On 8/29/07, Shawn Hill <[EMAIL PROTECTED]> wrote: > Hello, > > I have installed 1.1.0a4 and I have found that any user can can edit any > other users notes. This is of quite concern to me. How do I go about > trying to resolve this one?
Reading the relevant code in bugnote_view_inc.php, the edit note button is supposed to be shown: 1. if the current user access level is above "manage_project_threshold" (default: MANAGER) 2. if the current user is the note author (but only if $g_bugnote_allow_user_edit_delete is ON) 3. if the current user access level is above "update_bugnote_threshold" (default: DEVELOPER) If you witness a behavior not consistent with this, you should open a report in http://www.mantisbt.org/bugs, along with any relevant information you may have (for instance, the value of the above configuration variables and the access level of the users) ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ mantisbt-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mantisbt-help
