10329: adminpanel: user sees all Surveys regardless of permissions

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

10329	Bug reports	Security	public	2016-02-06 22:45	2016-02-07 20:42

Reporter	asshank	Assigned To	c_schmitz
Priority	normal	Severity	minor
Status	closed	Resolution	duplicate
Product Version	2.50.x

Summary	10329: adminpanel: user sees all Surveys regardless of permissions
Description	When logged in as a user in the adminpanel the list of surveys shows all the surveys not just the surveys the user is owner of. When compared with 2.06+ I file it as a minor security bug because you see the surveys but there is no permission to manange them.
Steps To Reproduce	Log in as a restricted user (regardless of the userpermissions, but no permissions will be suficient).
Additional Information	Somewhere down the line a query had no ' WHERE owner_id=x' I was not been able to see where it resides so no github pull this time.
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	160206
I will donate to the project if issue is resolved	No
Browser
Database type & version	253
Server OS (if known)	unix
Webserver software & version (if known)	apache
PHP Version	5.3.3

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2016-02-06 22:45	asshank	New Issue
2016-02-06 22:47	asshank	Note Added: 34677
2016-02-07 20:42	c_schmitz	Relationship added	duplicate of 10325
2016-02-07 20:42	c_schmitz	Status	new => closed
2016-02-07 20:42	c_schmitz	Assigned To	=> c_schmitz
2016-02-07 20:42	c_schmitz	Resolution	open => duplicate

asshank 2016-02-06 22:47 reporter ~34677	php version 5.5.3 (mistyped)