Commit 318c59ba authored by xavidp's avatar xavidp

[FIX]Fix regression PluginTrackerList view=user doesn't show anymore user's...

[FIX]Fix regression PluginTrackerList view=user doesn't show anymore user's items, reported in https://dev.tiki.org/item5126 . A new setting 'userCanSeeOwn' in the tracker definition allows previous behavior when used through Plugin TrackerList with param view=user. Direct access to the user to see the full record of his user items is not allowed either, as in previous Tiki branches before the regression. Thanks jonnyb for feedback and pointers, as usual. Please, help to have a third look to this commit (I double checked myself, but my skills are limited), since it touches a few tracker files.
parent a6bcc28c
......@@ -993,6 +993,7 @@ class Services_Tracker_Controller
'modItemStatus' => $input->modItemStatus->word(),
'outboundEmail' => $input->outboundEmail->email(),
'simpleEmail' => $input->simpleEmail->int() ? 'y' : 'n',
'userCanSeeOwn' => $input->userCanSeeOwn->int() ? 'y' : 'n',
'writerCanModify' => $input->writerCanModify->int() ? 'y' : 'n',
'writerCanRemove' => $input->writerCanRemove->int() ? 'y' : 'n',
'userCanTakeOwnership' => $input->userCanTakeOwnership->int() ? 'y' : 'n',
......
......@@ -34,6 +34,7 @@ class Tiki_Profile_InstallHandler_Tracker extends Tiki_Profile_InstallHandler
'email_simplified' => 'simpleEmail',
'default_status' => 'newItemStatus',
'modification_status' => 'modItemStatus',
'allow_user_see_own' => 'userCanSeeOwn',
'allow_creator_modification' => 'writerCanModify',
'allow_creator_deletion' => 'writerCanRemove',
'allow_creator_group_modification' => 'writerGroupCanModify',
......
......@@ -158,7 +158,7 @@ class Tracker_Definition
foreach ($this->getFields() as $field) {
if ($field['type'] == 'u'
&& $field['options_map']['autoassign'] == 1
&& $this->isEnabled('writerCanModify')) {
&& ($this->isEnabled('userCanSeeOwn') or $this->isEnabled('writerCanModify'))) {
return $field['fieldId'];
}
......
......@@ -790,7 +790,7 @@ function wikiplugin_trackerlist($data, $params)
}
$userCreatorFieldId = $definition->getAuthorField();
$groupCreatorFieldId = $definition->getWriterGroupField();
if ($perms['tiki_p_view_trackers'] != 'y' && ! $definition->isEnabled('writerCanModify') && empty($userCreatorFieldId) && empty($groupCreatorFieldId)) {
if ($perms['tiki_p_view_trackers'] != 'y' && ! $definition->isEnabled('writerCanModify') && ! $definition->isEnabled('userCanSeeOwn') && empty($userCreatorFieldId) && empty($groupCreatorFieldId)) {
return;
}
$smarty->assign_by_ref('perms', $perms);
......@@ -1241,7 +1241,7 @@ function wikiplugin_trackerlist($data, $params)
$exactvalue[] = $_REQUEST['tr_user'];
$smarty->assign_by_ref('tr_user', $exactvalue);
}
if ($definition->isEnabled('writerCanModify')) {
if ($definition->isEnabled('writerCanModify') or $definition->isEnabled('userCanSeeOwn')) {
$skip_status_perm_check = true;
}
}
......@@ -1390,7 +1390,7 @@ function wikiplugin_trackerlist($data, $params)
}
}
}
if ($tiki_p_admin_trackers != 'y' && $perms['tiki_p_view_trackers'] != 'y' && $definition->isEnabled('writerCanModify') && $user && $userCreatorFieldId) { //patch this should be in list_items
if ($tiki_p_admin_trackers != 'y' && $perms['tiki_p_view_trackers'] != 'y' && ($definition->isEnabled('writerCanModify') or $definition->isEnabled('userCanSeeOwn')) && $user && $userCreatorFieldId) { //patch this should be in list_items
if ($filterfield != $userCreatorFieldId || (is_array($filterfield) && !in_array($$userCreatorFieldId, $filterfield))) {
if (is_array($filterfield))
$filterfield[] = $userCreatorFieldId;
......
