fixed a permission problem in issum management
This commit is contained in:
@ -545,11 +545,13 @@ DEPRECATED
|
||||
{
|
||||
$status = "error - no such project {$projectid}";
|
||||
}
|
||||
else if (!$login['sysadmin?'] &&
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
||||
{
|
||||
$status = "error - not a member {$login['id']}";
|
||||
}
|
||||
// By default, any logged-in user can create an issue.
|
||||
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||
//else if (!$login['sysadmin?'] &&
|
||||
// $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
||||
//{
|
||||
// $status = "error - not a member {$login['id']}";
|
||||
//}
|
||||
else
|
||||
{
|
||||
$issue = new stdClass();
|
||||
@ -629,7 +631,7 @@ DEPRECATED
|
||||
print $status;
|
||||
}
|
||||
|
||||
function xhr_update ($projectid = '')
|
||||
function xhr_update ($projectid = '', $issueid = '')
|
||||
{
|
||||
$this->load->model ('ProjectModel', 'projects');
|
||||
$this->load->model ('IssueModel', 'issues');
|
||||
@ -644,6 +646,8 @@ DEPRECATED
|
||||
}
|
||||
else
|
||||
{
|
||||
$issueid = $this->converter->HexToAscii ($issueid);
|
||||
|
||||
$project = $this->projects->get ($projectid);
|
||||
if ($project === FALSE)
|
||||
{
|
||||
@ -653,16 +657,20 @@ DEPRECATED
|
||||
{
|
||||
$status = "error - no such project {$projectid}";
|
||||
}
|
||||
// By default, any logged-in user can edit an issue text.
|
||||
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||
else if (!$login['sysadmin?'] &&
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
|
||||
($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
|
||||
$login['id'] != $issue->createdby)
|
||||
{
|
||||
$status = "error - not a member {$login['id']}";
|
||||
$status = "error - not a member nor a creator - {$login['id']}";
|
||||
}
|
||||
else
|
||||
{
|
||||
$issue = new stdClass();
|
||||
$issue->projectid = $projectid;
|
||||
$issue->id = $this->input->post('issue_edit_id');
|
||||
$issue->id = $issueid;
|
||||
$issue->summary = $this->input->post('issue_edit_summary');
|
||||
$issue->description = $this->input->post('issue_edit_description');
|
||||
//$issue->type = $this->input->post('issue_edit_type');
|
||||
@ -733,7 +741,7 @@ DEPRECATED
|
||||
else
|
||||
{
|
||||
$post_delete_confirm = $this->input->post('issue_delete_confirm');
|
||||
|
||||
|
||||
if ($post_delete_confirm !== FALSE && $post_delete_confirm == 'Y')
|
||||
{
|
||||
if ($this->issues->deleteWithFiles ($login['id'], $projectid, $issueid) === FALSE)
|
||||
@ -781,10 +789,14 @@ DEPRECATED
|
||||
{
|
||||
$status = "error - no such project {$projectid}";
|
||||
}
|
||||
// By default, any logged-in user can attach a file to an issue body.
|
||||
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||
else if (!$login['sysadmin?'] &&
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
|
||||
($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
|
||||
$login['id'] != $issue->createdby)
|
||||
{
|
||||
$status = "error - not a member {$login['id']}";
|
||||
$status = "error - not a member nor a creator - {$login['id']}";
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -798,7 +810,7 @@ DEPRECATED
|
||||
$fid = "issue_add_file_{$i}";
|
||||
if (array_key_exists($fid, $_FILES) && $_FILES[$fid]['name'] != '')
|
||||
{
|
||||
$d = $this->input->post("file_add_file_desc_{$i}");
|
||||
$d = $this->input->post("issue_add_file_desc_{$i}");
|
||||
if ($d === FALSE || ($d = trim($d)) == '') $d = '';
|
||||
|
||||
if (strpos($_FILES[$fid]['name'], ':') !== FALSE ||
|
||||
@ -859,10 +871,14 @@ DEPRECATED
|
||||
{
|
||||
$status = "error - no such project {$projectid}";
|
||||
}
|
||||
// By default, any logged-in user can edit attached files.
|
||||
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||
else if (!$login['sysadmin?'] &&
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
|
||||
($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
|
||||
$login['id'] != $issue->createdby)
|
||||
{
|
||||
$status = "error - not a member {$login['id']}";
|
||||
$status = "error - not a member nor a creator - {$login['id']}";
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -593,6 +593,8 @@ class IssueModel extends Model
|
||||
function updateSummaryAndDescription ($userid, $issue)
|
||||
{
|
||||
// TODO: check if userid can do this..
|
||||
$this->db->trans_begin (); // manual transaction. not using trans_start().
|
||||
|
||||
$this->db->trans_start ();
|
||||
$this->db->where ('projectid', $issue->projectid);
|
||||
$this->db->where ('id', $issue->id);
|
||||
@ -601,6 +603,12 @@ class IssueModel extends Model
|
||||
$this->db->set ('updatedon', date('Y-m-d H:i:s'));
|
||||
$this->db->set ('updatedby', $userid);
|
||||
$this->db->update ('issue');
|
||||
if ($this->db->trans_status() === FALSE)
|
||||
{
|
||||
$this->errmsg = $this->db->_error_message();
|
||||
$this->db->trans_rollback ();
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
$this->db->set ('createdon', date('Y-m-d H:i:s'));
|
||||
$this->db->set ('type', 'issue');
|
||||
@ -609,10 +617,14 @@ class IssueModel extends Model
|
||||
$this->db->set ('userid', $userid);
|
||||
$this->db->set ('message', $issue->id);
|
||||
$this->db->insert ('log');
|
||||
if ($this->db->trans_status() === FALSE)
|
||||
{
|
||||
$this->errmsg = $this->db->_error_message();
|
||||
$this->db->trans_rollback ();
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
$this->db->trans_complete ();
|
||||
if ($this->db->trans_status() === FALSE) return FALSE;
|
||||
|
||||
$this->db->trans_commit ();
|
||||
return $issue->id;
|
||||
}
|
||||
|
||||
|
||||
@ -234,13 +234,12 @@ $(function () {
|
||||
|
||||
var form_data = new FormData();
|
||||
|
||||
form_data.append ('issue_edit_id', '<?php print $issue->id; ?>');
|
||||
form_data.append ('issue_edit_summary', $('#issue_show_mainarea_edit_summary').val());
|
||||
form_data.append ('issue_edit_description', $('#issue_show_mainarea_edit_description').val());
|
||||
|
||||
$('#issue_show_mainarea_edit_form').dialog('disable');
|
||||
$.ajax({
|
||||
url: codepot_merge_path('<?php print site_url() ?>', '<?php print "/issue/xhr_update/{$project->id}"; ?>'),
|
||||
url: codepot_merge_path('<?php print site_url() ?>', '<?php print "/issue/xhr_update/{$project->id}/{$hex_issue_id}"; ?>'),
|
||||
type: 'POST',
|
||||
data: form_data,
|
||||
mimeType: 'multipart/form-data',
|
||||
@ -787,7 +786,7 @@ $this->load->view (
|
||||
htmlspecialchars($f->filename)
|
||||
);
|
||||
|
||||
if (!empty($f->description)) printf ('- %s', htmlspecialchars($f->description));
|
||||
if (!empty($f->description)) printf (' - %s', htmlspecialchars($f->description));
|
||||
print '</li>';
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user