View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
05520 | Bug reports | Survey editing | public | 2011-10-19 03:26 | 2013-11-12 04:41 |
Reporter | TMSWhite | Assigned To | |||
Priority | high | Severity | partial_block | ||
Status | closed | Resolution | fixed | ||
Product Version | 2.00a1 | ||||
Fixed in Version | 2.00a2 | ||||
Summary | 05520: can't preview group | ||||
Description | Get message "We are sorry but you don't have permissions to do this." when try to preview group of surveys - for both active an inactive surveys. | ||||
Additional Information | Function _canUserPreviewSurvey() in survey.php always returns false because $_SESSION is an empty array when it is called. | ||||
Tags | No tags attached. | ||||
Bug heat | 10 | ||||
Complete LimeSurvey version number (& build) | 11199 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | |||||
Database type & version | Mysql 5.3 | ||||
Server OS (if known) | Windows XP | ||||
Webserver software & version (if known) | Apache 2 | ||||
PHP Version | 5.2 | ||||
_surveyCantBeViewedWithCurrentPreviewAccess() in survey.php also calls _canUserPreviewSurvey(), and $_SESSION still does not contain 'loginID' or 'USER_RIGHT_SUPERADMIN'. _surveyCantBeViewedWithCurrentPreviewAccess() returns false, but preview is allowed due to a kludge in _userHasPreviewAccessSession()which returns true even though $_SESSION['USER_RIGHT_PREVIEW'] does not exist. |
|
Also a survey can still be previewed without being admin. |
|
Previewing a group is now possible if you come from admin and you haven't done a survey preview earlier. Actually previewing a group does not really work anyway because it will preview the whole survey. Related to access rights I now extended the session setup routine that get's called at the top of the survey controller action action so that it imports the `loginID' and another variable from the admin session in case the survey runtime session does not exists and there is actually an admin session to import from. I suggest that the preview functionality is refactored out of the survey controller action action into a preview action. On top of the preview action we could import sessions as it's done now, then only rely to loginID and pull authentication data from the database based on the loginID to ensure only valid users can call it. Additionally for the session management it's important that when a survey preview has been done, the session get's destroyed. For the general survey preview I smell a flaw that this functionality is not properly checking pre-conditions and continues brutally so therefore manages to destroy the survey runtime session and then destroys any further preview functionality due to not set loginID. |
|
The survey preview is not using any user-related data, not importing admin sessions therefore. Routes in question: survey: index.php/survey/sid/95917/newtest/Y/lang/en group: index.php/survey/action/previewgroup/sid/95917/gid/1 As the group uses the same session id, it's not possible to import data from admin any longer (or this must be enforced, which might be another option). So far for the status quo. |
|
Fixed this in _Yii version |
|
TMSWhite : When i try to reproduce the issue, i see errors like "Column not found: 1054 Unknown column 'datestamp' in 'field list'.". When i looked into it, there are few lines in em_manager_helper.php(ln no 3104) which assumes existence of certain columns but the fact is that these columns are created in a specific survey table based on certain options, which user might/might not opt for. e.g. if Datestamp is set to "Yes" than only columns 'datestamp' and 'startdate' will be created in prefixsurvey<sid>,else not. So, how do you want me to fix it? Check if those columns exist and then proceed or what? Further, in the $sdata array, two indexes with same name 'datestamp'? |
|
Does removing the first $datestamp entry fix the problem - the second entry checks whether datestamp is supposed to be set. Yes, please fix it there (by only including in $sdata the columns that exist - it should be possible to find that out from the survey settings rather than having to query the table metadata). BTW, this doesn't throw an error in _dev because ADOdb doesn't balk if it gets passed invalid fields. However, once you've figure out a fix, I can clean up _dev |
|
Removing first 'datestamp' doesn't fix it. Checking for columns did. Also, added a precaution message at frontend_helper in case createFieldMap() is called with $style="short" so that Yii don't show undefined index errors. If the fix doesn't work, clear the session! Fixed in rev 12221. |
|
2.00alpha 2 Build 120212 released |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2011-10-19 03:26 | TMSWhite | New Issue | |
2011-10-19 03:35 | TMSWhite | Note Added: 16467 | |
2011-10-19 13:14 | c_schmitz | Assigned To | => mot |
2011-10-19 13:14 | c_schmitz | Status | new => assigned |
2011-10-19 13:14 | c_schmitz | Note Added: 16471 | |
2011-10-23 18:15 | mot | Note Added: 16496 | |
2011-10-23 21:28 | mot | Note Added: 16499 | |
2011-10-24 20:34 | mot | Note Edited: 16499 | |
2012-01-20 15:42 | TMSWhite | Note Added: 16850 | |
2012-01-20 15:42 | TMSWhite | Status | assigned => resolved |
2012-01-20 15:42 | TMSWhite | Resolution | open => fixed |
2012-01-24 21:31 | c_schmitz | Assigned To | mot => magiclko |
2012-01-24 21:31 | c_schmitz | Status | resolved => feedback |
2012-01-24 21:31 | c_schmitz | Resolution | fixed => reopened |
2012-01-24 21:32 | c_schmitz | Status | feedback => assigned |
2012-01-26 19:57 |
|
Note Added: 16997 | |
2012-01-26 20:03 | TMSWhite | Note Added: 16998 | |
2012-01-26 22:46 |
|
Note Added: 17003 | |
2012-01-26 22:47 |
|
Status | assigned => resolved |
2012-01-26 22:47 |
|
Resolution | reopened => fixed |
2012-01-30 18:44 | c_schmitz | Fixed in Version | => 2.00a2 |
2012-03-11 16:32 | c_schmitz | Note Added: 17862 | |
2012-03-11 16:32 | c_schmitz | Status | resolved => closed |
2013-11-12 04:41 | huuthotp | Issue Monitored: huuthotp | |
2019-11-01 17:25 | c_schmitz | Category | Survey design => Survey editing |
2021-08-04 10:05 | guest | Bug heat | 8 => 10 |