From 5e834fe0d8962e73b9f1fb56713b2d91342a5787 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 10 Oct 2005 22:00:15 +0000 Subject: [PATCH] r532: - Removing NULL 2nd parameter from can_perform() - Cleaning up permissions to actually work with our new per-product system --- attachment.php | 14 +++++++------- editcomment.php | 4 ++-- editreport.php | 12 ++++++------ favourite.php | 2 +- index.php | 15 +++++++++++---- newcomment.php | 2 +- newreport.php | 6 +++--- showhistory.php | 2 +- showreport.php | 38 +++++++++++++++++++------------------- vote.php | 2 +- 10 files changed, 52 insertions(+), 45 deletions(-) diff --git a/attachment.php b/attachment.php index 6bf64a2..bbd62f4 100755 --- a/attachment.php +++ b/attachment.php @@ -45,7 +45,7 @@ $log->bugid = $bug['bugid']; if ($_POST['do'] == 'insert') { - if (!can_perform('canputattach', null, $bug['productid'])) + if (!can_perform('canputattach', $bug['productid'])) { $message->error_permission(); } @@ -108,7 +108,7 @@ if ($_POST['do'] == 'insert') } // handle comment stuff - if (can_perform('canpostcomments', null, $bug['productid']) AND trim($bugsys->in['comment'])) + if (can_perform('canpostcomments', $bug['productid']) AND trim($bugsys->in['comment'])) { $bugsys->in['comment_parsed'] = $bugsys->in['comment']; @@ -138,14 +138,14 @@ if ($_POST['do'] == 'insert') if ($_REQUEST['do'] == 'add') { - if (!can_perform('canputattach', null, $bug['productid'])) + if (!can_perform('canputattach', $bug['productid'])) { $message->error_permission(); } $MAXFILESIZE = $funct->fetch_max_attachment_size(); - $show['addcomment'] = ((can_perform('canpostcomments', null, $bug['productid'])) ? true : false); + $show['addcomment'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false); $show['obsoletes'] = false; $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete"); @@ -163,7 +163,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - if (!(can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid'])))) + if (!(can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid'])))) { $message->error_permission(); } @@ -191,12 +191,12 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - if (!(can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid'])))) + if (!(can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid'])))) { $message->error_permission(); } - $show['delete'] = ((can_perform('caneditattach', null, $bug['productid'])) ? true : false); + $show['delete'] = ((can_perform('caneditattach', $bug['productid'])) ? true : false); eval('$template->flush("' . $template->fetch('editattach') . '");'); } diff --git a/editcomment.php b/editcomment.php index 95395c6..2d7540f 100644 --- a/editcomment.php +++ b/editcomment.php @@ -35,12 +35,12 @@ if (!$comment) $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]"); -if (!((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid']))) +if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid']))) { $message->error_permission(); } -if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid'])) +if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) { $message->error_permissison(); } diff --git a/editreport.php b/editreport.php index 1260032..eb2b7d9 100644 --- a/editreport.php +++ b/editreport.php @@ -26,7 +26,7 @@ $bug = $db->query_first(" WHERE bug.bugid = " . intval($bugsys->in['bugid']) ); -if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])) AND !can_perform('canpostcomments', null, $bug['productid'])) +if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) AND !can_perform('canpostcomments', $bug['productid'])) { $message->error_permission(); } @@ -36,7 +36,7 @@ if (!$bug) $message->error($lang->getlex('error_invalid_id')); } -if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid'])) +if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) { $message->error_permission(); } @@ -52,7 +52,7 @@ if ($_POST['do'] == 'update') { // ------------------------------------------------------------------- // process comment stuff - if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid']))) + if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid']))) { $hascomment = (!empty($bugsys->in['comment'])) ? true : false; @@ -105,7 +105,7 @@ if ($_POST['do'] == 'update') } } - if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid']))) + if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid']))) { $message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]"); } @@ -155,12 +155,12 @@ if ($_POST['do'] == 'update') UPDATE " . TABLE_PREFIX . "bug SET summary = '" . $bugsys->in['summary'] . "', severity = " . intval($bugsys->in['severity']) . "," . - (can_perform('canchangestatus', null, $bug['productid']) ? " + (can_perform('canchangestatus', $bug['productid']) ? " priority = " . intval($bugsys->in['priority']) . ", status = " . intval($bugsys->in['status']) . ", resolution = " . intval($bugsys->in['resolution']) . "," : '') . " - " . (can_perform('canassign', null, $bug['productid']) ? "assignedto = " . intval($bugsys->in['assignedto']) . "," : '') . " + " . (can_perform('canassign', $bug['productid']) ? "assignedto = " . intval($bugsys->in['assignedto']) . "," : '') . " duplicateof = " . intval($bugsys->in['duplicateof']) . ", dependency = '$dependencies', productid = " . $pcv['product'] . ", diff --git a/favourite.php b/favourite.php index 256e43c..174d048 100644 --- a/favourite.php +++ b/favourite.php @@ -33,7 +33,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'handle') { $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid'])); - if (!