fixed a permission problem in issum management
This commit is contained in:
@ -545,11 +545,13 @@ DEPRECATED
|
|||||||
{
|
{
|
||||||
$status = "error - no such project {$projectid}";
|
$status = "error - no such project {$projectid}";
|
||||||
}
|
}
|
||||||
else if (!$login['sysadmin?'] &&
|
// By default, any logged-in user can create an issue.
|
||||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||||
{
|
//else if (!$login['sysadmin?'] &&
|
||||||
$status = "error - not a member {$login['id']}";
|
// $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
||||||
}
|
//{
|
||||||
|
// $status = "error - not a member {$login['id']}";
|
||||||
|
//}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$issue = new stdClass();
|
$issue = new stdClass();
|
||||||
@ -629,7 +631,7 @@ DEPRECATED
|
|||||||
print $status;
|
print $status;
|
||||||
}
|
}
|
||||||
|
|
||||||
function xhr_update ($projectid = '')
|
function xhr_update ($projectid = '', $issueid = '')
|
||||||
{
|
{
|
||||||
$this->load->model ('ProjectModel', 'projects');
|
$this->load->model ('ProjectModel', 'projects');
|
||||||
$this->load->model ('IssueModel', 'issues');
|
$this->load->model ('IssueModel', 'issues');
|
||||||
@ -644,6 +646,8 @@ DEPRECATED
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
$issueid = $this->converter->HexToAscii ($issueid);
|
||||||
|
|
||||||
$project = $this->projects->get ($projectid);
|
$project = $this->projects->get ($projectid);
|
||||||
if ($project === FALSE)
|
if ($project === FALSE)
|
||||||
{
|
{
|
||||||
@ -653,16 +657,20 @@ DEPRECATED
|
|||||||
{
|
{
|
||||||
$status = "error - no such project {$projectid}";
|
$status = "error - no such project {$projectid}";
|
||||||
}
|
}
|
||||||
|
// By default, any logged-in user can edit an issue text.
|
||||||
|
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||||
else if (!$login['sysadmin?'] &&
|
else if (!$login['sysadmin?'] &&
|
||||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
$this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
|
||||||
|
($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
|
||||||
|
$login['id'] != $issue->createdby)
|
||||||
{
|
{
|
||||||
$status = "error - not a member {$login['id']}";
|
$status = "error - not a member nor a creator - {$login['id']}";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$issue = new stdClass();
|
$issue = new stdClass();
|
||||||
$issue->projectid = $projectid;
|
$issue->projectid = $projectid;
|
||||||
$issue->id = $this->input->post('issue_edit_id');
|
$issue->id = $issueid;
|
||||||
$issue->summary = $this->input->post('issue_edit_summary');
|
$issue->summary = $this->input->post('issue_edit_summary');
|
||||||
$issue->description = $this->input->post('issue_edit_description');
|
$issue->description = $this->input->post('issue_edit_description');
|
||||||
//$issue->type = $this->input->post('issue_edit_type');
|
//$issue->type = $this->input->post('issue_edit_type');
|
||||||
@ -733,7 +741,7 @@ DEPRECATED
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
$post_delete_confirm = $this->input->post('issue_delete_confirm');
|
$post_delete_confirm = $this->input->post('issue_delete_confirm');
|
||||||
|
|
||||||
if ($post_delete_confirm !== FALSE && $post_delete_confirm == 'Y')
|
if ($post_delete_confirm !== FALSE && $post_delete_confirm == 'Y')
|
||||||
{
|
{
|
||||||
if ($this->issues->deleteWithFiles ($login['id'], $projectid, $issueid) === FALSE)
|
if ($this->issues->deleteWithFiles ($login['id'], $projectid, $issueid) === FALSE)
|
||||||
@ -781,10 +789,14 @@ DEPRECATED
|
|||||||
{
|
{
|
||||||
$status = "error - no such project {$projectid}";
|
$status = "error - no such project {$projectid}";
|
||||||
}
|
}
|
||||||
|
// By default, any logged-in user can attach a file to an issue body.
|
||||||
|
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||||
else if (!$login['sysadmin?'] &&
|
else if (!$login['sysadmin?'] &&
|
||||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
$this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
|
||||||
|
($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
|
||||||
|
$login['id'] != $issue->createdby)
|
||||||
{
|
{
|
||||||
$status = "error - not a member {$login['id']}";
|
$status = "error - not a member nor a creator - {$login['id']}";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -798,7 +810,7 @@ DEPRECATED
|
|||||||
$fid = "issue_add_file_{$i}";
|
$fid = "issue_add_file_{$i}";
|
||||||
if (array_key_exists($fid, $_FILES) && $_FILES[$fid]['name'] != '')
|
if (array_key_exists($fid, $_FILES) && $_FILES[$fid]['name'] != '')
|
||||||
{
|
{
|
||||||
$d = $this->input->post("file_add_file_desc_{$i}");
|
$d = $this->input->post("issue_add_file_desc_{$i}");
|
||||||
if ($d === FALSE || ($d = trim($d)) == '') $d = '';
|
if ($d === FALSE || ($d = trim($d)) == '') $d = '';
|
||||||
|
|
||||||
if (strpos($_FILES[$fid]['name'], ':') !== FALSE ||
|
if (strpos($_FILES[$fid]['name'], ':') !== FALSE ||
|
||||||
@ -859,10 +871,14 @@ DEPRECATED
|
|||||||
{
|
{
|
||||||
$status = "error - no such project {$projectid}";
|
$status = "error - no such project {$projectid}";
|
||||||
}
|
}
|
||||||
|
// By default, any logged-in user can edit attached files.
