Re: [Demexp-dev] login method and cookie
David, ok, so if I understand right, all the methods I mentioned in my email (max_question_id and max_tag_id) should work and return correct values even if I'm not logged in. Other functions with 'privilege' will return an error code. In that case I get it. And yes, the code returns error codes is any (for example 'rt_bad_login' if I enter the wrong login/pwd). See you, Lyu. David MENTRE a écrit : Hi Lyu, On Sun, Oct 12, 2008 at 22:09, Lyu Abe <[EMAIL PROTECTED]> wrote: Actually no: I am using a C code (xmlrpc-c) to call the methods on the http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test server with the "root" login. I commented the 'login' method calls but could still obtain responses from other methods ('max_question_id' and 'max_tag_id'). I don't know if this is a normal behaviour. Certain methods are restricted to certain role. E.g. method set_question_status is restricted to classifier. You need to look at the code to know the restriction about each method. http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw For example: 347 let set_question_status (cookie, q_id, new_status) = 348 do_if_classifier cookie This method is executed only if the caller has "classifier" rights. It's a very simple C code (just call and proceed the result). I just skipped the 'login' step, and could still access other methods... Do you check return codes of the other method calls (after the login)? It is normal to be able to call them. But they should return an error if you don't have enough access rights. Yours, d. ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hi Lyu, On Sun, Oct 12, 2008 at 22:09, Lyu Abe <[EMAIL PROTECTED]> wrote: > Actually no: I am using a C code (xmlrpc-c) to call the methods on the > http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test > server with the "root" login. > > I commented the 'login' method calls but could still obtain responses from > other methods ('max_question_id' and 'max_tag_id'). I don't know if this is > a normal behaviour. Certain methods are restricted to certain role. E.g. method set_question_status is restricted to classifier. You need to look at the code to know the restriction about each method. http://www.linux-france.org/cgi-bin/hgwebdir.cgi/demexp/version-0.8?f=be82d551338e;file=srv/work.ml.nw For example: 347 let set_question_status (cookie, q_id, new_status) = 348 do_if_classifier cookie This method is executed only if the caller has "classifier" rights. > It's a very simple C code (just call and proceed the result). I just skipped > the 'login' step, and could still access other methods... Do you check return codes of the other method calls (after the login)? It is normal to be able to call them. But they should return an error if you don't have enough access rights. Yours, d. ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hi David, Is it normal that when using these servers: http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test or http://www.linux-france.org/cgi-bin/demexp-xmlrpc-demo do not need to 'login' to be able to access to all methods on the server? (and the 'goodbye' method doesn't seem to do anything either) ->This means that using a 'cookie' is not necessary... I'm not sure I understand your question. For all methods of the proxy, you can call them with a dummy cookie or a wrong login. However the server should report an error when the login or the operation fails. Actually no: I am using a C code (xmlrpc-c) to call the methods on the http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test server with the "root" login. I commented the 'login' method calls but could still obtain responses from other methods ('max_question_id' and 'max_tag_id'). I don't know if this is a normal behaviour. On the server, you can call all methods but their execution should fail with an error code when your an not authenticated. Which code are you using? It's a very simple C code (just call and proceed the result). I just skipped the 'login' step, and could still access other methods... Regards, Lyu And the http://tuxinette.linux-france.org:5 seems to be down... or? Server restarted. Yours, d. ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev
Re: [Demexp-dev] login method and cookie
Hello Lyu, Lyu Abe <[EMAIL PROTECTED]> writes: > Is it normal that when using these servers: > http://www.linux-france.org/cgi-bin/demexp-xmlrpc-test > or > http://www.linux-france.org/cgi-bin/demexp-xmlrpc-demo > > do not need to 'login' to be able to access to all methods on the > server? (and the 'goodbye' method doesn't seem to do anything either) > ->This means that using a 'cookie' is not necessary... I'm not sure I understand your question. For all methods of the proxy, you can call them with a dummy cookie or a wrong login. However the server should report an error when the login or the operation fails. On the server, you can call all methods but their execution should fail with an error code when your an not authenticated. Which code are you using? > And the > http://tuxinette.linux-france.org:5 > seems to be down... or? Server restarted. Yours, d. -- GPG/PGP key: A3AD7A2A David MENTRE <[EMAIL PROTECTED]> 5996 CC46 4612 9CA4 3562 D7AC 6C67 9E96 A3AD 7A2A ___ Demexp-dev mailing list Demexp-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/demexp-dev