View Issue Details

IDProjectCategoryView StatusLast Update
0022351mantisbtapi soappublic2017-02-14 17:34
Reportermodir Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version1.3.6 
Summary0022351: Since PHP update SOAP interface does not work
Description

We updated PHP from 5.6 to 7.1 yesterday and since then the SOAP interface doesn't work anymore. The error message we get on the other side is always:

Uncaught SoapFault exception: [env:Sender] Access denied for user SOAP. Reason: Active user does not have access level required to specify a different issue note reporter.

The user has reporter level access to this specific project. When we change the access level to administrator for this user and project then it does work.

The question is now is there a bug fixed and which we used as a feature before or is now the check more strict than expected? Which user rights should this SOAP user have in the minimum.

TagsNo tags attached.

Activities

rombert

rombert

2017-02-10 06:14

reporter   ~0055635

To my knowledge version 1.3 is not tested with PHP 7, so you might want to upgrade to 2.0 or 2.1 and see if that solves the problem.

atrol

atrol

2017-02-10 06:58

developer   ~0055639

1.3. should work using PHP 7(.0), see 0020499
7.1 might be another story

modir

modir

2017-02-10 13:31

reporter   ~0055646

Well. All the rest does work. It was only this special case. And I could imagine that this specific "problem" still exists in 2.x as it is really very unique.

The question is: Which access rights should the SOAP user have in the minimum?

dregad

dregad

2017-02-10 18:36

developer   ~0055649

You're not providing much background information on how the error occurs. Based on the reported error message, it seems that the error is triggered in mc_issue_note_add(); in that case, the access rights is defined in $g_webservice_specify_reporter_on_add_access_level_threshold

modir

modir

2017-02-14 17:34

reporter   ~0055680

Well, what can I say more.

It is a SOAP request which wants to add a note to an existing issue. As I already wrote the user name is "SOAP" and till now this user had for all the projects the access level "reporter". With PHP 5.6 this user could generate notes which where then saved with the user "SOAP". Now with PHP 7.1 I get the initially mentioned error message. Once I set the access level for this user to administrator it can save the notes again and this time it is saved with the user name of the logged in user.

To say is that in both softwares (TestLink and Mantis) the users authenticate with LDAP. So I am not sure if TestLink is sending along the logged in user. Or if Mantis somehow realized the user has two tabs and he is logged in with the same user in both application. (I doubt this is happening.)

Anyway it looks to me like with PHP 7.1 it is more strict and the question is now if this is as intended or not.