|
||||||
|
// TODO: add a project option to accept an issue from anonymous users, logged-in users or just members.
|
||||||
else if (!$login['sysadmin?'] &&
|
else if (!$login['sysadmin?'] &&
|
||||||
$this->projects->projectHasMember($projectid, $login['id']) === FALSE)
|
$this->projects->projectHasMember($projectid, $login['id']) === FALSE &&
|
||||||
|
($issue = $this->issues->get ($login['id'], $project, $issueid)) !== FALSE &&
|
||||||
|
$login['id'] != $issue->createdby)
|
||||||
{
|
{
|
||||||
$status = "error - not a member {$login['id']}";
|
$status = "error - not a member nor a creator - {$login['id']}";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
@ -593,6 +593,8 @@ class IssueModel extends Model
|
|||||||
function updateSummaryAndDescription ($userid, $issue)
|
function updateSummaryAndDescription ($userid, $issue)
|
||||||
{
|
{
|
||||||
// TODO: check if userid can do this..
|
// TODO: check if userid can do this..
|
||||||
|
$this->db->trans_begin (); // manual transaction. not using trans_start().
|
||||||
|
|
||||||
$this->db->trans_start ();
|
$this->db->trans_start ();
|
||||||
$this->db->where ('projectid', $issue->projectid);
|
$this->db->where ('projectid', $issue->projectid);
|
||||||
$this->db->where ('id', $issue->id);
|
$this->db->where ('id', $issue->id);
|
||||||
@ -601,6 +603,12 @@ class IssueModel extends Model
|
|||||||
$this->db->set ('updatedon', date('Y-m-d H:i:s'));
|
$this->db->set ('updatedon', date('Y-m-d H:i:s'));
|
||||||
$this->db->set ('updatedby', $userid);
|
$this->db->set ('updatedby', $userid);
|
||||||
$this->db->update ('issue');
|
$this->db->update ('issue');
|
||||||
|
if ($this->db->trans_status() === FALSE)
|
||||||
|
{
|
||||||
|
$this->errmsg = $this->db->_error_message();
|
||||||
|
$this->db->trans_rollback ();
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
$this->db->set ('createdon', date('Y-m-d H:i:s'));
|
$this->db->set ('createdon', date('Y-m-d H:i:s'));
|
||||||
$this->db->set ('type', 'issue');
|
$this->db->set ('type', 'issue');
|
||||||
@ -609,10 +617,14 @@ class IssueModel extends Model
|
|||||||
$this->db->set ('userid', $userid);
|
$this->db->set ('userid', $userid);
|
||||||
$this->db->set ('message', $issue->id);
|
$this->db->set ('message', $issue->id);
|
||||||
$this->db->insert ('log');
|
$this->db->insert ('log');
|
||||||
|
if ($this->db->trans_status() === FALSE)
|
||||||
|
{
|
||||||
|
$this->errmsg = $this->db->_error_message();
|
||||||
|
$this->db->trans_rollback ();
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
$this->db->trans_complete ();
|
$this->db->trans_commit ();
|
||||||
if ($this->db->trans_status() === FALSE) return FALSE;
|
|
||||||
|
|
||||||
return $issue->id;
|
return $issue->id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -234,13 +234,12 @@ $(function () {
|
|||||||
|
|
||||||
var form_data = new FormData();
|
var form_data = new FormData();
|
||||||
|
|
||||||
form_data.append ('issue_edit_id', '<?php print $issue->id; ?>');
|
|
||||||
form_data.append ('issue_edit_summary', $('#issue_show_mainarea_edit_summary').val());
|
form_data.append ('issue_edit_summary', $('#issue_show_mainarea_edit_summary').val());
|
||||||
form_data.append ('issue_edit_description', $('#issue_show_mainarea_edit_description').val());
|
form_data.append ('issue_edit_description', $('#issue_show_mainarea_edit_description').val());
|
||||||
|
|
||||||
$('#issue_show_mainarea_edit_form').dialog('disable');
|
$('#issue_show_mainarea_edit_form').dialog('disable');
|
||||||
$.ajax({
|
$.ajax({
|
||||||
url: codepot_merge_path('<?php print site_url() ?>', '<?php print "/issue/xhr_update/{$project->id}"; ?>'),
|
url: codepot_merge_path('<?php print site_url() ?>', '<?php print "/issue/xhr_update/{$project->id}/{$hex_issue_id}"; ?>'),
|
||||||
type: 'POST',
|
type: 'POST',
|
||||||
data: form_data,
|
data: form_data,
|
||||||
mimeType: 'multipart/form-data',
|
mimeType: 'multipart/form-data',
|
||||||
@ -787,7 +786,7 @@ $this->load->view (
|
|||||||
htmlspecialchars($f->filename)
|
htmlspecialchars($f->filename)
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!empty($f->description)) printf ('- %s', htmlspecialchars($f->description));
|
if (!empty($f->description)) printf (' - %s', htmlspecialchars($f->description));
|
||||||
print '</li>';
|
print '</li>';
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|||||||
Reference in New Issue
Block a user