source-integration
source-integration copied to clipboard
History doesn't take into account permission
Hi,
When "View Threshold" is set to "developer", user with access level "reporter" can't see the changesets, good. However they can see them indirectly in the history with a quite explicit message. I expect them to see no informations about commits.
For reference in order to hard code this behavior for this configuration, I added the following code in history_get_raw_events_array in core/history_api.php
if( $v_type == PLUGIN_HISTORY && ($v_field_name == "Source_changeset_attached" || $v_field_name == "Source_changeset_removed")) {
if( !$t_private_bugnote_visible ) {
continue;
}
}
I think that for a clean solution we would need to define a new event in the history api so that plugins can decide whether a history iten should be displayed or not.