P4DTI issue job000087

TitleReplicator doesn't enforce licences in TeamTrack
Assigned userGareth Rees
DescriptionOnly licenced TeamTrack users should be able to update issues in TeamTrack. I think this isn't working.
AnalysisFirst, the current teamtrack_case.update() doesn't check that the user has a licence.
Second, users who don't exist in TeamTrack get mapped by the user translator to user 0. This may be a loophole.
However, I believe that the implementation is OK:
First, The teamtrack_case.update() function always uses TSServer::Transition to update an issue -- for ordinary updates it uses the magic transition 0. So privileges are always checked.
Second, user 0 has no privileges, so users without licences can't update issues in TeamTrack.
I experimented with updating an issue as a Perforce user with no TeamTrack licence, and found that TeamTrack refused to update the issue on my behalf.
How foundinspection
EvidenceCame up in discussion with RB and NB on 2000-11-28.
Created byGareth Rees
Created on2000-11-28 17:01:10
Last modified byGareth Rees
Last modified on2001-12-10 19:05:28
History2000-11-28 GDR Created.
2000-11-30 GDR Closed.


Change Effect Date User Description
4893 closed 2000-11-24 16:32:02 Gareth Rees Merged re-architected replicator back into master sources.
4800 closed 2000-11-22 13:49:33 Gareth Rees Translation of issues now carried out by replicator class. Update functions take dictionaries of changes only.