search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / bug_actiongroup.php
blob87f4b81478be64c64fed02c9c142a91c51de8caf
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This page allows actions to be performed an an array of bugs
19 *
20 * @package MantisBT
21 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @link http://www.mantisbt.org
24 *
25 * @uses core.php
26 * @uses access_api.php
27 * @uses authentication_api.php
28 * @uses bug_api.php
29 * @uses bugnote_api.php
30 * @uses category_api.php
31 * @uses config_api.php
32 * @uses constant_inc.php
33 * @uses custom_field_api.php
34 * @uses event_api.php
35 * @uses form_api.php
36 * @uses gpc_api.php
37 * @uses helper_api.php
38 * @uses html_api.php
39 * @uses lang_api.php
40 * @uses print_api.php
41 * @uses string_api.php
42 * @uses utility_api.php
43 * @uses version_api.php
44 */
45
46 /**
47 * MantisBT Core API's
48 */
49 require_once( 'core.php' );
50 require_api( 'access_api.php' );
51 require_api( 'authentication_api.php' );
52 require_api( 'bug_api.php' );
53 require_api( 'bugnote_api.php' );
54 require_api( 'category_api.php' );
55 require_api( 'config_api.php' );
56 require_api( 'constant_inc.php' );
57 require_api( 'custom_field_api.php' );
58 require_api( 'event_api.php' );
59 require_api( 'form_api.php' );
60 require_api( 'gpc_api.php' );
61 require_api( 'helper_api.php' );
62 require_api( 'html_api.php' );
63 require_api( 'lang_api.php' );
64 require_api( 'print_api.php' );
65 require_api( 'string_api.php' );
66 require_api( 'utility_api.php' );
67 require_api( 'version_api.php' );
68
69 auth_ensure_user_authenticated();
70 helper_begin_long_process();
71
72 $f_action = gpc_get_string( 'action' );
73 $f_custom_field_id = gpc_get_int( 'custom_field_id', 0 );
74 $f_bug_arr = gpc_get_int_array( 'bug_arr', array() );
75 $f_bug_notetext = gpc_get_string( 'bugnote_text', '' );
76 $f_bug_noteprivate = gpc_get_bool( 'private' );
77 $t_form_name = 'bug_actiongroup_' . $f_action;
78 form_security_validate( $t_form_name );
79
80 $t_custom_group_actions = config_get( 'custom_group_actions' );
81
82 foreach( $t_custom_group_actions as $t_custom_group_action ) {
83 if ( $f_action == $t_custom_group_action['action'] ) {
84 require_once( $t_custom_group_action['action_page'] );
85 exit;
86 }
87 }
88
89 $t_failed_ids = array();
90
91 if ( 0 != $f_custom_field_id ) {
92 $t_custom_field_def = custom_field_get_definition( $f_custom_field_id );
93 }
94
95 foreach( $f_bug_arr as $t_bug_id ) {
96 bug_ensure_exists( $t_bug_id );
97 $t_bug = bug_get( $t_bug_id, true );
98
99 if( $t_bug->project_id != helper_get_current_project() ) {
100 # in case the current project is not the same project of the bug we are viewing...
101 # ... override the current project. This to avoid problems with categories and handlers lists etc.
102 $g_project_override = $t_bug->project_id;
103 /** @todo (thraxisp) the next line goes away if the cache was smarter and used project */
104 config_flush_cache(); # flush the config cache so that configs are refetched
105 }
106
107 $t_status = $t_bug->status;
108
109 switch ( $f_action ) {
110
111 case 'CLOSE':
112 $t_closed = config_get( 'bug_closed_status_threshold' );
113 if ( access_can_close_bug( $t_bug_id ) &&
114 ( $t_status < $t_closed ) &&
115 bug_check_workflow( $t_status, $t_closed ) ) {
116
117 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $f_bug_id, $t_bug_data, $f_bugnote_text ) ); */
118 bug_close( $t_bug_id, $f_bug_notetext, $f_bug_noteprivate );
119 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
120 } else {
121 if ( !access_can_close_bug( $t_bug_id ) ) {
122 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
123 } else {
124 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_status' );
125 }
126 }
127 break;
128
129 case 'DELETE':
130 if ( access_has_bug_level( config_get( 'delete_bug_threshold' ), $t_bug_id ) ) {
131 event_signal( 'EVENT_BUG_DELETED', array( $t_bug_id ) );
132 bug_delete( $t_bug_id );
133 } else {
134 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
135 }
136 break;
137
138 case 'MOVE':
139 if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) {
140 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
141 $f_project_id = gpc_get_int( 'project_id' );
142 bug_move( $t_bug_id, $f_project_id );
143 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
144 } else {
145 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
146 }
147 break;
148
149 case 'COPY':
150 $f_project_id = gpc_get_int( 'project_id' );
151
152 if ( access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) {
153 bug_copy( $t_bug_id, $f_project_id, true, true, true, true, true, true );
154 } else {
155 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
156 }
157 break;
158
159 case 'ASSIGN':
160 $f_assign = gpc_get_int( 'assign' );
161 if ( ON == config_get( 'auto_set_status_to_assigned' ) ) {
162 $t_assign_status = config_get( 'bug_assigned_status' );
163 } else {
164 $t_assign_status = $t_status;
165 }
166 # check that new handler has rights to handle the issue, and
167 # that current user has rights to assign the issue
168 $t_threshold = access_get_status_threshold( $t_assign_status, bug_get_field( $t_bug_id, 'project_id' ) );
169 if ( access_has_bug_level( $t_threshold , $t_bug_id, $f_assign ) &&
170 access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $t_bug_id ) &&
171 bug_check_workflow($t_status, $t_assign_status ) ) {
172 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
173 bug_assign( $t_bug_id, $f_assign, $f_bug_notetext, $f_bug_noteprivate );
174 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
175 } else {
176 if ( bug_check_workflow($t_status, $t_assign_status ) ) {
177 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
178 } else {
179 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_status' );
180 }
181 }
182 break;
183
184 case 'RESOLVE':
185 $t_resolved_status = config_get( 'bug_resolved_status_threshold' );
186 if ( access_has_bug_level( access_get_status_threshold( $t_resolved_status, bug_get_field( $t_bug_id, 'project_id' ) ), $t_bug_id ) &&
187 ( $t_status < $t_resolved_status ) &&
188 bug_check_workflow($t_status, $t_resolved_status ) ) {
189 $f_resolution = gpc_get_int( 'resolution' );
190 $f_fixed_in_version = gpc_get_string( 'fixed_in_version', '' );
191 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
192 bug_resolve( $t_bug_id, $f_resolution, $f_fixed_in_version, $f_bug_notetext, null, null, $f_bug_noteprivate );
193 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
194 } else {
195 if ( ( $t_status < $t_resolved_status ) &&
196 bug_check_workflow($t_status, $t_resolved_status ) ) {
197 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
198 } else {
199 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_status' );
200 }
201 }
202 break;
203
204 case 'UP_PRIOR':
205 if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
206 $f_priority = gpc_get_int( 'priority' );
207 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
208 bug_set_field( $t_bug_id, 'priority', $f_priority );
209 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
210 } else {
211 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
212 }
213 break;
214
215 case 'UP_STATUS':
216 $f_status = gpc_get_int( 'status' );
217 $t_project = bug_get_field( $t_bug_id, 'project_id' );
218 if ( access_has_bug_level( access_get_status_threshold( $f_status, $t_project ), $t_bug_id ) ) {
219 if ( TRUE == bug_check_workflow($t_status, $f_status ) ) {
