if ($_POST['do'] == 'insert')
{
- if (!can_perform('canputattach', null, $bug['productid']))
+ if (!can_perform('canputattach', $bug['productid']))
{
$message->error_permission();
}
}
// handle comment stuff
- if (can_perform('canpostcomments', null, $bug['productid']) AND trim($bugsys->in['comment']))
+ if (can_perform('canpostcomments', $bug['productid']) AND trim($bugsys->in['comment']))
{
$bugsys->in['comment_parsed'] = $bugsys->in['comment'];
if ($_REQUEST['do'] == 'add')
{
- if (!can_perform('canputattach', null, $bug['productid']))
+ if (!can_perform('canputattach', $bug['productid']))
{
$message->error_permission();
}
$MAXFILESIZE = $funct->fetch_max_attachment_size();
- $show['addcomment'] = ((can_perform('canpostcomments', null, $bug['productid'])) ? true : false);
+ $show['addcomment'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false);
$show['obsoletes'] = false;
$obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete");
if ($_POST['do'] == 'update')
{
- if (!(can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))))
+ if (!(can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))))
{
$message->error_permission();
}
if ($_REQUEST['do'] == 'edit')
{
- if (!(can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))))
+ if (!(can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))))
{
$message->error_permission();
}
- $show['delete'] = ((can_perform('caneditattach', null, $bug['productid'])) ? true : false);
+ $show['delete'] = ((can_perform('caneditattach', $bug['productid'])) ? true : false);
eval('$template->flush("' . $template->fetch('editattach') . '");');
}
$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
-if (!((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])))
+if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])))
{
$message->error_permission();
}
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
{
$message->error_permissison();
}
WHERE bug.bugid = " . intval($bugsys->in['bugid'])
);
-if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])) AND !can_perform('canpostcomments', null, $bug['productid']))
+if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) AND !can_perform('canpostcomments', $bug['productid']))
{
$message->error_permission();
}
$message->error($lang->getlex('error_invalid_id'));
}
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
{
$message->error_permission();
}
{
// -------------------------------------------------------------------
// process comment stuff
- if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])))
+ if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
{
$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
}
}
- if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])))
+ if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
{
$message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]");
}
UPDATE " . TABLE_PREFIX . "bug
SET summary = '" . $bugsys->in['summary'] . "',
severity = " . intval($bugsys->in['severity']) . "," .
- (can_perform('canchangestatus', null, $bug['productid']) ? "
+ (can_perform('canchangestatus', $bug['productid']) ? "
priority = " . intval($bugsys->in['priority']) . ",
status = " . intval($bugsys->in['status']) . ",
resolution = " . intval($bugsys->in['resolution']) . ","
: '') . "
- " . (can_perform('canassign', null, $bug['productid']) ? "assignedto = " . intval($bugsys->in['assignedto']) . "," : '') . "
+ " . (can_perform('canassign', $bug['productid']) ? "assignedto = " . intval($bugsys->in['assignedto']) . "," : '') . "
duplicateof = " . intval($bugsys->in['duplicateof']) . ",
dependency = '$dependencies',
productid = " . $pcv['product'] . ",
if ($_REQUEST['do'] == 'handle')
{
$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']));
- if (!$bug OR (!can_perform('canviewhidden', null, $bug['productid']) AND $bug['hidden']))
+ if (!$bug OR (!can_perform('canviewhidden', $bug['productid']) AND $bug['hidden']))
{
$message->error($lang->getlex('error_invalid_id'));
}
// ###################################################################
$pagination = new Pagination('p', 'pp');
-$count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "bug" . (!can_perform('canviewhidden') ? " WHERE !hidden" : ""));
+$count = $db->query_first("
+ SELECT COUNT(*) AS count
+ FROM " . TABLE_PREFIX . "bug
+ WHERE (!hidden OR (hidden AND productid IN (" . fetch_on_bits('canviewhidden') . ")))
+ AND productid IN (" . fetch_on_bits('canviewbugs') . ")"
+);
+
$pagination->total = $count['count'];
$pagination->split_pages();
LEFT JOIN user AS user2
ON (bug.lastpostby = user2.userid)
LEFT JOIN user AS user3
- ON (bug.hiddenlastpostby = user3.userid)" . ((!can_perform('canviewhidden')) ? "
- WHERE !hidden" : "") . "
+ ON (bug.hiddenlastpostby = user3.userid)
+ WHERE bug.productid IN (" . fetch_on_bits('canviewbugs') . ")
+ AND (!hidden OR (hidden AND productid IN (" . fetch_on_bits('canviewhidden') . ")))
ORDER BY bug." . ((can_perform('canviewhidden')) ? "lastposttime" : "hiddenlastposttime") . " DESC
LIMIT " . $pagination->fetch_limit($pagination->page - 1) . ", " . $pagination->perpage
);
$bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
$bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
- $bug['hiddendisplay'] = ((!can_perform('canviewhidden', null, $bug['productid']) AND $bug['hiddenlastposttime']) ? true : false);
+ $bug['hiddendisplay'] = ((!can_perform('canviewhidden', $bug['productid']) AND $bug['hiddenlastposttime']) ? true : false);
$bug['lastposttime'] = (($bug['hiddendisplay']) ? $bug['hiddenlastposttime'] : $bug['lastposttime']);
$bug['lastpost'] = (($bug['hiddendisplay']) ? $bug['hiddenlastpost'] : $bug['lastpost']);
$message->error($lang->getlex('error_invalid_id'));
}
-if (!can_perform('canpostcomments', null, $bug['productid'])))
+if (!can_perform('canpostcomments', $bug['productid'])))
{
$message->error_permission();
}
require_once('./global.php');
