|Anonymous | Login | Signup for a new account||2020-02-18 11:00 UTC|
|Main | My View | View Issues | Change Log | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001299||TestLink||API - XMLRPC||public||2008-01-16 04:46||2008-12-08 20:03|
|Fixed in Version||1.8 RC 1|
|Summary||0001299: API: User rights && Test_Plan open must be checked|
|Description||Each function must follows user rights. If user can receive a requested data, can execute test and create build.|
An used Test Plan must be active and opened.
|Tags||No tags attached.|
|QA Team - Task Workflow Status|
|Is this in reference to API calls?|
|Please could you explain the question?|
|Each function for what? Are you referring to API methods? Or something else?|
|Yes, of course. I thought that category is enough. You are right. I will update title.|
I can see this from both sides. The way the API is currently implemented favors ease of use for reporting automation results. The original proposal defined the API being used mostly in this manner. This means that when an API key is being used for automation the client reporting results doesn't have to worry about permissions.
However, we should probably check enforcement of permissions because this is done everywhere else from the UI. Especially if we are going to tie API keys to specific users. This will make working with the API potentially more difficult because clients must make sure the user the API key is tied to has the correct permissions. This is probably the way to go though.
It may be better to push this off till a 1.9 release though since nobody has reported issues with the current implementation. What are your thoughts?
>> nobody has reported issues with the current implementation.
Do you know how many people is using it ?
>> What are your thoughts?
I think API calls must be allowed to do only what the user can do at user interface, not more not less.
Think this development can not wait till 1.9
|Asiel, you have assigned this issue. Is there a progress?|
|I have finally started working on this issue. Hopefully I will have something committed to CVS shortly.|
|It's great news. Thanks.|
The code to support this functionality has been committed to CVS.
This should be ready to go out in the next 1.8 RC/beta.
|Thanks. I'll ask testing.|
|2008-01-16 04:46||mhavlat||New Issue|
|2008-01-16 04:55||azl||Note Added: 0002957|
|2008-01-16 05:02||mhavlat||Note Added: 0002960|
|2008-01-16 05:06||azl||Note Added: 0002962|
|2008-01-16 05:20||mhavlat||Note Added: 0002964|
|2008-01-16 05:20||mhavlat||Summary||User rights && Test_Plan open must be checked and => API: User rights && Test_Plan open must be checked|
|2008-01-16 05:23||azl||Status||new => assigned|
|2008-01-16 05:23||azl||Assigned To||=> azl|
|2008-01-16 05:31||azl||Note Added: 0002965|
|2008-01-16 23:15||fman||Note Added: 0002966|
|2008-09-08 20:21||mhavlat||Note Added: 0004051|
|2008-09-18 22:14||azl||Note Added: 0004104|
|2008-09-19 02:40||mhavlat||Note Added: 0004105|
|2008-10-03 12:36||azl||Status||assigned => resolved|
|2008-10-03 12:36||azl||Fixed in Version||=> next development 1.8 RC 1|
|2008-10-03 12:36||azl||Resolution||open => fixed|
|2008-10-03 12:36||azl||Note Added: 0004235|
|2008-10-03 13:56||mhavlat||Note Added: 0004236|
|2008-12-08 20:03||mhavlat||Status||resolved => closed|
|2013-04-25 17:30||fman||Category||TL API => XMLRPC API|
|2013-04-25 17:30||fman||Category||XMLRPC API => API - XMLRPC|
|Copyright © 2000 - 2020 MantisBT Team|