0012263: No read access to issues with viewer rights over soap

ID	Project	Category	View Status	Date Submitted	Last Update
0012263	mantisbt	api soap	public	2010-08-17 14:10	2010-12-17 04:37

Reporter	simsmaster	Assigned To	rombert
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	1.2.2

Summary	0012263: No read access to issues with viewer rights over soap
Description	When a user has only viewer rights you cannot use this user to read(!) issues. When you gave him reporter rights everything is fine. Soap returns "Access denied". Possibly same problem: Such a user can´t use mc_enum_statuses. I´ve tried to find a fix, but didn´t got deep enough in the soap api... I would be happy if you could give me at least a workaround...
Steps To Reproduce	Create a user with viewer rights and try mc_project_get_issues or mc_enum_statuses via soap.
Additional Information	I´ve tried it with the soap client of WordPress 3.0 and MantisBT 1.2.2 on my local machine. I want to use this in WP Plugin.
Tags	No tags attached.

jreese 2010-08-22 18:52 reporter ~0026408	You probably need to create an mc_config_inc.php in the soap api path (there is mc_config_defaults_inc.php to use as a template). There is a configuration option to select the minimum user threshold needed to have access to the SOAP API. Lowering this to VIEWER should be sufficient.

simsmaster 2010-08-24 12:48 reporter ~0026454	Ok, that does the trick. Maybe you should think about setting VIEWER as standard for read operations. It would be more intuitive.

jreese 2010-08-24 12:57 reporter ~0026455	I think the reason for it's current default setting is that it prevents anonymous accounts from being able to abuse the SOAP service. By instead requiring reporter access, which is the default access level for new accounts, it at least requires someone to have taken the step to register an account before getting access to the API.

simsmaster 2010-08-24 14:11 reporter ~0026456	Hmm maybe you could block the soap api for anonymous users... But this is your thing, you have the greater view ;)

rombert 2010-09-08 17:23 reporter ~0026633	As this was a configuration issue, I'll close it. The real issue will be tracked under bug 0012328 , but for version 1.3 , as it is a large change.

has duplicate	0012644	closed	rombert	Could not use Mylyn Connector if there are projects without any permission for the user
related to	0012328	acknowledged		Normalise access checks between the web interface and the SOAP API