Actions
Defect #36967
open
issue#create difference error patterns between project_id inside and outside with none member condition
Status:
New
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
issue#create accepts both project_id inside and outside with none member condition.
The project_id inside pattern. (Pattern 1)
curl -v -H "Content-Type: application/json" \
-d '{"issue":{"project_id":5,"subject":"None member issue","tracker_id":1}}' \
'http://localhost:3000/issues.json?key=(key)'
The project_id outside pattern. (Pattern 2)
curl -v -H "Content-Type: application/json" \
-d '{"project_id":5,"issue":{"subject":"None member issue","tracker_id":1}}' \
'http://localhost:3000/issues.json?key=(key)'
If the project_id is not behind the user, the pattern 1 returns 422 error, but the pattern 2 returns 403 error.
Which error is correct?
Updated by Mizuki ISHIKAWA over 2 years ago
I was able to reproduce the same behavior.
- Pattern 1: POST request to http://localhost:3000/issues. When the create action is executed by the request, the ticket will result in a validation error.
- Pattern 2: The same processing occurs as when you send a POST request to http://localhost:3000/projects/5/issues. An error occurs before the create action starts because you do not have permission to POST access http://localhost:3000/projects/5/issues.
Pattern 1 and Pattern 2 seem to have different status codes because the process failed at different times in the code.
Actions