View Issue Details

IDProjectCategoryView StatusLast Update
0021654mantisbtcode cleanuppublic2017-10-08 23:53
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.2 
Target Version2.7.0Fixed in Version2.7.0 
Summary0021654: Deprecate access_has_any_project()
Description

As a follow up of 0014268, as discussed in PR https://github.com/mantisbt/mantisbt/pull/861

The function access_has_any_project() is at risk of not functioning correctly, as probably, to check an access level on several projects, the config option has to be evaluated for each individual project.

The new function introduced in said PR, access_has_any_project_level(), can account for each project configuration, and should be used instead access_has_any_project().

Being a function that have existed for a long time in core api, the proposal is to replace all usages with the new equivalent, and mark it as deprecated to show a warning in case any external code is using it.

usages:

bug_group_action_api.php
  199:  access_has_any_project( config_get( 'report_bug_threshold', null, null, $t_project_id ) ) ) {
columns_api.php
1014:  if( access_has_any_project( config_get( 'report_bug_threshold', null, null, $p_bug->project_id ) ) ||
filter_api.php
2320:  if( !access_has_any_project( config_get( 'view_handler_threshold' ) ) ) {
html_api.php
  933:  if( access_has_global_level( $t_show_access ) || access_has_any_project( $t_show_access ) ) {

I report this to be a separated task from that PR, because there are more changes to be done, as some of that code is operating incorrectly on thresholds assuming they are integer values (they can also be arrays).

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master 1c436505

2017-08-19 11:50:10

cproensa


Committer: dregad Details Diff
Deprecate access_has_any_project()

This function may mislead into incorrect validations. Usually you want
to check that a user meets a threshold for any project, but that
threshold may be configured differently for each project, and the user
may also have different access levels in each project due to private
projects assignment.
In that scenario, $p_access_level can't be a static threshold, but a
"threshold identifier" instead, that must be evaluated for each project.
Function "access_has_any_project_level()" provides that functionality,
also covers the basic usage of this function.

For such reasons, this function has been deprecated.

Fixes: 0021654
mod - core/access_api.php Diff File

Issue History

Date Modified Username Field Change
2016-08-28 15:34 cproensa New Issue
2016-08-28 16:29 cproensa Product Version => 1.3.2
2017-08-19 15:10 cproensa Assigned To => cproensa
2017-08-19 15:10 cproensa Status new => assigned
2017-08-19 15:10 cproensa Note Added: 0057514
2017-09-17 16:37 dregad Changeset attached => MantisBT master 1c436505
2017-09-17 16:37 cproensa Status assigned => resolved
2017-09-17 16:37 cproensa Resolution open => fixed
2017-09-17 16:37 cproensa Fixed in Version => 2.7.0
2017-09-17 17:49 atrol Target Version => 2.7.0
2017-10-08 23:53 vboctor Status resolved => closed