Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007887TestLinkSecurity - Generalpublic2017-03-18 07:462017-03-20 06:54
ReporterMichielV 
Assigned Tofman 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSWindowsOS Version10
Product Version1.9.16 (2016 Q4) 
Fixed in Version1.9.17 (2017 Q2) 
Summary0007887: Access to exec page from Test Specification for user without execution rights
DescriptionUsers with view rights on the test specification can access test execution even if they have no permission to execute tests.

Issue is not critical as the user will not be able to actually execute the test case.
Steps To Reproduce- have a user with view rights on test specification but no execution rights
- in the navbar this user will see the test spec icon but no execution icon
- open a testcase in the test specification
- in the bottom of the test specification click one of the lightning icons next to the test case assignments
- the user without execution rights will now get the execute test page.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
BrowserIE11, Chrome
PHP Version7.0
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships

-  Notes
(0026127)
fman (administrator)
2017-03-18 07:57

Thanks I'm going to check and see how to fix
(0026128)
fman (administrator)
2017-03-18 09:56

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/4bb526843d640d1e0ebce2c0d0b28a1a5f645617 [^]
(0026129)
fman (administrator)
2017-03-18 09:57

would you mind to get code & retest?
(0026137)
MichielV (reporter)
2017-03-20 05:38

Now getting a notification for rights instead of seeing the execution window.
Thank you for the quick fix!

- Issue History
Date Modified Username Field Change
2017-03-18 07:46 MichielV New Issue
2017-03-18 07:57 fman Note Added: 0026127
2017-03-18 09:52 fman QA Team - Task Workflow Status => TBD
2017-03-18 09:52 fman Summary execution page accessible without execution rights => Access to exec page from Test Specification for user without execution rights
2017-03-18 09:56 fman Note Added: 0026128
2017-03-18 09:57 fman QA Team - Task Workflow Status TBD => READY FOR TESTING
2017-03-18 09:57 fman Note Added: 0026129
2017-03-18 09:57 fman Assigned To => fman
2017-03-18 09:57 fman Status new => feedback
2017-03-20 05:38 MichielV Note Added: 0026137
2017-03-20 05:38 MichielV Status feedback => assigned
2017-03-20 06:54 fman Status assigned => resolved
2017-03-20 06:54 fman Fixed in Version => 1.9.17 (2017 Q2)
2017-03-20 06:54 fman Resolution open => fixed



Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker