Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002524TestLinkUsers and Rightspublic2009-05-21 03:522015-06-24 09:19
Reporterajl44 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.8.2 
Fixed in Version1.9.7 (2013 Q2 - bug fixing) 
Summary0002524: Guests have rights to assign user roles even with rights disabled
DescriptionI created a guest account and logged in with their credential to check the test projects they could access. I noticed that the "Assign user roles" link was available to the guest user. I then check the user roles for a guest, "Test Assignment was not checked. See attached screen shots.
Additional InformationI noticed this in 1.8.0 and upgraded to 1.8.2 in case there was a fix. I noticed the same behavior.
TagsNo tags attached.
Database (MySQL,Postgres,etc)
Browserfirefox 3.0.10
PHP Version5.2.6
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Filesjpg file icon guestrole1.jpg [^] (96,128 bytes) 2009-05-21 03:52


jpg file icon guestrole2.jpg [^] (25,228 bytes) 2009-05-21 03:52


jpg file icon guestrole3.jpg [^] (68,584 bytes) 2009-05-21 03:53


jpg file icon guestrole4.jpg [^] (63,349 bytes) 2009-05-23 01:12

- Relationships

-  Notes
(0006985)
schlundus (reporter)
2009-05-21 04:15

Hm, i could not reproduce this in 1.8.3 (CVS):
Can you provide a screenshot of the testplan roles?
Do you have multiple login within the same browser?
Can you provide me the minimum steps to reproduce after a fresh installation?
(0007023)
ajl44 (reporter)
2009-05-23 01:14

Hello. Sorry it took me a while to get back to you. I was using the same browser session, but not multiple log ins. In other words, I logged in as administrator and created the new user (cwb1). I then checked their access to different projects via the "Assign Test Project roles" function. It seemed to me that they we the same as in the test plan roles, because I happened to do a quick comparison. I then signed out (didn't clear cookies, browser cache, etc.) and signed in as the new user with a guest role. That is when I noticed the "Assign user roles" rights.

Please let me know if you need additional information, or other screen shots. Also, this is in 1.8.2 so I dunno maybe it's fixed in 1.8.3.

thanks!
Tony

- Issue History
Date Modified Username Field Change
2009-05-21 03:52 ajl44 New Issue
2009-05-21 03:52 ajl44 File Added: guestrole1.jpg
2009-05-21 03:52 ajl44 Browser => firefox 3.0.10
2009-05-21 03:52 ajl44 PHP Version => 5.2.6
2009-05-21 03:52 ajl44 File Added: guestrole2.jpg
2009-05-21 03:53 ajl44 File Added: guestrole3.jpg
2009-05-21 04:03 schlundus Status new => assigned
2009-05-21 04:03 schlundus Assigned To => schlundus
2009-05-21 04:15 schlundus Note Added: 0006985
2009-05-23 01:12 ajl44 File Added: guestrole4.jpg
2009-05-23 01:14 ajl44 Note Added: 0007023
2013-05-20 19:49 fman QA Team - Task Workflow Status => READY FOR TESTING
2013-05-20 19:49 fman Status assigned => closed
2013-05-20 19:49 fman Assigned To schlundus =>
2013-05-20 19:49 fman Resolution open => fixed
2013-05-20 19:49 fman Fixed in Version => 1.9.7 (2013 Q2 - bug fixing)



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker