Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007454TestLinkUsers and Rightspublic2016-03-01 08:382016-09-08 15:13
ReporterMr.Bricodage 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.14 (2015 Q3) 
Fixed in Version1.9.15 (2015 Q4) 
Summary0007454: User rights : A non admin user can grant admin access to itself and/or to others via Roles management.
DescriptionA non admin user can grant access to admin section to itself or to others via Roles management.

Proposed solution : Admin role could be hidden in "Assign Test Project Roles" and "Assign Test Plan Roles".

Admin role should be global only (in my mind). In bug 0007038, note 0007038:0023014 seems to confirm that dev team share this vision.
Steps To Reproduce

Preconditions :
- role assignement is checked for role "leader" for testplan and testproject
- issue tracker management is unchecked for role "leader", checked for admin role
- custom field management is unchecked for role "leader", checked for admin role

as admin :
1) create a new user "user1", profile " "no_rights"
2) create a new project "pro1"
3) create a new project "pro2"
4) add user1 as "leader" in project "pro1". user1 still have NO_RIGHTS on pro2.
5) create a new Custom Field, NOT USED by pro1, USED by pro2


as "user1" :
1) go issue tracker management => user1 can view if configured, but can't edit => as configured by admin
2) custom field section is not displayed => as configured by admin
3) go to "Assign users roles"
4) select "admin" for "user1" in project "pro1"
5) go issue tracker management => user1 can now edit ITM (even modify ITM that are not used by pro1)
6) custom field section is now displayed. user1 can access this section and MODIFY Custom Field (including CF used by projects where user has no rights, like CF used in pro2)
TagsNo tags attached.
Database (MySQL,Postgres,etc)all
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships

-  Notes
(0024566)
fman (administrator)
2016-03-05 08:14

Now admin option will be removed from options
(0024567)
fman (administrator)
2016-03-05 08:19

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9e0b467434ff55d1fa9aea16511300be2cb28f67 [^]
(0024571)
Mr.Bricodage (updater)
2016-03-05 18:23

works fine, but I had to apply workaround from 0007459 to test it
(0025277)
fman (administrator)
2016-09-08 15:13

1.9.15 Released - 2016-09-08

- Issue History
Date Modified Username Field Change
2016-03-01 08:38 Mr.Bricodage New Issue
2016-03-05 08:14 fman Note Added: 0024566
2016-03-05 08:19 fman QA Team - Task Workflow Status => READY FOR TESTING
2016-03-05 08:19 fman Note Added: 0024567
2016-03-05 08:19 fman Status new => resolved
2016-03-05 08:19 fman Fixed in Version => 1.9.15 (2015 Q4)
2016-03-05 08:19 fman Resolution open => fixed
2016-03-05 08:19 fman Assigned To => fman
2016-03-05 18:23 Mr.Bricodage Note Added: 0024571
2016-09-08 15:13 fman Note Added: 0025277
2016-09-08 15:13 fman Status resolved => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker