-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unauthorized user could delete requirement using the HP ALI plugin #37
Comments
Is the workflow involved? If the enforcement is done via workflow, it cannot be supported by the plugin, which is not workflow-compliant. |
Not sure if any workflow is involved. At least no explicit/customized workflow was configured. The user only has a standard QC role of "Tester" and is not supposed to perform any delete. |
Can you please list the QC/ALM version and edition? Thanks. |
HP Application Lifecycle Management |
I'm not able to reproduce this on a very similar setup (11.52.572). Namely: 1/ if user only has viewer role, the deletion from Intellij fails (after dialog confirmation, insufficient permissions are reported and requirement is not removed) 2/ if user has "QATester" role, he is able to remove requirement both in QC and Intellij As a possible enhancement the appropriate action could be disabled rather than failing. It's not what you are reporting though. Are you sure that in your case it is not disabled/disallowed by a workflow permission/mechanism? |
Thanks. I'll ask QC admin about workflow. I changed my QC role to "Viewer" and got the following error when attempting to delete requirements using the plugin (I think it's the same as you test 1/) - Could you please also check whether you can delete requirement with "Tester" (not QATester) role? |
Indeed, it's the error that I saw too and that's what is currently expected. There is no "Tester" role on the freshly created project that I used. Let's wait for the additional info from your QC admin. |
HP ALI version: 3.13.133.193
Intellij Version: 14.0.3
Users cannot delete requirement in QC (via browser) due to limited privilege. But the same user was able to delete requirement in Intellij using the plugin, after confirming the delete prompt.
The text was updated successfully, but these errors were encountered: