Hi Lyu,

On Sun, Oct 12, 2008 at 22:09, Lyu Abe <[EMAIL PROTECTED]> wrote:
> Actually no: I am using a C code (xmlrpc-c) to call the methods on the
> http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test
> server with the "root" login.
> I commented the 'login' method calls but could still obtain responses from
> other methods ('max_question_id' and 'max_tag_id'). I don't know if this is
> a normal behaviour.

Certain methods are restricted to certain role. E.g. method
set_question_status is restricted to classifier.
You need to look at the code to know the restriction about each method.

For example:
347 let set_question_status (cookie, q_id, new_status) =
348     do_if_classifier cookie

This method is executed only if the caller has "classifier" rights.

> It's a very simple C code (just call and proceed the result). I just skipped
> the 'login' step, and could still access other methods...

Do you check return codes of the other method calls (after the login)?
It is normal to be able to call them. But they should return an error
if you don't have enough access rights.


Demexp-dev mailing list

Répondre à