stable

Clone or download

Read-only

request #26816 Resources of private projects can be accessed by non project members

Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d

Modified Files

Name
M plugins/program_management/tests/rest/v1/ProjectResourceTest.php +1 −1 Go to diff View file
M site-content/fr_FR/LC_MESSAGES/tuleap-core.po +10 −2 Go to diff View file
M site-content/pt_BR/LC_MESSAGES/tuleap-core.po +8 −2 Go to diff View file
M src/common/Project/REST/v1/ProjectCreationDataPOSTProjectBuilder.php +4 −1 Go to diff View file
M src/common/Project/REST/v1/ProjectResource.class.php +9 −3 Go to diff View file
A src/common/Project/Registration/Template/InsufficientPermissionToUseCompanyTemplateException.php +37 −0 Go to diff View file
M src/common/Project/Registration/Template/ProjectTemplateNotActiveException.php +2 −2 Go to diff View file
M src/common/Project/Registration/Template/TemplateFactory.php +23 −6 Go to diff View file
M src/common/Project/Registration/Template/TemplateFromProjectForCreation.php +42 −7 Go to diff View file
M tests/lib/TestDataBuilder.php +2 −0 Go to diff View file
A tests/rest/_fixtures/16-public-template/project.xml +7 −0 Go to diff View file
A tests/rest/_fixtures/16-public-template/user_map.csv +1 −0 Go to diff View file
A tests/rest/_fixtures/16-public-template/users.xml +3 −0 Go to diff View file
A tests/rest/_fixtures/17-private-template/project.xml +20 −0 Go to diff View file
A tests/rest/_fixtures/17-private-template/user_map.csv +1 −0 Go to diff View file
A tests/rest/_fixtures/17-private-template/users.xml +17 −0 Go to diff View file
M tests/rest/bin/init_data.php +1 −0 Go to diff View file
M tests/rest/bin/setup.sh +2 −0 Go to diff View file
M tests/rest/lib/RestBase.php +16 −4 Go to diff View file
M tests/rest/lib/TestDataBuilder.php +21 −0 Go to diff View file
M tests/rest/tests/ProjectTest.php +55 −9 Go to diff View file
M tests/rest/tests/ReadOnlyAdministrator/ProjectTest.php +1 −1 Go to diff View file
M tests/unit/common/Project/REST/v1/ProjectCreationDataPOSTProjectBuilderTest.php +2 −1 Go to diff View file
M tests/unit/common/Project/REST/v1/RestProjectCreatorTest.php +9 −3 Go to diff View file
M tests/unit/common/Project/Registration/Template/TemplateFactoryTest.php +45 −3 Go to diff View file
M tests/unit/common/Project/Registration/Template/TemplateFromProjectForCreationTest.php +45 −9 Go to diff View file