Hi Lyu, On Sun, Oct 12, 2008 at 22:09, Lyu Abe <[EMAIL PROTECTED]> wrote: > Actually no: I am using a C code (xmlrpc-c) to call the methods on the > http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test > server with the "root" login. > > I commented the 'login' method calls but could still obtain responses from > other methods ('max_question_id' and 'max_tag_id'). I don't know if this is > a normal behaviour.
Certain methods are restricted to certain role. E.g. method set_question_status is restricted to classifier. You need to look at the code to know the restriction about each method. http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw For example: 347 let set_question_status (cookie, q_id, new_status) = 348 do_if_classifier cookie This method is executed only if the caller has "classifier" rights. > It's a very simple C code (just call and proceed the result). I just skipped > the 'login' step, and could still access other methods... Do you check return codes of the other method calls (after the login)? It is normal to be able to call them. But they should return an error if you don't have enough access rights. Yours, d. _______________________________________________ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
