View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
14566Bug reportsSecuritypublic2019-02-22 17:012021-03-04 17:20
Reporternaguibihelek Assigned ToLouisGac 
PriorityhighSeveritypartial_block 
Status closedResolutionfixed 
Product Version3.15.x 
Summary14566: Any user can edit "Survey Group" details
Description

Shouldn't there be a permission setting to disallow anyone other than owners of the said group or super admins from making changes or even viewing the groups.

Steps To Reproduce

When any user logs in and goes to survey list they can select survey groups and open and make chages to the group details.
Can be somewhat catastrophic if someone was being malicious, and there is no way to know who did that.

TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)Version 3.15.9+190214
I will donate to the project if issue is resolvedNo
Browser
Database type & versionDon’t know where to find this
Server OS (if known)Centos
Webserver software & version (if known)CENTOS 7.6 virtuozzo [vps] v78.0.11
PHP Version7.1

Users monitoring this issue

There are no users monitoring this issue.

Activities

cdorin

cdorin

2019-03-07 17:04

reporter   ~50823

Hello @naguibihelek,

The issue is with the "default" theme. My "test" user does not have any rights but I can still access and change the survey group theme settings. The survey permissions will have to be improved soon. Will assign it to @markusfluer.

Thanks for reporting it.
jeremyp

jeremyp

2019-03-21 14:42

reporter   ~51089

Hello @all

Same problem for me report in the formum (https://www.limesurvey.org/fr/forum/can-i-do-this-with-limesurvey/117997-survey-groups-functionality). Wait for a solution :)

Thanks.
ollehar

ollehar

2021-03-04 17:20

administrator   ~62726

This issue has been solved with Denis' implementation of survey group permission in latest LS4 release.

Issue History

Date Modified Username Field Change
2019-02-22 17:01 naguibihelek New Issue
2019-03-07 17:04 cdorin Assigned To => markusfluer
2019-03-07 17:04 cdorin Priority none => high
2019-03-07 17:04 cdorin Status new => assigned
2019-03-07 17:04 cdorin Note Added: 50823
2019-03-21 14:31 cdorin Assigned To markusfluer => LouisGac
2019-03-21 14:42 jeremyp Note Added: 51089
2021-03-04 17:20 ollehar Status assigned => closed
2021-03-04 17:20 ollehar Resolution open => fixed
2021-03-04 17:20 ollehar Note Added: 62726