testlink.org
| Anonymous | Login | Signup for a new account | 2019-02-20 12:28 UTC |  |
| Main | My View | View Issues | Change Log | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0005128 | TestLink | Users and Rights | public | 2012-08-07 08:07 | 2012-08-09 07:44 | ||||
| Reporter | zhenghong_zhuhai@163.com | ||||||||
| Assigned To | fman | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | windows xp | OS Version | ||||||
| Product Version | 1.9.3 (2011 Q3 - bug fixing) | ||||||||
| Fixed in Version | 1.9.4 (2012 Q3 - bug fixing) | ||||||||
| Summary | 0005128: $tlCfg->exec_cfg->can_delete_execution need to be limited. | ||||||||
| Description | to make someone can only read the reports, but couldn't edit/delete test case or test execution results in TL. | ||||||||
| Steps To Reproduce | 1.$tlCfg->exec_cfg->can_delete_execution = ENABLED; (config.inc.php) 2.to set a guest user with only one right : 'Test Plan metrics' 3.to read reports 'Test result matrix' under Test Reports which has been executed. 4.when you click the green icon in the columns: build/[Last Build]/[Last execution], you'll go to the test case execution page, (attachments:guest_edit_test_execution) 5.the guest can do anything now, edit/delete. This's what we won't. | ||||||||
| Tags | TO BE FIXED on 2.0 | ||||||||
| Database (MySQL,Postgres,etc) | mysql | ||||||||
| Browser | chrome,firefox | ||||||||
| PHP Version | 5 | ||||||||
| TestCaseID | |||||||||
| QA Team - Task Workflow Status | READY FOR TESTING | ||||||||
| Attached Files |  guest_edit_test_execution.jpg [^] (201,767 bytes) 2012-08-07 08:07
guest_edit_test_execution_2.jpg [^] (59,037 bytes) 2012-08-07 08:09
 tester-rights.png [^] (42,316 bytes) 2012-08-08 07:25
user B.jpg [^] (88,059 bytes) 2012-08-08 07:53
user A.jpg [^] (108,259 bytes) 2012-08-08 07:54
| ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0017052) fman (administrator) 2012-08-07 13:37 |
>> This's what we won't. may be this is not the way to report an issue. There is what system is suppose to do, and system is doing on WRONG WAY => BUG There is what system is suppose to do, and system do well, and user do not like => this can be result on a feature request, that can be accepted or rejected. Give a look to: 1. http://cartoontester.blogspot.it/2012/02/art-of-bug-reporting.html [^] 2. https://developer.mozilla.org/en-US/docs/Bug_writing_guidelines [^] => only Preliminaries,Writing precise steps to reproduce,Writing a clear summary 3. http://creativechris1.blogspot.it/2012/01/art-of-bug-reporting.html [^] You have to provide FULL RIGHTS of role you are using to do the test, in order to fully understand what is happening |
|
(0017057) zhenghong_zhuhai@163.com (reporter) 2012-08-08 03:12 |
Thank you for your quick reply. I think this is a bug. Forget the 'guest' rights. ?follow the guidelines? summary: user with right 'Test Plan metrics', can edit the test results even the case is not assigned to him. description: If a test case was assigned to user A, user B couldn't execute the case definitely. But now user B with the Right to read the test report (Test Plan metrics), through 'Test Result matrix', user B can do anything now, no matter edit, delete or execute the results. Reproduction Steps: 1. user A with full right to create a test case, a test plan, a build, and then assign the test case to himself. 2. user B with the right 'Test Plan metrics', read the test report through 'Test Reports', and select 'Test Result matrix' as the picture 'guest_edit_test_execution.jpg'. 3.user B click the green icon show in the attachment 'guest_edit_test_execution.jpg'. Now he can see the case execution page, show in the 'guest_edit_test_execution_2.jpg'. 4.user B click the delete button 5.user B save the new result Actual Results: 4.user B click the delete button, he can delete the result now! 5.user B save the new result, he can also execute the case which didn't assigned to B! Expected Results: 4.user B click the delete button, he couldn't delete the result. 5.user B save the new result, he couldn't execute the case which didn't assigned to him. Hope this can help. Thanks! |
|
(0017058) fman (administrator) 2012-08-08 07:15 |
>> If a test case was assigned to user A, >> user B couldn't execute the case definitely Depends on configuration => give a look to: http://www.teamst.org/forum/viewtopic.php?f=23&t=6935&p=16643&sid=3339de4ddc898067eee890f8d2b97bd8#p16643 [^] (this info is present on config.inc.php) |
|
(0017059) fman (administrator) 2012-08-08 07:25 |
>> You have to provide FULL RIGHTS of role you are using to do the test, >> in order to fully understand what is happening Unfortunatelly is not clear for me on your description WHOLE SET of rights that User A and User B have. I've tested on 1.9.4 (will be next release) with 2 user that have standard ROLE TESTER (attached image with full detail of rights), and works OK. If you have time, you can get tarball of preview versions from gitorious, do fresh install and repeat your tests on 1.9.4 preview, to check that issue has been solved. If not please provide full list of rights that each user has. |
|
(0017060) zhenghong_zhuhai@163.com (reporter) 2012-08-08 07:42 |
hi fman, I know what cause this now , It's because I open the "$tlCfg->exec_cfg->can_delete_execution = ENABLED;" in config.inc.php when it's disable, it won't happen. |
|
(0017061) zhenghong_zhuhai@163.com (reporter) 2012-08-08 07:49 |
and the config is : $tlCfg->exec_cfg->view_mode->tester='assigned_to_me'; $tlCfg->exec_cfg->exec_mode->tester='assigned_to_me'; $tlCfg->exec_cfg->simple_tester_roles=array(TL_ROLES_TESTER); |
|
(0017062) fman (administrator) 2012-08-08 07:53 edited on: 2012-08-08 07:54 |
Ok, this means we have really found an issue, that: $tlCfg->exec_cfg->can_delete_execution do not use other config options. Will try to undertand how to add same check in order to say: you can delete if you can execute. I'm going tp change issue summary to reflect the problem Thanks for help |
|
(0017063) fman (administrator) 2012-08-08 09:30 edited on: 2012-08-08 09:31 |
Try to apply changes on file (gui/templates/execute/inc_exec_show_tc_exec.tpl) you will get with this: http://gitorious.org/testlink-ga/testlink-code/commit/d13e04fe54194b34c0615e075e93391f0932bdaa [^] into your installation, retest and let me know |
|
(0017072) zhenghong_zhuhai@163.com (reporter) 2012-08-09 03:15 edited on: 2012-08-09 03:34 |
thank you fman. add bug ID icon is missing now. can't add bug in test execution page and test report page even the case was assigned to the user. |
|
(0017073) fman (administrator) 2012-08-09 07:41 edited on: 2012-08-09 07:43 |
Regarding note 17072 => this is A NEW ISSUE => open a new one With detailed steps to reproduce. be carefull that file i've providede CAN NOT BE used to overwrite same file on 1.9.3, because logic regarding BUG management has been deeply changed. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-08-07 08:07 | zhenghong_zhuhai@163.com | New Issue | |
| 2012-08-07 08:07 | zhenghong_zhuhai@163.com | File Added: guest_edit_test_execution.jpg | |
| 2012-08-07 08:09 | zhenghong_zhuhai@163.com | File Added: guest_edit_test_execution_2.jpg | |
| 2012-08-07 13:37 | fman | Note Added: 0017052 | |
| 2012-08-08 03:12 | zhenghong_zhuhai@163.com | Note Added: 0017057 | |
| 2012-08-08 07:15 | fman | Note Added: 0017058 | |
| 2012-08-08 07:25 | fman | Note Added: 0017059 | |
| 2012-08-08 07:25 | fman | File Added: tester-rights.png | |
| 2012-08-08 07:42 | zhenghong_zhuhai@163.com | Note Added: 0017060 | |
| 2012-08-08 07:49 | zhenghong_zhuhai@163.com | Note Added: 0017061 | |
| 2012-08-08 07:53 | zhenghong_zhuhai@163.com | File Added: user B.jpg | |
| 2012-08-08 07:53 | fman | Note Added: 0017062 | |
| 2012-08-08 07:54 | fman | Note Edited: 0017062 | View Revisions |
| 2012-08-08 07:54 | zhenghong_zhuhai@163.com | File Added: user A.jpg | |
| 2012-08-08 07:55 | fman | Summary | users with right 'Test Plan metrics', while reading the 'Test result matrix' of 'Test Reports', can also edit/delete test result => $tlCfg->exec_cfg->can_delete_execution need to be limited. |
| 2012-08-08 07:55 | fman | Description Updated | View Revisions |
| 2012-08-08 09:08 | fman | Task Workflow Status | TESTED => TBD |
| 2012-08-08 09:11 | fman | Relationship added | related to 0005129 |
| 2012-08-08 09:19 | fman | Tag Attached: TO BE FIXED on 2.0 | |
| 2012-08-08 09:28 | fman | Assigned To | => fman |
| 2012-08-08 09:28 | fman | Status | new => assigned |
| 2012-08-08 09:30 | fman | Note Added: 0017063 | |
| 2012-08-08 09:31 | fman | Note Edited: 0017063 | View Revisions |
| 2012-08-09 01:08 | zhenghong_zhuhai@163.com | Note Added: 0017071 | |
| 2012-08-09 03:15 | zhenghong_zhuhai@163.com | Note Added: 0017072 | |
| 2012-08-09 03:19 | zhenghong_zhuhai@163.com | Note Deleted: 0017071 | |
| 2012-08-09 03:21 | zhenghong_zhuhai@163.com | Note Edited: 0017072 | View Revisions |
| 2012-08-09 03:34 | zhenghong_zhuhai@163.com | Note Edited: 0017072 | View Revisions |
| 2012-08-09 07:41 | fman | Note Added: 0017073 | |
| 2012-08-09 07:43 | fman | Note Edited: 0017073 | View Revisions |
| 2012-08-09 07:43 | fman | Note Edited: 0017073 | View Revisions |
| 2012-08-09 07:44 | fman | Task Workflow Status | TBD => READY FOR TESTING |
| 2012-08-09 07:44 | fman | Status | assigned => closed |
| 2012-08-09 07:44 | fman | Resolution | open => fixed |
| 2012-08-09 07:44 | fman | Fixed in Version | => 1.9.4 (2012 Q3 - bug fixing) |
|
Issue History |
| Copyright © 2000 - 2019 MantisBT Team |
 |