Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007656TestLinkAPI - XMLRPCpublic2016-09-01 15:202017-03-04 11:45
ReporterM.Klebsch 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformWindowsOSWindowsOS Version7
Product Version1.9.14 (2015 Q3) 
Fixed in Version1.9.17 (2018 Q1) 
Summary0007656: tl.updateTestCase updates executed testcase allthough user does not have permission
DescriptionI have a test case, that has already been executed. The GUI tells me, that I do not have permission, to edit it, because is has been executed.

If I use tl.updateTestCase offered by XMLRPC API, the test case is updated without any complains. The XML operation returns

{
  'msg' => 'ok',
  'status_ok' => '1',
  'operation' => 'updateTestCase'
};

Steps To Reproduce* Create a test case
* Record a test case execution result
* Try to edit that test case after recording an execution result in the web GUI
-> You can not edit this version because it has been executed
-> Your role has no right to delete executed test cases or test case versions
* Try to change a test case attribute vie XMLRPC tl.updateTestCase-Call using the same user ID
-> Operation reports success :-(
* re-open that test case in the web GUI
-> Test case is changed. :-(
TagsNo tags attached.
Database (MySQL,Postgres,etc)postgres
Browserfirefox
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships
child of 0007817closedfman Availables hot-fixes for 1.9.16 & How To get full fixed package from GitHub 

-  Notes
(0025170)
fman (administrator)
2016-09-01 20:58

1) Please get latest code from github, do fresh install, retest and provide feedback
(0025798)
fman (administrator)
2016-12-26 16:17

no more user feedback
(0025909)
fman (administrator)
2017-01-22 08:08

1.9.16 released
(0025956)
M.Klebsch (reporter)
2017-02-01 10:52
edited on: 2017-02-01 17:14

Our TestLink Server was recently updated to TestLink 1.9.16 (Moka pot). Unfortunately, the Problem still exists.

Further tests have shown, that a user, who only has the mgt_view_tc right, is allowed to update existing test cases via the XMLRPC API

(0026028)
fman (administrator)
2017-02-25 08:49

work in progress, no ETA
(0026036)
fman (administrator)
2017-02-26 19:31

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/91ca9dda2339b8bc63da203f19329eedec213144 [^]
(0026041)
M.Klebsch (reporter)
2017-02-27 11:26
edited on: 2017-02-27 11:27

I just check the change and it fixed part of the problem.

With the fix, the request to create a new test case is rejected, if the user does not have the permission 'Test Case create/edit'

But updating of a testcase, that has been executed, still is possible for users without the permission 'Edit Executed Test Cases'.

The user, I used for my tests, only has these permissions:

* Test Case view (read only access)
* Test Case create/edit

P.S: I had a lot of trouble with bad values of the HTTP Content-Length: header and created a new ticket 0007860

(0026043)
fman (administrator)
2017-02-27 13:05

The fix has provided some changes to userHasRight(), anyway I've tested with updateTestCase method before releasing and IMHO worked ok.
Please provide detailed test you do in order to check I'm doing the same
Please provide very,very detailed examples
(0026049)
fman (administrator)
2017-02-27 22:33

issue found
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/31b5658d658f263aeef7a09a21fe6675525ea10d [^]

- Issue History
Date Modified Username Field Change
2016-09-01 15:20 M.Klebsch New Issue
2016-09-01 20:58 fman Note Added: 0025170
2016-09-01 20:58 fman Assigned To => fman
2016-09-01 20:58 fman Status new => feedback
2016-12-26 16:17 fman QA Team - Task Workflow Status => READY FOR TESTING
2016-12-26 16:17 fman Note Added: 0025798
2016-12-26 16:17 fman Status feedback => resolved
2016-12-26 16:17 fman Fixed in Version => 1.9.16 (2016 Q4)
2016-12-26 16:17 fman Resolution open => fixed
2017-01-22 08:08 fman Note Added: 0025909
2017-01-22 08:08 fman Status resolved => closed
2017-02-01 10:52 M.Klebsch Note Added: 0025956
2017-02-01 10:52 M.Klebsch Status closed => assigned
2017-02-01 10:52 M.Klebsch Resolution fixed => reopened
2017-02-01 10:52 M.Klebsch Note Edited: 0025956 View Revisions
2017-02-01 17:14 fman Note Edited: 0025956 View Revisions
2017-02-25 08:49 fman Note Added: 0026028
2017-02-26 19:30 fman Fixed in Version 1.9.16 (2016 Q4) => 1.9.17 (2018 Q1)
2017-02-26 19:31 fman Note Added: 0026036
2017-02-26 19:31 fman Status assigned => resolved
2017-02-26 19:31 fman Resolution reopened => fixed
2017-02-26 19:31 fman Relationship added child of 0007817
2017-02-27 11:26 M.Klebsch Note Added: 0026041
2017-02-27 11:27 M.Klebsch Note Edited: 0026041 View Revisions
2017-02-27 13:05 fman Note Added: 0026043
2017-02-27 18:46 fman Note Added: 0026046
2017-02-27 18:51 fman Note Edited: 0026046 View Revisions
2017-02-27 22:32 fman Note Deleted: 0026046
2017-02-27 22:33 fman Note Added: 0026049
2017-02-27 22:33 fman Status resolved => feedback
2017-03-04 11:45 fman Status feedback => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker