プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #81908

未完了

issue#create difference error patterns between project_id inside and outside with none member condition

Admin Redmine さんが約2年前に追加. 約2年前に更新.

ステータス:
New
優先度:
通常
担当者:
-
カテゴリ:
Issues_2
対象バージョン:
-
開始日:
2022/05/09
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/36967
category_id:
2
version_id:
0
issue_org_id:
36967
author_id:
307439
assigned_to_id:
0
comments:
1
status_id:
1
tracker_id:
1
plus1:
0
affected_version:
closed_on:
affected_version_id:
155
ステータス-->[New]
引用

説明

issue#create accepts both project_id inside and outside with none member condition.
The project_id inside pattern. (Pattern 1)

curl -v -H "Content-Type: application/json" \
         -d '{"issue":{"project_id":5,"subject":"None member issue","tracker_id":1}}' \
        'http://localhost:3000/issues.json?key=(key)'

The project_id outside pattern. (Pattern 2)

curl -v -H "Content-Type: application/json" \
       -d '{"project_id":5,"issue":{"subject":"None member issue","tracker_id":1}}' \
       'http://localhost:3000/issues.json?key=(key)'

If the project_id is not behind the user, the pattern 1 returns 422 error, but the pattern 2 returns 403 error.
Which error is correct?

journals

I was able to reproduce the same behavior.

* Pattern 1: POST request to http://localhost:3000/issues. When the create action is executed by the request, the ticket will result in a validation error.
* Pattern 2: The same processing occurs as when you send a POST request to http://localhost:3000/projects/5/issues. An error occurs before the create action starts because you do not have permission to POST access http://localhost:3000/projects/5/issues.

Pattern 1 and Pattern 2 seem to have different status codes because the process failed at different times in the code.

--------------------------------------------------------------------------------

操作
リンクをコピー
 #1

Admin Redmine さんが約2年前に更新

  • カテゴリIssues_2 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org