Manager 9.8.8 Release Notes
December 10, 2019
API updates
In response to the below Module API security fix #35067, we have updated the following APIs which enhances security to view/retrieve responses from Projects and requires users to have appropriate Project level-permissions.
Therefore, from 9.8.8 and going forward, users will require Project-level permissions for any API and UI actions unless the API is specifically at the Site-level and does not target a specific Project.
-
Module:
-
Get Modules: /api/v3/projects/projectId/modules
-
Get a Module: qtestUrl/api/v3/projects/projectId/modules/moduleId
-
Permission: Requirement and Test Design Tree
-
-
-
Test Execution:
-
qtestUrl/api/v3/projects/projectId/test-runs/execution-statuses
-
Permission: View Test Run
-
-
-
Link Objects:
-
Remove link objects - Success with link between build and requirements
-
qtestUrl/api/v3/projects/projectId/builds/newBuildId1/link?type=requirements
Permission Notes:
-
Build: support requirement
-
Permission: Edit Release\Build + View Requirements
-
-
Release: support requirement
-
Permission: Edit Release/Build + View Requirements
-
-
Requirement: support Test Case
-
Permission: Edit Requirement + View Test Cases
-
-
Test Logs: support Defects
-
Permission: Edit Test Run
-
-
Test Step Logs: Defects
-
Permission: Edit Test Run
-
-
-
-
Custom fields:
-
Get fields: /api/v3/projects/projectId/settings/{objectType}/fields
-
Create custom field: ( release / build / requirement / test case / test suite / test run / defect/api/v3/projects/projectId/settings/objectType/fields
-
Update system field: /api/v3/projects/projectId/settings/defects/system-fields/6421
- Permission: Manage Field Settings
-
-
Additionally, the Automation Integration APIs listed below will also be affected with this change and users will need "Automation Schedules" Project-level permissions for the associated {projectId}:
-
Create an Automation Agent
-
POST /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents
-
-
Update an Automation Agent
-
PUT /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents/{agent_server_id}
-
-
Delete an Automation Agent
-
DEL /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents/{agent_server_id}
-
-
Activate an Automation Agent
-
POST/api/v3/projects/{projectId}/automation/hosts/{host_server_Id}/agents/{agent_server_id}/activate
-
-
Deactivate an Automation Agent
-
POST /api/v3/projects/{projectId}/automation/hosts/{host_server_Id}/agents/{agent_server_id}/deactivate
-
-
Update a Job’s Status
-
PUT /api/v3/projects/{projectId}/automation/jobs/{job_id}/status
-
Bug fixes
Ticket # | Component |
Description |
---|---|---|
33090 | Test Execution | When attempting to view a Test Cycle that included over 100,000 Test Runs, some users experienced longer than expected load times of the Test Execution page. This is now fixed. |
35067 | Security: APIs |
Previously, when using the Module API, some users were able to view/retrieve responses from Projects without appropriate permissions. This is now resolved. The following message is the expected result: "User needs to be assigned to project to perform this action!" |