Bug #1293

Any normal user can remove anyone's uploads and folders using delagent from the command line.

Added by Mark Donohoe about 1 year ago. Updated 9 months ago.

Status:Closed Start date:02/23/2012
Priority:High Due date:
Assignee:Mary Laser % Done:

0%
Category:Delagent
Target version:2.1.0 Estimated time:20.00 hours
Rank:2 Tester:

Description

Using svn 5531 on randos64.ostt, as markd I was able to remove an upload uploaded by another user. I wonder if delagent should ask for a user name and password like cp2foss? I also don't think this is critical for 2.0, so feel free to move it to 2.01.

History

#1
Updated by larry shi about 1 year ago

  • Target version changed from 2.0.0 to 2.0.1

Yes, I also don't think this is critical for 2.0, so move it to 2.01.
this is related to the fossology authentication/Authorization.

#2
Updated by Paul Holland 12 months ago

  • IterNum set to 2

#3
Updated by larry shi 12 months ago

  • Estimated time set to 20.00

#4
Updated by larry shi 12 months ago

  • Status changed from New to In Progress

Hi Bob,

Do you know how to user C API SHA1 from openssh? it can not work, otherwise I have to use the command in delagent to get SHA1 value.

thanks.

#5
Updated by larry shi 11 months ago

  • Status changed from In Progress to Resolved

fixed in svn 5928, may be some unit tests will fail, if yes, will fix them ASAP.

#6
Updated by larry shi 11 months ago

another fix in svn 5933

#7
Updated by Mary Laser 11 months ago

  • Status changed from Resolved to In Progress

Thanks for the fix! Please add a test case to fossology/src/delagent/agent_tests/Functional/ft_cliDelagentTest.php to test this condition.

#8
Updated by larry shi 11 months ago

Hi mary,

in order to add test cases to test this condition to fossology/src/delagent/agent_tests/Functional/ft_cliDelagentTest.php, we have to populate some test date before prior to test.

you know, if you want to delete some upload, first, you have to first add some users, then one user upload something, then delete some uploads, this process is little difficult to test automatically for now.

if we just construct fake test data(not real uploads and users) , I think vincent can help to do this job, he is familiar with delagent.

#9
Updated by larry shi 11 months ago

  • Status changed from In Progress to Feedback
  • Assignee changed from larry shi to Mary Laser

#10
Updated by larry shi 11 months ago

  • Priority changed from Normal to High
  • Rank set to 2
  • IterNum changed from 2 to 3

#11
Updated by Mary Laser 11 months ago

  • Status changed from Feedback to In Progress

I will add a manual system test to verify this bug fix. A test db/repo is under discussion now (iteration 3).

#12
Updated by larry shi 11 months ago

  • Assignee changed from Mary Laser to Dong Ma

vincent will add some tests for delagent.

#13
Updated by Dong Ma 10 months ago

  • Status changed from In Progress to Resolved

vincent have added tests for delagent.

#14
Updated by Mary Laser 10 months ago

  • Assignee changed from Dong Ma to Mary Laser

Mary to verify fix and close.

#15
Updated by Mary Laser 10 months ago

  • IterNum changed from 3 to 5

will be validated in iteration 5

#16
Updated by Paul Holland 10 months ago

  • IterNum changed from 5 to 6

Needs to be validated by Mary. She'll be back in iteration 6.

#17
Updated by Mary Laser 10 months ago

  • Status changed from Resolved to Closed

Verified on pigwidgeon with svn 6098

#18
Updated by Mary Laser 9 months ago

  • Target version changed from 2.0.1 to 2.1.0

Also available in: Atom PDF