Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008065TestLinkUsers and Rightspublic2017-08-29 19:432017-09-12 04:30
Reportertjosephine 
Assigned Tofman 
PrioritynormalSeverityfeature requestReproducibilityalways
StatusresolvedResolutionfixed 
PlatformPCOSWindowsOS Version7 Pro
Product Version1.9.16 (2016 Q4) 
Fixed in Version1.9.17 (2017 Q2) 
Summary0008065: user rights at project level should be also considered
DescriptionIt seems that the role given to a user at the project level (and associated rights) are not checked when the user wants to create test case results using TestLink API (for ex. XMLRPC)

As an example, a guest user in TestLink having the role = leader in his project cannot create a platform using XMLRPC scripting even if the platform_management right is checked for a leader.
To fix this, the user with role = guest in TestLink must be defined as a leader in TestLink, then the script is ok and platform is created in TestLink.

Enhancement: the role assigned to a user in a project should be also considered and not just the role when the user is created in TestLink.

Consequence: It is important that TestLink in future release can manage multiple projects with multiple teams.
By default in TestLink, users are created with role=guest and then, are assigned to another role (tester, leader, senior tester, etc) in their respective project.
As soon as they are using external mechanisms (API, automation scripts..) to import/create stuff in TestLink, they are facing this issue with "not enough rights to perform..."
Additional Informationsee http://mantis.testlink.org/view.php?id=8058 [^] as reference
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
BrowserChrome v.58
PHP Version5.6.14
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Filespng file icon insufficient rights.png [^] (9,455 bytes) 2017-09-05 18:45


png file icon Screen Shot 2017-09-09 at 13.08.54.png [^] (82,127 bytes) 2017-09-09 11:11


? file icon clientCreatePlatformDOVI.php [^] (1,120 bytes) 2017-09-09 11:11

- Relationships
related to 0008072closedfman reportTCresult fails when plan is non-public and user access is "< inherited > rights" 
child of 0007817new Availables hot-fixes for 1.9.16 & How To get full fixed package from GitHub 

-  Notes
(0026796)
fman (administrator)
2017-08-30 16:18

as always requested detailed steps to reproduce are needed.
without this is impossible to work on this.

regards
(0026803)
fman (administrator)
2017-08-30 16:32

why 0008058 is a reference ?this issue has been solved
(0026804)
tjosephine (reporter)
2017-08-30 18:57

Steps to reproduce? You already tested in 0008058:

######
Tested on MAC OS using mamp Pro, using latest code from github

1. created user XMLRPC-API-INTEGRATION, with role GUEST
2. create a new role xmlrpc-api-integration with JUST one right platform-management
3. login as XMLRPC-API-INTEGRATION, generate API Key
4. use clientCreatePlatform.php
5. Platform created without issues

Tested on 1.9.16 => no issue
######

We got this issue with TestLink 1.9.15 and to fix it, we had to create user with a role having the platform-management right.
We plan to upgrade TestLink to 1.9.16 in a couple of weeks, so we will be able to test by ourselves.

Thanks for your support!
(0026805)
fman (administrator)
2017-08-30 19:42

The steps you have provided do not help to reproduce your situation.
I think I've already fixed it, but really think that the minimum help I'm asking has to be provided

Re-reading the steps on previous issue is a missin step => assign the new created role the user.
(0026806)
fman (administrator)
2017-08-30 19:44

Please use this, retest and provide feedback
(0026808)
tjosephine (reporter)
2017-08-30 20:08
edited on: 2017-08-30 20:09

As soon as we upgrade to version 1.9.16, I will retest and provide feedback.

Just a comment on the missing step => assign the new created role to the user:
Do you assign the new role to the user in a project? or do you replace guest by xmlrpc-api-integration in TestLink?

Because this is the problem. In our case:
- user is guest in TestLink and
- user is leader in ProjectX
when user executes python script to create a platform in ProjectX, it gets an issue "no platform management rights"

if instead,
- user is leader in TestLink
- user is leader in the project ProjectX (inherited)
No issue, platform created in ProjectX when running the script.

I will provide feedback as soon as possible.

Thanks

(0026809)
fman (administrator)
2017-08-30 20:15

>> Do you assign the new role to the user in a project? or do you replace guest by xmlrpc-api-integration in TestLink?

I did what is explained => GLOBAL role has been changed.

