Manager 9.8.8 Release Notes

December 10, 2019

API updates

In response to the below Module API security fix #35067, we have updated the following APIs which enhances security to view/retrieve responses from Projects and requires users to have appropriate Project level-permissions.

Therefore, from 9.8.8 and going forward, users will require Project-level permissions for any API and UI actions unless the API is specifically at the Site-level and does not target a specific Project.

Module:
- Get Modules: /api/v3/projects/projectId/modules
- Get a Module: qtestUrl/api/v3/projects/projectId/modules/moduleId
  - Permission: Requirement and Test Design Tree
Test Execution:
- qtestUrl/api/v3/projects/projectId/test-runs/execution-statuses
  - Permission: View Test Run
Link Objects:
- Remove link objects - Success with link between build and requirements
- qtestUrl/api/v3/projects/projectId/builds/newBuildId1/link?type=requirements
  
  Permission Notes:
  - Build: support requirement
    - Permission: Edit Release\Build + View Requirements
  - Release: support requirement
    - Permission: Edit Release/Build + View Requirements
  - Requirement: support Test Case
    - Permission: Edit Requirement + View Test Cases
  - Test Logs: support Defects
    - Permission: Edit Test Run
  - Test Step Logs: Defects
    - Permission: Edit Test Run
Custom fields:
- Get fields: /api/v3/projects/projectId/settings/{objectType}/fields
  - Create custom field: ( release / build / requirement / test case / test suite / test run / defect/api/v3/projects/projectId/settings/objectType/fields
  - Update system field: /api/v3/projects/projectId/settings/defects/system-fields/6421
    - Permission: Manage Field Settings

Additionally, the Automation Integration APIs listed below will also be affected with this change and users will need "Automation Schedules" Project-level permissions for the associated {projectId}:

Create an Automation Agent
- POST /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents
Update an Automation Agent
- PUT /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents/{agent_server_id}
Delete an Automation Agent
- DEL /api/v3/projects/{projectId}/automation/hosts/{host_server_id}/agents/{agent_server_id}
Activate an Automation Agent
- POST/api/v3/projects/{projectId}/automation/hosts/{host_server_Id}/agents/{agent_server_id}/activate
Deactivate an Automation Agent
- POST /api/v3/projects/{projectId}/automation/hosts/{host_server_Id}/agents/{agent_server_id}/deactivate
Update a Job’s Status
- PUT /api/v3/projects/{projectId}/automation/jobs/{job_id}/status

Bug fixes

Ticket #	Component	Description
33090	Test Execution	When attempting to view a Test Cycle that included over 100,000 Test Runs, some users experienced longer than expected load times of the Test Execution page. This is now fixed.
35067	Security: APIs	Previously, when using the Module API, some users were able to view/retrieve responses from Projects without appropriate permissions. This is now resolved. The following message is the expected result: "User needs to be assigned to project to perform this action!"

Ticket #

Component

Description

33090

Test Execution

When attempting to view a Test Cycle that included over 100,000 Test Runs, some users experienced longer than expected load times of the Test Execution page. This is now fixed.

35067

Security: APIs

Previously, when using the Module API, some users were able to view/retrieve responses from Projects without appropriate permissions. This is now resolved.

The following message is the expected result: "User needs to be assigned to project to perform this action!"