Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008925TestLinkUsers and Rightspublic2020-05-19 17:532020-07-16 07:38
Reporteratisne 
Assigned To 
PriorityhighSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version1.9.20 
Fixed in Version 
Summary0008925: Some features are not available even with correct permissions settings
DescriptionAs reported in issues 0008924, 0008921, 0000881, checking rights using the function testlinkInitPage($db,false,false,"checkRights") seems to fail.

A lot of functionalities should be missing.
Additional Informationlib/attachments/attachmentdelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/attachments/attachmentupload.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsTprojectAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsView.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventinfo.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventviewer.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/editExecution.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/keywords/keywordsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/plugins/pluginView.php:testlinkInitPage($db,false,false,"checkRights");
lib/project/projectView.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemView.php:testlinkInitPage($db,false,false,"checkRights");
lib/requirements/reqCreateFromIssueMantisXML.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsMoreBuilds.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsReqs.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/tcNotRunAnyPlatform.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithoutTester.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testPlanWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/uncoveredTestCases.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesView.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersView.php:testlinkInitPage($db,false,false,"checkRights");
TagsNo tags attached.
Database (MySQL,Postgres,etc)Postgresql 9.6
Browser
PHP Version
TestCaseID
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
(0029704)
fman (administrator)
2020-05-19 18:25

IMHO all these features have always worked in this way.
I'm going to understand the cost of fix this on 1.9.20 fixed, because my focus is on 2.2.0
(0029705)
fman (administrator)
2020-05-19 19:25

In addition, there are rights that have sense IMHO only as System-Wide
one example: Issue Tracker management.
(0029711)
atisne (reporter)
2020-05-25 09:36

You're probably right.
However, I'm still have the same issue to add a bug to an execution:

[>>][5ecb8a12eaa30478359000][DEFAULT][/lib/execute/bugAdd.php][20/May/25 09:04:18]
    [20/May/25 09:04:18][AUDIT][p4sre8cgqpb4gdt812de276bre][GUI - Projet ID : 10]
        User 'atisne' has insufficient rights for 'any' action on 'bugAdd.php'! Exit forced!

Do you want me to fix it?
(0029712)
fman (administrator)
2020-05-25 10:16

@atisne
No thanks, I will check this
(0029729)
fman (administrator)
2020-06-01 07:45

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/7ff4dd9ea6771860ce396d6739ab0ceba561d4d6 [^]
(0029754)
atisne (reporter)
2020-06-10 12:36

@fman
The issue is solved for the bugAdd feature.
Thanks
(0029828)
atisne (reporter)
2020-07-15 14:28

The search pattern initially used to detect possible impacts was not wide enough. Here is the complete list of files using the function "checkRights":

lib/attachments/attachmentdelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/attachments/attachmentupload.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsTprojectAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/cfields/cfieldsView.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/codetrackers/codeTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventinfo.php:testlinkInitPage($db,false,false,"checkRights");
lib/events/eventviewer.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/bugDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/execute/editExecution.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/issuetrackers/issueTrackerView.php:testlinkInitPage($db,false,false,"checkRights");
lib/keywords/keywordsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsImport.php:testlinkInitPage($db,false,false,"checkRights");
lib/platforms/platformsView.php:testlinkInitPage($db,false,false,"checkRights");
lib/plugins/pluginView.php:testlinkInitPage($db,false,false,"checkRights");
lib/project/projectEdit.php:testlinkInitPage($db,true,false,"checkRights");
lib/project/projectView.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/reqmgrsystems/reqMgrSystemView.php:testlinkInitPage($db,false,false,"checkRights");
lib/requirements/reqCreateFromIssueMantisXML.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/charts.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/displayMgr.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/freeTestCases.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/keywordBarChart.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/metricsDashboard.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/neverRunByPP.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/overallPieChart.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/platformPieChart.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/printDocument.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/resultsBugs.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/resultsByStatus.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/resultsByTesterPerBuild.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/resultsGeneral.php: testlinkInitPage($dbHandler,true,false,"checkRights");
lib/results/resultsMoreBuilds.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsMoreBuildsGUI.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/resultsNavigator.php:testlinkInitPage($db,true,false,"checkRights");
lib/results/resultsReqs.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/resultsTCAbsoluteLatest.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/resultsTCFlat.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/tcCreatedPerUserOnTestProject.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/tcNotRunAnyPlatform.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testCasesWithoutTester.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/testPlanWithCF.php:testlinkInitPage($db,false,false,"checkRights");
lib/results/topLevelSuitesBarChart.php: testlinkInitPage($dbHandler,false,false,"checkRights");
lib/results/uncoveredTestCases.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptAdd.php:testlinkInitPage($db,false,false,"checkRights");
lib/testcases/scriptDelete.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/rolesView.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersAssign.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersEdit.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersExport.php:testlinkInitPage($db,false,false,"checkRights");
lib/usermanagement/usersView.php:testlinkInitPage($db,false,false,"checkRights");


This list replaces the one provided in the "Additional Information" of this ticket.

Some of the files are already fixed.
(0029830)
atisne (reporter)
2020-07-16 07:38

Maybe we can also check the pattern '$user->hasRight('. This pattern excludes fixed paths.

- Issue History
Date Modified Username Field Change
2020-05-19 17:53 atisne New Issue
2020-05-19 18:25 fman Note Added: 0029704
2020-05-19 19:25 fman Note Added: 0029705
2020-05-25 09:36 atisne Note Added: 0029711
2020-05-25 10:16 fman Note Added: 0029712
2020-06-01 07:45 fman Note Added: 0029729
2020-06-10 12:36 atisne Note Added: 0029754
2020-07-15 14:28 atisne Note Added: 0029828
2020-07-16 07:38 atisne Note Added: 0029830



Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker