MantisBT - v3.5 Release (Development)
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001687||v3.5 Release (Development)||[All Projects] General||public||2016-04-14 08:10||2019-01-01 16:15|
|Assigned To|| |
|Summary||0001687: Administrator can't edit task_log entrys|
|Description||An administrator can't edit a task log entry of another coworker, even if the permissions are set correctly. I found this problem when using the timecard module, but the problem is located in the tasks module. So it also allpys when using the task log edit function is task view.|
|Steps To Reproduce||Just try to edit a task log entry made by someone else. An error is thrown reporting a misleading unexpected character in JSON line 1 row 1.|
|Additional Information||I figured out that the problem is located in logs.class.php. In line 145 three parameters are set. The first two are ok, but the third is "tasks", which causes the problem. This should be "task_log" or "".|
In BaseObject.class.php line 65 the _tbl_module is set, using the $module parameter (tasks in this case). This value is used in logs.class.php canEdit-function in line 339. But this is combined with the ID of the task log entry. So a sql-query for the permission check is build using the id of the task-log and the table tasks. This results in an empty result-array and equals no granted permission. Therefore, an admin is not allowed to edit a task log entry, if the permisson-option of the canEdit-function is required.
A solution is simple as stated above. Just remove the "tasks"-parameter and leave it empty oder set "task_log". In both cases the correct table is later used for the query and a correct permisson check result is achieved.
|Tags||No tags attached.|