|
|
Some user story
User story #1 : Group owner
- Create a user who can create group and surey
- This user can create 2 groups (for example) Draft, Ready, Archived
- This user can manage is own survey like he want.
User story #2 : Survey inside groups : Global permssion on survey in Survey group
- Have an "Accoutancy" department
- Create a Survey group "Accountancy Survey"
- Add "Accountancy" director to have Read /update rights on all survey in "Accountancy Survey" + read on "Accountancy Survey"
- Put all accountancy surveys in "Accountancy Survey"
- Some time ago : a new "Accoutancy" assistant come : give him the rights survey inside group.
No need to manage who can access to survey inside this group one by one … |
|
|
|
For information : when update : an user with "All surveys" write have directlry "Read all" on all group.
I must check for "Read all survey" : i don't know. |
|
|
|
Oh … and "Themes options for this survey group" need a new Permission or not ? |
|
|
|
|
|
|
|
Send a document |
|
cdorin
2020-09-01 17:16
reporter
~59675
Last edited: 2020-09-01 17:19
|
Hey Denis,
Looks very good! Would like to discuss a couple of points a bit further:
1) What do you think about adding the permission to "create" surveys in survey group permissions? (I see that the checkbox is missing)
2) A theme options row for survey group permissions is needed, indeed. Would be OK to have only Update and View/Read permissions only?
3) Please check the #develop branch all the time for new commits since we also refactor certain parts of the software (surveyadmincontroller and themeoptions controller are left).
4) About "Content": Does it cover the right to read/view & update survey settings (where survey settings inheritance is taking place) ?
5) About "Content": Is it necessary to have the "Delete" option? If you delete the group, what would then happen with the questions located inside of it get deleted? We should think of an option to confirm whether the user wants to delete the surveys inside a survey a group or if the surveys should be transferred to another group.
In case smth else comes into my mind - will write it down here for everyone.
Thanks for your suggestion and feature request! |
|
|
|
1) What do you think about adding the permission to "create" surveys in survey group permissions? (I see that the checkbox is missing)
I think it's hard to «create survey in group» , but you're right : there are a lack of Permission
3 solutions :
- Create : mean "adding survey in this group". What for "Remove Survey in this group" ?
- "Permission on surveys list : adding and remove surveys from this group" ? Only Create (Add) + View/read + Delete (mean remove)
- "Permission on surveys list : adding and remove surveys from this group" view + update (mean add and remove)
2)à A theme options row for survey group permissions is needed, indeed. Would be OK to have only Update and View/Read permissions only?
See https://bugs.limesurvey.org/view.php?id=16440#c58590
BUT : related with template right management. Then user need READ access to the theme + update option to Theme on Survey Group.
What about uploading pictures ?
About "Content": Is it necessary to have the "Delete" option?
Right : no reason to have delete (currently)
4) About "Content": Does it cover the right to read/view & update survey settings (where survey settings inheritance is taking place) ?
To be choosen : Can add a new line for SurveyGroup settings only or use this one . In my opinion: best is to have only one checkbox for both, but if needed can separate. |
|
|
|
About create,
See odt :
Surveys in group : Same options than global settings, except create already in Survey group / read Permission
In fact : if you can see the SurveyGroup in the dropdown : you already can select this group in Survey management
Else : must think differently : SurveyGroup dropdown take only "add" options ? |
|
|
|
1) What do you think about adding the permission to "create" surveys in survey group permissions? (I see that the checkbox is missing)
I think it's hard to «create survey in group» , but you're right : there are a lack of Permission
Ok, then we do not need to add the "create survey" permissions since it's not worth it in the first phase.
3 solutions :
- Create : mean "adding survey in this group". What for "Remove Survey in this group" ?
- "Permission on surveys list : adding and remove surveys from this group" ? Only Create (Add) + View/read + Delete (mean remove)
- "Permission on surveys list : adding and remove surveys from this group" view + update (mean add and remove)
I would go for: - "Permission on surveys list : adding and remove surveys from this group" view + update (mean add and remove) . Add + View/read + Delete may add too much confusion. Update already means that you are editing the surveys located inside the survey group.
One follow up question in that regard: what does "Add" mean - from which groups can the survey group manager add questions ? -> Will it depend on which group view permission he has? It could end up a bit complicated. Perhaps I can document some use cases to have in mind when creating this functionality?
2)à A theme options row for survey group permissions is needed, indeed. Would be OK to have only Update and View/Read permissions only?
See https://bugs.limesurvey.org/view.php?id=16440#c58590
BUT : related with template right management. Then user need READ access to the theme + update option to Theme on Survey Group.
What about uploading pictures ?
I would not go for image upload at the moment. Isee you cannot upload new imagines in admin/themeoptions/sa/updatesurveygroup -> it would overcomplicate too much the project for the first iteration/version of the feature.
3) About "Content": Is it necessary to have the "Delete" option?
Right : no reason to have delete (currently)
Ok, so the Delete checkbox can be removed.
5)) About "Content": Does it cover the right to read/view & update survey settings (where survey settings inheritance is taking place) ?
To be choosen : Can add a new line for SurveyGroup settings only or use this one . In my opinion: best is to have only one checkbox for both, but if needed can separate.
Hmm, no need to add a new line for Surveygroup settings imo. Better to use one checkbox for both options. |
|
|
|
OK,
I start with this :) and make new screenshot when it's ready |
|
|
|
@cdorin : 2 questions
- Allow "public" group: all user see this group and can put Survey inside this group : OK ?
- Did owner of a group (without Survey global rights) can update all surveys in this group ? I think adding a global setting if needed. If needed : need 2 different rights (Object) : SureyGroup + SurvyesInGroup
|
|
|
|
Hey Denis!
- Sounds good - where will be the setting located?
- Good point. IMO, I consider it is better if the owner of the group cannot update nor view the surveys in this group (I am thinking of privacy - as a worker, maybe you don;t have to share your responses with your manager). Therefore, for a surveygroup owner to see and edit surveys inside his/her group, he/she should receive surveygroup survey-related permissions.
What are your thoughts?
|
|
|
|
1 : new attribute in SurveyGroup i think
2: my client want SurveyGroup owner have all rights on survey. But when thinking unsure it's a good option. It's really more simple to have 'owner of groups' have all rights on survey. I check to have a solution to allow or not this via global settings. |
|
|
|
1: Sure, sounds good.
2: I am not sure about having a setting in global settings about that - mostly because it will complicate the software. Perhaps we should stick first to providing all rights on survey to the owner of the group (since it makes sense in many scenarios after all...), and see how LS users use the survey group permissions feature. And discuss after about a solution in the global settings. |
|
|
|
For 2 : if Group owner don't have right on surveys : i'm unsure on the real feature … it must be clear for user.
There are #2 : give all rights on SureyGroups => give all rights on Surveys …
Must be really clear too … and well documented |
|
|
|
2: Agree. So, the group owner will get all the survey-related permissions.
Can that be reflected on the survey group permissions in any way? |
|
|
|
Can that be reflected on the survey group permissions in any way?
? Your question is unclear for me here. |
|
|
|
Nevermind - was just wondering where the survey group owner will be listed. But he will appear anyway on the survey group list page: localhost/index.php?r=admin/survey/sa/listsurveys#surveygroups |
|
|
|
Must remind of this ;) |
|
|
|
Currently : anybody can add/delete/update any groups … even without any rights … |
|
|
|
Yes , thus the necessity of having survey group permissions at the global level to block that... |
|
|
|
OK,
You confirm we can remove current rights then :)
Maybe i add a Plugin (core and activated) : User with Survey rights can see group of the survey :).
It can be a great plugin for sample :) |
|
|
|
What do you mean by "removing current rights" ?
About Plugin: what do you mean by users with survey rights (global permissions) can see the group of the survey? You mean the survey group settings, ability to add and delete groups etc? |
|
|
|
What do you mean by "removing current rights" ?
User without any rights can update all groups .
Since adding permission check : this user loose this right :)
About Plugin: what do you mean by users with survey rights (global permissions) can see the group of the survey? You mean the survey group settings, ability to add and delete groups etc?
No :
- UserA have right on Survey1 (and no other right)
- Survey1 are in SurveyGroup1
=> UserA see SurveyGroup1 in list.
I think it's OK , don't need plugin, sorry :) |
|
|
|
Ah, thanks - took me some time :D
About second point: yes, sounds amazing :) |
|
|
|
To be tested (and improved …) |
|
|
|
Nevermind - was just wondering where the survey group owner will be listed. But he will appear anyway on the survey group list page: localhost/index.php?r=admin/survey/sa/listsurveys#surveygroups
Like Survey : show to user, can be updated if user are owner or superadmin : https://github.com/LimeSurvey/LimeSurvey/blob/14b53db7ffe02d85020adab4690937fd1b1de835/application/views/admin/survey/subview/accordion/_generaloptions_panel.php#L124
But i show it if user didn't have right to update |
|
|
|
Document updated :
- Add Survey group permission right
- Add Surveys settings right
- Add «available» survey group option
|
|
|
|
|
|
|
|
Adding test idea |
|
|
|
Hey Denis,
thanks for your work! Haven't finished testing everything. Got the following two points so far:
1) On Create a Permission by Survey groups: at the moment, I can add survey group permissions to a simple user only and only if I am a superadministrator. Who should have the right?
2) Minor issue: when creating a group, you can choose Parent Group - there you have the possibility to visualise group names , including the ones that are not publicly available (hope I saw correctly). Perhaps the groups that are not listed as publicly available should not be listed under Parent group as well? |
|
|
|
You can kick yourself out: if you give yourself survey group security permissions, you can take them from yourself.
Another issue to think of (related to the one above), If I have survey group security settings, Once I access survey group permission page, I can give myself "survey settings" and "surveys in this group" permissions.
Do not have now in mind a proposed solution - it s something we need to think of. |
|
|
|
1) On Create a Permission by Survey groups: at the moment, I can add survey group permissions to a simple user only and only if I am a superadministrator. Who should have the right?
It must be same than Create Survey, can you check ?
2) Minor issue: when creating a group, you can choose Parent Group - there you have the possibility to visualise group names , including the ones that are not publicly available (hope I saw correctly). Perhaps the groups that are not listed as publicly available should not be listed under Parent group as well?
Right, i must check. User can see on list ONLY surveys group where :
- He have right on Siurveys group
- Surveys group are set to publiclly available
- User have one right on Survey inside group
About 3 : maybe we must disable it for parent ?
Do not have now in mind a proposed solution - it s something we need to think of.
I start with "allow only security if you have right" BUT : there are an issue on survey.
See : https://bugs.limesurvey.org/view.php?id=16767
I can fix it BUT only when move Survey Permission management and SurveysGroup permission management using same function ....
I don't rewrite both at same time
See https://bugs.limesurvey.org/view.php?id=14551 |
|
|
|
PS : about Permission control on save and view
See
https://github.com/LimeSurvey/LimeSurvey/pull/1632/files#diff-beaf430650e7a0fdc9312621e8f179e93ed78092d7bec1d9dca4b4a7832196a3R50
I start but need more rewrite for Survey at same time. |
|
|
|
1) On Create a Permission by Survey groups: at the moment, I can add survey group permissions to a simple user only and only if I am a superadministrator. Who should have the right?
I create a SureyGroup user allow : User (all) + SurveyGroup (all) : see screenshot when he create an user.
Exactly the same for Survey (but with Survey ;) |
|
|
|
2) Minor issue: when creating a group, you can choose Parent Group - there you have the possibility to visualise group names , including the ones that are not publicly available (hope I saw correctly). Perhaps the groups that are not listed as publicly available should not be listed under Parent group as well?
Fixed in https://github.com/LimeSurvey/LimeSurvey/pull/1632/commits/d8040440152b13461426e96808566b808ebe33bd |
|
|
|
Another issue to think of (related to the one above), If I have survey group security settings, Once I access survey group permission page, I can give myself "survey settings" and "surveys in this group" permissions.
Since survey have same issue : https://bugs.limesurvey.org/view.php?id=16767
I was happy to fix it for both when this one was merged (separate pull request purpose). |
|
|
|
Thanks @DenisChenu for comments!
Did another round of small testing this evening and got the following 4 points (everything is related to survey group permissions at global level):
1) Survey Settings (where the inherited global survey settings are) of a survey should be available only if that user has the global Survey Group Update permission. At the moment it’s possible just with View/Read.
2) "Settings for this survey group" should be available for editing only if the survey group Update permission exists
3) What permissions is View/Read supposed to provide? If a survey is publicly made available, the user can see it anyway (view read permission not needed if I checked correctly). Perhaps, without view/read permission, the user should not see be able to see any survey group?
4) Is this intended behaviour (just to confirm): If there is a survey inside a survey group, the Delete button will not be displayed even if you have the Delete permission |
|
|
|
1) Survey Settings (where the inherited global survey settings are) of a survey should be available only if that user has the global Survey Group Update permission. At the moment it’s possible just with View/Read.
Survey settings for group are show to User who have "Syrvey setting Read" right , but : no save button (and if try to save with hacking : 403 error) : maybe we can add a alert ? Or a readonly on element ?
2) "Settings for this survey group" should be available for editing only if the survey group Update permission exists
No : can be seen if you have Read group, not shown if you get right on list by Survey. BUT : again : no way to save (403+no button) and here : shown at readonly
3) What permissions is View/Read supposed to provide? If a survey is publicly made available, the user can see it anyway (view read permission not needed if I checked correctly). Perhaps, without view/read permission, the user should not see be able to see any survey group?
See 1 and 2 : you can view the description and the available Survey Theme
4) Is this intended behaviour (just to confirm): If there is a survey inside a survey group, the Delete button will not be displayed even if you have the Delete permission
It's not already in current stable version . Since you can not delete it : we hide the button.
I add the delete/group/right control only. Maybe we need to check if have parent too. |
|
|
|
|
|
|
|
Great, thanks for info! didn t pay attention to the lack of save button for point 2 :) .
Will continue testing today |
|
|
|
there are an issue on the list on the last version ....
If you can update ?
About 2 : i think i check to add a visual information at top maybe ? |
|
|
|
Add permissions: is still there if you have only READ permission : i remove it.
Or maybe it's due to "Create group" ? I check . I think you can not "create" right, only update : adding a new user is part to update ?
Becaus e: only create : you can add an user, but don't give any right ... then you can not give right to user ... |
|
|
|
I rechecked the whole flow.
Looks great.
I think the best way to find inconsistencies is to start writing the manual section for it: https://manual.limesurvey.org/Survey_Group_Permissions |
|