That's why I request that you provide the steps to reproduce, instead of guess conclusions from other tests.
(0026814)
fman (administrator)
2017-09-02 07:17

no more user feedback
(0026820)
tjosephine (reporter)
2017-09-05 18:44

I just tested with TestLink 1.9.16 + latest fix package on my local environment (windows)

Steps to reproduce:
- create user lmcpcar with default role (guest) in TestLink
- create project ProjectX1 and give role = leader to lmcpcar in this project.
- login to TestLink with user = lmcpcar and create devkey for lmcpcar
- Update php script "clientCreatePlatform.php" by providing the devkey, project name ProjectX1, the platform name and notes
- execute the script

Error generated: "User lmcpcar, corresponding to Developer Key has insufficient rights to perform this action - Details: right platform_management"
[IMG]http://i68.tinypic.com/4ke5g1.png[/IMG] [^]

If I change and replace role=guest with role=leader for lmcpcar, there is no error and the platform is created in ProjectX1.

It seems that when executing the script, the role assigned to lmcpcar in ProjectX1 is not taken into account.

Enhancement: the role assigned to a user in a project should be also considered when checking the rights and not just the GLOBAL role in TestLink.
(0026828)
fman (administrator)
2017-09-09 10:57
edited on: 2017-09-09 11:10

1. get latest code from github (@20170909 - 13:00 CET)
2. do fresh install
3. login as admin
4. create test project PUBLIC => MOTOGP MISANO 2017
5. create test project PUBLIC => MOTOGP ASSEN 2017

6. create user dovizioso with default role GUEST
7. assign role leader to dovizioso on MOTOGP MISANO 2017
8. generate API KEY for dovizioso
9. use attached clientCreatePlatformDOVI.PHP fiel
10. tests OK => see images

(0026831)
tjosephine (reporter)
2017-09-11 20:15

Fresh install with latest code from github (extracted from http://mantis.testlink.org/view.php?id=7817 [^])

I confirm it is working as expected.
User dovizioso (guest in TestLink and leader in project MOTOGP MISANO 2017)
was able to create successfully a platform in project MOTOGP MISANO 2017.

Thanks a lot!
(It seems that my latest fix package apparently was not the latest one! I will update my previous installation and will do the tests again)

- Issue History
Date Modified Username Field Change
2017-08-29 19:43 tjosephine New Issue
2017-08-30 16:17 fman QA Team - Task Workflow Status => TBD
2017-08-30 16:17 fman View Status private => public
2017-08-30 16:18 fman Note Added: 0026796
2017-08-30 16:19 fman Assigned To => fman
2017-08-30 16:19 fman Status new => feedback
2017-08-30 16:32 fman Note Added: 0026803
2017-08-30 18:57 tjosephine Note Added: 0026804
2017-08-30 18:57 tjosephine Status feedback => assigned
2017-08-30 19:42 fman Note Added: 0026805
2017-08-30 19:44 fman Note Added: 0026806
2017-08-30 19:44 fman Status assigned => feedback
2017-08-30 20:08 tjosephine Note Added: 0026808
2017-08-30 20:08 tjosephine Status feedback => assigned
2017-08-30 20:09 tjosephine Note Edited: 0026808 View Revisions
2017-08-30 20:09 tjosephine Note Edited: 0026808 View Revisions
2017-08-30 20:15 fman Note Added: 0026809
2017-09-02 07:17 fman QA Team - Task Workflow Status TBD => READY FOR TESTING
2017-09-02 07:17 fman Note Added: 0026814
2017-09-02 07:17 fman Status assigned => resolved
2017-09-02 07:17 fman Fixed in Version => 1.9.17 (2017 Q2)
2017-09-02 07:17 fman Resolution open => fixed
2017-09-05 18:44 tjosephine Note Added: 0026820
2017-09-05 18:45 tjosephine File Added: insufficient rights.png
2017-09-09 10:57 fman Note Added: 0026828
2017-09-09 10:59 fman Note Edited: 0026828 View Revisions
2017-09-09 11:01 fman Note Edited: 0026828 View Revisions
2017-09-09 11:10 fman Note Edited: 0026828 View Revisions
2017-09-09 11:11 fman File Added: Screen Shot 2017-09-09 at 13.08.54.png
2017-09-09 11:11 fman File Added: clientCreatePlatformDOVI.php
2017-09-09 11:12 fman Note View State: 0026828: public
2017-09-09 11:13 fman Relationship added related to 0008072
2017-09-11 20:15 tjosephine Note Added: 0026831
2017-09-12 04:30 fman Relationship added child of 0007817



Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker