[XRAY-10846] The user can update the Test Run custom field via the Rest API, even without execution permission in a restricted workflow status. - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: Xray DC 7.11.3
Fix Version/s: None
Component/s: REST API, Test Run Custom Fields
Labels:
None
Environment:

REST API

Requirement Status:

UNCOVERED

Description

Description
The user can update the Test Run custom field via the Rest API, even without execution permission in a restricted workflow status.

Pre-conditions

Go to Admin settings >> Manage Apps >> Xray >> Miscellaneous >> Disallow Test executions with workflow status.
Create a Test Run Custom field.

How to reproduce

Create a Test Execution.
Add a Test to the Test Execution.
Move the workflow status to the In progress(Disallowed status)
Update the Test Run Custom field with REST API(/testrun/{id}/customfield/{customFieldId})

Actual result/Attachments

The user is able to update the Test Run custom field in a restricted workflow status.

Expected result

It should throw an error as below.

Version

7.11.3-j9

Workaround

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2025-04-17-21-05-51-686.png
17/Apr/25 4:35 PM
67 kB
Sandeep Gurram
image-2025-04-17-21-12-21-432.png
17/Apr/25 4:42 PM
13 kB
Sandeep Gurram
image-2025-04-17-21-12-29-757.png
17/Apr/25 4:42 PM
13 kB
Sandeep Gurram

Activity

People

Assignee:: Joana Fonseca

Reporter:: Sandeep Gurram

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Apr/25 4:45 PM

Updated:: 17/Apr/25 4:53 PM