View Issue Details

IDProjectCategoryView StatusLast Update
0021654mantisbtcode cleanuppublic2017-10-08 23:53
Reportercproensa Assigned Tocproensa  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.2 
Target Version2.7.0Fixed in Version2.7.0 
Summary0021654: Deprecate access_has_any_project()
Description

As a follow up of 0014268, as discussed in PR https://github.com/mantisbt/mantisbt/pull/861

The function access_has_any_project() is at risk of not functioning correctly, as probably, to check an access level on several projects, the config option has to be evaluated for each individual project.

The new function introduced in said PR, access_has_any_project_level(), can account for each project configuration, and should be used instead access_has_any_project().

Being a function that have existed for a long time in core api, the proposal is to replace all usages with the new equivalent, and mark it as deprecated to show a warning in case any external code is using it.

usages:
<pre>
bug_group_action_api.php
199: access_has_any_project( config_get( 'report_bug_threshold', null, null, $t_project_id ) ) ) {
columns_api.php
1014: if( access_has_any_project( config_get( 'report_bug_threshold', null, null, $p_bug->project_id ) ) ||
filter_api.php
2320: if( !access_has_any_project( config_get( 'view_handler_threshold' ) ) ) {
html_api.php
933: if( access_has_global_level( $t_show_access ) || access_has_any_project( $t_show_access ) ) {
</pre>

I report this to be a separated task from that PR, because there are more changes to be done, as some of that code is operating incorrectly on thresholds assuming they are integer values (they can also be arrays).

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master 1c436505

2017-08-19 07:50

cproensa

Committer: dregad


Details Diff
Deprecate access_has_any_project()

This function may mislead into incorrect validations. Usually you want
to check that a user meets a threshold for any project, but that
threshold may be configured differently for each project, and the user
may also have different access levels in each project due to private
projects assignment.
In that scenario, $p_access_level can't be a static threshold, but a
"threshold identifier" instead, that must be evaluated for each project.
Function "access_has_any_project_level()" provides that functionality,
also covers the basic usage of this function.

For such reasons, this function has been deprecated.

Fixes: 0021654
Affected Issues
0021654
mod - core/access_api.php Diff File