Mantis Bugtracker 

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001299TestLinkAPI - XMLRPCpublic2008-01-16 04:462008-12-08 20:03
Assigned Toazl 
PlatformOSOS Version
Product Version 
Fixed in Version1.8 RC 1 
Summary0001299: API: User rights && Test_Plan open must be checked
DescriptionEach function must follows user rights. If user can receive a requested data, can execute test and create build.
An used Test Plan must be active and opened.
TagsNo tags attached.
Database (MySQL,Postgres,etc)
PHP Version
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
azl (administrator)
2008-01-16 04:55

Is this in reference to API calls?
mhavlat (reporter)
2008-01-16 05:02

Please could you explain the question?
azl (administrator)
2008-01-16 05:06

Each function for what? Are you referring to API methods? Or something else?
mhavlat (reporter)
2008-01-16 05:20

Yes, of course. I thought that category is enough. You are right. I will update title.
azl (administrator)
2008-01-16 05:31

I can see this from both sides. The way the API is currently implemented favors ease of use for reporting automation results. The original proposal defined the API being used mostly in this manner. This means that when an API key is being used for automation the client reporting results doesn't have to worry about permissions.

However, we should probably check enforcement of permissions because this is done everywhere else from the UI. Especially if we are going to tie API keys to specific users. This will make working with the API potentially more difficult because clients must make sure the user the API key is tied to has the correct permissions. This is probably the way to go though.

It may be better to push this off till a 1.9 release though since nobody has reported issues with the current implementation. What are your thoughts?
fman (administrator)
2008-01-16 23:15

>> nobody has reported issues with the current implementation.
Do you know how many people is using it ?
>> What are your thoughts?
I think API calls must be allowed to do only what the user can do at user interface, not more not less.

Think this development can not wait till 1.9
mhavlat (reporter)
2008-09-08 20:21

Asiel, you have assigned this issue. Is there a progress?
azl (administrator)
2008-09-18 22:14

I have finally started working on this issue. Hopefully I will have something committed to CVS shortly.
mhavlat (reporter)
2008-09-19 02:40

It's great news. Thanks.
azl (administrator)
2008-10-03 12:36

The code to support this functionality has been committed to CVS.

This should be ready to go out in the next 1.8 RC/beta.
mhavlat (reporter)
2008-10-03 13:56

Thanks. I'll ask testing.

- Issue History
Date Modified Username Field Change
2008-01-16 04:46 mhavlat New Issue
2008-01-16 04:55 azl Note Added: 0002957
2008-01-16 05:02 mhavlat Note Added: 0002960
2008-01-16 05:06 azl Note Added: 0002962
2008-01-16 05:20 mhavlat Note Added: 0002964
2008-01-16 05:20 mhavlat Summary User rights && Test_Plan open must be checked and => API: User rights && Test_Plan open must be checked
2008-01-16 05:23 azl Status new => assigned
2008-01-16 05:23 azl Assigned To => azl
2008-01-16 05:31 azl Note Added: 0002965
2008-01-16 23:15 fman Note Added: 0002966
2008-09-08 20:21 mhavlat Note Added: 0004051
2008-09-18 22:14 azl Note Added: 0004104
2008-09-19 02:40 mhavlat Note Added: 0004105
2008-10-03 12:36 azl Status assigned => resolved
2008-10-03 12:36 azl Fixed in Version => next development 1.8 RC 1
2008-10-03 12:36 azl Resolution open => fixed
2008-10-03 12:36 azl Note Added: 0004235
2008-10-03 13:56 mhavlat Note Added: 0004236
2008-12-08 20:03 mhavlat Status resolved => closed
2013-04-25 17:30 fman Category TL API => XMLRPC API
2013-04-25 17:30 fman Category XMLRPC API => API - XMLRPC

Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker