View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - [SOLVED] API access right issue fetching object history - ProjeQtOr
 
 

[SOLVED] API access right issue fetching object history

More
21 Apr 2022 10:40 #1 by caccia
API access right issue fetching object history was created by caccia
Hello,

Going deeper into the use of the Projeqtor API, we've hit an issue related to access rights.
Maybe related to this topic ? www.projeqtor.org/fr/forum-fr/2-submit-i...ements-access-rights 

With the following query :
{{baseURL}}/api/History/search/refType='Ticket'/refId={{ticketID}}/colName='idStatus'

- The solution works great for a user with administrative account
- When trying the same request with a Project Leader account, result is :
  - empty result if the {{ticketID}} belongs to a project the user has access to
  - valid result if the {{ticketID}} belongs to a project the user does not have access to

=> So in fact the PL can get data from tickets that he does not have access to.

 

Please Log in or Create an account to join the conversation.

More
22 Apr 2022 09:41 #2 by babynus
Replied by babynus on topic API access right issue fetching object history
Thanks for pointing out the issue.
Ticket #6142 recorded
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
25 Apr 2022 12:48 #3 by caccia
Replied by caccia on topic API access right issue fetching object history
Great, thanks :)

Extra info: if I'm not mistaken, the same issue applies to Notes as well.

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.039 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form