Add access check to mc_issue_get() for handler_id

Disclose the handler id only if the user has the appropriate access level to see such information. Issue #16993
mantisbt · Oct 22, 2014 · d7e16cc · d7e16cc
1 parent bcd976b
commit d7e16cc
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/api/soap/mc_issue_api.php b/api/soap/mc_issue_api.php
@@ -115,7 +115,9 @@ function mc_issue_get( $p_username, $p_password, $p_issue_id ) {
 	$t_issue_data['sponsorship_total'] = $t_bug->sponsorship_total;
 
 	if( !empty( $t_bug->handler_id ) ) {
-		$t_issue_data['handler'] = mci_account_get_array_by_id( $t_bug->handler_id );
+		if( access_has_bug_level( config_get( 'view_handler_threshold', null, null, $t_project_id ), $p_issue_id, $t_user_id ) ) {
+			$t_issue_data['handler'] = mci_account_get_array_by_id( $t_bug->handler_id );
+		}
 	}
 
 	$t_issue_data['projection'] = mci_enum_get_array_by_id( $t_bug->projection, 'projection', $t_lang );