View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0021654||mantisbt||code cleanup||public||2016-08-28 15:34||2017-10-08 23:53|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||2.7.0||Fixed in Version||2.7.0|
|Summary||0021654: Deprecate access_has_any_project()|
The function access_has_any_project() is at risk of not functioning correctly, as probably, to check an access level on several projects, the config option has to be evaluated for each individual project.
The new function introduced in said PR, access_has_any_project_level(), can account for each project configuration, and should be used instead access_has_any_project().
Being a function that have existed for a long time in core api, the proposal is to replace all usages with the new equivalent, and mark it as deprecated to show a warning in case any external code is using it.
I report this to be a separated task from that PR, because there are more changes to be done, as some of that code is operating incorrectly on thresholds assuming they are integer values (they can also be arrays).
|Tags||No tags attached.|
MantisBT: master 1c436505
Committer: dregad Details Diff
This function may mislead into incorrect validations. Usually you want
to check that a user meets a threshold for any project, but that
threshold may be configured differently for each project, and the user
may also have different access levels in each project due to private
In that scenario, $p_access_level can't be a static threshold, but a
"threshold identifier" instead, that must be evaluated for each project.
Function "access_has_any_project_level()" provides that functionality,
also covers the basic usage of this function.
For such reasons, this function has been deprecated.
|mod - core/access_api.php||Diff File|