View Issue Details

This bug affects 1 person(s).
 12
IDProjectCategoryView StatusLast Update
15421Feature requestsUser / Groups / Rolespublic2020-06-30 17:09
ReporterDenisChenu Assigned Tocdorin  
PrioritynoneSeverityfeature 
Status closedResolutionwon't fix 
Summary15421: Survey group Permission : minimal system
Description

Currently :

  1. Survey group didn't have Permission :
    1. Who can view/edit Group Information
    2. Who can add/remove survey in this group
    3. Who can manage default settings in this group
  2. Survey inside this group didn't have «inherited» Permission
    1. Copy/paste the permissions of Survey in Group
      1. Permission check 1: global, 2: Survey group, 3: Survey
Additional Information

Proposition :

Global permission :

  1. CRUD on Survey group
    Survey group
  2. owner
  3. CRUD on survey group

No update of anything in survey

Exception:

  • Default SUrvey group : readable by all
  • Add current Survey group in Survey even if it can not be readed
TagsNo tags attached.
Bug heat12
Story point estimate
Users affected %

Relationships

related to 16428 closedDenisChenu Bug reports Simple user reset Survey group to default one 
related to 16440 resolvedcdorin Feature requests Survey group Permission : minimal system 

Users monitoring this issue

DenisChenu

Activities

DenisChenu

DenisChenu

2019-10-18 14:43

developer   ~54099

I want to know if suche feature is OK to be inserted after 4.X is out ?

DenisChenu

DenisChenu

2020-01-17 15:50

developer   ~55362

@cdorin : the feature is this one

  1. Create permission sustem for Survey Group management itself with
    1. Who is allow to see/update/delete SurveyGroup
    2. Who is allowed to Add/remove Survey inside SurveyGroup
  2. Create minimal permission for survey inside Survey group. When checking if user can (update|read…) a survey :
    1. checking global right, if true : return true
    2. Checking Survey group rights : if true : return true
    3. Checking survey rights : if true return true
    4. return false

Can i propose to be included in core directly ?

sconsulting

sconsulting

2020-01-24 09:37

reporter   ~55448

We are in need of this feature as well, +1

cdorin

cdorin

2020-01-27 15:17

reporter   ~55485

Hmm, for point 1) we need to think properly (survey permissions vs survey group permissions at the global level of user permission system). Same for point 2. Won't say no to this, I will assign it to myself to quickly discuss it with the team as well.

I am not against introducing it after 4.x, but there are other features and things that need to be done before getting back to the permission system.

DenisChenu

DenisChenu

2020-01-27 15:32

developer   ~55486

@cdorin : i need to know if such system can be added or not …

About global Permission : you 're right

  1. Global
    • Survey groups : CRUD with owner (like survey
  2. By group (by user)
    • Right for Group settings
    • Right for add/remove surveys inside groupe
  3. Survey inside groups : Copy survey permission to 'Survey in this group'

:)

PS : currently only Superadmin can manage survey in group and Survey group

Survey group have really a lack of Permission functionality to be used :)

DenisChenu

DenisChenu

2020-06-16 16:21

developer   ~58312

User story for #3 : Survey inside groups : Copy survey permission to 'Survey in this group'

  1. Have an "Accoutancy" department
  2. Create a Survey group "Accountancy Survey"
  3. Add "Accoutancy" director to have Read rights on all survey in "Accountancy Survey"
  4. Put all accountancy surveys in "Accountancy Survey"
  5. Some time ago : a new "Accoutancy" assitanst come : give him the rights on the group only for survey inside group.
    6 No need to manage who can access to survey inside this group …
DenisChenu

DenisChenu

2020-06-16 16:24

developer   ~58313

User story for #1 : Group owner

  1. Create a user who can create group and surey
  2. This user can create 2 groups (for example) Draft, Ready, Archived
  3. This user can manage is own survey like he want.
DenisChenu

DenisChenu

2020-06-16 16:27

developer   ~58314

User story for #2 : Add/Remove surveys from Group

  1. User 1 are the manager
  2. User 2 and 3 have Survey create and Group create
  3. User 1 check survey of 2 and 3 before lauching and put is OK
  4. User 1 create a group "To be validated" survey group
  5. User 1 give the right to 2 and 3 to move survey inside the group "To be validated"
DenisChenu

DenisChenu

2020-06-16 16:33

developer   ~58315

User story for #2 + #3

Company system :

  • User trainee can create survey
  • User reviewer must review all survey before send to manager checking
  • Manager check the survey finally and activate / move to public.

Manager want to see only Rewiewed sureys, not trainee surveys when he connect to admin.

DenisChenu

DenisChenu

2020-06-25 09:17

developer   ~58435

@cdorin : any news ???

