15455: Survey admin can change template options of standard templates/core themes

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

15455	Bug reports	Theme editor	public	2019-10-24 12:32	2021-02-08 19:12

Reporter	rbaier	Assigned To	cdorin
Priority	low	Severity	minor
Status	closed	Resolution	won't fix
Product Version	3.19.2

Summary	15455: Survey admin can change template options of standard templates/core themes
Description	A survey administrator can choose a template for her survey. In the dropdown list "Template" in "General survey settings" she will see only those templates, a superadmin has given "template permissions" to her Limesurvey account (or she will see all templates, if the superadmin gave her account the "Permission to view/read templates"). So lets say she chose the template "fruity" for her survey. She is not allowed to modify this theme, even if the superadmin gave her account "Permission to create, view, update, delete, export and import templates", because "fruity" is a standard theme/core theme ("If you want to modify it you can extend it"). Nevertheless she can change the "theme options" of this core theme: "Survey settings -> Theme options -> Simple options -> Inherit everything: No". This is even possible with no "Permission to create, view, update, delete, export and import templates" at all. I think that a survey admin normally expects a standard theme/core theme (like "fruity") to be unchangeable. So, if you choose "fruity" then you expect to get the original "fruity" theme and not a theme that was edited by some other user.
Tags	No tags attached.

Bug heat	4
Complete LimeSurvey version number (& build)	3.19.2+191017
I will donate to the project if issue is resolved	No
Browser	Firefox 70
Database type & version	MySQL 5.5.62-0ubuntu0.14.04.1-log
Server OS (if known)
Webserver software & version (if known)	Apache
PHP Version	7.07

User List	There are no users monitoring this issue.

cdorin 2020-03-05 19:01 reporter ~56328	Hey there! Are there any risks for an admin to allow his/her user to "not" inherit everything and quickly customize the survey? Perhaps something can be done in LS4 since we have global and group survey settings. But nothing will be changed in LS3.

rbaier 2020-03-06 09:53 reporter ~56347	Sorry, i did not describe the problem correctly. What i wanted to say is that a user having permissions to modify themes can change core themes at the global level (e.g. insert his/her own logo). This affects the surveys of other users where this core theme is used. What I would like to suggest is that global changes to core themes may only be made by Superadmin.

Date Modified	Username	Field	Change
2019-10-24 12:32	rbaier	New Issue
2020-03-05 19:01	cdorin	Assigned To	=> cdorin
2020-03-05 19:01	cdorin	Status	new => feedback
2020-03-05 19:01	cdorin	Note Added: 56328
2020-03-06 09:53	rbaier	Note Added: 56347
2020-03-06 09:53	rbaier	Status	feedback => assigned
2021-02-04 10:15	cdorin	Status	assigned => new
2021-02-08 19:12	cdorin	Priority	none => low
2021-02-08 19:12	cdorin	Status	new => closed
2021-02-08 19:12	cdorin	Resolution	open => won't fix

View Issue Details

Users monitoring this issue

Activities

Issue History