View Issue Details

IDProjectCategoryView StatusLast Update
0024696mantisbtauthorizationpublic2018-09-04 01:23
Reporterokido Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.15.0 
Target Version2.17.0Fixed in Version2.17.0 
Summary0024696: Custom fields can be changed without having update_bug_threshold access rights
Description

Hi,
I have disable the permission for some user to update a report but they can modify the customs fields via selection button (see screenshot) maybe i have missing something in custom field configuration.

TagsNo tags attached.
Attached Files
img.png (30,665 bytes)   
img.png (30,665 bytes)   
img1.png (17,822 bytes)   
img1.png (17,822 bytes)   

Activities

atrol

atrol

2018-08-24 17:50

developer   ~0060491

There is a setting Write Access on custom fields property page.
You can set the minimal access level that is needed to change the field.

okido

okido

2018-08-27 03:19

reporter   ~0060498

Last edited: 2018-08-27 03:20

yes but if i change write access to developer, reporter can't use this field in their report, I just want all user under developer can't update anything in all report.

atrol

atrol

2018-08-27 13:45

developer   ~0060509

PR https://github.com/mantisbt/mantisbt/pull/1383

okido

okido

2018-08-29 05:51

reporter   ~0060521

I have to replace with this new file ?

atrol

atrol

2018-08-29 06:50

developer   ~0060523

@okido you could try the change by replacing the file.
But keep in mind that this is still in progress, waiting for other devs to review and approve.
After that, it will be part of official Mantis 2.17.0 or a later version.

okido

okido

2018-08-29 08:20

reporter   ~0060524

I tested it and it solve the problem, but im waiting for you to validate it before I use it
Thank you

Related Changesets

MantisBT: master 4e86afc4

2018-08-26 23:59

atrol


Details Diff
Add update_bug_threshold check for custom field bulk operations

Fixes 0024696
Affected Issues
0024696
mod - core/bug_group_action_api.php Diff File

MantisBT: master ef32cb91

2018-08-28 04:40

atrol


Details Diff
Code and performance enhancements

Issue 0024696
Affected Issues
0024696
mod - core/bug_group_action_api.php Diff File