View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023561 | mantisbt | api soap | public | 2017-10-29 19:00 | 2017-12-17 05:13 |
Reporter | cproensa | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-beta.1 | ||||
Target Version | 1.3.13 | Fixed in Version | 1.3.13 | ||
Summary | 0023561: mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user | ||||
Description |
Running that function there are two users involved:
I suspect that the filter is being built and called in the context of target-user
The user parameter for filter_bug_rows is the user which is used to evaluate the config options needed to resolve visibility thresholds, etc. I am not able to test the soap api to reproduce this, i'd appreciate if someone with better knowledge on this can test and tell if it's actually an issue. | ||||
Tags | No tags attached. | ||||
I have reproduced this with a sample client
Then calling |
|
@cproensa - definitely looks like a bug to me. The |
|
It seems that we use target user to do two things:
I suspect that the right behavior is to fix step 2 to use the logged in user id rather than the target user id. If that makes sense, I can provide a fix that is targeted for 2.8.1. |
|
+1 |
|
Thanks @atrol for the review and @cproensa for reporting the issue. I have used SoapUI to test.
I'll merge this before cutting 2.8.1. |
|
@vboctor the issue has been introduced in version 1.2.16 0015807. |
|
MantisBT: master-2.8 732ebc16 2017-11-30 07:58 Details Diff |
Fix SOAP API standard filters Fixes 0023561 |
Affected Issues 0023561 |
|
mod - api/soap/mc_project_api.php | Diff File | ||
MantisBT: master-1.3.x 7168f49d 2017-11-30 07:58 Details Diff |
Fix SOAP API standard filters Fixes 0023561 |
Affected Issues 0023561 |
|
mod - api/soap/mc_project_api.php | Diff File |