It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×10,866
×5,887
×1,383

question asked: Apr 17, 4:48 a.m.
question was seen: 280 times
last updated: Apr 19, 3:07 a.m.

Related questions

Is it possible to get only the artifact links, if you do not have the permission to see the linked source via RM-API?

0
Antje Rößle-Tuchel (294) | asked Apr 17, 4:48 a.m.

I dry to get all satisfies-link of an ERM-artifact via  


RM.Data.getLinkedArtifacts(art.artRef, [], function(linksResult){
                if (linksResult.code != RM.OperationResult.OPERATION_OK){
                    return
                }
                // internal links are stored in linksResult.data.artifactLinks[0].linktype
                if (linksResult.data.artifactLinks.length>0){
                    let linkList=[]
                    linksResult.data.artifactLinks.forEach(function(linkDefinition){
                        art["ERM link"] = getNameOfLinkType(linkDefinition.linktype.uri, linkList)
                    })
                }
                else{
                    art["ERM link"] ="noLinkSet"
                }
}

But if the user have not the permission to see the linked resource the result is empty.

On the list of artifact links located on the requirement you can see, that there are satisfies-link with the number.

So I want to get the information, that one link with the link type satisfies exists, in my code. How can I handle this?

Comments
Ralph Schoon commented Apr 17, 8:09 a.m. | edited Apr 17, 8:11 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I am not the best person to answer this, but I would like to comment, that the API should not be able to override any permissions. I think links were the user does not have access to both ends should not be visible to the user. Otherwise you could leak confidential information such as customer names in link labels that you should not be able to see. 

So the only way to handle this, would be to use a user with enough permissions. I do know if the JavaScript API alowes to elevate the user, but I really doubt it. This would be a vulnerability.

Antje Rößle-Tuchel commented Apr 19, 3:07 a.m.
Thank you very much for your answer. 
I see it like this: when I select an artifact, I see the linked elements at the bottom right corner. I can also see the artifact ID and the link type of the linked artifacts that I don't have access to myself - due of the other global configuration. 
That would be more than enough for my use case. I just need the information in the API that a link to another artifact with a certain link type exists.
Do I have to fetch the attribute and search for the information there, or is there another way?

Be the first one to answer this question!

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.