DenisChenu

DenisChenu

2020-06-25 09:21

developer   ~58436

Real situation (with another client on 3.X)

User story for #3

  • I have more than 100 surveys in instance
  • I create group for project
  • Organism have different services, each services manage their own surveys
  • Then finally : i create groups for each services
  • I manage more than twenty survey for some services.
  • If one user enter in the services : i need to update rights on 20 surveys
  • WIth the new system : i can just add him in "Group/survey part" right
Mazi

Mazi

2020-06-25 09:40

updater   ~58437

@DenisChenu, so one benefit would be that a user who belongs to survey group X can be allowed to access all surveys within that survey group but no surveys at other groups, correct?

Mazi

Mazi

2020-06-25 09:41

updater   ~58438

Second question, how do you plan to integrate this? Will it be a feature added to core or a plugin?

Can we make this available for Limesurvey 3 as well?

DenisChenu

DenisChenu

2020-06-25 09:44

developer   ~58439

@Mazi : yes for example

But for example

User have 'read' rights on all survey on all group (Global rights) but not update/delete
Same user have 'Update right' on all survey inside a specific group

Since user have only "read rights" on Group1 : he can not move survey for Group1 to Group2
But he can mopve Survey fromGroup2 to "No group" OR to Group1 (if he have the right to add surey in Group1 (Permission :By group )

DenisChenu

DenisChenu

2020-06-25 09:45

developer   ~58440

Second question, how do you plan to integrate this? Will it be a feature added to core or a plugin?

I ask it for core … else : i already start on it …
I can add it partially in core, but allow extend Permission

Can we make this available for Limesurvey 3 as well?

… no …

DenisChenu

DenisChenu

2020-06-25 14:55

developer   ~58453

Can we just add "Create permission sustem for Survey Group management itself with "

And allow plugin toi extend Permission (like getGlobalBasePermissions but getPermissions with 'object" (survey or group or … future)

ollehar

ollehar

2020-06-25 16:49

administrator   ~58480

Last edited: 2020-06-25 16:50

Could a plugin provide this functionality?

Or, what changes would be needed to make this work for a plugin?

DenisChenu

DenisChenu

2020-06-25 17:13

developer   ~58481

Could a plugin provide this functionality?

Partially

Or, what changes would be needed to make this work for a plugin?

We need a clean way to add "manage group page" at minimum. But : i really think managing group rights must be in core … (i think there are already bug reported about this)
Then : adding in core :

  1. Create permission sustem for Survey Group management itself with
    • Who is allow to see/update/delete SurveyGroup
    • Who is allowed to Add/remove Survey inside SurveyGroup
  2. Add getBasePermissions with 'object' as group (adding survey after) to add line like we do for https://github.com/LimeSurvey/LimeSurvey/blob/a877f78df366fd5ff1546f41389e3a775eb0a83c/application/models/Permission.php#L146

Else : i can always do like i done with smtpByUser … and again and again …

DenisChenu

DenisChenu

2020-06-25 17:15

developer   ~58482

Last edited: 2020-06-25 17:19

  1. New tab : Permission for this group
    In this tab : screensjot

But only 2 columns :

  • Edit group settings (name, description)
  • Manage group in Survey group :
    • Create => Add survey
    • Read: false
    • Update => remove
    • Deleted : false (you don't delete survey, your remove survey from list)
    • Import => false (since when import : no way to set Survey group currently)
    • export => false (it's SureyGroup management, not survey managemen)

And the other : Survey in group : read/write/ … etc … can be done in plugin

DenisChenu

DenisChenu

2020-06-25 17:25

developer   ~58483

Else : just edit group line …

And a global settings : group : read/write/…

ollehar

ollehar

2020-06-25 17:26

administrator   ~58485

Who is allow to see/update/delete SurveyGroup

Are all survey groups accessible for all users right now?

Mazi

Mazi

2020-06-25 17:37

updater   ~58487

I don't think it makes much sense to "somehow" try to get this added into a plugin. I agree it shuld be a core feature.

DenisChenu

DenisChenu

2020-06-25 17:56

developer   ~58488

Are all survey groups accessible for all users right now?

No, and there are an issue : i just check

As super admin

  1. Create an user with 'create survey right'
  2. Give him all rights on one survey
  3. Set this survey to "TEST" group
  4. Log out
  5. Log in as restricted user
  6. Edit survey global settings : surey is set to Default group

I report the issue

Seems an user with Survey/all/edit have access to all group

cdorin

cdorin

2020-06-25 22:04

reporter   ~58504

Last edited: 2020-06-25 22:07

Is there anything that you need @DenisChenu to have in core so that the rest can come as a plug-in?

CRUD should be done at the global level imo (see other bug report linked to the ticket).

DenisChenu

DenisChenu

2020-06-26 08:49

developer   ~58510

I need a Permission edit page, and i already explain i can create it.

Clearly : we need a minimal Permission systeml for group.

