View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
03047Bug reportsSecuritypublic2009-04-17 09:142009-09-22 02:04
Reporteruser3088Assigned Touser372 
PrioritynormalSeverityminor 
Status closedResolutionunable to reproduce 
Product Version1.80+ 
Summary03047: Security settings change for the owner of a survey after adding new survey (by any other user)
Description

When someone (superadmin or user) adds a new survey to the database, the former surveys lose their security settings:
-the owners of the former surveys cannot edit or activate their surveys (unless they are superadmins)
-any individual security settings for set in the former surveys reset (only restrictions for group stay untouched)

TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)090417
I will donate to the project if issue is resolved
Browser
Database type & versionMySQL version 5.0.45
Server OS (if known)Ubuntu 2.6.22-14-server
Webserver software & version (if known)Apache/2.2.4 (Ubuntu)
PHP VersionPHP 5.2.3

Users monitoring this issue

There are no users monitoring this issue.

Activities

user372

2009-04-17 09:30

  ~07593

Hi, please add a step-by-step instruction (as detailed as poossible) - which user does what and which impacts does it have - how to reproduce the problem - Thx!

user3088

2009-04-20 11:27

  ~07631

As a casual user I have following rights:
create survey
manage templates
manage labels
manage configurator

I created a survey. As the owner of it, I had all the possible rights to it. I also set security settings for a group - which had a possibility to browse responses and export survey. I also set extra settings for one of the users (which in general has the same rights in lime as me) - he additionally had a possibility to edit my survey properties, define questions, delete my survey and activate my survey. This user is at the same time a member of a group which I set rights for. First, I set rights for whole group, second, I set special rights for this user. I am also a member of this group.
After creating the survey, one of the other users, created his own survey and set security settings for it:
again the same group (of which I am a member) had right to browse responses and export the survey. After implementing this, changes in security settings of my survey occured:
when I logged in, I did not have a right to activate and delete responses from my survey although I was the onwer of the survey. I only had left the rights that I set for the group. The user that had extra rights to my survey, also lost them - he only could export and browse responses (as the group).

I noticed it happens every time a new survey is added. All the setting reset and owners of the surveys (which are not superadmins) lose their rights to the survey and are left only with the group rights.

user372

2009-04-20 23:01

  ~07639

Last edited: 2009-08-31 16:37

I can reproduce the problem - I did the following:
1) created as default admin a user "TestUserA" with the following rights:

Create survey

Configurator

Manage template

Manage labels

2) logged out as admin and logged in as "TestUserA"

3) Created a survey "Survey by TestuserA" as "TestUserA"

4) Added as default admin a user group "Testgroup1"

5) added "TestuserA" to "Testgroup1"

6) Added as "TestuserA" the user group "Testgroup1" to the survey "Survey by TestuserA"

7) set as "TestuserA" the following right to the "Testgroup1"

Browse responses

Export

8) created as default admin a user "TestUserB" with the following rights:

Create survey

Configurator

Manage template

Manage labels

9) added as default admin "TestUserB" to "Survey by TestUserA" with the following rights:

Edit survey properties

Define questions

Delete survey

Activate survey

10) added as default admin "TestuserB" to "Testgroup1"

11) logged out as admin and logged in as "TestUserB"

12) Created a survey "Survey by TestuserB"

==> Log out and log in as "TestuserA" ==> TestuserA doesn't have his right to activate his survey!

==> didn't try to reproduce the other problems reported by the user in his bugnote until now.
c_schmitz

c_schmitz

2009-04-28 19:18

administrator   ~07730

Josef, your instructions don't work.

4) Went to "Survey security settings of "Survey by TestuserA" and clicked at "Add user group"

There is no user group to add , so I cannot add anything.

7) set as "TestuserA" the following right to the "Testgroup1"

Browse responses

Export

TestuserA does not have permission to manage groups so that would not be possible.

