View Issue Details

This bug affects 1 person(s).
 2
IDProjectCategoryView StatusLast Update
12491Bug reportsAuthenticationpublic2017-07-21 17:15
Reporterrobertofranchi Assigned Toc_schmitz  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version2.65.x 
Fixed in Version2.67.x 
Summary12491: Permission to delete data
Description

I gave at "one user" the permission to export partecipants.... (see Permission.png file)

if I login with this credential in partecipants menu, inside export-download page, I found that is active the button "Delete exported participants" /see file Exporting_page.png) ...... and if the button is flagged to ON the partecipant exported will be deleted, also the user haven't permission to do it.

The users haven't the permission to delete data...

Steps To Reproduce

1) load the .lss, lsa file and token/answer (joint file)
2) create users Sella_2 with permission showed in jopint file
3) link user to survey
4) login to limesurvey with user Sella_2
5) go to survey 83054
6) go to partecipants
7) go to export
8) activate button "delete" (it must not be visible or have to be not active)
9) export data

Additional Information

I think that system doesn't check the permission on this form

TagsNo tags attached.
Attached Files
Permission.PNG (53,150 bytes)   
Permission.PNG (53,150 bytes)   
tokens_83054.csv (18,572 bytes)
Exporting_page.PNG (60,720 bytes)   
Exporting_page.PNG (60,720 bytes)   
vvexport_83054.csv (4,026 bytes)
survey_archive_83054.lsa (15,647 bytes)
Bug heat2
Complete LimeSurvey version number (& build)Versione 2.67.1+170626
I will donate to the project if issue is resolvedYes
BrowserChrome, Foirefox, Maxthon
Database type & versionMy Sql 5,6
Server OS (if known)Windows server 2012 R2
Webserver software & version (if known)IIS 8.5.9600.16384
PHP Version7.0.15

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2017-06-29 13:12

administrator   ~43984

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=23162

c_schmitz

c_schmitz

2017-06-29 13:13

administrator   ~43985

Thank you - looking forward to your donation.

c_schmitz

c_schmitz

2017-07-21 17:15

administrator   ~44202

Version 2.67.2 released

Related Changesets

LimeSurvey: master 77263a32

2017-06-29 13:12:12

c_schmitz

Details Diff
Fixed issue 12491: Permission to delete participants not obeyed in export dialog Affected Issues
12491
mod - application/helpers/export_helper.php Diff File
mod - application/views/admin/token/exportdialog.php Diff File

Issue History

Date Modified Username Field Change
2017-06-28 10:13 robertofranchi New Issue
2017-06-28 10:13 robertofranchi File Added: Permission.PNG
2017-06-28 10:13 robertofranchi File Added: tokens_83054.csv
2017-06-28 10:13 robertofranchi File Added: Exporting_page.PNG
2017-06-28 10:13 robertofranchi File Added: vvexport_83054.csv
2017-06-28 10:13 robertofranchi File Added: limesurvey_survey_83054.lss
2017-06-28 10:13 robertofranchi File Added: survey_archive_83054.lsa
2017-06-29 13:12 c_schmitz Assigned To => c_schmitz
2017-06-29 13:12 c_schmitz Status new => assigned
2017-06-29 13:12 c_schmitz Changeset attached => LimeSurvey master 77263a32
2017-06-29 13:12 c_schmitz Note Added: 43984
2017-06-29 13:12 c_schmitz Resolution open => fixed
2017-06-29 13:13 c_schmitz Status assigned => resolved
2017-06-29 13:13 c_schmitz Fixed in Version => 2.67.x
2017-06-29 13:13 c_schmitz Note Added: 43985
2017-07-21 17:15 c_schmitz Status resolved => closed
2017-07-21 17:15 c_schmitz Note Added: 44202