Hi muhzak,

do you need any further help with solving this? When can we expect a fix?

trougakoss, I am assigning this one to you since it is related to the API working differently than the Limesurvey admin backend.

Let me know if you have any further questions or need any more details.

I ll give you a response as soon as possible.

The remotecontrol in list_surveys, lists only the surveys that belong to the user.

That means that there is no check being made for surveys that the user in question has some privileges on.

This of course is different from the behaviour of the Limesurvey admin backend and if we think that the behaviour should be exactly the same, i will make the appropriate changes.
What do you think Mazi???

I assume "The remotecontrol in list_surveys, lists only the surveys that belong to the user" means that the user's UID is listed at the table listing the survey rights and IDs?

Since a user might be assigned to a survey but not have assigned any rights, we should better query for certain survey rights as well, depending on the action.

c_schmitz, what do you think?

Hi,

Think behaviours must be exacltly the same.

list_surcey : show survey.
I a user ask for "responses" look user response view right.

no ?

I agree to Mazi. If needed you will have to refactor the function behind the GUI survey list so it can be used by RemoteControl, too.

So in other words the list_survey function will be defined like this
public function list_surveys($sSessionKey, $sUser=NULL, $aPrivileges=NULL)

By default the privileges are set to null so only the ownership will be checked (current behaviour).
In case the user defines an privilege, or an array of privileges, then the privileges table will be checked and the additional surveys will be shown.

So in other words the current behaviour wont be changed, but we will accommodate for the extra needs.
If there is anything i have forgotten please feel free to remind me.

Almost. ;)
I think that the survey list shown to the user in the GUI and the one given back in RemoteControl API should be the same. Since they are not the same currently they most likely use a different code. They should use the same code you will need to make the RC code use the GUI code instead - if necessary you might have to refactor code parts so they can be used by both, GUI and RC.

So.... i did not understand correctly... :P
Let me rephrase that......
The list_surveys function definition will remain the same, but now the function will behave exactly like the gui.
Upon request the permissions will be checked and ALL the surveys that the user has some permission or owns will be shown.
Furthermore i will try to use the helper functions that the gui uses (if applicable).
Am i correct now?

Yes, you are correct. Thank you for your diligence, Spiros!

Pull request #135
If everything is ok, i will merge by tomorrow.

I assume you were not able to use the GUI function? Anyway, looks good - please merge.

trougakoss, you will need to patch the 2.05 branch too. Can you do this please and then set this issue to resolved? Thank you!

Carsten as you might saw i did not use the gui function because it did not provide me with the extra functionality that the RC has.
Anyways i patched the 2.05 branch too, and by the end of the day i will merge.
Thanks!

2.05RC3 released.