From 2ee4db53e5577719c8fbfe04a5535150bb2a512b Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 29 May 2005 20:44:21 +0000 Subject: [PATCH] r206: Allow bugs to be hidden for security reasons or if they want to look deleted. --- admin/usergroup.php | 1 + docs/schema_changes.sql | 4 +++- editcomment.php | 5 +++++ editreport.php | 8 +++++++- includes/init.php | 3 ++- index.php | 3 ++- showhistory.php | 5 +++++ showreport.php | 7 ++++++- templates/default/SHOWREPORT.tpl | 2 ++ templates/default/editreport.tpl | 1 + 10 files changed, 34 insertions(+), 5 deletions(-) diff --git a/admin/usergroup.php b/admin/usergroup.php index b763027..5b4efa0 100755 --- a/admin/usergroup.php +++ b/admin/usergroup.php @@ -97,6 +97,7 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit') $permissions = array( 'general' => array( 'canviewbugs', + 'canviewhiddenbugs', 'cansearch', 'cansubscribe', 'canbeassignedto'), diff --git a/docs/schema_changes.sql b/docs/schema_changes.sql index df7f777..90efbcb 100644 --- a/docs/schema_changes.sql +++ b/docs/schema_changes.sql @@ -48,4 +48,6 @@ CREATE TABLE `bugfield` ( CREATE TABLE `bugvaluefill` ( `bugid` INT(10) UNSIGNED NOT NULL, PRIMARY KEY (`bugid`) -); \ No newline at end of file +); + +ALTER TABLE `bug` ADD `hidden` INT(2) UNSIGNED NOT NULL AFTER `assignedto`; \ No newline at end of file diff --git a/editcomment.php b/editcomment.php index 42f53fd..d94a3c2 100644 --- a/editcomment.php +++ b/editcomment.php @@ -36,6 +36,11 @@ if (!((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['us $message->error_permission(); } +if ($bug['hidden'] AND !can_perform('canviewhiddenbugs')) +{ + $message->error_permissison(); +} + // ################################################################### if (empty($_REQUEST['do'])) diff --git a/editreport.php b/editreport.php index 113f408..6d492d2 100644 --- a/editreport.php +++ b/editreport.php @@ -37,6 +37,11 @@ if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['u $message->error_permission(); } +if ($bug['hidden'] AND !can_perform('canviewhiddenbugs')) +{ + $message->error_permission(); +} + // setup logging require_once('./includes/class_history.php'); $log = new History(); @@ -94,7 +99,8 @@ if ($_POST['do'] == 'update') assignedto = " . intval($bugsys->in['assignedto']) . ", productid = " . $pcv['product'] . ", componentid = " . $pcv['component'] . ", - versionid = " . $pcv['version'] . " + versionid = " . $pcv['version'] . ", + hidden = " . intval($bugsys->in['hidden']) . " WHERE bugid = $bug[bugid]" ); diff --git a/includes/init.php b/includes/init.php index 02a352a..04dc26d 100755 --- a/includes/init.php +++ b/includes/init.php @@ -187,7 +187,8 @@ $_PERMISSION = array( 'canadmintools' => 262144, // can use admin tools 'canadminfields' => 524288, // can admin custom bug fields 'canbeassignedto' => 1048576, // can be assigned bugs, - 'caneditattach' => 2097152 // can edit attachments + 'caneditattach' => 2097152, // can edit attachments + 'canviewhiddenbugs' => 4194304 // can see hidden bugs ); foreach ($_PERMISSION AS $name => $maskvalue) diff --git a/index.php b/index.php index de6c012..15f1615 100644 --- a/index.php +++ b/index.php @@ -32,7 +32,8 @@ $bugs_fetch = $db->query(" LEFT JOIN user AS user1 ON (bug.userid = user1.userid) LEFT JOIN user AS user2 - ON (bug.lastpostby = user2.userid) + ON (bug.lastpostby = user2.userid)" . ((!can_perform('canviewhiddenbugs')) ? " + WHERE !hidden" : "") . " ORDER BY bug.lastposttime DESC" ); diff --git a/showhistory.php b/showhistory.php index f3f8ec4..665d315 100644 --- a/showhistory.php +++ b/showhistory.php @@ -24,6 +24,11 @@ if (!$bug) $message->error('alert: bad bug'); } +if ($bug['hidden'] AND !can_perform('canviewhiddenbugs')) +{ + $message->error_permission(); +} + // ################################################################### $logs_fetch = $db->query(" diff --git a/showreport.php b/showreport.php index 50406a0..d5b12a3 100644 --- a/showreport.php +++ b/showreport.php @@ -38,7 +38,12 @@ $bug = $db->query_first(" if (!is_array($bug)) { $message->error('alert: bad bug'); -} +} + +if ($bug['hidden'] AND !can_perform('canviewhiddenbugs')) +{ + $message->error_permission(); +} // ------------------------------------------------------------------- // prep display diff --git a/templates/default/SHOWREPORT.tpl b/templates/default/SHOWREPORT.tpl index 3f10ff4..d66e025 100644 --- a/templates/default/SHOWREPORT.tpl +++ b/templates/default/SHOWREPORT.tpl @@ -1,3 +1,5 @@ +
This bug is hidden!
+
Bug ID: $bug[bugid]
Reported by: $bug[userinfo]
Product: $bug[product] / Component: $bug[component] / Version: $bug[version]
diff --git a/templates/default/editreport.tpl b/templates/default/editreport.tpl index 2851d76..16c6ecd 100644 --- a/templates/default/editreport.tpl +++ b/templates/default/editreport.tpl @@ -3,6 +3,7 @@
Bug ID: $bug[bugid]
+
style="color: red">Hidden: checked="checked" />
Summary/Title:
Severity:
-- 2.43.5