View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010491 | mantisbt | api soap | public | 2009-05-15 18:31 | 2012-01-06 20:52 |
Reporter | eriede_globalgoldinc_com | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
OS | Windows | OS Version | Server 2003 | ||
Product Version | 1.1.6 | ||||
Fixed in Version | 1.2.0 | ||||
Summary | 0010491: mc_issue_add incorrect access level check | ||||
Description | mc_issue_add requires an access level of "developer" by default to add an issue. I believe that this should mirror the UI access level model which lets users add access levels at "reporter". patch and files included. | ||||
Steps To Reproduce | make user a reporter, then execute this php snippet. mantisconnect.php helper class files included in post require("mantisconnect.php"); $issue = new mc_issue(); | ||||
Additional Information | in mc_issue_api.php, line 394 the function mci_has_readwrite_access is called to check permissions. This by default requires DEVELOPER access. by changing the if condition to (user_get_access_level( $t_user_id, $t_project_id ) < REPORTER), my reporter users can now add issues through the soap api. Patch may not be acceptable in your mainstream branch, because it looks like the user levels are configurable, so perhaps another access level check function is in order. | ||||
Tags | No tags attached. | ||||
Attached Files | mantisconnect.php (3,393 bytes)
<?php include("SOAP/Client.php"); class mantisconnect{ function __construct($url,$user,$password) { $this->soapclient = new SOAP_Client($url."?wsdl",true); $this->soapoptions = array('namespace' => 'http://futureware.biz/mantisconnect', 'trace' => 0); $this->username = $user; $this->password = $password; $this->error_code = 0; // error message $this->error_msg = ""; // error message } function docall($function,$params) { $ret = $this->soapclient->call($function,$params, $this->soapoptions); if (PEAR::isError($ret)) { $this->error_code = $ret->getCode(); $this->error_msg = $ret->getMessage(); return null; } $this->error_code = 0; // error message $this->error_msg = ""; // error message return $ret; } function mc_enum_priorities() { $params = array( 'username' => $this->username, 'password' => $this->password ); return $this->docall(__FUNCTION__,$params); } function mc_enum_reproducibilities() { $params = array( 'username' => $this->username, 'password' => $this->password ); return $this->docall(__FUNCTION__,$params); } function mc_enum_severities() { $params = array( 'username' => $this->username, 'password' => $this->password ); return $this->docall(__FUNCTION__,$params); } function mc_project_get_categories($id) { $params = array( 'username' => $this->username, 'password' => $this->password, 'project_id' => $id ); return $this->docall(__FUNCTION__,$params); } function mc_issue_get($id) { $params = array( 'username' => $this->username, 'password' => $this->password, 'issue_id' => $id ); return $this->docall(__FUNCTION__,$params); } function mc_issue_add($issue) { $params = array( 'username' => $this->username, 'password' => $this->password, 'issue' => $issue ); return $this->docall(__FUNCTION__,$params); } } /**** helper classes ****/ class mc_issue{ function __construct() { $this->id= 0; $this->view_state = null; $this->last_updated = null; $this->project = null; $this->category = null; $this->priority = null; $this->severity = null; $this->status=null; $this->reporter=null; $this->summary=null; $this->version=null; $this->build=null; $this->platform=null; $this->os=null; $this->os_build=null; $this->reproducibility=null; $this->date_submitted=null; $this->sponsorship_total=null; $this->handler=null; $this->projection=null; $this->eta=null; $this->resolution=null; $this->fixed_in_version=null; $this->description=null; $this->steps_to_reproduce=null; $this->additional_information=null; $this->attachments = array(); $this->relationships = array(); $this->notes = array(); $this->custom_fields = array(); } } class mc_enum { function __construct($id, $name=null) { if($id != null) { $this->id = $id; } if($name != null) { $this->name = $name; } } } | ||||
MantisBT: master 2ceb6071 2009-10-10 00:27 Details Diff |
Fix 0010491: mc_issue_add incorrect access level check. |
Affected Issues 0010491 |
|
mod - api/soap/mc_config_defaults_inc.php | Diff File | ||
MantisBT: master-1.2.x 5d821dd1 2009-10-10 00:27 Details Diff |
Fix 0010491: mc_issue_add incorrect access level check. |
Affected Issues 0010491 |
|
mod - api/soap/mc_config_defaults_inc.php | Diff File |