PHP access_ensure_bug_level函数代码示例

function xmlhttprequest_issue_reporter_combobox()
{
    $f_bug_id = gpc_get_int('issue_id');
    access_ensure_bug_level(config_get('update_bug_threshold'), $f_bug_id);
    $t_reporter_id = bug_get_field($f_bug_id, 'reporter_id');
    $t_project_id = bug_get_field($f_bug_id, 'project_id');
    echo '<select name="reporter_id">';
    print_reporter_option_list($t_reporter_id, $t_project_id);
    echo '</select>';
}

 function display_commit_message($event, $bugid)
 {
     if (!$bugid) {
         return;
     }
     $t_fields = config_get('bug_view_page_fields');
     $t_fields = columns_filter_disabled($t_fields);
     $tpl_show_id = in_array('id', $t_fields);
     $tpl_show_description = in_array('description', $t_fields);
     $tpl_show_status = in_array('status', $t_fields);
     if ($tpl_show_id && $tpl_show_description && $tpl_show_status) {
         bug_ensure_exists($bugid);
         $bug = bug_get($bugid, true);
         access_ensure_bug_level(VIEWER, $bugid);
         $tpl_description = string_display_links($bug->summary);
         $tpl_status = get_enum_element('status', $bug->status);
         $tpl_link = config_get('path') . string_get_bug_view_url($bugid, null);
         $message = sprintf('%s - #JJ%d: %s<br/>%s', strtoupper($tpl_status), $bugid, $tpl_description, $tpl_link);
         echo '<tr ', helper_alternate_class(), '>';
         echo '<td class="category">', plugin_lang_get('commit_message'), '</td>';
         echo '<td colspan="5">' . $message . '</td>';
         echo '</tr>';
     }
 }

/**
 * Detach a tag from a bug.
 * @param integer Tag ID
 * @param integer Bug ID
 * @param boolean Add history entries to bug
 * @param integer User Id (or null for current logged in user)
 */
function tag_bug_detach($p_tag_id, $p_bug_id, $p_add_history = true, $p_user_id = null)
{
    if ($p_user_id === null) {
        $t_user_id = auth_get_current_user_id();
    } else {
        $t_user_id = $p_user_id;
    }
    if (!tag_bug_is_attached($p_tag_id, $p_bug_id)) {
        trigger_error(TAG_NOT_ATTACHED, ERROR);
    }
    $t_tag_row = tag_bug_get_row($p_tag_id, $p_bug_id);
    if ($t_user_id == tag_get_field($p_tag_id, 'user_id') || $t_user_id == $t_tag_row['user_id']) {
        $t_detach_level = config_get('tag_detach_own_threshold');
    } else {
        $t_detach_level = config_get('tag_detach_threshold');
    }
    access_ensure_bug_level($t_detach_level, $p_bug_id, $t_user_id);
    $c_tag_id = db_prepare_int($p_tag_id);
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_bug_tag_table = db_get_table('bug_tag');
    $query = "DELETE FROM {$t_bug_tag_table}\n\t\t\t\t\tWHERE tag_id=" . db_param() . ' AND bug_id=' . db_param();
    db_query_bound($query, array($c_tag_id, $c_bug_id));
    if ($p_add_history) {
        $t_tag_name = tag_get_field($p_tag_id, 'name');
        history_log_event_special($p_bug_id, TAG_DETACHED, $t_tag_name);
    }
    # updated the last_updated date
    bug_update_date($p_bug_id);
    return true;
}

$f_files = gpc_get_fileCustom('ufile', -1);
if ($f_bug_id == -1 && $f_files == -1) {
    # _POST/_FILES does not seem to get populated if you exceed size limit so check if bug_id is -1
    trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
form_security_validate('bug_file_add');
$t_bug = bug_get($f_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
if (!file_allow_bug_upload($f_bug_id)) {
    access_denied();
}
access_ensure_bug_level(config_get('upload_bug_file_threshold'), $f_bug_id);
// Process array of files to upload
for ($i = 0; $i < count($f_files); $i++) {
    if (!empty($f_files[$i]['name'])) {
        $t_file['name'] = $f_files[$i]['name'];
        $t_file['tmp_name'] = $f_files[$i]['tmp_name'];
        $t_file['type'] = $f_files[$i]['type'];
        $t_file['error'] = $f_files[$i]['error'];
        $t_file['size'] = $f_files[$i]['size'];
        file_add($f_bug_id, $t_file, 'bug');
    }
}
form_security_purge('bug_file_add');
# Determine which view page to redirect back to.
$t_redirect_url = string_get_bug_view_url($f_bug_id);
html_page_top(null, $t_redirect_url);

$f_time_tracking = gpc_get_string('time_tracking', '0:00');
$f_bugnote_text = trim(gpc_get_string('bugnote_text', ''));
$f_files = gpc_get_file('ufile', null);
$t_bug = bug_get($f_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
if (bug_is_readonly($t_bug->id)) {
    error_parameters($t_bug->id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
access_ensure_bug_level(config_get('add_bugnote_threshold'), $t_bug->id);
if ($f_private) {
    access_ensure_bug_level(config_get('set_view_status_threshold'), $t_bug->id);
}
# Handle the file upload
if ($f_files !== null) {
    if (!file_allow_bug_upload($f_bug_id)) {
        access_denied();
    }
    file_process_posted_files_for_bug($f_bug_id, $f_files);
}
# We always set the note time to BUGNOTE, and the API will overwrite it with TIME_TRACKING
# if $f_time_tracking is not 0 and the time tracking feature is enabled.
$t_bugnote_id = bugnote_add($t_bug->id, $f_bugnote_text, $f_time_tracking, $f_private, BUGNOTE);
if (!$t_bugnote_id) {
    error_parameters(lang_get('bugnote'));
    trigger_error(ERROR_EMPTY_FIELD, ERROR);
}

# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: bug_monitor.php,v 1.28.16.1 2007-10-13 22:32:42 giallu Exp $
# --------------------------------------------------------
# This file turns monitoring on or off for a bug for the current user
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'bug_api.php';
# helper_ensure_post();
$f_bug_id = gpc_get_int('bug_id');
$t_bug = bug_get($f_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
$f_action = gpc_get_string('action');
access_ensure_bug_level(config_get('monitor_bug_threshold'), $f_bug_id);
if ('delete' == $f_action) {
    bug_unmonitor($f_bug_id, auth_get_current_user_id());
} else {
    # should be 'add' but we have to account for other values
    bug_monitor($f_bug_id, auth_get_current_user_id());
}
print_successful_redirect_to_bug($f_bug_id);

/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'bug_api.php';
require_once 'bugnote_api.php';
form_security_validate('bugnote_add');
$f_bug_id = gpc_get_int('bug_id');
$f_private = gpc_get_bool('private');
$f_time_tracking = gpc_get_string('time_tracking', '0:00');
$f_bugnote_text = trim(gpc_get_string('bugnote_text', ''));
$t_bug = bug_get($f_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
if (bug_is_readonly($f_bug_id)) {
    error_parameters($f_bug_id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
access_ensure_bug_level(config_get('add_bugnote_threshold'), $f_bug_id);
// We always set the note time to BUGNOTE, and the API will overwrite it with TIME_TRACKING
// if $f_time_tracking is not 0 and the time tracking feature is enabled.
$t_bugnote_id = bugnote_add($f_bug_id, $f_bugnote_text, $f_time_tracking, $f_private, BUGNOTE);
if (!$t_bugnote_id) {
    error_parameters(lang_get('bugnote'));
    trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
form_security_purge('bugnote_add');
print_successful_redirect_to_bug($f_bug_id);

$g_allow_browser_cache = 1;
$f_bug_id = gpc_get_int('bug_id');
$t_bug = bug_get($f_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
    $t_changed_project = true;
} else {
    $t_changed_project = false;
}
if (bug_is_readonly($f_bug_id)) {
    error_parameters($f_bug_id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
access_ensure_bug_level(config_get('update_bug_threshold'), $f_bug_id);
$t_fields = config_get('bug_update_page_fields');
$t_fields = columns_filter_disabled($t_fields);
$t_bug_id = $f_bug_id;
$t_action_button_position = config_get('action_button_position');
$t_top_buttons_enabled = $t_action_button_position == POSITION_TOP || $t_action_button_position == POSITION_BOTH;
$t_bottom_buttons_enabled = $t_action_button_position == POSITION_BOTTOM || $t_action_button_position == POSITION_BOTH;
$t_show_id = in_array('id', $t_fields);
$t_show_project = in_array('project', $t_fields);
$t_show_category = in_array('category_id', $t_fields);
$t_show_view_state = in_array('view_state', $t_fields);
$t_view_state = $t_show_view_state ? string_display_line(get_enum_element('view_state', $t_bug->view_state)) : '';
$t_show_date_submitted = in_array('date_submitted', $t_fields);
$t_show_last_updated = in_array('last_updated', $t_fields);
$t_show_reporter = in_array('reporter', $t_fields);
$t_show_handler = in_array('handler', $t_fields);

