MantisBT - TestLink
View Issue Details
0007887TestLinkSecurity - Generalpublic2017-03-18 07:462018-04-15 10:36
MichielV 
fman 
normalminoralways
closedfixed 
Windows10
1.9.16 (2016 Q4) 
1.9.17 (2018 Q1) 
MySQL
IE11, Chrome
7.0
READY FOR TESTING
0007887: Access to exec page from Test Specification for user without execution rights
Users with view rights on the test specification can access test execution even if they have no permission to execute tests.

Issue is not critical as the user will not be able to actually execute the test case.
- have a user with view rights on test specification but no execution rights
- in the navbar this user will see the test spec icon but no execution icon
- open a testcase in the test specification
- in the bottom of the test specification click one of the lightning icons next to the test case assignments
- the user without execution rights will now get the execute test page.
No tags attached.
Issue History
2017-03-18 07:46MichielVNew Issue
2017-03-18 07:57fmanNote Added: 0026127
2017-03-18 09:52fmanQA Team - Task Workflow Status => TBD
2017-03-18 09:52fmanSummaryexecution page accessible without execution rights => Access to exec page from Test Specification for user without execution rights
2017-03-18 09:56fmanNote Added: 0026128
2017-03-18 09:57fmanQA Team - Task Workflow StatusTBD => READY FOR TESTING
2017-03-18 09:57fmanNote Added: 0026129
2017-03-18 09:57fmanAssigned To => fman
2017-03-18 09:57fmanStatusnew => feedback
2017-03-20 05:38MichielVNote Added: 0026137
2017-03-20 05:38MichielVStatusfeedback => assigned
2017-03-20 06:54fmanStatusassigned => resolved
2017-03-20 06:54fmanFixed in Version => 1.9.17 (2018 Q1)
2017-03-20 06:54fmanResolutionopen => fixed
2018-04-15 10:36fmanNote Added: 0027343
2018-04-15 10:36fmanStatusresolved => closed

Notes
(0026127)
fman   
2017-03-18 07:57   
Thanks I'm going to check and see how to fix
(0026128)
fman   
2017-03-18 09:56   
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/4bb526843d640d1e0ebce2c0d0b28a1a5f645617 [^]
(0026129)
fman   
2017-03-18 09:57   
would you mind to get code & retest?
(0026137)
MichielV   
2017-03-20 05:38   
Now getting a notification for rights instead of seeing the execution window.
Thank you for the quick fix!
(0027343)
fman   
2018-04-15 10:36   
released