| Title | Replicator doesn't enforce licences in TeamTrack |
| Status | closed |
| Priority | essential |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | Only licenced TeamTrack users should be able to update issues in TeamTrack. I think this isn't working. |
| Analysis | First, the current teamtrack_case.update() doesn't check that the user has a licence. Second, users who don't exist in TeamTrack get mapped by the user translator to user 0. This may be a loophole. However, I believe that the implementation is OK: First, The teamtrack_case.update() function always uses TSServer::Transition to update an issue -- for ordinary updates it uses the magic transition 0. So privileges are always checked. Second, user 0 has no privileges, so users without licences can't update issues in TeamTrack. I experimented with updating an issue as a Perforce user with no TeamTrack licence, and found that TeamTrack refused to update the issue on my behalf. |
| How found | inspection |
| Evidence | Came up in discussion with RB and NB on 2000-11-28. |
| Created by | Gareth Rees |
| Created on | 2000-11-28 17:01:10 |
| Last modified by | Gareth Rees |
| Last modified on | 2001-12-10 19:05:28 |
| History | 2000-11-28 GDR Created. 2000-11-30 GDR Closed. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 4893 | closed | 2000-11-24 16:32:02 | Gareth Rees | Merged re-architected replicator back into master sources. |
| 4800 | closed | 2000-11-22 13:49:33 | Gareth Rees | Translation of issues now carried out by replicator class. Update functions take dictionaries of changes only. |