MantisBT - TestLink
View Issue Details
0008925TestLinkUsers and Rightspublic2020-05-19 17:532020-07-16 07:38
atisne 
 
highmajoralways
newopen 
1.9.20 
 
Postgresql 9.6
0008925: Some features are not available even with correct permissions settings
As reported in issues 0008924, 0008921, 0000881, checking rights using the function testlinkInitPage($db,false,false,"checkRights") seems to fail.

A lot of functionalities should be missing.
lib/attachments/attachmentdelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/attachments/attachmentupload.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsTprojectAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsView.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventinfo.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventviewer.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/editExecution.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/keywords/keywordsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/plugins/pluginView.php:testlinkInitPage($db,false,false,"checkRights");
lib/project/projectView.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemView.php:testlinkInitPage($db,false,false,"checkRights");
lib/requirements/reqCreateFromIssueMantisXML.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsMoreBuilds.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsReqs.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/tcNotRunAnyPlatform.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithoutTester.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testPlanWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/uncoveredTestCases.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesView.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersView.php:testlinkInitPage($db,false,false,"checkRights");
No tags attached.
Issue History
2020-05-19 17:53atisneNew Issue
2020-05-19 18:25fmanNote Added: 0029704
2020-05-19 19:25fmanNote Added: 0029705
2020-05-25 09:36atisneNote Added: 0029711
2020-05-25 10:16fmanNote Added: 0029712
2020-06-01 07:45fmanNote Added: 0029729
2020-06-10 12:36atisneNote Added: 0029754
2020-07-15 14:28atisneNote Added: 0029828
2020-07-16 07:38atisneNote Added: 0029830

Notes
(0029704)
fman   
2020-05-19 18:25   
IMHO all these features have always worked in this way.
I'm going to understand the cost of fix this on 1.9.20 fixed, because my focus is on 2.2.0
(0029705)
fman   
2020-05-19 19:25   
In addition, there are rights that have sense IMHO only as System-Wide
one example: Issue Tracker management.
(0029711)
atisne   
2020-05-25 09:36   
You're probably right.
However, I'm still have the same issue to add a bug to an execution:

[>>][5ecb8a12eaa30478359000][DEFAULT][/lib/execute/bugAdd.php][20/May/25 09:04:18]
    [20/May/25 09:04:18][AUDIT][p4sre8cgqpb4gdt812de276bre][GUI - Projet ID : 10]
        User 'atisne' has insufficient rights for 'any' action on 'bugAdd.php'! Exit forced!

Do you want me to fix it?
(0029712)
fman   
2020-05-25 10:16   
@atisne
No thanks, I will check this
(0029729)
fman   
2020-06-01 07:45   
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/7ff4dd9ea6771860ce396d6739ab0ceba561d4d6 [^]
(0029754)
atisne   
2020-06-10 12:36   
@fman
The issue is solved for the bugAdd feature.
Thanks
(0029828)
atisne   
2020-07-15 14:28   
The search pattern initially used to detect possible impacts was not wide enough. Here is the complete list of files using the function "checkRights":

lib/attachments/attachmentdelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/attachments/attachmentupload.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsTprojectAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsView.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventinfo.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventviewer.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/editExecution.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/keywords/keywordsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsView.php:testlinkInitPage($db,false,false,"checkRights");
lib/plugins/pluginView.php:testlinkInitPage($db,false,false,"checkRights");
lib/project/projectEdit.php:testlinkInitPage($db,true,false,"checkRights");
lib/project/projectView.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemView.php:testlinkInitPage($db,false,false,"checkRights");
lib/requirements/reqCreateFromIssueMantisXML.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/charts.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/displayMgr.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/freeTestCases.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/keywordBarChart.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/metricsDashboard.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/neverRunByPP.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/overallPieChart.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/platformPieChart.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/printDocument.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/resultsBugs.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/resultsByStatus.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/resultsByTesterPerBuild.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/resultsGeneral.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/resultsMoreBuilds.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsMoreBuildsGUI.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/resultsNavigator.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/resultsReqs.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsTCAbsoluteLatest.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/resultsTCFlat.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/tcCreatedPerUserOnTestProject.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/tcNotRunAnyPlatform.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithoutTester.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testPlanWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/topLevelSuitesBarChart.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/uncoveredTestCases.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesView.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersView.php:testlinkInitPage($db,false,false,"checkRights");


This list replaces the one provided in the "Additional Information" of this ticket.

Some of the files are already fixed.
(0029830)
atisne   
2020-07-16 07:38   
Maybe we can also check the pattern '$user->hasRight('. This pattern excludes fixed paths.