MantisBT - TestLink
View Issue Details
0005063TestLinkAPI - XMLRPCpublic2012-06-15 11:532012-09-01 19:59
RvdP2012 
fman 
normalmajoralways
closedfixed 
1.9.3 (2011 Q3 - bug fixing) 
1.9.4 (2012 Q3 - bug fixing) 
PostgreSQL 8.1.23
Mozilla Firefox
5.3.3
0005063: User default rights are always used in API when reporting TC results, even when rights on test project / test plan differ
When trying to set the test case results through the TL API (XMLRPC, reportTCresult), this is not possible when the default-rights belonging to the devkey of the user do not allow this, even though the rights for the project do.
When changing the default-rights for the user from (in our case) <no rights> to <leader> the results can be reported through the API-call.

As changing the default rights to <leader> is undesirable because of user management (it is easier to allow user access to a single project than to remove the rights for all users for every new project).
Create a user with default <no rights>. Then give him <leader> rights on one of the testlink projects. Now try to change a test result using the API. This will fail.
Change the default rights of the user to <leader> and do the same. In this case the result will be uploaded.
No tags attached.
Issue History
2012-06-15 11:53RvdP2012New Issue
2012-06-15 20:15fmanAssigned To => fman
2012-06-15 20:15fmanStatusnew => assigned
2012-06-15 21:29fmanNote Added: 0016895
2012-06-15 21:30fmanStatusassigned => resolved
2012-06-15 21:30fmanFixed in Version => 1.9.4 (2012 Q3 - bug fixing)
2012-06-15 21:30fmanResolutionopen => fixed
2012-06-20 19:49fmanNote Added: 0016917
2012-09-01 19:59fmanNote Added: 0017340
2012-09-01 19:59fmanStatusresolved => closed
2013-04-25 17:30fmanCategoryTL API => XMLRPC API
2013-04-25 17:30fmanCategoryXMLRPC API => API - XMLRPC

Notes
(0016895)
fman   
2012-06-15 21:29   
tested on 1.9.4 => work ok
(0016917)
fman   
2012-06-20 19:49   
Here quick fix for 1.9.3
you have to edit xmlrpc.class.php, and replace COMPLETELY
function userHasRight()

with following code:

protected function userHasRight($roleQuestion)
{
          $status_ok = true;
          $tprojectid = $this->args[self::$testProjectIDParamName];
        $tplanid = isset($this->args[self::$testPlanIDParamName]) ? $this->args[self::$testPlanIDParamName] : null;

        if(intval($tprojectid) <= 0)
        {
            // get test project from test plan
            $dummy = $this->tplanMgr->get_by_id($tplanid);
            $tprojectid = $dummy['testproject_id'];
        }

if(!$this->user->hasRight($this->dbObj,$roleQuestion,$tprojectid, $tplanid))
        {
            $status_ok = false;
            $this->errors[] = new IXR_Error(INSUFFICIENT_RIGHTS, INSUFFICIENT_RIGHTS_STR);
        }
        return $status_ok;
}
(0017340)
fman   
2012-09-01 19:59   
1.9.4 released