MantisBT - TestLink
View Issue Details
0002524TestLinkUsers and Rightspublic2009-05-21 03:522015-06-24 09:19
normalminorhave not tried
1.9.7 (2013 Q2 - bug fixing) 
firefox 3.0.10
0002524: Guests have rights to assign user roles even with rights disabled
I created a guest account and logged in with their credential to check the test projects they could access. I noticed that the "Assign user roles" link was available to the guest user. I then check the user roles for a guest, "Test Assignment was not checked. See attached screen shots.
I noticed this in 1.8.0 and upgraded to 1.8.2 in case there was a fix. I noticed the same behavior.
No tags attached.
jpg guestrole1.jpg (96,128) 2009-05-21 03:52

jpg guestrole2.jpg (25,228) 2009-05-21 03:52

jpg guestrole3.jpg (68,584) 2009-05-21 03:53

jpg guestrole4.jpg (63,349) 2009-05-23 01:12
Issue History
2009-05-21 03:52ajl44New Issue
2009-05-21 03:52ajl44File Added: guestrole1.jpg
2009-05-21 03:52ajl44Browser => firefox 3.0.10
2009-05-21 03:52ajl44PHP Version => 5.2.6
2009-05-21 03:52ajl44File Added: guestrole2.jpg
2009-05-21 03:53ajl44File Added: guestrole3.jpg
2009-05-21 04:03schlundusStatusnew => assigned
2009-05-21 04:03schlundusAssigned To => schlundus
2009-05-21 04:15schlundusNote Added: 0006985
2009-05-23 01:12ajl44File Added: guestrole4.jpg
2009-05-23 01:14ajl44Note Added: 0007023
2013-05-20 19:49fmanQA Team - Task Workflow Status => READY FOR TESTING
2013-05-20 19:49fmanStatusassigned => closed
2013-05-20 19:49fmanAssigned Toschlundus =>
2013-05-20 19:49fmanResolutionopen => fixed
2013-05-20 19:49fmanFixed in Version => 1.9.7 (2013 Q2 - bug fixing)

2009-05-21 04:15   
Hm, i could not reproduce this in 1.8.3 (CVS):
Can you provide a screenshot of the testplan roles?
Do you have multiple login within the same browser?
Can you provide me the minimum steps to reproduce after a fresh installation?
2009-05-23 01:14   
Hello. Sorry it took me a while to get back to you. I was using the same browser session, but not multiple log ins. In other words, I logged in as administrator and created the new user (cwb1). I then checked their access to different projects via the "Assign Test Project roles" function. It seemed to me that they we the same as in the test plan roles, because I happened to do a quick comparison. I then signed out (didn't clear cookies, browser cache, etc.) and signed in as the new user with a guest role. That is when I noticed the "Assign user roles" rights.

Please let me know if you need additional information, or other screen shots. Also, this is in 1.8.2 so I dunno maybe it's fixed in 1.8.3.