Seems currently Group follow Survey Permission (i have to check the code), then : when update (DB). because an user with only "Create survey" can not see ANY Survey Group …

  1. Create default Global Permission Survey Group to have no difference between the version for existing user.
  2. Set all group to the 1st forcedSuperAdmin (if there are none : the 1st superadmin) for owner
  3. Global Permission : Group : Create/read (all)/edit (all). This mean
    • editing Survey Group description, title
    • Adding remove Survey in the Group
  4. Adding Survey Group Permission with
    • Survey group description, title etc …
    • Add/remove Survey inside Group

And here : question what for Survey in the group.
My opinion : stay like this : you can see a group , but not the survey inside.
Then add a Permission plugin event to allow update of $criteriaPerm before merge it

DenisChenu

DenisChenu

2020-06-29 18:29

developer   ~58562

Else : like always : i do whole with plugin … more work for me, and less feature for LimeSurey core.

Next time a client want something incorporated in core (and here : it's clearly a good things)

Same client ask for random organizer : i make it in plugin

ollehar

ollehar

2020-06-30 15:24

administrator   ~58582

Last edited: 2020-06-30 15:24

From IRC team meeting: Let's try to make some mocks of the interface to see how the feature would look like when finished. The mocks should be made in English.

DenisChenu

DenisChenu

2020-06-30 16:39

developer   ~58587

https://bugs.limesurvey.org/view.php?id=16440

DenisChenu

DenisChenu

2020-06-30 16:41

developer   ~58588

Replaced

Issue History

Date Modified Username Field Change
2019-10-18 14:42 DenisChenu New Issue
2019-10-18 14:43 DenisChenu Note Added: 54099
2019-11-01 17:26 c_schmitz Category User/User groups => User / Groups / Roles
2020-01-17 15:50 DenisChenu Note Added: 55362
2020-01-24 09:37 sconsulting Note Added: 55448
2020-01-27 15:17 cdorin Note Added: 55485
2020-01-27 15:17 cdorin Assigned To => cdorin
2020-01-27 15:17 cdorin Status new => assigned
2020-01-27 15:32 DenisChenu Note Added: 55486
2020-06-16 16:21 DenisChenu Note Added: 58312
2020-06-16 16:24 DenisChenu Note Added: 58313
2020-06-16 16:27 DenisChenu Note Added: 58314
2020-06-16 16:33 DenisChenu Note Added: 58315
2020-06-25 09:17 DenisChenu Note Added: 58435
2020-06-25 09:21 DenisChenu Note Added: 58436
2020-06-25 09:40 Mazi Note Added: 58437
2020-06-25 09:41 Mazi Note Added: 58438
2020-06-25 09:44 DenisChenu Note Added: 58439
2020-06-25 09:45 DenisChenu Note Added: 58440
2020-06-25 14:55 DenisChenu Note Added: 58453
2020-06-25 16:49 ollehar Note Added: 58480
2020-06-25 16:50 ollehar Note Edited: 58480
2020-06-25 17:13 DenisChenu Note Added: 58481
2020-06-25 17:13 DenisChenu File Added: Capture d’écran du 2020-06-25 17-06-16.png
2020-06-25 17:13 DenisChenu File Added: Capture d’écran du 2020-06-25 17-09-03.png
2020-06-25 17:15 DenisChenu Note Added: 58482
2020-06-25 17:15 DenisChenu File Added: Capture d’écran du 2020-06-25 17-15-31.png
2020-06-25 17:19 DenisChenu Note Edited: 58482
2020-06-25 17:25 DenisChenu Note Added: 58483
2020-06-25 17:26 ollehar Note Added: 58485
2020-06-25 17:37 Mazi Note Added: 58487
2020-06-25 17:56 DenisChenu Note Added: 58488
2020-06-25 18:02 DenisChenu Relationship added parent of 16428
2020-06-25 22:04 cdorin Note Added: 58504
2020-06-25 22:07 cdorin Note Edited: 58504
2020-06-26 08:49 DenisChenu Note Added: 58510
2020-06-29 18:29 DenisChenu Note Added: 58562
2020-06-30 15:04 DenisChenu Summary Survey group Permission : inherit system => Survey group Permission : minimal system
2020-06-30 15:04 DenisChenu Additional Information Updated
2020-06-30 15:24 ollehar Note Added: 58582
2020-06-30 15:24 ollehar Note Edited: 58582
2020-06-30 16:39 DenisChenu Note Added: 58587
2020-06-30 16:40 DenisChenu Relationship added parent of 16440
2020-06-30 16:40 DenisChenu Relationship replaced related to 16440
2020-06-30 16:40 DenisChenu Relationship replaced related to 16428
2020-06-30 16:41 DenisChenu Status assigned => closed
2020-06-30 16:41 DenisChenu Resolution open => won't fix
2020-06-30 16:41 DenisChenu Note Added: 58588
2020-06-30 17:09 DenisChenu Issue Monitored: DenisChenu