| Title: | Replicator doesn't enforce licences in TeamTrack |
| Status: | closed |
| Priority: | essential |
| Assigned user: | Gareth Rees |
| Organization: | Ravenbrook |
| Description: | Only licenced TeamTrack users should be able to update issues in TeamTrack. I think this isn't working. |
| Analysis: | First, the current teamtrack_case.update() doesn't check that the user has a licence. Second, users who don't exist in TeamTrack get mapped by the user translator to user 0. This may be a loophole. However, I believe that the implementation is OK: First, The teamtrack_case.update() function always uses TSServer::Transition to update an issue -- for ordinary updates it uses the magic transition 0. So privileges are always checked. Second, user 0 has no privileges, so users without licences can't update issues in TeamTrack. I experimented with updating an issue as a Perforce user with no TeamTrack licence, and found that TeamTrack refused to update the issue on my behalf. |
| How found: | inspection |
| Evidence: | Came up in discussion with RB and NB on 2000-11-28. |
| Created by: | Gareth Rees |
| Created on: | 2000‑11‑28 17:01:10 |
| Last modified by: | Gareth Rees |
| Last modified on: | 2001‑12‑10 19:05:28 |
| History: | 2000-11-28 GDR Created. 2000-11-30 GDR Closed. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 4893 | closed | 2000‑11‑24 16:32:02 | Gareth Rees | Merged re-architected replicator back into master sources. |
| 4800 | closed | 2000‑11‑22 13:49:33 | Gareth Rees | Translation of issues now carried out by replicator class. Update functions take dictionaries of changes only. |
Generated at 2013-05-20 13:38:01 by $Id: //info.ravenbrook.com/infosys/cgi/issue.cgi#476 $
Copyright © Ravenbrook Limited. This document is provided "as is", without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this document. You may make and distribute verbatim copies of this document provided that you do not charge a fee for this document or for its distribution.