View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
11715Bug reportsSecuritypublic2016-09-27 17:072016-10-05 09:24
Reporterboutinn Assigned Toc_schmitz  
PrioritynoneSeveritypartial_block 
Status closedResolutionno change required 
Product Version2.52.x 
Summary11715: Permissions of the questionnaires do not function
Description

Permissions of the questionnaires do not function following migration of the Version 2.06lts Build 160801 with Version 2.52+160920.

All the questionnaires visible and are perhaps modified and even removed by no matter whom.

The edition of the models is quite simply not made safe, that does not function.

TagsNo tags attached.
Attached Files
Bug heat256
Complete LimeSurvey version number (& build)Version 2.52+160920
I will donate to the project if issue is resolvedNo
BrowserIE 11
Database type & versionMySQL 5.6.30
Server OS (if known)Linux serveur.dacsg.qc.ca 2.6.18-308.8.2.el5xen #1 SMP Tue Jun 12 10:39:28 EDT 2012 x86_64
Webserver software & version (if known)Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.37 mod_bwlimited/1.4
PHP VersionPHP Version 5.4.26

Users monitoring this issue

There are no users monitoring this issue.

Activities

mfavetti

mfavetti

2016-09-28 01:46

developer   ~40992

Did the permissions not get migrated properly? Or are they set properly but not working?

Could you give a specific example?

What functionality should be restricted? What is the setting for the corresponding permission at the survey level? What is the setting for the corresponding permission at the global level?
boutinn

boutinn

2016-09-28 15:05

reporter   ~41006

OK. I will check all the permissions in the version 2.06tls before remaking a migration with the version 2.5x. That will take a few days….

I return to you with more details and examples if that does not function.
boutinn

boutinn

2016-09-29 15:27

reporter   ~41031

The bugs are with the version 2.06tls.
I joined to this note a compressed file including 8 images png numbered from 1 to 8 on the sequence of the problems. Because there is more than one problem with the permission of the users in what milked with the option “questionnaires”.
To note that the user “boutinn” is the administrator of LimeSurvey and that the user “Karine” has access only to questionnaire 33364 (see images 1,2,3 and 4)
Problem 1: Karine to have access to the mitre “questionnaires” (to create, copy etc a questionnaire) must have the permission “questionnaires” (image 5). The permission “questionnaires” should make it possible to create. to copy, re-elect and import questionnaires and only that. On the other hand, by modifying this permission for Karine, That modified automatically the permissions of questionnaire 33364 for Karine (see image 6).
Problem 2: Karine now has access to all the questionnaires (see image 7), which would not have.
Problem 3: the administrator “boutinn” cannot modify any more the permissions of questionnaire 33364 for Karine (see image 8). There are points in the screen. Why?

Permissions questionnaires.zip (1,070,169 bytes)
c_schmitz

c_schmitz

2016-10-05 09:24

administrator   ~41139

I don't really understand your problem, to be honest. As it is with 2.06 we will probably not fix it as there are no other complaints.

In 2.5 the global survey permission for a user should be set to 'Create' only. Giving more permissions (update, view, delete) will allow access to other surveys. (see documentation).

So if you fix global permission for 'survey' it will properly work.

Issue History

Date Modified Username Field Change
2016-09-27 17:07 boutinn New Issue
2016-09-28 01:46 mfavetti Note Added: 40992
2016-09-28 15:05 boutinn Note Added: 41006
2016-09-28 16:23 c_schmitz Assigned To => c_schmitz
2016-09-28 16:23 c_schmitz Status new => feedback
2016-09-29 15:27 boutinn File Added: Permissions questionnaires.zip
2016-09-29 15:27 boutinn Note Added: 41031
2016-09-29 15:27 boutinn Status feedback => assigned
2016-10-05 09:24 c_schmitz Status assigned => closed
2016-10-05 09:24 c_schmitz Resolution open => no change required
2016-10-05 09:24 c_schmitz Note Added: 41139