Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a399425

Browse filesBrowse files
marcelfolaronmarcelfolaron
committed
fix: users with project access through clients did not see all tasks due to wrong string comparison
1 parent 465d1f2 commit a399425
Copy full SHA for a399425

File tree

Expand file treeCollapse file tree

6 files changed

+23
-8
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

6 files changed

+23
-8
lines changed
Open diff view settings
Collapse file

‎app/Domain/Comments/Repositories/Comments.php‎

Copy file name to clipboardExpand all lines: app/Domain/Comments/Repositories/Comments.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,7 @@ public function getAllAccountComments(?int $projectId, ?int $moduleId): array|fa
215215
216216
(zp_projects.id IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
217217
OR zp_projects.psettings = 'all'
218-
OR (zp_projects.psettings = 'client' AND zp_projects.clientId = :clientId)
218+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
219219
OR (:requesterRole = 'admin' OR :requesterRole = 'manager')) ";
220220

221221
if (isset($projectId) && $projectId > 0) {
Collapse file

‎app/Domain/Goalcanvas/Repositories/Goalcanvas.php‎

Copy file name to clipboardExpand all lines: app/Domain/Goalcanvas/Repositories/Goalcanvas.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,7 @@ public function getAllAccountGoals(?int $projectId, ?int $boardId): false|array
194194
WHERE zp_canvas_items.box = 'goal' AND (
195195
zp_canvas.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
196196
OR zp_projects.psettings = 'all'
197-
OR (zp_projects.psettings = 'client' AND zp_projects.clientId = :clientId)
197+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
198198
OR (:requesterRole = 'admin' OR :requesterRole = 'manager')
199199
)
200200
";
Collapse file

‎app/Domain/Ideas/Repositories/Ideas.php‎

Copy file name to clipboardExpand all lines: app/Domain/Ideas/Repositories/Ideas.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -571,7 +571,7 @@ public function getAllIdeas(?int $projectId, ?int $boardId): array|false
571571
WHERE zp_canvas_items.box = 'idea' AND (
572572
zp_canvas.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
573573
OR zp_projects.psettings = 'all'
574-
OR (zp_projects.psettings = 'client' AND zp_projects.clientId = :clientId)
574+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
575575
OR (:requesterRole = 'admin' OR :requesterRole = 'manager')
576576
)
577577
";
Collapse file

‎app/Domain/Projects/Repositories/Projects.php‎

Copy file name to clipboardExpand all lines: app/Domain/Projects/Repositories/Projects.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -847,7 +847,7 @@ public function isUserAssignedToProject($userId, $projectId): bool
847847
}
848848

849849
// Everyone in client is allowed to see project
850-
if ($project['psettings'] === 'client' || $project['psettings'] === 'clients') {
850+
if ($project['psettings'] === 'clients') {
851851
if ($user['clientId'] == $project['clientId']) {
852852
return true;
853853
}
Collapse file

‎app/Domain/Tickets/Repositories/Tickets.php‎

Copy file name to clipboardExpand all lines: app/Domain/Tickets/Repositories/Tickets.php
+18-3Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -291,7 +291,7 @@ public function getUsersTickets($id, $limit): false|array
291291
WHERE (
292292
ticket.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :id)
293293
OR project.psettings = 'all'
294-
OR (project.psettings = 'client' AND project.clientId = :clientId)
294+
OR (project.psettings = 'clients' AND project.clientId = :clientId)
295295
)
296296
AND ticket.type <> 'milestone'
297297
ORDER BY ticket.id DESC";
@@ -386,7 +386,7 @@ public function getAllBySearchCriteria(array $searchCriteria, string $sort = 'st
386386
WHERE (
387387
zp_tickets.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
388388
OR zp_projects.psettings = 'all'
389-
OR (zp_projects.psettings = 'client' AND zp_projects.clientId = :clientId)
389+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
390390
OR (requestor.role >= 40)
391391
)
392392
";
@@ -620,6 +620,7 @@ public function simpleTicketQuery(?int $userId, ?int $projectId, array $types =
620620
WHERE (
621621
zp_tickets.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :requestorId)
622622
OR zp_projects.psettings = 'all'
623+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
623624
OR (requestor.role >= 40)
624625
)
625626
SQL;
@@ -656,6 +657,8 @@ public function simpleTicketQuery(?int $userId, ?int $projectId, array $types =
656657
}
657658
}
658659

660+
$stmn->bindValue(':clientId', session('userdata.clientId') ?? '-1', PDO::PARAM_INT);
661+
659662
// Current client is only used for authorization as it represents the current client Id assigned to a user.
660663
// Do not attempt to filter tickets using this value.
661664
if (session()->exists('userdata')) {
@@ -705,7 +708,8 @@ public function getScheduledTasks(CarbonImmutable $dateFrom, CarbonImmutable $da
705708
(
706709
zp_tickets.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
707710
OR zp_projects.psettings = 'all'
708-
OR requestor.role >= 40
711+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
712+
OR (requestor.role >= 40)
709713
)
710714
AND zp_tickets.type <> 'milestone'
711715
SQL;
@@ -734,6 +738,8 @@ public function getScheduledTasks(CarbonImmutable $dateFrom, CarbonImmutable $da
734738
$stmn->bindValue(':requestorId', -1, PDO::PARAM_INT);
735739
}
736740

741+
$stmn->bindValue(':clientId', session('userdata.clientId') ?? '-1', PDO::PARAM_INT);
742+
737743
$stmn->execute();
738744
$values = $stmn->fetchAll();
739745
$stmn->closeCursor();
@@ -1050,6 +1056,7 @@ public function getAllMilestones(array $searchCriteria, string $sort = 'standard
10501056
AND (
10511057
zp_tickets.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
10521058
OR zp_projects.psettings = 'all'
1059+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
10531060
OR (requestor.role >= 40)
10541061
)
10551062
";
@@ -1166,6 +1173,14 @@ public function getAllMilestones(array $searchCriteria, string $sort = 'standard
11661173
}
11671174
}
11681175

1176+
// Current client is only used for authorization as it represents the current client Id assigned to a user.
1177+
// Do not attempt to filter tickets using this value.
1178+
if (isset($searchCriteria['currentClient'])) {
1179+
$stmn->bindValue(':clientId', $searchCriteria['currentClient'], PDO::PARAM_INT);
1180+
} else {
1181+
$stmn->bindValue(':clientId', session('userdata.clientId') ?? '-1', PDO::PARAM_INT);
1182+
}
1183+
11691184
if (isset($searchCriteria['milestone']) && $searchCriteria['milestone'] != '') {
11701185
foreach (explode(',', $searchCriteria['milestone']) as $key => $milestone) {
11711186
$stmn->bindValue(':milestone'.$key, $milestone, PDO::PARAM_STR);
Collapse file

‎app/Domain/Timesheets/Repositories/Timesheets.php‎

Copy file name to clipboardExpand all lines: app/Domain/Timesheets/Repositories/Timesheets.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,7 +199,7 @@ public function getAllAccountTimesheets(?int $projectId): array|false
199199
WHERE (
200200
zp_tickets.projectId IN (SELECT projectId FROM zp_relationuserproject WHERE zp_relationuserproject.userId = :userId)
201201
OR zp_projects.psettings = 'all'
202-
OR (zp_projects.psettings = 'client' AND zp_projects.clientId = :clientId)
202+
OR (zp_projects.psettings = 'clients' AND zp_projects.clientId = :clientId)
203203
OR (:requesterRole = 'admin' OR :requesterRole = 'manager')
204204
)";
205205

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.