Please sign in to comment.
Fix bug in access_has_bug_level() for private issues
When private_bug_threshold is defined as an array instead of a single access level, e.g. array(0=>40, 1=>70, 2=>90) to prevent developers from seeing private bugs while granting that privilege to updaters, access_has_bug_level() incorrectly returned true. The consequence is that unwanted access to Private bugs was granted to users who are allowed to view them, e.g. allowing them to delete or perform other restricted actions. Fixes #10124
- Loading branch information...