View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0022351||mantisbt||api soap||public||2017-02-09 14:07||2017-02-14 17:34|
|Target Version||Fixed in Version|
|Summary||0022351: Since PHP update SOAP interface does not work|
We updated PHP from 5.6 to 7.1 yesterday and since then the SOAP interface doesn't work anymore. The error message we get on the other side is always:
Uncaught SoapFault exception: [env:Sender] Access denied for user SOAP. Reason: Active user does not have access level required to specify a different issue note reporter.
The user has reporter level access to this specific project. When we change the access level to administrator for this user and project then it does work.
The question is now is there a bug fixed and which we used as a feature before or is now the check more strict than expected? Which user rights should this SOAP user have in the minimum.
|Tags||No tags attached.|
To my knowledge version 1.3 is not tested with PHP 7, so you might want to upgrade to 2.0 or 2.1 and see if that solves the problem.
1.3. should work using PHP 7(.0), see 0020499
Well. All the rest does work. It was only this special case. And I could imagine that this specific "problem" still exists in 2.x as it is really very unique.
The question is: Which access rights should the SOAP user have in the minimum?
You're not providing much background information on how the error occurs. Based on the reported error message, it seems that the error is triggered in mc_issue_note_add(); in that case, the access rights is defined in
Well, what can I say more.
It is a SOAP request which wants to add a note to an existing issue. As I already wrote the user name is "SOAP" and till now this user had for all the projects the access level "reporter". With PHP 5.6 this user could generate notes which where then saved with the user "SOAP". Now with PHP 7.1 I get the initially mentioned error message. Once I set the access level for this user to administrator it can save the notes again and this time it is saved with the user name of the logged in user.
To say is that in both softwares (TestLink and Mantis) the users authenticate with LDAP. So I am not sure if TestLink is sending along the logged in user. Or if Mantis somehow realized the user has two tabs and he is logged in with the same user in both application. (I doubt this is happening.)
Anyway it looks to me like with PHP 7.1 it is more strict and the question is now if this is as intended or not.
|2017-02-09 14:07||modir||New Issue|
|2017-02-10 06:14||rombert||Note Added: 0055635|
|2017-02-10 06:58||atrol||Note Added: 0055639|
|2017-02-10 13:31||modir||Note Added: 0055646|
|2017-02-10 18:36||dregad||Note Added: 0055649|
|2017-02-14 16:40||atrol||Status||new => feedback|
|2017-02-14 17:34||modir||Note Added: 0055680|
|2017-02-14 17:34||modir||Status||feedback => new|