View Issue Details

This bug affects 1 person(s).
 256
IDProjectCategoryView StatusLast Update
08703Bug reportsSecuritypublic2014-02-16 18:32
Reportersupercosh Assigned ToDenisChenu  
PriorityhighSeveritypartial_block 
Status closedResolutionfixed 
Product Version2.05+ 
Fixed in Version2.05+ 
Summary08703: Permission Model broken
Description

After updating from 131206 to 140204, all users cannot open their surveys anymore. The listing after the login appears, but when clicking on a survey the message on a white screen appears: "Error No Permission" with a button to go back. All users not havin SuperAdmin, cannot open the surveys, even if all other permissions are set.

Steps To Reproduce
  • Do Update from 131206 to 140204
  • Login as an unprivleged user
  • Click on the Home Button
  • Click on one of your surveys

The Error appears.

  • Login as SuperAdmin
  • Make the unprivileged user a SuperAdmin
  • Do the same as above, and the user can open the survey
TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)2.05+ 140204
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionMySQL, 177
Server OS (if known)CentOS
Webserver software & version (if known)Apache fast-cgi
PHP VersionPHP 5.3.27

Users monitoring this issue

There are no users monitoring this issue.

Activities

supercosh

supercosh

2014-02-12 13:03

reporter   ~28644

I found out that the permission model has changed from 2.00 to 2.05, and found, that all permissions need to be set on the survey itself. However I suggest it should be documented somewhere how the model changed, since for the user it is not clear that all permissions should be re-set on the survey-level. The best solution of course would be to set the perms automatically when upgrading.

DenisChenu

DenisChenu

2014-02-13 08:30

developer   ~28704

Hi,

Yes, but the owner must have all the rigth on his survey.
Another 'reproduce' method:

  • Create a simple user
  • Assign the user to a survey (in survey listing)
  • Unlog/relog with simple user
  • You see only one survey (the survey)
  • Select this survey : "Error No Permission"

What is attented : User have all access to this survey.

Carsten : owner_id his an exception of Default right (Like super admin) ? If rigth : can take this one.
If another idea, then ? :)

c_schmitz

c_schmitz

2014-02-13 08:32

administrator   ~28705

Yes, owner should be an exception.

DenisChenu

DenisChenu

2014-02-13 19:00

developer   ~28715

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13884

c_schmitz

c_schmitz

2014-02-16 18:32

administrator   ~28778

2.05+ Build 140216 released

Related Changesets

LimeSurvey: master 5b05a171

2014-02-13 17:59:54

DenisChenu

Details Diff
fixed issue 08703: Owner of a survey have no rigth on this survey Affected Issues
08703
mod - application/models/Permission.php Diff File

Issue History

Date Modified Username Field Change
2014-02-12 12:46 supercosh New Issue
2014-02-12 13:03 supercosh Note Added: 28644
2014-02-13 00:05 c_schmitz Assigned To => c_schmitz
2014-02-13 00:05 c_schmitz Status new => assigned
2014-02-13 08:30 DenisChenu Note Added: 28704
2014-02-13 08:32 c_schmitz Note Added: 28705
2014-02-13 08:32 c_schmitz Assigned To c_schmitz => DenisChenu
2014-02-13 19:00 DenisChenu Changeset attached => LimeSurvey master 5b05a171
2014-02-13 19:00 DenisChenu Note Added: 28715
2014-02-13 19:00 DenisChenu Resolution open => fixed
2014-02-13 19:05 DenisChenu Status assigned => resolved
2014-02-13 19:05 DenisChenu Fixed in Version => 2.05+
2014-02-16 18:32 c_schmitz Note Added: 28778
2014-02-16 18:32 c_schmitz Status resolved => closed