View Issue Details

This bug affects 1 person(s).
 12
IDProjectCategoryView StatusLast Update
14557Bug reportsUser / Groups / Rolespublic2022-09-27 21:27
ReporterMazi Assigned Togabrieljenik  
PriorityhighSeveritypartial_block 
Status closedResolutionfixed 
Product Version3.15.x 
Summary14557: User with very limited rights is allowed to set expiry date at survey list screen
Description

A user who has no additional global rights and at survey level is only allowed to view quotas can pick a survey at the survey list and set the expiration date using the "mass action" drop down for selected surveys and selecting "Set expiry date".

Steps To Reproduce

Create a new user with no global rights.
Assign the user to a test survey and give rights to only view quotas.
Go to the survey list and select the survey.
Use the drop down bottom left (see screenshot) to set an expiry date.

TagsNo tags attached.
Attached Files
survey_expiration.png (19,882 bytes)   
survey_expiration.png (19,882 bytes)   
quota_rights.png (36,988 bytes)   
quota_rights.png (36,988 bytes)   
Bug heat12
Complete LimeSurvey version number (& build)3.14.8+180829
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionMySQL 5
Server OS (if known)Linux
Webserver software & version (if known)Apache 2
PHP Version7.2

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2019-02-21 14:40

developer   ~50661

Hope delete is OK ?

Did you test Survey theme too ?

cdorin

cdorin

2019-03-08 11:25

reporter   ~50832

Last edited: 2022-04-06 16:59

issue with the permissions system

DenisChenu

DenisChenu

2019-03-08 11:31

developer   ~50833

Last edited: 2022-04-06 16:59

@cdorin : no : issue in MAssAction : it not testing Permission on surveys …

See : https://github.com/LimeSurvey/LimeSurvey/blob/5ee5ce1c94572443e97f23321632a0571d0cb491/application/controllers/admin/surveyadmin.php#L62 Permission is checked
But here : Permission not checked : https://github.com/LimeSurvey/LimeSurvey/blob/5ee5ce1c94572443e97f23321632a0571d0cb491/application/controllers/admin/surveyadmin.php#L1000

I think the best way is https://github.com/LimeSurvey/LimeSurvey/blob/5ee5ce1c94572443e97f23321632a0571d0cb491/application/controllers/admin/surveyadmin.php#L347 : using action for a single survey.

ollehar

ollehar

2021-03-10 17:01

administrator   ~63035

Last edited: 2022-04-06 16:59

You're using an outdated version of LimeSurvey. Please update to the latest version and check if the bug can still be reproduced. Thank you.

Mazi

Mazi

2021-03-10 17:52

updater   ~63119

Last edited: 2022-04-06 16:59

Please test yourself or ask your quality team to have a look. I am happy to report bugs but as a Limesurvey partner I am not part of the quality management team responsible for checking the ticket status every few months just because it "could" have been fixed.

ollehar

ollehar

2021-10-07 14:06

administrator   ~66795

Last edited: 2022-04-06 16:59

@galads Time to test, next week perhaps?

galads

galads

2021-10-08 17:04

reporter   ~66813

Last edited: 2022-04-06 16:59

It is possible. I will add to the backlog

gabrieljenik

gabrieljenik

2021-10-12 23:36

manager   ~66839

Last edited: 2022-04-06 16:59

PR: https://github.com/LimeSurvey/LimeSurvey/pull/2094

gabrieljenik

gabrieljenik

2021-10-13 15:31

manager   ~66844

Last edited: 2022-04-06 16:59

While testing, I notice that the Delete mass action does not work well. It checks the permission, but it does not return a status. Instead of the row showing the status "Error", nothing appears.

gabrieljenik

gabrieljenik

2021-11-04 16:38

manager   ~67120

Last edited: 2022-04-06 16:59

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=32863

gabrieljenik

gabrieljenik

2021-11-05 09:34

manager   ~67126

Last edited: 2022-04-06 16:59

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=32868

Related Changesets

LimeSurvey: 3.x-LTS b1921e73

2021-11-04 16:38:47

gabrieljenik


Committer: GitHub Details Diff
Fixed issue 14557: User with very limited rights is allowed to set expiry date at survey list screen (#2094)

Co-authored-by: encuestabizdevgit <devgit@encuesta.biz>
Affected Issues
14557
mod - application/controllers/admin/surveyadmin.php Diff File

LimeSurvey: 3.x-LTS 537092dc

2021-11-05 09:34:28

gabrieljenik


Committer: GitHub Details Diff
Fixed issue #T136: Error Message Needs Rewording (#2135)

* Fixed issue 14557: User with very limited rights is allowed to set expiry date at survey list screen

* Fixed issue #T136: Error Message Needs Rewording

Co-authored-by: encuestabizdevgit <devgit@encuesta.biz>
Affected Issues
14557
mod - application/controllers/admin/surveyadmin.php Diff File
mod - application/extensions/admin/survey/ListSurveysWidget/views/massive_actions/_action_results.php Diff File

Issue History

Date Modified Username Field Change
2019-02-20 10:55 Mazi New Issue
2019-02-20 10:55 Mazi File Added: survey_expiration.png
2019-02-20 10:55 Mazi File Added: quota_rights.png
2019-02-21 14:40 DenisChenu Note Added: 50661
2019-03-08 11:25 cdorin Assigned To => markusfluer
2019-03-08 11:25 cdorin Status new => assigned
2019-03-08 11:25 cdorin Steps to Reproduce Updated
2019-03-08 11:25 cdorin Note Added: 50832
2019-03-08 11:31 DenisChenu Note Added: 50833
2019-11-01 17:26 c_schmitz Category User/User groups => User / Groups / Roles
2021-03-10 17:01 ollehar Status assigned => feedback
2021-03-10 17:01 ollehar Note Added: 63035
2021-03-10 17:52 Mazi Note Added: 63119
2021-03-10 17:52 Mazi Status feedback => assigned
2021-03-10 17:56 ollehar Assigned To markusfluer =>
2021-03-10 17:56 ollehar Status assigned => new
2021-03-10 17:56 ollehar Priority none => high
2021-10-07 14:05 ollehar Zoho Project Synchronization => |Yes|
2021-10-07 14:05 ollehar Assigned To => ollehar
2021-10-07 14:05 ollehar Status new => acknowledged
2021-10-07 14:06 ollehar Note Added: 66795
2021-10-08 17:04 galads Note Added: 66813
2021-10-08 17:04 galads Bug heat 8 => 10
2021-10-08 17:04 galads Status acknowledged => confirmed
2021-10-08 17:04 galads Assigned To ollehar => gabrieljenik
2021-10-08 17:04 galads Status confirmed => assigned
2021-10-08 17:04 galads Zoho Project Synchronization Yes => |Yes|
2021-10-12 23:36 gabrieljenik Note Added: 66839
2021-10-12 23:36 gabrieljenik Bug heat 10 => 12
2021-10-13 15:31 gabrieljenik Note Added: 66844
2021-11-04 16:38 gabrieljenik Changeset attached => LimeSurvey 3.x-LTS b1921e73
2021-11-04 16:38 gabrieljenik Note Added: 67120
2021-11-04 16:38 gabrieljenik Resolution open => fixed
2021-11-05 09:34 gabrieljenik Changeset attached => LimeSurvey 3.x-LTS 537092dc
2021-11-05 09:34 gabrieljenik Note Added: 67126
2022-04-06 16:59 gabrieljenik Status assigned => resolved
2022-09-27 21:27 c_schmitz Status resolved => closed