$bug OR (!can_perform('canviewhidden', null, $bug['productid']) AND $bug['hidden'])) + if (!$bug OR (!can_perform('canviewhidden', $bug['productid']) AND $bug['hidden'])) { $message->error($lang->getlex('error_invalid_id')); } diff --git a/index.php b/index.php index 5795d59..78d8eeb 100644 --- a/index.php +++ b/index.php @@ -32,7 +32,13 @@ if (!can_perform('canviewbugs')) // ################################################################### $pagination = new Pagination('p', 'pp'); -$count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "bug" . (!can_perform('canviewhidden') ? " WHERE !hidden" : "")); +$count = $db->query_first(" + SELECT COUNT(*) AS count + FROM " . TABLE_PREFIX . "bug + WHERE (!hidden OR (hidden AND productid IN (" . fetch_on_bits('canviewhidden') . "))) + AND productid IN (" . fetch_on_bits('canviewbugs') . ")" +); + $pagination->total = $count['count']; $pagination->split_pages(); @@ -44,8 +50,9 @@ $bugs_fetch = $db->query(" LEFT JOIN user AS user2 ON (bug.lastpostby = user2.userid) LEFT JOIN user AS user3 - ON (bug.hiddenlastpostby = user3.userid)" . ((!can_perform('canviewhidden')) ? " - WHERE !hidden" : "") . " + ON (bug.hiddenlastpostby = user3.userid) + WHERE bug.productid IN (" . fetch_on_bits('canviewbugs') . ") + AND (!hidden OR (hidden AND productid IN (" . fetch_on_bits('canviewhidden') . "))) ORDER BY bug." . ((can_perform('canviewhidden')) ? "lastposttime" : "hiddenlastposttime") . " DESC LIMIT " . $pagination->fetch_limit($pagination->page - 1) . ", " . $pagination->perpage ); @@ -59,7 +66,7 @@ while ($bug = $db->fetch_array($bugs_fetch)) $bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status']; $bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution']; - $bug['hiddendisplay'] = ((!can_perform('canviewhidden', null, $bug['productid']) AND $bug['hiddenlastposttime']) ? true : false); + $bug['hiddendisplay'] = ((!can_perform('canviewhidden', $bug['productid']) AND $bug['hiddenlastposttime']) ? true : false); $bug['lastposttime'] = (($bug['hiddendisplay']) ? $bug['hiddenlastposttime'] : $bug['lastposttime']); $bug['lastpost'] = (($bug['hiddendisplay']) ? $bug['hiddenlastpost'] : $bug['lastpost']); diff --git a/newcomment.php b/newcomment.php index 39ecd7b..917bddc 100644 --- a/newcomment.php +++ b/newcomment.php @@ -20,7 +20,7 @@ if (!$bug) $message->error($lang->getlex('error_invalid_id')); } -if (!can_perform('canpostcomments', null, $bug['productid']))) +if (!can_perform('canpostcomments', $bug['productid']))) { $message->error_permission(); } diff --git a/newreport.php b/newreport.php index d305aa0..91dde63 100755 --- a/newreport.php +++ b/newreport.php @@ -21,7 +21,7 @@ $focus['newreport'] = 'focus'; require_once('./global.php'); require_once('./includes/functions_product.php'); -if (!can_perform('cansubmitbugs', null, intval($bugsys->in['productid']))) +if (!can_perform('cansubmitbugs', intval($bugsys->in['productid']))) { $message->error_permission(); } @@ -39,7 +39,7 @@ if ($_POST['do'] == 'insert') { // ------------------------------------------------------------------- // check permissions on various input values - if (!can_perform('canchangestatus', null, intval($bugsys->in['productid']))) + if (!can_perform('canchangestatus', intval($bugsys->in['productid']))) { $bugsys->in['priority'] = $bugsys->options['defaultpriority']; $bugsys->in['status'] = $bugsys->options['defaultstatus']; @@ -60,7 +60,7 @@ if ($_POST['do'] == 'insert') $bugsys->in['resolution'] = $bugsys->options['defaultresolve']; } } - if (!can_perform('canassign', null, intval($bugsys->in['productid']))) + if (!can_perform('canassign', intval($bugsys->in['productid']))) { $bugsys->in['assignedto'] = $bugsys->options['defaultassign']; } diff --git a/showhistory.php b/showhistory.php index 7066d66..623433e 100644 --- a/showhistory.php +++ b/showhistory.php @@ -28,7 +28,7 @@ if (!$bug) $message->error($lang->getlex('error_invalid_id')); } -if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid'])) +if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) { $message->error_permission(); } diff --git a/showreport.php b/showreport.php index 9439125..5678e93 100644 --- a/showreport.php +++ b/showreport.php @@ -25,13 +25,6 @@ $focus['showreport'] = 'focus'; require_once('./global.php'); require_once('./includes/functions_product.php'); -if (!can_perform('canviewbugs')) -{ - $message->error_permission(); -} - -$show['edit'] = (((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')) ? true : false; - $bugid = intval($bugsys->in['bugid']); // ################################################################### @@ -69,12 +62,19 @@ $bug = $db->query_first(" WHERE bug.bugid = " . intval($bugsys->in['bugid']) ); +if (!can_perform('canviewbugs', $bug['productid'])) +{ + $message->error_permission(); +} + +$show['edit'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) ? true : false; + if (!is_array($bug)) { $message->error($lang->getlex('error_invalid_id')); } -if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid'])) +if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) { $message->error_permission(); } @@ -97,16 +97,16 @@ if ($show['edit']) { $select['severity'] = construct_datastore_select('severity', 'severity', 'severityid', $bug['severity']); - $show['changestatus'] = ((can_perform('canchangestatus', null, $bug['productid'])) ? true : false); - if (can_perform('canchangestatus', null, $bug['productid'])) + $show['changestatus'] = ((can_perform('canchangestatus', $bug['productid'])) ? true : false); + if (can_perform('canchangestatus', $bug['productid'])) { $select['priority'] = construct_datastore_select('priority', 'priority', 'priorityid', $bug['priority']); $select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']); $select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']); } - $show['assign'] = ((can_perform('canassign', null, $bug['productid'])) ? true : false); - if (can_perform('canassign', null, $bug['productid'])) + $show['assign'] = ((can_perform('canassign', $bug['productid'])) ? true : false); + if (can_perform('canassign', $bug['productid'])) { foreach ($bugsys->datastore['assignto'] AS $dev) { @@ -230,8 +230,8 @@ foreach ($words AS $word) // ------------------------------------------------------------------- // attachments -$show['getattachments'] = ((can_perform('cangetattach', null, $bug['productid']) OR can_perform('caneditattach', null, $bug['productid'])) ? true : false); -$show['putattachments'] = ((can_perform('canputattach', null, $bug['productid']) OR can_perform('caneditattach', null, $bug['productid'])) ? true : false); +$show['getattachments'] = ((can_perform('cangetattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false); +$show['putattachments'] = ((can_perform('canputattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false); $show['attachments'] = ($show['getattachments'] OR $show['putattachments']) ? true : false; if ($show['getattachments'] OR $show['putattachments']) @@ -250,7 +250,7 @@ if ($show['getattachments'] OR $show['putattachments']) while ($attachment = $db->fetch_array($attachments_fetch)) { $attaches = true; - $show['editattach'] = ((can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))) ? true : false); + $show['editattach'] = ((can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))) ? true : false); $attachment['date'] = $datef->format($bugsys->options['dateformat'], $attachment['dateline']); $attachment['user'] = construct_user_display($attachment, false); eval('$attachments .= "' . $template->fetch('showreport_attachment') . '";'); @@ -268,7 +268,7 @@ $vote['total'] = $vote['votefor'] + $vote['voteagainst']; $vote['forpercent'] = round($vote['votefor'] / $vote['total'], 3) * 100; $vote['againstpercent'] = round($vote['voteagainst'] / $vote['total'], 3) * 100; -$show['vote'] = ((can_perform('canvote', null, $bug['productid']) AND !$vote['uservote']) ? true : false); +$show['vote'] = ((can_perform('canvote', $bug['productid']) AND !$vote['uservote']) ? true : false); // ------------------------------------------------------------------- // get comments @@ -277,7 +277,7 @@ $comments_fetch = $db->query(" FROM " . TABLE_PREFIX . "comment AS comment LEFT JOIN " . TABLE_PREFIX . "user AS user ON (comment.userid = user.userid) - WHERE comment.bugid = $bug[bugid]" . ((!can_perform('canviewhidden', null, $bug['productid'])) ? " + WHERE comment.bugid = $bug[bugid]" . ((!can_perform('canviewhidden', $bug['productid'])) ? " AND !hidden" : '') . " ORDER BY comment.dateline ASC" ); @@ -285,7 +285,7 @@ while ($comment = $db->fetch_array($comments_fetch)) { $comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']); $comment['postby'] = construct_user_display($comment); - $show['editcomment'] = (((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) ? true : false); + $show['editcomment'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) ? true : false); if (is_array($hilight)) { @@ -300,7 +300,7 @@ while ($comment = $db->fetch_array($comments_fetch)) eval('$comments .= "' . $template->fetch('showreport_comment') . '";'); } -$show['newreply'] = ((can_perform('canpostcomments', null, $bug['productid'])) ? true : false); +$show['newreply'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false); if (is_array($hilight)) { diff --git a/vote.php b/vote.php index 9ce89dd..a556270 100644 --- a/vote.php +++ b/vote.php @@ -30,7 +30,7 @@ if ($_REQUEST['do'] == 'vote') $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']) . ((!can_perform('canviewhidden')) ? " AND !bug.hidden" : '')); $vote = $db->query_first("SELECT *, FIND_IN_SET(" . $bugsys->userinfo['userid'] . ", userids) AS uservote FROM " . TABLE_PREFIX . "vote WHERE bugid = $bug[bugid]"); - if (!can_perform('canvote', null, $bug['productid'])) + if (!can_perform('canvote', $bug['productid'])) { $message->error_permission(); } -- 2.43.5