......@@ -82,7 +82,7 @@
{tabset name='tabs_view_tracker'}
{if $tiki_p_view_trackers eq 'y' or (($tracker_info.writerCanModify eq 'y' or $tracker_info.writerGroupCanModify eq 'y') and $user)}
{if $tiki_p_view_trackers eq 'y' or (($tracker_info.writerCanModify eq 'y' or $tracker_info.userCanSeeOwn eq 'y' or $tracker_info.writerGroupCanModify eq 'y') and $user)}
{tab name="{tr}Tracker Items{/tr}"}
{* -------------------------------------------------- tab with list --- *}
......
......@@ -81,7 +81,7 @@
{tabset name='tabs_view_tracker'}
{if $tiki_p_view_trackers eq 'y' or (($tracker_info.writerCanModify eq 'y' or $tracker_info.writerGroupCanModify eq 'y') and $user)}
{if $tiki_p_view_trackers eq 'y' or (($tracker_info.writerCanModify eq 'y' or $tracker_info.userCanSeeOwn eq 'y' or $tracker_info.writerGroupCanModify eq 'y') and $user)}
{tab name="{tr}Tracker Items{/tr}"}
{* -------------------------------------------------- tab with list --- *}
......
......@@ -269,6 +269,15 @@
</div>
<h4>{tr}Permissions{/tr}</h4>
<div>
<label>
<input type="checkbox" name="userCanSeeOwn" value="1"
{if $info.userCanSeeOwn eq 'y'}checked="checked"{/if}>
{tr}User can see his own items{/tr}
<div class="description">
{tr}The tracker needs a user field with the auto-assign activated{/tr}.
{tr}No extra pemission is needed at the tracker permissions level to allow a user to see just his own items through Plugin TrackerList with the param view=user{/tr}
</div>
</label>
<label>
<input type="checkbox" name="writerCanModify" value="1"
{if $info.writerCanModify eq 'y'}checked="checked"{/if}>
......
......@@ -56,7 +56,8 @@ if (!empty($_REQUEST['show']) && $_REQUEST['show'] == 'view') {
} elseif (!empty($_REQUEST['show']) && $_REQUEST['show'] == 'mod') {
$cookietab = '2';
} elseif (empty($_REQUEST['cookietab'])) {
if (isset($tracker_info['writerCanModify']) && $tracker_info['writerCanModify'] == 'y' && $user) $cookietab = '1';
if ((isset($tracker_info['writerCanModify']) && $tracker_info['writerCanModify'] == 'y' && $user) or
(isset($tracker_info['userCanSeeOwn']) && $tracker_info['userCanSeeOwn'] == 'y' && $user)) $cookietab = '1';
elseif (!($tiki_p_view_trackers == 'y' || $tiki_p_admin == 'y' || $tiki_p_admin_trackers == 'y') && $tiki_p_create_tracker_items == 'y') $cookietab = "2";
else if (!isset($cookietab)) {
$cookietab = '1';
......@@ -109,7 +110,9 @@ if ($tracker_info['adminOnlyViewEditItem'] === 'y') {
if ($tiki_p_view_trackers != 'y') {
$userCreatorFieldId = $writerfield;
$groupCreatorFieldId = $writergroupfield;
if ($user && !$my and isset($tracker_info['writerCanModify']) and $tracker_info['writerCanModify'] == 'y' and !empty($userCreatorFieldId)) {
if ($user && !$my and ( (isset($tracker_info['writerCanModify']) and $tracker_info['writerCanModify'] == 'y') or
(isset($tracker_info['userCanSeeOwn']) and $tracker_info['userCanSeeOwn'] == 'y'))
and !empty($userCreatorFieldId)) {
$my = $user;
} elseif ($user && !$ours and isset($tracker_info['writerGroupCanModify']) and $tracker_info['writerGroupCanModify'] == 'y' and !empty($groupCreatorFieldId)) {
$ours = $group;
......
......@@ -291,6 +291,9 @@ $itemObject = Tracker_Item::fromInfo($item_info);
if (!isset($tracker_info["writerCanModify"]) or (isset($utid) and ($_REQUEST['trackerId'] != $utid['usersTrackerId']))) {
$tracker_info["writerCanModify"] = 'n';
}
if (!isset($tracker_info["userCanSeeOwn"]) or (isset($utid) and ($_REQUEST['trackerId'] != $utid['usersTrackerId']))) {
$tracker_info["userCanSeeOwn"] = 'n';
}
if (!isset($tracker_info["writerGroupCanModify"]) or (isset($gtid) and ($_REQUEST['trackerId'] != $gtid['groupTrackerId']))) {
$tracker_info["writerGroupCanModify"] = 'n';
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment