From d69168955366db20ed3940fc418ccb4b1a7b0542 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 21 Aug 2006 03:36:56 +0000 Subject: [PATCH] r1117: *FINALLY* fixing the NotificationCenter->finalize() permissions checking bug. --- includes/class_notification.php | 4 +++- includes/functions.php | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/includes/class_notification.php b/includes/class_notification.php index 9bda105..6d3b3a7 100644 --- a/includes/class_notification.php +++ b/includes/class_notification.php @@ -639,6 +639,8 @@ Initial report: */ function finalize() { + // get the current bug for permissions checks + $bug = $this->registry->db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . $this->bug['bugid']); $this->registry->mail->set('subject', sprintf(_('%1$s Bug Notification - %2$s'), $this->registry->options['trackertitle'], $this->bug['summary'])); foreach ($this->notices AS $userid => $noticelist) { @@ -648,7 +650,7 @@ Initial report: } // we wouldn't want people who favorite bugs getting hidden notices - if (!check_bug_permissions($this->bug, $this->users["$userid"])) + if (!check_bug_permissions($bug, $this->users["$userid"])) { $this->registry->debug("skipping user $userid ({$this->users[$userid]['email']}) because of permissions"); continue; diff --git a/includes/functions.php b/includes/functions.php index a3fb558..c1289bc 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -538,6 +538,17 @@ function check_bug_permissions($bug, $userinfo = null) $bugsys->debug("checking permissions for $userinfo[userid] on bug $bug[bugid]"); + $bugsys->debug('*** START VERBOSE CHECK ***'); + + $bugsys->debug('* !can_perform(canviewbugs, $bug[product], $userinfo) = ' . (int)(!can_perform('canviewbugs', $bug['product'], $userinfo))); + $bugsys->debug('* $bug[hidden] = ' . (int)$bug['hidden']); + $bugsys->debug('* $userinfo[userid] (' . $userinfo['userid'] . ') == $bug[userid] (' . $bug['userid'] . ') = ' . (int)($userinfo['userid'] == $bug['userid'])); + $bugsys->debug('* can_perform(canviewownhidden, $bug[product], $userinfo) = ' . (int)(!!can_perform('canviewownhidden', $bug['product'], $userinfo))); + $bugsys->debug('* can_perform(canviewhidden, $bug[product], $userinfo) = ' . (int)(!!can_perform('canviewhidden', $bug['product'], $userinfo))); + $bugsys->debug('* !$bug[hidden] = ' . (int)(!$bug['hidden'])); + + $bugsys->debug('*** END PERMISSIONS CHECK ***'); + if ( !can_perform('canviewbugs', $bug['product'], $userinfo) @@ -557,9 +568,12 @@ function check_bug_permissions($bug, $userinfo = null) ) ) { + $bugsys->debug('*** DONE WITH REAL CALLS ***'); return false; } + $bugsys->debug('*** DONE WITH REAL CALLS ***'); + return true; } -- 2.43.5