Hi Lyu,
On Sun, Oct 12, 2008 at 22:09, Lyu Abe <address@hidden> wrote:
Actually no: I am using a C code (xmlrpc-c) to call the methods on the
http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
server with the "root" login.
I commented the 'login' method calls but could still obtain responses from
other methods ('max_question_id' and 'max_tag_id'). I don't know if this is
a normal behaviour.
Certain methods are restricted to certain role. E.g. method
set_question_status is restricted to classifier.
You need to look at the code to know the restriction about each method.
http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw
For example:
347 let set_question_status (cookie, q_id, new_status) =
348 do_if_classifier cookie
This method is executed only if the caller has "classifier" rights.
It's a very simple C code (just call and proceed the result). I just skipped
the 'login' step, and could still access other methods...
Do you check return codes of the other method calls (after the login)?
It is normal to be able to call them. But they should return an error
if you don't have enough access rights.
Yours,
d.