Title | Replicator doesn't enforce licences in TeamTrack |
Status | closed |
Priority | essential |
Assigned user | Gareth Rees |
Organization | Ravenbrook |
Description | Only licenced TeamTrack users should be able to update issues in TeamTrack. I think this isn't working. |
Analysis | First, the current teamtrack_case.update() doesn't check that the user has a licence. Second, users who don't exist in TeamTrack get mapped by the user translator to user 0. This may be a loophole. However, I believe that the implementation is OK: First, The teamtrack_case.update() function always uses TSServer::Transition to update an issue -- for ordinary updates it uses the magic transition 0. So privileges are always checked. Second, user 0 has no privileges, so users without licences can't update issues in TeamTrack. I experimented with updating an issue as a Perforce user with no TeamTrack licence, and found that TeamTrack refused to update the issue on my behalf. |
How found | inspection |
Evidence | Came up in discussion with RB and NB on 2000-11-28. |
Created by | Gareth Rees |
Created on | 2000-11-28 17:01:10 |
Last modified by | Gareth Rees |
Last modified on | 2001-12-10 19:05:28 |
History | 2000-11-28 GDR Created. 2000-11-30 GDR Closed. |
Change | Effect | Date | User | Description |
---|---|---|---|---|
4893 | closed | 2000-11-24 16:32:02 | Gareth Rees | Merged re-architected replicator back into master sources. |
4800 | closed | 2000-11-22 13:49:33 | Gareth Rees | Translation of issues now carried out by replicator class. Update functions take dictionaries of changes only. |