10648: Global permissions not working - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

254

ID	Project	Category	View Status	Date Submitted	Last Update

10648	Bug reports	Security	public	2016-03-02 12:53	2016-03-08 11:49

Reporter	MIAdx	Assigned To	c_schmitz
Priority	normal	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.50.x
Fixed in Version	2.50.x

Summary	10648: Global permissions not working
Description	Hi, in our LimeSurvey-Setup global permissions seem to be ignored or not working... I was not sure which is the right category. Please move it to the correct one! Our Users should be able to create new users and manage this (created) new users. Same thing for user groups. So for Users and User groups "Create" permission is granted (but the problem stays even if all permissions for Users and User groups are given). All rights for Templates and Labelsets are granted. For Surveys only "Create" is granted, which allows managing the owned surveys. For Settings & Plugins nothing is allowed. The only global permissions that works (as expected) is Surveys. The Surveys-Tab appears in the top-right and the user can create and manage his surveys. Thats it! He cant even see the Configuration-Tab and thus not create users, groups, etc... Only way is giving SuperAdmin permission, but thats no solution for us! All users are authenticated thru LDAP (LDAP-Plugin). All users where created with SuperAdmin permissions and changed later to less permissions. Recreating a Users doesn't change anything regarding this issue. I hope for a fast solution ;-) Kind Regards, MIAdx
Steps To Reproduce	Create a User with LDAP-Auth. Set permissions: [That are the desired settings as descripted above. Only giving SuperAdmin chnages something regarding the issue.] Users - Create Users groups - Create Templates - All Labelsets - All Surveys - Create Settings & Plugins - None Part.-Panel - Create SuperAdmin - No LocalDB Auth. - No LDAPAuth - Yes Login with new User (with LDAP) Only "Surveys" are available, with permissions as expected. Nothing else! No "Configuration"-Menu/Tab to create users or groups etc.
Additional Information	We use LimeSurvey for Educational purpose at the University of Applied Science Offenburg (Germany) - Faculty Media and Informations. Thats why I'm not able to donate for this issue.
Tags	No tags attached.

Bug heat	254
Complete LimeSurvey version number (& build)	Version 2.50+ Build 160223
I will donate to the project if issue is resolved	No
Browser	Firefox and IE
Database type & version	5.5.44-MariaDB
Server OS (if known)	CentOS 7.2
Webserver software & version (if known)	Apache/2.4.6 (CentOS)
PHP Version	PHP 5.4.16

User List	There are no users monitoring this issue.

MIAdx 2016-03-02 17:15 reporter ~35843	I forgot to mention that we use https:// for this Webserver.

c_schmitz 2016-03-02 17:30 administrator ~35844	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=17731

c_schmitz 2016-03-03 11:16 administrator ~35858	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=17734

c_schmitz 2016-03-07 11:45 administrator ~36019	Version 2.60 Build 150307 released

MIAdx 2016-03-08 11:21 reporter ~36128 Last edited: 2016-03-08 11:37	Bug still exists, now as the complete opposite: Now every user is always SuperAdmin, regardless what Global Permissions are set. I have updated my LimeSurvey as specified in the manuel. The users (local and thru ldap, tried both) are able to see everything AND to do everything (for example change/delete surveys of others or delete other user accounts, while NO global permissions are set, all unchecked). When opening "survey admin management" ("Umfrageadministratoren verwalten" in german) there are some PHP-signs " ;?> " behind the delete-Button for the current user. Thats not showing when logged in as the real admin user. Edit: A complete new installation has the same issue!

c_schmitz 2016-03-08 11:49 administrator ~36130	The reason is the change in 10528 - the original issue in this bug was resolved.

LimeSurvey: master 8c6fcbd6 2016-03-02 17:30 c_schmitz Details Diff	Fixed issue 10648: Entries not showing in global menu when global permissions are set	Affected Issues 10648
	mod - application/controllers/admin/surveyadmin.php	Diff File
	rm - application/extensions/Menu/MenuWidget.php	Diff
	rm - application/extensions/Menu/assets/nav.css	Diff
	rm - application/extensions/Menu/assets/nav.js	Diff
	rm - application/extensions/Menu/views/adminmenu.php	Diff
	mod - application/views/admin/super/_configuration_menu.php	Diff File
LimeSurvey: master 64776f19 2016-03-02 17:30 c_schmitz Details Diff	Fixed issue 10648: Entries not showing in global menu when global permissions are set	Affected Issues 10648
	mod - application/controllers/admin/surveyadmin.php	Diff File
	rm - application/extensions/Menu/MenuWidget.php	Diff
	rm - application/extensions/Menu/assets/nav.css	Diff
	rm - application/extensions/Menu/assets/nav.js	Diff
	rm - application/extensions/Menu/views/adminmenu.php	Diff
	mod - application/views/admin/super/_configuration_menu.php	Diff File

Date Modified	Username	Field	Change
2016-03-02 12:53	MIAdx	New Issue
2016-03-02 15:12	ollehar	Assigned To	=> ollehar
2016-03-02 15:12	ollehar	Status	new => assigned
2016-03-02 15:49	c_schmitz	Priority	urgent => normal
2016-03-02 16:07	ollehar	Assigned To	ollehar =>
2016-03-02 16:07	ollehar	Assigned To	=> ollehar
2016-03-02 16:07	ollehar	Status	assigned => new
2016-03-02 16:35	ollehar	Assigned To	ollehar =>
2016-03-02 16:36	c_schmitz	Assigned To	=> c_schmitz
2016-03-02 16:36	c_schmitz	Status	new => assigned
2016-03-02 17:08	c_schmitz	Category	Other => Security
2016-03-02 17:15	MIAdx	Note Added: 35843
2016-03-02 17:29	c_schmitz	Summary	Global Permissions not working! => Global permissions not working
2016-03-02 17:30	c_schmitz	Changeset attached	=> LimeSurvey master 8c6fcbd6
2016-03-02 17:30	c_schmitz	Note Added: 35844
2016-03-02 17:30	c_schmitz	Resolution	open => fixed
2016-03-02 17:32	c_schmitz	Status	assigned => resolved
2016-03-02 17:32	c_schmitz	Fixed in Version	=> 2.5
2016-03-03 11:16	c_schmitz	Changeset attached	=> LimeSurvey master 64776f19
2016-03-03 11:16	c_schmitz	Note Added: 35858
2016-03-07 11:45	c_schmitz	Note Added: 36019
2016-03-07 11:45	c_schmitz	Status	resolved => closed
2016-03-08 11:21	MIAdx	Note Added: 36128
2016-03-08 11:21	MIAdx	Status	closed => feedback
2016-03-08 11:21	MIAdx	Resolution	fixed => reopened
2016-03-08 11:37	MIAdx	Note Edited: 36128
2016-03-08 11:41	c_schmitz	Status	feedback => assigned
2016-03-08 11:47	c_schmitz	Relationship added	related to 10528
2016-03-08 11:49	c_schmitz	Note Added: 36130
2016-03-08 11:49	c_schmitz	Status	assigned => closed
2016-03-08 11:49	c_schmitz	Resolution	reopened => fixed

View Issue Details

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History