View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
14314Bug reportsUser / Groups / Rolespublic2018-12-03 14:272019-04-30 09:12
ReporterMazi Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version3.15.x 
Target Version3.16.xFixed in Version3.15.x 
Summary14314: Superadmin user rights not stored properly
Description

If a superadmin user, who was created by another superadmin, wants to create a new user with superadmin rights, the user right settings are not stored properly.

Steps To Reproduce
  1. Let the main superadmin user "admin" create a user "test1" and assign that user superadmin rights.
  2. Log in as user test1 and create another user "test2". Assign the user the superadmin right (see screenshot).
  3. Check the user rights of user "test2". The previously checked superadmin user right was removed.
Additional Information

This could either be user rights not being stored properly or it could be the superadmin user right checkboxes being displayed though those may not be shown at that screen because only "admin" may created other superadmins.
UDDATE: According to @c_schmitz only the "admin" user created as superadmin during the setup should be allowed to create further superadmin users. So this means that the checkboxes shown to user "test2" should not be displayed at all.

TagsNo tags attached.
Attached Files
rights_stored.png (222,061 bytes)
rights_set.png (224,766 bytes)
Bug heat6
Complete LimeSurvey version number (& build)3.15.5+181115
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionMySQL 5
Server OS (if known)Ubuntu 14 TLS
Webserver software & version (if known)Apache 2
PHP Version7.0.26

Relationships

Relationship GraphDependency Graph
related to 12690 closedDenisChenu Feature requests Allow super-admin set by other user's than 1 

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2018-12-03 20:20

developer   ~49862

No …

It's a new feature added as new feature :
https://github.com/LimeSurvey/LimeSurvey/blob/44356dc68b748d361b0a91669ebe6f4100ab8928/docs/release_notes.txt#L1714
https://bugs.limesurvey.org/view.php?id=12690

There are 2 rights currently for superadmin : one with 'read' => it's the previous right + one with create : it's the new rigth : allowing add or remove super-admin rights.

It work like a charm when it's done.

If an user without "superadmin' update rights can remove the superadmin right : it's an issue, but not something else.
DenisChenu

DenisChenu

2018-12-04 08:44

developer   ~49865

OK, value returned by Permission model is OK
Mazi

Mazi

2018-12-04 09:22

updater   ~49866

So then it is a matter of the rights not being stored properly?
Or maybe the rights are even stored properly but the checkboxes are not checked on reload?
DenisChenu

DenisChenu

2018-12-04 09:25

developer   ~49867

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28581
DenisChenu

DenisChenu

2018-12-04 09:26

developer   ~49868

Still one Yii::app()->session['loginID'] test … not used before …
DenisChenu

DenisChenu

2018-12-04 09:28

developer   ~49869

Remind : if you are a not forced superadmin and set another user superadmin create right : this superadmin can disable your rights :).

Only forced superadmin are sure to be superadmin (default to user 1)
c_schmitz

c_schmitz

2019-04-30 09:12

administrator   ~51641

Fixed in Version 3.1.7.3

Related Changesets

LimeSurvey: master 9be61009

2018-12-04 10:25

DenisChenu


Details Diff		 Fixed issue 14314: Superadmin user rights not stored properly Affected Issues
14314
mod - application/models/Permission.php Diff File

Issue History

Date Modified Username Field Change
2018-12-03 14:27 Mazi New Issue
2018-12-03 14:28 Mazi File Added: rights_stored.png
2018-12-03 14:28 Mazi File Added: rights_set.png
2018-12-03 17:34 Mazi Additional Information Updated
2018-12-03 20:20 DenisChenu Note Added: 49862
2018-12-03 20:20 DenisChenu Relationship added related to 12690
2018-12-04 08:39 DenisChenu Assigned To => DenisChenu
2018-12-04 08:39 DenisChenu Status new => assigned
2018-12-04 08:44 DenisChenu Note Added: 49865
2018-12-04 09:22 Mazi Note Added: 49866
2018-12-04 09:25 DenisChenu Changeset attached => LimeSurvey master 9be61009
2018-12-04 09:25 DenisChenu Note Added: 49867
2018-12-04 09:25 DenisChenu Resolution open => fixed
2018-12-04 09:25 DenisChenu Status assigned => resolved
2018-12-04 09:25 DenisChenu Fixed in Version => 3.15.x
2018-12-04 09:26 DenisChenu Note Added: 49868
2018-12-04 09:28 DenisChenu Note Added: 49869
2019-04-30 09:12 c_schmitz Note Added: 51641
2019-04-30 09:12 c_schmitz Status resolved => closed
2019-11-01 17:26 c_schmitz Category User/User groups => User / Groups / Roles