220 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
221 bug_set_field( $t_bug_id, 'status', $f_status );
222
223 # Add bugnote if supplied
224 if ( !is_blank( $f_bug_notetext ) ) {
225 bugnote_add( $t_bug_id, $f_bug_notetext, null, $f_bug_noteprivate );
226 }
227
228 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
229 } else {
230 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_status' );
231 }
232 } else {
233 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
234 }
235 break;
236
237 case 'UP_CATEGORY':
238 $f_category_id = gpc_get_int( 'category' );
239 if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
240 if ( category_exists( $f_category_id ) ) {
241 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
242 bug_set_field( $t_bug_id, 'category_id', $f_category_id );
243 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
244 } else {
245 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_category' );
246 }
247 } else {
248 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
249 }
250 break;
251
252 case 'UP_FIXED_IN_VERSION':
253 $f_fixed_in_version = gpc_get_string( 'fixed_in_version' );
254 $t_project_id = bug_get_field( $t_bug_id, 'project_id' );
255 $t_success = false;
256
257 if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
258 if ( version_get_id( $f_fixed_in_version, $t_project_id ) !== false ) {
259 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
260 bug_set_field( $t_bug_id, 'fixed_in_version', $f_fixed_in_version );
261 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
262 $t_success = true;
263 }
264 }
265
266 if ( !$t_success ) {
267 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
268 }
269 break;
270
271 case 'UP_TARGET_VERSION':
272 $f_target_version = gpc_get_string( 'target_version' );
273 $t_project_id = bug_get_field( $t_bug_id, 'project_id' );
274 $t_success = false;
275
276 if ( access_has_bug_level( config_get( 'roadmap_update_threshold' ), $t_bug_id ) ) {
277 if ( version_get_id( $f_target_version, $t_project_id ) !== false ) {
278 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
279 bug_set_field( $t_bug_id, 'target_version', $f_target_version );
280 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
281 $t_success = true;
282 }
283 }
284
285 if ( !$t_success ) {
286 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
287 }
288 break;
289
290 case 'VIEW_STATUS':
291 if ( access_has_bug_level( config_get( 'change_view_status_threshold' ), $t_bug_id ) ) {
292 $f_view_status = gpc_get_int( 'view_status' );
293 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
294 bug_set_field( $t_bug_id, 'view_state', $f_view_status );
295 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
296 } else {
297 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
298 }
299 break;
300
301 case 'SET_STICKY':
302 if ( access_has_bug_level( config_get( 'set_bug_sticky_threshold' ), $t_bug_id ) ) {
303 $f_sticky = bug_get_field( $t_bug_id, 'sticky' );
304 // The new value is the inverted old value
305 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
306 bug_set_field( $t_bug_id, 'sticky', intval( !$f_sticky ) );
307 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
308 } else {
309 $t_failed_ids[$t_bug_id] = lang_get( 'bug_actiongroup_access' );
310 }
311 break;
312
313 case 'CUSTOM':
314 if ( 0 === $f_custom_field_id ) {
315 trigger_error( ERROR_GENERIC, ERROR );
316 }
317
318 /** @todo we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); */
319 $t_form_var = "custom_field_$f_custom_field_id";
320 $t_custom_field_value = gpc_get_custom_field( $t_form_var, $t_custom_field_def['type'], null );
321 custom_field_set_value( $f_custom_field_id, $t_bug_id, $t_custom_field_value );
322 helper_call_custom_function( 'issue_update_notify', array( $t_bug_id ) );
323 break;
324
325 default:
326 trigger_error( ERROR_GENERIC, ERROR );
327 }
328
329 // Bug Action Event
330 event_signal( 'EVENT_BUG_ACTION', array( $f_action, $t_bug_id ) );
331 }
332
333 form_security_purge( $t_form_name );
334
335 $t_redirect_url = 'view_all_bug_page.php';
336
337 if ( count( $t_failed_ids ) > 0 ) {
338 html_page_top();
339
340 echo '<div><br />';
341 echo '<table class="width75">';
342 $separator = lang_get( 'word_separator' );
343 foreach( $t_failed_ids as $t_id => $t_reason ) {
344 $label = sprintf( lang_get( 'label' ), string_get_bug_view_link( $t_id ) ) . $separator;
345 printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, bug_get_field( $t_id, 'summary' ), $t_reason );
346 }
347 echo '</table><br />';
348 print_bracket_link( $t_redirect_url, lang_get( 'proceed' ) );
349 echo '</div>';
350
351 html_page_bottom();
352 } else {
353 print_header_redirect( $t_redirect_url );
354 }