Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005063TestLinkAPI - XMLRPCpublic2012-06-15 11:532012-09-01 19:59
ReporterRvdP2012 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.3 (2011 Q3 - bug fixing) 
Fixed in Version1.9.4 (2012 Q3 - bug fixing) 
Summary0005063: User default rights are always used in API when reporting TC results, even when rights on test project / test plan differ
DescriptionWhen trying to set the test case results through the TL API (XMLRPC, reportTCresult), this is not possible when the default-rights belonging to the devkey of the user do not allow this, even though the rights for the project do.
When changing the default-rights for the user from (in our case) <no rights> to <leader> the results can be reported through the API-call.

As changing the default rights to <leader> is undesirable because of user management (it is easier to allow user access to a single project than to remove the rights for all users for every new project).
Steps To ReproduceCreate a user with default <no rights>. Then give him <leader> rights on one of the testlink projects. Now try to change a test result using the API. This will fail.
Change the default rights of the user to <leader> and do the same. In this case the result will be uploaded.
TagsNo tags attached.
Database (MySQL,Postgres,etc)PostgreSQL 8.1.23
BrowserMozilla Firefox
PHP Version5.3.3
TestCaseID
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
(0016895)
fman (administrator)
2012-06-15 21:29

tested on 1.9.4 => work ok
(0016917)
fman (administrator)
2012-06-20 19:49

Here quick fix for 1.9.3
you have to edit xmlrpc.class.php, and replace COMPLETELY
function userHasRight()

with following code:

protected function userHasRight($roleQuestion)
{
          $status_ok = true;
          $tprojectid = $this->args[self::$testProjectIDParamName];
        $tplanid = isset($this->args[self::$testPlanIDParamName]) ? $this->args[self::$testPlanIDParamName] : null;

        if(intval($tprojectid) <= 0)
        {
            // get test project from test plan
            $dummy = $this->tplanMgr->get_by_id($tplanid);
            $tprojectid = $dummy['testproject_id'];
        }

if(!$this->user->hasRight($this->dbObj,$roleQuestion,$tprojectid, $tplanid))
        {
            $status_ok = false;
            $this->errors[] = new IXR_Error(INSUFFICIENT_RIGHTS, INSUFFICIENT_RIGHTS_STR);
        }
        return $status_ok;
}
(0017340)
fman (administrator)
2012-09-01 19:59

1.9.4 released

- Issue History
Date Modified Username Field Change
2012-06-15 11:53 RvdP2012 New Issue
2012-06-15 20:15 fman Assigned To => fman
2012-06-15 20:15 fman Status new => assigned
2012-06-15 21:29 fman Note Added: 0016895
2012-06-15 21:30 fman Status assigned => resolved
2012-06-15 21:30 fman Fixed in Version => 1.9.4 (2012 Q3 - bug fixing)
2012-06-15 21:30 fman Resolution open => fixed
2012-06-20 19:49 fman Note Added: 0016917
2012-09-01 19:59 fman Note Added: 0017340
2012-09-01 19:59 fman Status resolved => closed
2013-04-25 17:30 fman Category TL API => XMLRPC API
2013-04-25 17:30 fman Category XMLRPC API => API - XMLRPC



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker