Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005128TestLinkUsers and Rightspublic2012-08-07 08:072012-08-09 07:44
Reporterzhenghong_zhuhai@163.com 
Assigned Tofman 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSwindows xpOS Version
Product Version1.9.3 (2011 Q3 - bug fixing) 
Fixed in Version1.9.4 (2012 Q3 - bug fixing) 
Summary0005128: $tlCfg->exec_cfg->can_delete_execution need to be limited.
Descriptionto make someone can only read the reports, but couldn't edit/delete test case or test execution results in TL.


Steps To Reproduce1.$tlCfg->exec_cfg->can_delete_execution = ENABLED; (config.inc.php)
2.to set a guest user with only one right : 'Test Plan metrics'
3.to read reports 'Test result matrix' under Test Reports which has been executed.
4.when you click the green icon in the columns: build/[Last Build]/[Last execution], you'll go to the test case execution page, (attachments:guest_edit_test_execution)
5.the guest can do anything now, edit/delete. This's what we won't.
TagsTO BE FIXED on 2.0
Database (MySQL,Postgres,etc)mysql
Browserchrome,firefox
PHP Version5
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Filesjpg file icon guest_edit_test_execution.jpg [^] (201,767 bytes) 2012-08-07 08:07


jpg file icon guest_edit_test_execution_2.jpg [^] (59,037 bytes) 2012-08-07 08:09


png file icon tester-rights.png [^] (42,316 bytes) 2012-08-08 07:25


jpg file icon user B.jpg [^] (88,059 bytes) 2012-08-08 07:53


jpg file icon user A.jpg [^] (108,259 bytes) 2012-08-08 07:54

- Relationships
related to 0005129closedfman $tlCfg->exec_cfg->edit_notes needs to consider also if user CAN EXECUTE the TEST CASE 

-  Notes
(0017052)
fman (administrator)
2012-08-07 13:37

>> This's what we won't.
may be this is not the way to report an issue.
There is what system is suppose to do, and system is doing on WRONG WAY => BUG
There is what system is suppose to do, and system do well, and user do not like => this can be result on a feature request, that can be accepted or rejected.

Give a look to:
1. http://cartoontester.blogspot.it/2012/02/art-of-bug-reporting.html [^]
2. https://developer.mozilla.org/en-US/docs/Bug_writing_guidelines [^] => only
Preliminaries,Writing precise steps to reproduce,Writing a clear summary
3. http://creativechris1.blogspot.it/2012/01/art-of-bug-reporting.html [^]

You have to provide FULL RIGHTS of role you are using to do the test, in order to fully understand what is happening
(0017057)
zhenghong_zhuhai@163.com (reporter)
2012-08-08 03:12

Thank you for your quick reply.
I think this is a bug. Forget the 'guest' rights.

?follow the guidelines?
summary:
user with right 'Test Plan metrics', can edit the test results even the case is not assigned to him.

description:
If a test case was assigned to user A, user B couldn't execute the case definitely. But now user B with the Right to read the test report (Test Plan metrics), through 'Test Result matrix', user B can do anything now, no matter edit, delete or execute the results.

Reproduction Steps:
1. user A with full right to create a test case, a test plan, a build, and then assign the test case to himself.
2. user B with the right 'Test Plan metrics', read the test report through 'Test Reports', and select 'Test Result matrix' as the picture 'guest_edit_test_execution.jpg'.
3.user B click the green icon show in the attachment 'guest_edit_test_execution.jpg'. Now he can see the case execution page, show in the 'guest_edit_test_execution_2.jpg'.
4.user B click the delete button
5.user B save the new result

Actual Results:
4.user B click the delete button, he can delete the result now!
5.user B save the new result, he can also execute the case which didn't assigned to B!

Expected Results:
4.user B click the delete button, he couldn't delete the result.
5.user B save the new result, he couldn't execute the case which didn't assigned to him.

Hope this can help. Thanks!
(0017058)
fman (administrator)
2012-08-08 07:15

>> If a test case was assigned to user A,
>> user B couldn't execute the case definitely
Depends on configuration => give a look to:
http://www.teamst.org/forum/viewtopic.php?f=23&t=6935&p=16643&sid=3339de4ddc898067eee890f8d2b97bd8#p16643 [^]
(this info is present on config.inc.php)
(0017059)
fman (administrator)
2012-08-08 07:25

>> You have to provide FULL RIGHTS of role you are using to do the test,
>> in order to fully understand what is happening

Unfortunatelly is not clear for me on your description WHOLE SET of rights that User A and User B have.

I've tested on 1.9.4 (will be next release) with 2 user that have standard ROLE TESTER (attached image with full detail of rights), and works OK.

If you have time, you can get tarball of preview versions from gitorious, do fresh install and repeat your tests on 1.9.4 preview, to check that issue has been solved.
If not please provide full list of rights that each user has.
(0017060)
zhenghong_zhuhai@163.com (reporter)
2012-08-08 07:42

hi fman,
I know what cause this now , It's because I open the "$tlCfg->exec_cfg->can_delete_execution = ENABLED;" in config.inc.php
when it's disable, it won't happen.
(0017061)
zhenghong_zhuhai@163.com (reporter)
2012-08-08 07:49

and the config is :
$tlCfg->exec_cfg->view_mode->tester='assigned_to_me';
$tlCfg->exec_cfg->exec_mode->tester='assigned_to_me';
$tlCfg->exec_cfg->simple_tester_roles=array(TL_ROLES_TESTER);
(0017062)
fman (administrator)
2012-08-08 07:53
edited on: 2012-08-08 07:54

Ok, this means we have really found an issue, that:

$tlCfg->exec_cfg->can_delete_execution

do not use other config options.
Will try to undertand how to add same check in order to say:
you can delete if you can execute.

I'm going tp change issue summary to reflect the problem
Thanks for help

(0017063)
fman (administrator)
2012-08-08 09:30
edited on: 2012-08-08 09:31

Try to apply changes on file (gui/templates/execute/inc_exec_show_tc_exec.tpl)
you will get with this:

http://gitorious.org/testlink-ga/testlink-code/commit/d13e04fe54194b34c0615e075e93391f0932bdaa [^]

into your installation, retest and let me know

(0017072)
zhenghong_zhuhai@163.com (reporter)
2012-08-09 03:15
edited on: 2012-08-09 03:34

thank you fman.
add bug ID icon is missing now. can't add bug in test execution page and test report page even the case was assigned to the user.

(0017073)
fman (administrator)
2012-08-09 07:41
edited on: 2012-08-09 07:43

Regarding note 17072 => this is A NEW ISSUE => open a new one With detailed steps to reproduce.
be carefull that file i've providede CAN NOT BE used to overwrite same file on 1.9.3, because logic regarding BUG management has been deeply changed.


- Issue History
Date Modified Username Field Change
2012-08-07 08:07 zhenghong_zhuhai@163.com New Issue
2012-08-07 08:07 zhenghong_zhuhai@163.com File Added: guest_edit_test_execution.jpg
2012-08-07 08:09 zhenghong_zhuhai@163.com File Added: guest_edit_test_execution_2.jpg
2012-08-07 13:37 fman Note Added: 0017052
2012-08-08 03:12 zhenghong_zhuhai@163.com Note Added: 0017057
2012-08-08 07:15 fman Note Added: 0017058
2012-08-08 07:25 fman Note Added: 0017059
2012-08-08 07:25 fman File Added: tester-rights.png
2012-08-08 07:42 zhenghong_zhuhai@163.com Note Added: 0017060
2012-08-08 07:49 zhenghong_zhuhai@163.com Note Added: 0017061
2012-08-08 07:53 zhenghong_zhuhai@163.com File Added: user B.jpg
2012-08-08 07:53 fman Note Added: 0017062
2012-08-08 07:54 fman Note Edited: 0017062 View Revisions
2012-08-08 07:54 zhenghong_zhuhai@163.com File Added: user A.jpg
2012-08-08 07:55 fman Summary users with right 'Test Plan metrics', while reading the 'Test result matrix' of 'Test Reports', can also edit/delete test result => $tlCfg->exec_cfg->can_delete_execution need to be limited.
2012-08-08 07:55 fman Description Updated View Revisions
2012-08-08 09:08 fman Task Workflow Status TESTED => TBD
2012-08-08 09:11 fman Relationship added related to 0005129
2012-08-08 09:19 fman Tag Attached: TO BE FIXED on 2.0
2012-08-08 09:28 fman Assigned To => fman
2012-08-08 09:28 fman Status new => assigned
2012-08-08 09:30 fman Note Added: 0017063
2012-08-08 09:31 fman Note Edited: 0017063 View Revisions
2012-08-09 01:08 zhenghong_zhuhai@163.com Note Added: 0017071
2012-08-09 03:15 zhenghong_zhuhai@163.com Note Added: 0017072
2012-08-09 03:19 zhenghong_zhuhai@163.com Note Deleted: 0017071
2012-08-09 03:21 zhenghong_zhuhai@163.com Note Edited: 0017072 View Revisions
2012-08-09 03:34 zhenghong_zhuhai@163.com Note Edited: 0017072 View Revisions
2012-08-09 07:41 fman Note Added: 0017073
2012-08-09 07:43 fman Note Edited: 0017073 View Revisions
2012-08-09 07:43 fman Note Edited: 0017073 View Revisions
2012-08-09 07:44 fman Task Workflow Status TBD => READY FOR TESTING
2012-08-09 07:44 fman Status assigned => closed
2012-08-09 07:44 fman Resolution open => fixed
2012-08-09 07:44 fman Fixed in Version => 1.9.4 (2012 Q3 - bug fixing)



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker