View Issue Details

IDProjectCategoryView StatusLast Update
0020625mantisbtsecuritypublic2016-07-18 14:56
Reportermattkolb Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Summary0020625: Inconsistent time tracking permissions
Description

Adding time tracking information when changing the status of a ticket requires the user pass the private_bugnote_threshold. However, other methods of adding/editing time tracking permission do not require the increased access privileges.

The problem line:
https://github.com/mantisbt/mantisbt/blob/master/bug_change_status_page.php#L386

Examples of correct implementations:
https://github.com/mantisbt/mantisbt/blob/master/bugnote_edit_page.php#L130
https://github.com/mantisbt/mantisbt/blob/master/bugnote_add_inc.php#L108

TagsNo tags attached.

Relationships

related to 0004428 closeddavidnewcomb Time Tracking 

Activities

dregad

dregad

2016-02-24 03:43

developer   ~0052549

Hello

Thanks for the bug report. It appears this behavior exists since the initial implementation of the Time tracking feature back in 2006 [1] (see 0004428).

That being said, I have no idea of the rationale behind the check for private note access, doesn't make sense to me.

[1] https://github.com/mantisbt/mantisbt/blame/f02da95%5E/bug_change_status_page.php#L288

mattkolb

mattkolb

2016-07-18 14:27

reporter   ~0053631

Bump

atrol

atrol

2016-07-18 14:56

developer   ~0053632

@mattkolb, submitting a patch is always a good idea, as it increases the chances of improvement eventually making it into MantisBT core. All contributions are welcome and greatly appreciated.

Patch submissions can be made in several ways. In the order of preference:

  1. Send us a Pull Request on our Github repository [1]
  2. Attach a GIT patch to the issue
  3. Attach a Unified Diff, clearly specifying the patch's base release

Kindly avoid to upload entire modified PHP files.

Please make sure that your submissions adhere to our Coding Guidelines [2], if they don't your patch might be rejected.

[1] https://github.com/mantisbt/mantisbt
[2] http://www.mantisbt.org/wiki/doku.php/mantisbt:coding_guidelines