From d69168955366db20ed3940fc418ccb4b1a7b0542 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 21 Aug 2006 03:36:56 +0000
Subject: [PATCH] r1117: *FINALLY* fixing the NotificationCenter->finalize()
 permissions checking bug.

---
 includes/class_notification.php |  4 +++-
 includes/functions.php          | 14 ++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/includes/class_notification.php b/includes/class_notification.php
index 9bda105..6d3b3a7 100644
--- a/includes/class_notification.php
+++ b/includes/class_notification.php
@@ -639,6 +639,8 @@ Initial report:
 	*/
 	function finalize()
 	{
+		// get the current bug for permissions checks
+		$bug = $this->registry->db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . $this->bug['bugid']);
 		$this->registry->mail->set('subject',	sprintf(_('%1$s Bug Notification - %2$s'), $this->registry->options['trackertitle'], $this->bug['summary']));
 		foreach ($this->notices AS $userid => $noticelist)
 		{
@@ -648,7 +650,7 @@ Initial report:
 			}
 			
 			// we wouldn't want people who favorite bugs getting hidden notices
-			if (!check_bug_permissions($this->bug, $this->users["$userid"]))
+			if (!check_bug_permissions($bug, $this->users["$userid"]))
 			{
 				$this->registry->debug("skipping user $userid ({$this->users[$userid]['email']}) because of permissions");
 				continue;
diff --git a/includes/functions.php b/includes/functions.php
index a3fb558..c1289bc 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -538,6 +538,17 @@ function check_bug_permissions($bug, $userinfo = null)
 	
 	$bugsys->debug("checking permissions for $userinfo[userid] on bug $bug[bugid]");
 	
+	$bugsys->debug('*** START VERBOSE CHECK ***');
+	
+	$bugsys->debug('* !can_perform(canviewbugs, $bug[product], $userinfo) = ' . (int)(!can_perform('canviewbugs', $bug['product'], $userinfo)));
+	$bugsys->debug('* $bug[hidden] = ' . (int)$bug['hidden']);
+	$bugsys->debug('* $userinfo[userid] (' . $userinfo['userid'] . ') == $bug[userid] (' . $bug['userid'] . ') = ' . (int)($userinfo['userid'] == $bug['userid']));
+	$bugsys->debug('* can_perform(canviewownhidden, $bug[product], $userinfo) = ' . (int)(!!can_perform('canviewownhidden', $bug['product'], $userinfo)));
+	$bugsys->debug('* can_perform(canviewhidden, $bug[product], $userinfo) = ' . (int)(!!can_perform('canviewhidden', $bug['product'], $userinfo)));
+	$bugsys->debug('* !$bug[hidden] = ' . (int)(!$bug['hidden']));
+	
+	$bugsys->debug('*** END PERMISSIONS CHECK ***');
+	
 	if
 	(
 		!can_perform('canviewbugs', $bug['product'], $userinfo)
@@ -557,9 +568,12 @@ function check_bug_permissions($bug, $userinfo = null)
 		)
 	)
 	{
+		$bugsys->debug('*** DONE WITH REAL CALLS ***');
 		return false;
 	}
 	
+	$bugsys->debug('*** DONE WITH REAL CALLS ***');
+	
 	return true;
 }
 
-- 
2.22.5