View Issue Details

IDProjectCategoryView StatusLast Update
13608Bug reports[All Projects] Central participant databasepublic2018-05-23 10:53
ReporterrnckAssigned To 
PrioritynoneSeverityminor 
Status newResolutionopen 
Product Version3.6.x 
Target Version4.0.0devFixed in Version 
Summary13608: Permission to create participants in the central participants database
DescriptionI want a user to be able to create participants in the central participants database but not to see other admins entries.

Please see screenshot. With these rights, the user cannot see the link under Configuration menu entry to go to "Central participants database". If he uses direct link, he gets error message "no sufficient rights".
Steps To ReproduceCreate a user with the rights set as you can see in the screenshot.
Login with this user and try to access central participants database.
Additional InformationLimeSurvey version 3.6.2
LimeSurvey build 180406
Operating system Linux survey 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) x86_64
PHP version 5.6.33-0+deb8u1
Web server software Apache/2.4.10 (Debian)
Database driver mysql
Database driver version 5.5.59
TagsNo tags attached.
Complete LimeSurvey version number (& build)3.6.2 180406
I will donate to the project if issue is resolvedNo
BrowserFirefox 59.0.2 (64-Bit) (Mac), Version 11.1 (13605.1.33.1.2) (Mac)
Database & DB-Versionmysql 5.5.59
Operating System (Server)Debian 8.10
Webserver software & versionApache/2.4.10 (Debian)
PHP VersionPHP 5.6.33-0+deb8u1

Activities

rnck

rnck

2018-04-17 16:33

reporter  

Bildschirmfoto 2018-04-17 um 16.25.28.png (315,960 bytes)
DenisChenu

DenisChenu

2018-04-19 15:45

developer   ~47468

I think default behaviour are to see ONLY their participant (except for superadmin) , it's unclear …

Can you test it ?
rnck

rnck

2018-05-09 08:41

reporter   ~47576

I tested again. It seems that the users rights for CPDB must be at least "create" and "view/read". My test user could only see his own participants.

BUT: That's not what I've expected, because the text at that very setting says: "Permission to create participants in the central participants database (for which all permissions are automatically given) and view, update and delete participants from other users". And again: with the "create" setting checked, users do not even see the link under the "configuration" menu.

The "view/read" checkbox at surveys settings lets the survey admin browser other admins surveys. Here, the (similar) text is appropriate: "Permission to create surveys (for which all permissions are automatically given) and view, update and delete surveys from other users". Here I only use the "create" setting for my survey admins and everything is as I expect.

It seems not very consistent that similar settings lead to different user experiences.

Please let me know if you further information.
LouisGac

LouisGac

2018-05-23 10:53

developer   ~47728

the whole permission system should be rewritten for LS4.

Issue History

Date Modified Username Field Change
2018-04-17 16:33 rnck New Issue
2018-04-17 16:33 rnck File Added: Bildschirmfoto 2018-04-17 um 16.25.28.png
2018-04-19 15:45 DenisChenu Note Added: 47468
2018-05-09 08:41 rnck Note Added: 47576
2018-05-23 10:53 LouisGac Target Version => 4.0.0dev
2018-05-23 10:53 LouisGac Note Added: 47728