|Title||Replicator doesn't enforce licences in TeamTrack|
|Assigned user||Gareth Rees|
|Description||Only licenced TeamTrack users should be able to update issues in TeamTrack. I think this isn't working.|
|Analysis||First, the current teamtrack_case.update() doesn't check that the user has a licence.|
Second, users who don't exist in TeamTrack get mapped by the user translator to user 0. This may be a loophole.
However, I believe that the implementation is OK:
First, The teamtrack_case.update() function always uses TSServer::Transition to update an issue -- for ordinary updates it uses the magic transition 0. So privileges are always checked.
Second, user 0 has no privileges, so users without licences can't update issues in TeamTrack.
I experimented with updating an issue as a Perforce user with no TeamTrack licence, and found that TeamTrack refused to update the issue on my behalf.
|Evidence||Came up in discussion with RB and NB on 2000-11-28.|
|Created by||Gareth Rees|
|Created on||2000-11-28 17:01:10|
|Last modified by||Gareth Rees|
|Last modified on||2001-12-10 19:05:28|
|History||2000-11-28 GDR Created.|
2000-11-30 GDR Closed.
|4893||closed||2000-11-24 16:32:02||Gareth Rees||Merged re-architected replicator back into master sources.|
|4800||closed||2000-11-22 13:49:33||Gareth Rees||Translation of issues now carried out by replicator class. Update functions take dictionaries of changes only.|