Can you please check?

user3088

2009-06-23 12:03

  ~08635

I can answer your questions:

points 4 and 5 should change their order. First is point 5 and than point 4. Admin creates a group and than Testuser A can add testfroup 1 in Security Settings and add rights for this group concerning the survey.

When it comes to point 7 it concerns not rights for whole group in general in Lime but rigts concerning this survey (Testuser A is its owner so he can manage it).

Please let me know if it helped.

user3088

2009-08-25 14:36

  ~09210

????? Can you help me?? My isse has been answered for 4 months already??

user372

2009-08-25 14:59

  ~09211

Sorry - I forgot about it, but I'll have a look at it this week!

user372

2009-08-31 16:38

  ~09287

I still can reproduce the issue on the latest SVN version ==> I edit and corrected my step-by-step instruction - bugnote 07639 is updtodate now.
c_schmitz

c_schmitz

2009-09-07 21:46

administrator   ~09447

Last edited: 2009-09-07 21:49

Joe, I went by your description step-by-step and can't reproduce.
Maybe testuserA is not capable of activating surveyA because you added no groups/questions? I added groups/questions and can activate just fine.
c_schmitz

c_schmitz

2009-09-07 21:48

administrator   ~09448

@magasinska: Can you provide step-by-step how to reproduce this?

Otherwise I will close this because I can't fix this if it is not reproducable.
c_schmitz

c_schmitz

2009-09-22 02:04

administrator   ~09633

Closing issue. Please re-open if you have new information.

Issue History

Date Modified Username Field Change
2009-04-17 09:14 user3088 New Issue
2009-04-17 09:14 user3088 Status new => assigned
2009-04-17 09:14 user3088 Assigned To => user372
2009-04-17 09:14 user3088 Build Number => 090417
2009-04-17 09:14 user3088 Database & DB-Version => MySQL version 5.0.45
2009-04-17 09:14 user3088 Operating System (Server) => Ubuntu 2.6.22-14-server
2009-04-17 09:14 user3088 Webserver => Apache/2.2.4 (Ubuntu)
2009-04-17 09:14 user3088 PHP Version => PHP 5.2.3
2009-04-17 09:30 user372 Note Added: 07593
2009-04-17 09:30 user372 Status assigned => feedback
2009-04-20 11:27 user3088 Note Added: 07631
2009-04-20 23:01 user372 Note Added: 07639
2009-04-20 23:03 user372 Note Edited: 07639
2009-04-20 23:10 user372 Note Edited: 07639
2009-04-20 23:11 user372 Note Edited: 07639
2009-04-21 08:06 user372 Status feedback => assigned
2009-04-21 08:06 user372 Assigned To user372 => c_schmitz
2009-04-28 19:18 c_schmitz Note Added: 07730
2009-04-28 19:18 c_schmitz Assigned To c_schmitz => user372
2009-04-28 19:18 c_schmitz Status assigned => feedback
2009-06-23 12:03 user3088 Note Added: 08635
2009-08-25 14:36 user3088 Note Added: 09210
2009-08-25 14:59 user372 Note Added: 09211
2009-08-31 16:37 user372 Note Edited: 07639
2009-08-31 16:38 user372 Note Added: 09287
2009-08-31 16:39 user372 Status feedback => assigned
2009-08-31 16:39 user372 Assigned To user372 => c_schmitz
2009-09-07 21:46 c_schmitz Note Added: 09447
2009-09-07 21:46 c_schmitz Assigned To c_schmitz => user372
2009-09-07 21:46 c_schmitz Status assigned => feedback
2009-09-07 21:48 c_schmitz Note Added: 09448
2009-09-07 21:49 c_schmitz Note Edited: 09447
2009-09-22 02:04 c_schmitz Note Added: 09633
2009-09-22 02:04 c_schmitz Status feedback => closed
2009-09-22 02:04 c_schmitz Resolution open => unable to reproduce