$f_bug_id = gpc_get_int( 'bug_id' );

$t_bug = bug_get( $f_bug_id, true );
if( $t_bug->project_id != helper_get_current_project() ) {
	# in case the current project is not the same project of the bug we are viewing...
	# ... override the current project. This to avoid problems with categories and handlers lists etc.
	$g_project_override = $t_bug->project_id;
}

if( bug_is_readonly( $f_bug_id ) ) {
	error_parameters( $f_bug_id );
	trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
}

access_ensure_bug_level( config_get( 'bug_reminder_threshold' ), $f_bug_id );

html_page_top( bug_format_summary( $f_bug_id, SUMMARY_CAPTION ) );
?>

<?php # Send reminder Form BEGIN ?>
<br />
<form method="post" action="bug_reminder.php">
<?php echo form_security_field( 'bug_reminder' ) ?>
<input type="hidden" name="bug_id" value="<?php echo $f_bug_id ?>" />
<div class="width75 form-container">
<table cellspacing="1">
<tr>
	<td class="form-title" colspan="2">
		<?php echo lang_get( 'bug_reminder' ) ?>
	</td>

 *
 * @uses core.php
 * @uses access_api.php
 * @uses bug_revision_api.php
 * @uses config_api.php
 * @uses form_api.php
 * @uses gpc_api.php
 * @uses helper_api.php
 * @uses lang_api.php
 * @uses print_api.php
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_api('access_api.php');
require_api('bug_revision_api.php');
require_api('config_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('lang_api.php');
require_api('print_api.php');
form_security_validate('bug_revision_drop');
$f_revision_id = gpc_get_int('id');
$t_revision = bug_revision_get($f_revision_id);
access_ensure_bug_level(config_get('bug_revision_drop_threshold'), $t_revision['bug_id']);
helper_ensure_confirmed(lang_get('confirm_revision_drop'), lang_get('revision_drop'));
bug_revision_drop($f_revision_id);
form_security_purge('bug_revision_drop');
print_successful_redirect_to_bug($t_revision['bug_id']);

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.

   Notes: Based on the Time Tracking plugin by Elmar:
   2005 by Elmar Schumacher - GAMBIT Consulting GmbH
   http://www.mantisbt.org/forums/viewtopic.php?f=4&t=589	
*/
form_security_validate('plugin_TimeTracking_delete_record');
$f_bug_id = gpc_get_int('bug_id');
$f_delete_id = gpc_get_int('delete_id');
$table = plugin_table('data', 'TimeTracking');
$query_pull_timerecords = "SELECT * FROM {$table} WHERE id = {$f_delete_id} ORDER BY timestamp DESC";
$result_pull_timerecords = db_query($query_pull_timerecords);
$row = db_fetch_array($result_pull_timerecords);
$t_user_id = auth_get_current_user_id();
if ($row[user] == $t_user_id) {
    access_ensure_bug_level(plugin_config_get('admin_own_threshold'), $f_bug_id);
} else {
    access_ensure_bug_level(plugin_config_get('admin_threshold'), $f_bug_id);
}
$query_delete = "DELETE FROM {$table} WHERE id = {$f_delete_id}";
db_query($query_delete);
history_log_event_direct($f_bug_id, plugin_lang_get('history') . " " . plugin_lang_get('deleted'), date(config_get("short_date_format"), strtotime($row["expenditure_date"])) . ": " . number_format($row["hours"], 2, ',', '.') . " h.", "deleted", $user);
form_security_purge('plugin_TimeTracking_delete_record');
$t_url = string_get_bug_view_url($f_bug_id, auth_get_current_user_id());
print_successful_redirect($t_url . "#timerecord");

require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('tag_api.php');
require_api('utility_api.php');
form_security_validate('tag_attach');
$f_bug_id = gpc_get_int('bug_id');
$f_tag_select = gpc_get_int('tag_select');
$f_tag_string = gpc_get_string('tag_string');
$t_user_id = auth_get_current_user_id();
access_ensure_bug_level(config_get('tag_attach_threshold'), $f_bug_id, $t_user_id);
/** @todo The handling of tag strings which can include multiple tags should be moved
 *     to the APIs.  This is to allow other clients of the API to support such
 *     functionality.  The access level checks should also be moved to the API.
 */
$t_tags = tag_parse_string($f_tag_string);
$t_can_create = access_has_global_level(config_get('tag_create_threshold'));
$t_tags_create = array();
$t_tags_attach = array();
$t_tags_failed = array();
foreach ($t_tags as $t_tag_row) {
    if (-1 == $t_tag_row['id']) {
        if ($t_can_create) {
            $t_tags_create[] = $t_tag_row;
        } else {
            $t_tags_failed[] = $t_tag_row;

