View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022470 | mantisbt | feature | public | 2017-03-05 15:18 | 2018-03-02 17:40 |
Reporter | Mr.Bricodage | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | new | Resolution | open | ||
Product Version | 2.2.0 | ||||
Summary | 0022470: Access Restriction to each custom action group option | ||||
Description | Custom action group can be added according to https://www.mantisbt.org/wiki/doku.php/mantisbt:issue:7900 These additional action group are available to any user that has rights to the project. Some custom action group should be displayed only to users with a minimal access level. A new action group option 'threshold_min' could be used. | ||||
Additional Information | new custom action group declaration :
The new option 'threshold_min' is handled in core/bug_group_action_api.php, row 303
Existing custom action group are not impacted by the modification, because if 'threshold_min' is not defined, threshold_min equal to 0 and everybody can view the option in the list. | ||||
Tags | No tags attached. | ||||
Didn't have a deeper look, but doesn't this prevent just the display of the menu entry, so that you are still able to execute the custom functions using other ways? BTW, the same applies to |
|
Yes, you're right. My problem is that the custom actions page api let the developper to define access rights in validate and process functions, but even if the user hasn't rights to use the custom function, this custom function is displayed in the group action option list in bug_view_page and the form in the custom action page is displayed too. To avoid displaying actions that will be forbidden in validate or process functions, the
I didn't understand this note. Do you please confirm that |
|
Right, |
|
Do you want me to provide a PR for this feature ? |
|