Dependency Graph

View IssueRelationship GraphHorizontalShow Summary
Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
18294Bug reportsUser / Groups / Rolespublic2022-07-29 10:162023-05-30 18:47
ReporterDenisChenu Assigned Toollehar  
PrioritynormalSeverityminor 
Status ready for mergeResolutionopen 
Product Version5.3.x 
Summary18294: User was not added to group created automatically
Description

When user create a new group in 3.X , he was automatically added to this group (and can not remove himself).
It was not true in 5.X
If user was not super admin : he didn't see user in group and group

Steps To Reproduce

Steps to reproduce

  1. usercontrolSameGroupPolicy as true
  2. Create an user with User read/create permission + UserGroup read/create permission
  3. Set User group Policy to On
  4. Log in as this user
  5. Create a new usergroup
  6. Check user group list

1 as super admin

  1. Create a new usergroup
  2. Check user group list

Expected result

User was in list (and can not be remoced)

Actual result

user are not in list

Additional Information
  1. usercontrolSameGroupPolicy as true
TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)5.3.28
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

Relationship GraphDependency Graph
related to 18289 confirmed User with group creation allowed can not see is own group 
related to 18281 feedbackc_schmitz Users in group are not deleted 

Activities

DenisChenu

DenisChenu

2022-07-29 10:18

developer   ~71240

This one is more easy to fix without potentially broke existing code.
I fix it quickly

The other need fix :

  • we use owner_id : in 3.X , user can create a group and be removed from group by super admin : then need a owner_id update
  • we keep same 3.X functionality ;: what to do with previous group ? Nothing : 18289 still there, Updateing to put owner_id in group : always needed ? Broke potential Permission usage.
gabrieljenik

gabrieljenik

2022-08-26 19:44

manager   ~71535

Well, you are asuming this is bug.
By looking at the discussions on the other tickets, I am not sure it is a bug.
DenisChenu

DenisChenu

2022-08-27 19:40

developer   ~71541

In 3.X , user can create a group and be removed from group by super admin : then need a owner_id update

In 5: user can not see the group after creation…
DenisChenu

DenisChenu

2022-09-09 16:24

developer   ~71667

@ollehar : see other ticket, way to resolve and owner_id issues

With usercontrolSameGroupPolicy
In 3. X :

  1. creator are added to user list
  2. if superadmin remove user from group
  3. creator didn't see group (i didn't test with hacking forms …)

In 5.X :

  1. creator are NOT added to user list
  2. creator didn't see group
  3. But creator seems have some rights on usergroup (Maybe he have same right in 3.X)

See : https://bugs.limesurvey.org/view.php?id=18281#c71525

My opinion :

  1. This fix this issue and ONLY this issue : minor impact

  2. To have a clean owner_id system and Permssion systeml for view : we need to move to PermissionTrait for user and usergroup :

  3. usercontrolSameGroupPolicy == false => All user have read rights on user and on groups

  4. usercontrolSameGroupPolicy == true => User have read right if in same groups OR if there owner in group

  5. user with create right : owner_id is set : user can see it (and move to group)

  6. User update can only update if he have read rights on this user

  7. We need a update owner in UserGroups + Users (but it(s a new feature)
c_schmitz

c_schmitz

2023-05-30 14:49

administrator   ~75254

PLease solve it this way:

For LS5:
The group owner should be member of the group. The patch fixes this, but points to the wrong branch currently (master instead of 5.x).

For LS6:
The group owner can be a group member, but doesn't have to be. However, the group owner should always be able to see/edit group members.
DenisChenu

DenisChenu

2023-05-30 18:46

developer   ~75265

The group owner can be a group member, but doesn't have to be. However, the group owner should always be able to see/edit group members.

Then : need a Permission system adding owner_id in Group model.

Right ?
DenisChenu

DenisChenu

2023-05-30 18:47

developer   ~75266

For LS5:
The group owner should be member of the group. The patch fixes this, but points to the wrong branch currently (master instead of 5.x).

Pull request from Aug 26, 2022 …

Issue History

Date Modified Username Field Change
2022-07-29 10:16 DenisChenu New Issue
2022-07-29 10:16 DenisChenu Assigned To => DenisChenu
2022-07-29 10:16 DenisChenu Status new => confirmed
2022-07-29 10:16 DenisChenu Relationship added related to 18289
2022-07-29 10:18 DenisChenu Note Added: 71240
2022-07-29 10:18 DenisChenu Bug heat 0 => 2
2022-07-29 10:18 DenisChenu Status confirmed => assigned
2022-07-29 10:19 DenisChenu Priority none => normal
2022-08-26 19:23 DenisChenu Assigned To DenisChenu => gabrieljenik
2022-08-26 19:23 DenisChenu Status assigned => ready for code review
2022-08-26 19:44 gabrieljenik Note Added: 71535
2022-08-26 19:44 gabrieljenik Bug heat 2 => 4
2022-08-27 19:40 DenisChenu Note Added: 71541
2022-08-29 15:22 gabrieljenik Assigned To gabrieljenik => DenisChenu
2022-08-29 15:28 DenisChenu Status ready for code review => ready for testing
2022-09-01 13:26 DenisChenu Steps to Reproduce Updated
2022-09-01 13:26 DenisChenu Additional Information Updated
2022-09-09 16:24 DenisChenu Assigned To DenisChenu => ollehar
2022-09-09 16:24 DenisChenu Status ready for testing => ready for merge
2022-09-09 16:24 DenisChenu Note Added: 71667
2022-09-09 16:24 DenisChenu Relationship added related to 18281
2023-05-30 14:49 c_schmitz Note Added: 75254
2023-05-30 14:49 c_schmitz Bug heat 4 => 6
2023-05-30 18:46 DenisChenu Note Added: 75265
2023-05-30 18:47 DenisChenu Note Added: 75266