require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('sponsorship_api.php');
if (!config_get('enable_sponsorship')) {
    trigger_error(ERROR_SPONSORSHIP_NOT_ENABLED, ERROR);
}
form_security_validate('account_sponsor_update');
auth_ensure_user_authenticated();
$f_bug_list = gpc_get_string('buglist', '');
$t_bug_list = explode(',', $f_bug_list);
foreach ($t_bug_list as $t_bug) {
    list($t_bug_id, $t_sponsor_id) = explode(':', $t_bug);
    $c_bug_id = (int) $t_bug_id;
    bug_ensure_exists($c_bug_id);
    # dies if bug doesn't exist
    access_ensure_bug_level(config_get('handle_sponsored_bugs_threshold'), $c_bug_id);
    # dies if user can't handle bug
    $t_bug = bug_get($c_bug_id);
    $t_sponsor = sponsorship_get((int) $t_sponsor_id);
    $t_new_payment = gpc_get_int('sponsor_' . $c_bug_id . '_' . $t_sponsor->id, $t_sponsor->paid);
    if ($t_new_payment != $t_sponsor->paid) {
        sponsorship_update_paid($t_sponsor_id, $t_new_payment);
    }
}
form_security_purge('account_sponsor_update');
$t_redirect_url = 'account_sponsor_page.php';
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url, lang_get('payment_updated'));
html_page_bottom();

}

form_security_validate( 'account_sponsor_update' );

auth_ensure_user_authenticated();

$f_bug_list = gpc_get_string( 'buglist', '' );
$t_bug_list = explode( ',', $f_bug_list );

foreach ( $t_bug_list as $t_bug ) {
	list( $t_bug_id, $t_sponsor_id ) = explode( ':', $t_bug );
	$c_bug_id = (int) $t_bug_id;

	bug_ensure_exists( $c_bug_id ); # dies if bug doesn't exist

	access_ensure_bug_level( config_get( 'handle_sponsored_bugs_threshold' ), $c_bug_id ); # dies if user can't handle bug

	$t_bug = bug_get( $c_bug_id );
	$t_sponsor = sponsorship_get( (int) $t_sponsor_id );

	$t_new_payment = gpc_get_int( 'sponsor_' . $c_bug_id . '_' . $t_sponsor->id, $t_sponsor->paid );
	if ( $t_new_payment != $t_sponsor->paid ) {
		sponsorship_update_paid( $t_sponsor_id, $t_new_payment );
	}
}

form_security_purge( 'account_sponsor_update' );

$t_redirect = 'account_sponsor_page.php';
html_page_top( null, $t_redirect );

    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
$f_handler_id = gpc_get_int('handler_id', auth_get_current_user_id());
# check that current user has rights to assign the issue
access_ensure_bug_level(config_get('update_bug_assign_threshold', config_get('update_bug_threshold')), $f_bug_id);
$t_bug_sponsored = sponsorship_get_amount(sponsorship_get_all_ids($f_bug_id)) > 0;
if ($t_bug_sponsored) {
    if (!access_has_bug_level(config_get('assign_sponsored_bugs_threshold'), $f_bug_id)) {
        trigger_error(ERROR_SPONSORSHIP_ASSIGNER_ACCESS_LEVEL_TOO_LOW, ERROR);
    }
}
if ($f_handler_id != NO_USER) {
    # check that new handler has rights to handle the issue
    access_ensure_bug_level(config_get('handle_bug_threshold'), $f_bug_id, $f_handler_id);
    if ($t_bug_sponsored) {
        if (!access_has_bug_level(config_get('handle_sponsored_bugs_threshold'), $f_bug_id, $f_handler_id)) {
            trigger_error(ERROR_SPONSORSHIP_HANDLER_ACCESS_LEVEL_TOO_LOW, ERROR);
        }
    }
}
# Update handler and status
$t_bug->handler_id = $f_handler_id;
if (ON == config_get('auto_set_status_to_assigned') && NO_USER != $f_handler_id) {
    $t_bug->status = config_get('bug_assigned_status');
}
# Plugin support
$t_new_bug = event_signal('EVENT_UPDATE_BUG', $t_bug, $f_bug_id);
if (!is_null($t_new_bug)) {
    $t_bug = $t_new_bug;