Notice: this is a static mirror for historical purposes.

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
215Source Integration[All Projects] Generalpublic2011-09-05 06:172011-09-08 08:16
ReporterRaul Baldner Junior 
Assigned ToJohn Reese 
Product Version 
Target Version0.17Fixed in Version 
Summary215: Check for permissions before displaying links
DescriptionSome links doesn't have permission checks, and are displayed even if the user has no access to that page.

Links that I've found are:
-> Repositories (menu link);
-> (go to) Related Changesets.
Steps To Reproduce"Repositories" menu:
- With access level lower than the plugin's 'view_threshold', go to any page;
- Menu link "Repositories" is there;
- Access "Repositories";
- Get "Access denied" page.

"Related Changesets" link:
- With access level lower than the plugin's 'view_threshold', view any issue that has a changeset attached;
- Over the issue details, you see:
View Issue Details [ Jump to Notes ] [ Related Changesets ]
- Click on Related Changesets;
- Nothing happens (Related Changeset block is correctly not shown on the page).
Additional InformationSolution:

Add the following code:

if ( !access_has_global_level( config_get( 'plugin_Source_view_threshold' ) ) ) {
    return array();

to files
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
User avatar (308)
Raul Baldner Junior (reporter)
2011-09-05 08:02

Another one found:

When linking changesets inside notes ( [sv]:<repo>:<rev>: ), the links are shown even if user has no 'view_threshold' access

- Issue History
Date Modified Username Field Change
2011-09-05 06:17 Raul Baldner Junior New Issue
2011-09-05 08:02 Raul Baldner Junior Note Added: 308
2011-09-08 08:12 John Reese Assigned To => John Reese
2011-09-08 08:12 John Reese Status new => confirmed
2011-09-08 08:16 John Reese Target Version => 0.17

Copyright © 2000 - 2012 MantisBT Group
Time: 0.1402 seconds.
memory usage: 8,321 KB
Powered by Mantis Bugtracker

hosted with