demexp-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Demexp-dev] login method and cookie

From: David MENTRE
Subject: Re: [Demexp-dev] login method and cookie
Date: Sun, 12 Oct 2008 22:31:14 +0200 
Hi Lyu,

On Sun, Oct 12, 2008 at 22:09, Lyu Abe <address@hidden> wrote:
> Actually no: I am using a C code (xmlrpc-c) to call the methods on the
> http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
> server with the "root" login.
>
> I commented the 'login' method calls but could still obtain responses from
> other methods ('max_question_id' and 'max_tag_id'). I don't know if this is
> a normal behaviour.

Certain methods are restricted to certain role. E.g. method
set_question_status is restricted to classifier.
You need to look at the code to know the restriction about each method.
 
http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw

For example:
347 let set_question_status (cookie, q_id, new_status) =
348     do_if_classifier cookie

This method is executed only if the caller has "classifier" rights.

> It's a very simple C code (just call and proceed the result). I just skipped
> the 'login' step, and could still access other methods...

Do you check return codes of the other method calls (after the login)?
It is normal to be able to call them. But they should return an error
if you don't have enough access rights.

Yours,
d.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]