12491: Permission to delete data - LimeSurvey bugs and feature requests

This issue affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update
12491	Bug reports	Authentication	public	2017-06-28 10:13	2017-07-21 17:15

Reporter	robertofranchi	Assigned To	c_schmitz
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.65.x
Fixed in Version	2.67.x

Summary	12491: Permission to delete data
Description	I gave at "one user" the permission to export partecipants.... (see Permission.png file) if I login with this credential in partecipants menu, inside export-download page, I found that is active the button "Delete exported participants" /see file Exporting_page.png) ...... and if the button is flagged to ON the partecipant exported will be deleted, also the user haven't permission to do it. The users haven't the permission to delete data...
Steps To Reproduce	1) load the .lss, lsa file and token/answer (joint file) 2) create users Sella_2 with permission showed in jopint file 3) link user to survey 4) login to limesurvey with user Sella_2 5) go to survey 83054 6) go to partecipants 7) go to export 8) activate button "delete" (it must not be visible or have to be not active) 9) export data
Additional Information	I think that system doesn't check the permission on this form
Tags	No tags attached.
Attached Files	Permission.PNG (53,150 bytes) Permission.PNG (53,150 bytes) tokens_83054.csv (18,572 bytes) Exporting_page.PNG (60,720 bytes) Exporting_page.PNG (60,720 bytes) vvexport_83054.csv (4,026 bytes) limesurvey_survey_83054.lss (60,084 bytes) survey_archive_83054.lsa (15,647 bytes)

Bug heat	2
Complete LimeSurvey version number (& build)	Versione 2.67.1+170626
I will donate to the project if issue is resolved	Yes
Browser	Chrome, Foirefox, Maxthon
Database type & version	My Sql 5,6
Server OS (if known)	Windows server 2012 R2
Webserver software & version (if known)	IIS 8.5.9600.16384
PHP Version	7.0.15

User List	There are no users monitoring this issue.

c_schmitz 2017-06-29 13:12 administrator ~43984	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=23162

c_schmitz 2017-06-29 13:13 administrator ~43985	Thank you - looking forward to your donation.

c_schmitz 2017-07-21 17:15 administrator ~44202	Version 2.67.2 released

Date Modified	Username	Field	Change
2017-06-28 10:13	robertofranchi	New Issue
2017-06-28 10:13	robertofranchi	File Added: Permission.PNG
2017-06-28 10:13	robertofranchi	File Added: tokens_83054.csv
2017-06-28 10:13	robertofranchi	File Added: Exporting_page.PNG
2017-06-28 10:13	robertofranchi	File Added: vvexport_83054.csv
2017-06-28 10:13	robertofranchi	File Added: limesurvey_survey_83054.lss
2017-06-28 10:13	robertofranchi	File Added: survey_archive_83054.lsa
2017-06-29 13:12	c_schmitz	Assigned To	=> c_schmitz
2017-06-29 13:12	c_schmitz	Status	new => assigned
2017-06-29 13:12	c_schmitz	Changeset attached	=> LimeSurvey master 77263a32
2017-06-29 13:12	c_schmitz	Note Added: 43984
2017-06-29 13:12	c_schmitz	Resolution	open => fixed
2017-06-29 13:13	c_schmitz	Status	assigned => resolved
2017-06-29 13:13	c_schmitz	Fixed in Version	=> 2.67.x
2017-06-29 13:13	c_schmitz	Note Added: 43985
2017-07-21 17:15	c_schmitz	Status	resolved => closed
2017-07-21 17:15	c_schmitz	Note Added: 44202

LimeSurvey: master 77263a32 2017-06-29 15:12 c_schmitz Details Diff	Fixed issue 12491: Permission to delete participants not obeyed in export dialog	Affected Issues 12491
	mod - application/helpers/export_helper.php	Diff File
	mod - application/views/admin/token/exportdialog.php	Diff File

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History