) && ( !access_has_project_level( config_get( 'report_bug_threshold', null, $t_user_id, $t_pid ) + 1, $t_pid, $t_user_id ) ) ) { + if( ( ON === $t_limit_reporters ) && ( !access_has_project_level( access_threshold_min_level( config_get( 'report_bug_threshold', null, $t_user_id, $t_pid ) ) + 1, $t_pid, $t_user_id ) ) ) { array_push( $t_limited_projects, '({bug}.project_id=' . $t_pid . ' AND ({bug}.reporter_id=' . $t_user_id . ') )' ); } else { $t_access_required_to_view_private_bugs = config_get( 'private_bug_threshold', null, null, $t_pid ); @@ -3560,7 +3560,7 @@ function print_filter_reporter_id() { # @@@ thraxisp - access_has_project_level checks greater than or equal to, # this assumed that there aren't any holes above REPORTER where the limit would apply # - if( ( ON === config_get( 'limit_reporters' ) ) && ( !access_has_project_level( config_get( 'report_bug_threshold' ) + 1 ) ) ) { + if( ( ON === config_get( 'limit_reporters' ) ) && ( !access_has_project_level( access_threshold_min_level( config_get( 'report_bug_threshold' ) ) + 1 ) ) ) { $t_id = auth_get_current_user_id(); $t_username = user_get_field( $t_id, 'username' ); $t_realname = user_get_field( $t_id, 'realname' );