r533: - Permission check cleanup

- Splt caneditinfo into two permissions: caneditotherreply and caneditownreply for comment editing

diff --git a/admin/permission.php b/admin/permission.php
index 9847f8fddc815436982cbf0c8d392b8c902c1fc1..de844d711d4546f303e92d0865cb8b45185aec18 100755 (executable)
--- a/admin/permission.php
+++ b/admin/permission.php
@@ -39,8 +39,9 @@ $permissions = array(
        
        $lang->string('Moderation/Managment Permissions') => array(
                'caneditown' => $lang->string('Can Edit Own Bugs'),
-               'caneditothers' => $lang->string('Can Edit Others\' Bugs'),
-               'caneditinfo' => $lang->string('Can Edit Bug Information'),
+               'caneditother' => $lang->string('Can Edit Others\' Bugs'),
+               'caneditownreply' => $lang->string('Can Edit Own Comments'),
+               'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
                'canassign' => $lang->string('Can Assign Bugs'),
                'canchangestatus' => $lang->string('Can Change Status')
        )

diff --git a/admin/usergroup.php b/admin/usergroup.php
index d73569f6542e22d4ebb1d794bc0e6760ffa76084..edb465895125e456bb776a471c9e0f99150eb1ea 100755 (executable)
--- a/admin/usergroup.php
+++ b/admin/usergroup.php
@@ -41,8 +41,9 @@ $permissions = array(
        
        $lang->string('Moderation/Managment Permissions') => array(
                'caneditown' => $lang->string('Can Edit Own Bugs'),
-               'caneditothers' => $lang->string('Can Edit Others\' Bugs'),
-               'caneditinfo' => $lang->string('Can Edit Bug Information'),
+               'caneditother' => $lang->string('Can Edit Others\' Bugs'),
+               'caneditownreply' => $lang->string('Can Edit Own Comments'),
+               'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
                'canassign' => $lang->string('Can Assign Bugs'),
                'canchangestatus' => $lang->string('Can Change Status')
        ),

diff --git a/editcomment.php b/editcomment.php
index 2d7540f5d5fa562b1c5dd17d8a6220688e0e8923..990298c8118a020ad2030d3b1789f0ac40a06ce4 100644 (file)
--- a/editcomment.php
+++ b/editcomment.php
@@ -35,7 +35,7 @@ if (!$comment)
 
 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
 
-if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])))
+if (!((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
 {
        $message->error_permission();
 }

diff --git a/editreport.php b/editreport.php
index eb2b7d9b47897d4bdfe6ff42cfef3d408777919d..edd85e7d7d9a1a859ccb3913f9d30bd6abb1b6b3 100644 (file)
--- a/editreport.php
+++ b/editreport.php
@@ -26,7 +26,7 @@ $bug = $db->query_first("
        WHERE bug.bugid = " . intval($bugsys->in['bugid'])
 );
 
-if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) AND !can_perform('canpostcomments', $bug['productid']))
+if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])) AND !can_perform('canpostcomments', $bug['productid']))
 {
        $message->error_permission();
 }
@@ -52,7 +52,7 @@ if ($_POST['do'] == 'update')
 {
        // -------------------------------------------------------------------
        // process comment stuff
-       if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
+       if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
        {
                $hascomment = (!empty($bugsys->in['comment'])) ? true : false;
                
@@ -105,7 +105,7 @@ if ($_POST['do'] == 'update')
                }
        }
        
-       if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
+       if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
        {
                $message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]");
        }

diff --git a/includes/init.php b/includes/init.php
index 6209d1e5ee6488b325dcaf48bb9234019d2c4370..2a02d45bc19ae61aa3cca12de9235790a0957534 100755 (executable)
--- a/includes/init.php
+++ b/includes/init.php
@@ -143,9 +143,9 @@ $_PERMISSION = array(
        'canpostcomments'       => 32, // can post new comments
        'cangetattach'          => 64, // can dl attachments
        'canputattach'          => 128, // can ul attachments
-       'caneditown'            => 256, // can edit own comments
-       'caneditothers'         => 512, // can edit others' comments
-       'caneditinfo'           => 1024, // can edit bug info -- works in conjunction with canedit(own|others)
+       'caneditown'            => 256, // can edit own bugs
+       'caneditother'          => 512, // can edit others' bugs
+       'caneditownreply'       => 1024, // can edit own comments
        'canassign'                     => 2048, // can assign bug
        'canchangestatus'       => 4096, // can change bug status
        'canadminpanel'         => 8192, // can view admin panel
@@ -157,7 +157,8 @@ $_PERMISSION = array(
        'canadminfields'        => 524288, // can admin custom bug fields
        'canbeassignedto'       => 1048576, // can be assigned bugs,
        'caneditattach'         => 2097152, // can edit attachments
-       'canviewhidden'         => 4194304 // can see hidden bugs
+       'canviewhidden'         => 4194304, // can see hidden bugs
+       'caneditotherreply'     => 8388608 // can edit other peoples' comments
 );
 
 foreach ($_PERMISSION AS $name => $maskvalue)

diff --git a/showreport.php b/showreport.php
index 5678e93a2ebee97ed703401117397066850db173..f930c9ac917fdf30c23a2c46b35c82754429b0bd 100644 (file)
--- a/showreport.php
+++ b/showreport.php
@@ -67,7 +67,7 @@ if (!can_perform('canviewbugs', $bug['productid']))
        $message->error_permission();
 }
 
-$show['edit'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) ? true : false;
+$show['edit'] = ((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid']));
 
 if (!is_array($bug))
 {
@@ -104,6 +104,13 @@ if ($show['edit'])
                $select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']);
                $select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']);             
        }
+       else
+       {
+               $bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
+               $bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
+               $bug['severity'] = $bugsys->datastore['severity']["$bug[severity]"]['severity'];
+               $bug['priority'] = $bugsys->datastore['priority']["$bug[priority]"]['priority'];
+       }
        
        $show['assign'] = ((can_perform('canassign', $bug['productid'])) ? true : false);
        if (can_perform('canassign', $bug['productid']))
@@ -285,7 +292,11 @@ while ($comment = $db->fetch_array($comments_fetch))
 {
        $comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
        $comment['postby'] = construct_user_display($comment);
-       $show['editcomment'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) ? true : false);
+       $show['editcomment'] = ((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+       
+       $bugsys->debug((int)(can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']));
+       $bugsys->debug((int)(can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+       $bugsys->debug($show['editcomment']);
        
        if (is_array($hilight))
        {

diff --git a/templates/showreport_comment.tpl b/templates/showreport_comment.tpl
index 7604d38de69bb6130857c04d7ac74ad572062e35..8b5080a0ae5b97dfa47308ced5f5925fce374b76 100644 (file)
--- a/templates/showreport_comment.tpl
+++ b/templates/showreport_comment.tpl
@@ -10,7 +10,7 @@
                $comment[comment_parsed]
        </div>
        
-       <if condition="$show['edit']">
+       <if condition="$show['editcomment']">
        <div class="box-foot">
                <span style="float: right">
                        [<a href="editcomment.php?commentid=$comment[commentid]">{@"Edit Comment"}</a>]