require_once('./includes/functions_product.php');
-if (!can_perform('cansubmitbugs', null, intval($bugsys->in['productid'])))
+if (!can_perform('cansubmitbugs', intval($bugsys->in['productid'])))
{
$message->error_permission();
}
{
// -------------------------------------------------------------------
// check permissions on various input values
- if (!can_perform('canchangestatus', null, intval($bugsys->in['productid'])))
+ if (!can_perform('canchangestatus', intval($bugsys->in['productid'])))
{
$bugsys->in['priority'] = $bugsys->options['defaultpriority'];
$bugsys->in['status'] = $bugsys->options['defaultstatus'];
$bugsys->in['resolution'] = $bugsys->options['defaultresolve'];
}
}
- if (!can_perform('canassign', null, intval($bugsys->in['productid'])))
+ if (!can_perform('canassign', intval($bugsys->in['productid'])))
{
$bugsys->in['assignedto'] = $bugsys->options['defaultassign'];
}
$message->error($lang->getlex('error_invalid_id'));
}
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
{
$message->error_permission();
}
require_once('./global.php');
require_once('./includes/functions_product.php');
-if (!can_perform('canviewbugs'))
-{
- $message->error_permission();
-}
-
-$show['edit'] = (((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')) ? true : false;
-
$bugid = intval($bugsys->in['bugid']);
// ###################################################################
WHERE bug.bugid = " . intval($bugsys->in['bugid'])
);
+if (!can_perform('canviewbugs', $bug['productid']))
+{
+ $message->error_permission();
+}
+
+$show['edit'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) ? true : false;
+
if (!is_array($bug))
{
$message->error($lang->getlex('error_invalid_id'));
}
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
{
$message->error_permission();
}
{
$select['severity'] = construct_datastore_select('severity', 'severity', 'severityid', $bug['severity']);
- $show['changestatus'] = ((can_perform('canchangestatus', null, $bug['productid'])) ? true : false);
- if (can_perform('canchangestatus', null, $bug['productid']))
+ $show['changestatus'] = ((can_perform('canchangestatus', $bug['productid'])) ? true : false);
+ if (can_perform('canchangestatus', $bug['productid']))
{
$select['priority'] = construct_datastore_select('priority', 'priority', 'priorityid', $bug['priority']);
$select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']);
$select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']);
}
- $show['assign'] = ((can_perform('canassign', null, $bug['productid'])) ? true : false);
- if (can_perform('canassign', null, $bug['productid']))
+ $show['assign'] = ((can_perform('canassign', $bug['productid'])) ? true : false);
+ if (can_perform('canassign', $bug['productid']))
{
foreach ($bugsys->datastore['assignto'] AS $dev)
{
// -------------------------------------------------------------------
// attachments
-$show['getattachments'] = ((can_perform('cangetattach', null, $bug['productid']) OR can_perform('caneditattach', null, $bug['productid'])) ? true : false);
-$show['putattachments'] = ((can_perform('canputattach', null, $bug['productid']) OR can_perform('caneditattach', null, $bug['productid'])) ? true : false);
+$show['getattachments'] = ((can_perform('cangetattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false);
+$show['putattachments'] = ((can_perform('canputattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false);
$show['attachments'] = ($show['getattachments'] OR $show['putattachments']) ? true : false;
if ($show['getattachments'] OR $show['putattachments'])
while ($attachment = $db->fetch_array($attachments_fetch))
{
$attaches = true;
- $show['editattach'] = ((can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))) ? true : false);
+ $show['editattach'] = ((can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))) ? true : false);
$attachment['date'] = $datef->format($bugsys->options['dateformat'], $attachment['dateline']);
$attachment['user'] = construct_user_display($attachment, false);
eval('$attachments .= "' . $template->fetch('showreport_attachment') . '";');
$vote['forpercent'] = round($vote['votefor'] / $vote['total'], 3) * 100;
$vote['againstpercent'] = round($vote['voteagainst'] / $vote['total'], 3) * 100;
-$show['vote'] = ((can_perform('canvote', null, $bug['productid']) AND !$vote['uservote']) ? true : false);
+$show['vote'] = ((can_perform('canvote', $bug['productid']) AND !$vote['uservote']) ? true : false);
// -------------------------------------------------------------------
// get comments
FROM " . TABLE_PREFIX . "comment AS comment
LEFT JOIN " . TABLE_PREFIX . "user AS user
ON (comment.userid = user.userid)
- WHERE comment.bugid = $bug[bugid]" . ((!can_perform('canviewhidden', null, $bug['productid'])) ? "
+ WHERE comment.bugid = $bug[bugid]" . ((!can_perform('canviewhidden', $bug['productid'])) ? "
AND !hidden" : '') . "
ORDER BY comment.dateline ASC"
);
{
$comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
$comment['postby'] = construct_user_display($comment);
- $show['editcomment'] = (((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) ? true : false);
+ $show['editcomment'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) ? true : false);
if (is_array($hilight))
{
eval('$comments .= "' . $template->fetch('showreport_comment') . '";');
}
-$show['newreply'] = ((can_perform('canpostcomments', null, $bug['productid'])) ? true : false);
+$show['newreply'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false);
if (is_array($hilight))
{
$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']) . ((!can_perform('canviewhidden')) ? " AND !bug.hidden" : ''));
$vote = $db->query_first("SELECT *, FIND_IN_SET(" . $bugsys->userinfo['userid'] . ", userids) AS uservote FROM " . TABLE_PREFIX . "vote WHERE bugid = $bug[bugid]");
- if (!can_perform('canvote', null, $bug['productid']))
+ if (!can_perform('canvote', $bug['productid']))
{
$message->error_permission();
}