View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 2
IDProjectCategoryView StatusDate SubmittedLast Update
14216Bug reportsSurvey participants (Tokens)public2018-11-06 11:512019-04-30 09:10
ReporterMazi Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version3.14.x 
Target Version3.15.xFixed in Version3.15.x 
Summary14216: Users without rights to delete tokens can still delete them
Description

A user with the single right to view tokens can still select the checkbox for a certain token and select "Delete" from the menu at the bottom, see screenshots.

Steps To Reproduce
  1. Create a new user
  2. For a test survey assign survey permissions to only view tokes.
  3. Log in with the new user accoutn and browse tokens.
  4. You should be able to select a token and call the delete option at the bottom.
TagsNo tags attached.
Attached Files
global_rights.png (74,903 bytes)   
global_rights.png (74,903 bytes)   
user_deleted.png (99,846 bytes)   
user_deleted.png (99,846 bytes)   
select_delete.png (115,508 bytes)
survey_permissions.png (83,880 bytes)   
survey_permissions.png (83,880 bytes)   
Bug heat2
Complete LimeSurvey version number (& build)3.14.9+180917
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionMySQL 5
Server OS (if known)Ubuntu 14 TLS
Webserver software & version (if known)Apache 2
PHP Version7

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2018-11-06 15:22

developer   ~49556

Confirm the issue …
DenisChenu

DenisChenu

2018-11-06 15:23

developer   ~49557

@dominikvitt : Mass action : have the delete button (minor issue), delete work : (major issue)
DenisChenu

DenisChenu

2018-11-06 15:29

developer   ~49558

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28469
DenisChenu

DenisChenu

2018-11-06 16:09

developer   ~49559

More time to fix display issue (minor) than real issue … (major) …

Related Changesets

LimeSurvey: master dfa62acb

2018-11-06 15:29:10

DenisChenu

Details Diff 		Fixed issue 14216: Users without rights to delete tokens can still delete them
Dev: disable action , hide button come after
Dev: deleteToken must use POST : db update => must be post		 Affected Issues
14216
mod - application/controllers/admin/tokens.php Diff File

LimeSurvey: master 991745f5

2018-11-06 16:07:47

DenisChenu

Details Diff 		Dev: issue 14216 : disable button link
Dev: more quick to add a disabled system then to reconstruct a clean menu
Dev: since need testing separator etc …		 Affected Issues
14216
mod - application/config/version.php Diff File
mod - application/extensions/admin/grid/MassiveActionsWidget/assets/listActions.js Diff File
mod - application/extensions/admin/grid/MassiveActionsWidget/views/selector.php Diff File
mod - application/views/admin/token/massive_actions/_selector.php Diff File

Issue History

Date Modified Username Field Change
2018-11-06 11:51 Mazi New Issue
2018-11-06 11:51 Mazi File Added: global_rights.png
2018-11-06 11:51 Mazi File Added: user_deleted.png
2018-11-06 11:51 Mazi File Added: select_delete.png
2018-11-06 11:51 Mazi File Added: survey_permissions.png
2018-11-06 15:22 DenisChenu Note Added: 49556
2018-11-06 15:23 DenisChenu Note Added: 49557
2018-11-06 15:23 DenisChenu Assigned To => DenisChenu
2018-11-06 15:23 DenisChenu Status new => assigned
2018-11-06 15:29 DenisChenu Changeset attached => LimeSurvey master dfa62acb
2018-11-06 15:29 DenisChenu Note Added: 49558
2018-11-06 15:29 DenisChenu Resolution open => fixed
2018-11-06 16:08 DenisChenu Changeset attached => LimeSurvey master 991745f5
2018-11-06 16:09 DenisChenu Status assigned => resolved
2018-11-06 16:09 DenisChenu Fixed in Version => 3.15.x
2018-11-06 16:09 DenisChenu Note Added: 49559
2019-04-30 09:10 c_schmitz Status resolved => closed