View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - API: GET work - ProjeQtOr

Prochaines sessions de formation

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)

Mardi 23 avril (10h30-12h)

Jeudi 16 mai (16h-17h30)

Jeudi 13 juin (10h30-12h)

  
 

Planifiez avec ProjeQtOr

3 et 4 avril (9h - 12h30)

  
 

Administrez avec ProjeQtOr

10 et 11 avril (9h - 12h30)

  

 

 
 

API: GET work

More
25 Jan 2018 17:57 #1 by caccia
API: GET work was created by caccia
Hello,
Unless I'm mistaken I think there may be an issue with API handling of "special" classes, where access rights are improperly handled.
As an example, I have been doing some testing using the 'Work' class.
I am using curl, but the request i'm sending out is something like this :
'my-url/api/work/search/idProject=160'.
User which is used for the API connection has a project leader profile.

=> Result is that I can fetch work from projects which PL is NOT affected to, and not from project he IS affected to... :blink:

Bottom line: when doing a GET for class Work, we end up checking access rights in UserMain::getAccessRights(), and in particular via the following line:
$menu=$obj->getMenuClass ();
Since there is no specific menu for Work class, there is no access right definition for menuWork in the 'accessright' table, and I end up with a query to DB looking like this:
select * from work where idProject=460 and  
(work.idProject not in (456, 1, 448, 449, 451, 464, 450, 452, 453, 455)    // <-- these are the projects the PL is affected to
or work.idProject is null ) 
and (work.idProject not in (0) or work.idProject is null or (work.idResource='559') );

I've simply overridden getMenuClass() in model/custom/Work.php for a quick test, it seems to do the trick:
public function getMenuClass() {
  		return "menuActivity";
  	}

I'm not sure what's the best way to properly fix, but hope it helps!

Note: I think the same applies to class Assignment, among others.

Cheers,
caccia

Please Connexion or Create an account to join the conversation.

More
26 Jan 2018 16:06 #2 by babynus
Replied by babynus on topic API: GET work
Hi,

Thnaks for reporting this issue.
Your fix is the good one.
It will be included in /model/Work.php on next patch.

Thanks
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

More
30 Jan 2018 10:52 #3 by caccia
Replied by caccia on topic API: GET work
Great, thanks for the confirmation !
FYI, I'm also adding the same to model/Assignment.php, since we are fetching Assignments via API for some extra reporting.

Best regards,
caccia

Please Connexion or Create an account to join the conversation.

More
30 Jan 2018 11:08 - 30 Jan 2018 11:08 #4 by babynus
Replied by babynus on topic API: GET work
We also added fix on Assignment.
It will be deployed on next patch/version.

Thanks for pointing out the issue.
Babynus
Administrator of ProjeQtOr web site
Last edit: 30 Jan 2018 11:08 by babynus.

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.034 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form