stable
Clone or download
Read-only
request #26816 Resources of private projects can be accessed by non project members
Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/program_management/tests/rest/v1/ProjectResourceTest.php | +1 | −1 | Go to diff View file |
| M | site-content/fr_FR/LC_MESSAGES/tuleap-core.po | +10 | −2 | Go to diff View file |
| M | site-content/pt_BR/LC_MESSAGES/tuleap-core.po | +8 | −2 | Go to diff View file |
| M | src/common/Project/REST/v1/ProjectCreationDataPOSTProjectBuilder.php | +4 | −1 | Go to diff View file |
| M | src/common/Project/REST/v1/ProjectResource.class.php | +9 | −3 | Go to diff View file |
| A | src/common/Project/Registration/Template/InsufficientPermissionToUseCompanyTemplateException.php | +37 | −0 | Go to diff View file |
| M | src/common/Project/Registration/Template/ProjectTemplateNotActiveException.php | +2 | −2 | Go to diff View file |
| M | src/common/Project/Registration/Template/TemplateFactory.php | +23 | −6 | Go to diff View file |
| M | src/common/Project/Registration/Template/TemplateFromProjectForCreation.php | +42 | −7 | Go to diff View file |
| M | tests/lib/TestDataBuilder.php | +2 | −0 | Go to diff View file |
| A | tests/rest/_fixtures/16-public-template/project.xml | +7 | −0 | Go to diff View file |
| A | tests/rest/_fixtures/16-public-template/user_map.csv | +1 | −0 | Go to diff View file |
| A | tests/rest/_fixtures/16-public-template/users.xml | +3 | −0 | Go to diff View file |
| A | tests/rest/_fixtures/17-private-template/project.xml | +20 | −0 | Go to diff View file |
| A | tests/rest/_fixtures/17-private-template/user_map.csv | +1 | −0 | Go to diff View file |
| A | tests/rest/_fixtures/17-private-template/users.xml | +17 | −0 | Go to diff View file |
| M | tests/rest/bin/init_data.php | +1 | −0 | Go to diff View file |
| M | tests/rest/bin/setup.sh | +2 | −0 | Go to diff View file |
| M | tests/rest/lib/RestBase.php | +16 | −4 | Go to diff View file |
| M | tests/rest/lib/TestDataBuilder.php | +21 | −0 | Go to diff View file |
| M | tests/rest/tests/ProjectTest.php | +55 | −9 | Go to diff View file |
| M | tests/rest/tests/ReadOnlyAdministrator/ProjectTest.php | +1 | −1 | Go to diff View file |
| M | tests/unit/common/Project/REST/v1/ProjectCreationDataPOSTProjectBuilderTest.php | +2 | −1 | Go to diff View file |
| M | tests/unit/common/Project/REST/v1/RestProjectCreatorTest.php | +9 | −3 | Go to diff View file |
| M | tests/unit/common/Project/Registration/Template/TemplateFactoryTest.php | +45 | −3 | Go to diff View file |
| M | tests/unit/common/Project/Registration/Template/TemplateFromProjectForCreationTest.php | +45 | −9 | Go to diff View file |