 Relationships |
|
| Anonymous | Login | Signup for a new account | 2012-09-13 19:33 PDT |
| Main | Blog | My View | View Issues | Change Log | Roadmap | IRC Chat | Repositories | Scrum Board |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 215 | Source Integration | [All Projects] General | public | 2011-09-05 06:17 | 2011-09-08 08:16 | ||||||
| Reporter | Raul Baldner Junior | ||||||||||
| Assigned To | John Reese | ||||||||||
| Priority | normal | Severity | trivial | Reproducibility | always | ||||||
| Status | confirmed | Resolution | open | ||||||||
| Product Version | |||||||||||
| Target Version | 0.17 | Fixed in Version | |||||||||
| Summary | 215: Check for permissions before displaying links | ||||||||||
| Description | Some links doesn't have permission checks, and are displayed even if the user has no access to that page. Links that I've found are: -> Repositories (menu link); -> (go to) Related Changesets. | ||||||||||
| Steps To Reproduce | "Repositories" menu: - With access level lower than the plugin's 'view_threshold', go to any page; - Menu link "Repositories" is there; - Access "Repositories"; - Get "Access denied" page. "Related Changesets" link: - With access level lower than the plugin's 'view_threshold', view any issue that has a changeset attached; - Over the issue details, you see: View Issue Details [ Jump to Notes ] [ Related Changesets ] - Click on Related Changesets; - Nothing happens (Related Changeset block is correctly not shown on the page). | ||||||||||
| Additional Information | Solution: Add the following code: if ( !access_has_global_level( config_get( 'plugin_Source_view_threshold' ) ) ) { return array(); } to files Source.php:132 SourceIntegration.php:24 | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files | |||||||||||
|
Relationships |
|
 Relationships |
|
Notes |
|
 (308)Raul Baldner Junior (reporter) 2011-09-05 08:02 |
Another one found: When linking changesets inside notes ( [sv]:<repo>:<rev>: ), the links are shown even if user has no 'view_threshold' access |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-09-05 06:17 | Raul Baldner Junior | New Issue | |
| 2011-09-05 08:02 | Raul Baldner Junior | Note Added: 308 | |
| 2011-09-08 08:12 | John Reese | Assigned To | => John Reese |
| 2011-09-08 08:12 | John Reese | Status | new => confirmed |
| 2011-09-08 08:16 | John Reese | Target Version | => 0.17 |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group
Time: 0.1402 seconds. memory usage: 8,321 KB |
 |
