16799: User with read + create survey : invalid list shown - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

16799	Bug reports	Import/Export	public	2020-10-30 15:13	2020-12-28 10:42

Reporter	DenisChenu	Assigned To	gabrieljenik
Priority	normal	Severity	minor
Status	closed	Resolution	fixed
Product Version	3.24.3

Summary	16799: User with read + create survey : invalid list shown
Description	An user with real all surveys + create survey see whole survey : it's OK, but have error when try to copy. When try to copy survey : see whole survey C
Steps To Reproduce	Create an user with Survey/create and Survey/read global right : readandcreate user Log in as readandcreate user See whole survey : OK Click on "Copy survey" See whole survey in list Select one and copy : error shown about invalid right
Additional Information	The test done for dropdown is Survey/Read The test done for copy is surveycontent/export 2 way to fix: Allow copy with survey/read Show a list with only surveycontent/export (this include surveys/read) Links : Test when copy : https://github.com/LimeSurvey/LimeSurvey/blob/40333d2f1fc6d844397b669c8b9d778512d001dd/application/controllers/admin/surveyadmin.php#L1226 Survey listing https://github.com/LimeSurvey/LimeSurvey/blob/40333d2f1fc6d844397b669c8b9d778512d001dd/application/helpers/common_helper.php#L100 https://github.com/LimeSurvey/LimeSurvey/blob/40333d2f1fc6d844397b669c8b9d778512d001dd/application/models/Survey.php#L608 (the name of this function … so unclear …)
Tags	No tags attached.
Attached Files	Capture d’écran du 2020-10-30 15-01-21.png (96,171 bytes) Capture d’écran du 2020-10-30 15-01-21.png (96,171 bytes) Capture d’écran du 2020-10-30 15-02-07.png (35,353 bytes) Capture d’écran du 2020-10-30 15-02-07.png (35,353 bytes) Capture d’écran du 2020-10-30 15-02-19.png (18,388 bytes) Capture d’écran du 2020-10-30 15-02-19.png (18,388 bytes)

Bug heat	6
Complete LimeSurvey version number (& build)	3.24.3 git
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

gabrieljenik 2020-11-30 14:04 manager ~60804	My thought: 1 - Create a new function getSurveyArr(($bReturnArray = false, $refresh = false, $extraPermissionsCheck = []) This will provide an array with surveys, with some extra permission checukng capabilities. 2 - Add new `extraPermissionCheck` parameter to SurveyModel::permission scope. This will be an array of permissions to check. Will be added to the query. 3 - Use the new method on the `copy` function and require `export` permission to the survey list 4 - Use the new method on the getSurveyList function to get the array. Part #4 will require a little bit more retesting, but will be fine I think. Thoughts?

DenisChenu 2020-11-30 14:53 developer ~60807	My opinion : read mean allow copy … But : see 16440 : thnere are new model function to get the list https://github.com/LimeSurvey/LimeSurvey/pull/1632/files#diff-0268c3e4648700cef058f99725fd5364a285bd35701d30cfda885a81ce1c86a4R1643 Don't fix without this part … else: must redo whole again …

gabrieljenik 2020-12-03 20:55 manager ~60835	https://github.com/LimeSurvey/LimeSurvey/pull/1682 LIsting survey which have at least read permissions PS: @DenisChenu, I know I didn't use the new model function. Sorry. This was less intrusive.

DenisChenu 2020-12-04 08:33 developer ~60838	You don't update list, then ; no issue ;)

gabrieljenik 2020-12-15 23:07 manager ~60971	Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=30804

lime_release_bot 2020-12-28 10:42 administrator ~61174	Fixed in Release 3.25.5+201222

LimeSurvey: 3.x-LTS 749899f2 2020-12-16 00:07 gabrieljenik Committer: GitHub Details Diff	Fixed issue 16799: User with read + create survey : invalid list shown (#1682) * Fixed issue 16799: User with read + create survey : invalid list shown LIsting survey which have at least read permissions * Fixed issue 16799: User with read + create survey : invalid list shown Throw 403 if no permission		Affected Issues 16799
	mod - application/controllers/admin/surveyadmin.php		Diff File

Date Modified	Username	Field	Change
2020-10-30 15:13	DenisChenu	New Issue
2020-10-30 15:13	DenisChenu	File Added: Capture d’écran du 2020-10-30 15-01-21.png
2020-10-30 15:13	DenisChenu	File Added: Capture d’écran du 2020-10-30 15-02-07.png
2020-10-30 15:13	DenisChenu	File Added: Capture d’écran du 2020-10-30 15-02-19.png
2020-10-31 11:19	DenisChenu	Relationship added	related to 16440
2020-11-03 20:45	cdorin	Assigned To	=> cdorin
2020-11-03 20:45	cdorin	Status	new => assigned
2020-11-03 20:45	cdorin	Priority	none => normal
2020-11-03 20:45	cdorin	Sync to Zoho Project	=> \|Yes\|
2020-11-30 14:04	gabrieljenik	Note Added: 60804
2020-11-30 14:53	DenisChenu	Note Added: 60807
2020-12-03 20:55	gabrieljenik	Note Added: 60835
2020-12-04 08:33	DenisChenu	Note Added: 60838
2020-12-15 23:07	gabrieljenik	Changeset attached	=> LimeSurvey 3.x-LTS 749899f2
2020-12-15 23:07	gabrieljenik	Note Added: 60971
2020-12-15 23:07	gabrieljenik	Assigned To	cdorin => gabrieljenik
2020-12-15 23:07	gabrieljenik	Resolution	open => fixed
2020-12-28 10:42	lime_release_bot	Sync to Zoho Project	Yes => \|Yes\|
2020-12-28 10:42	lime_release_bot	Note Added: 61174
2020-12-28 10:42	lime_release_bot	Status	assigned => closed

View Issue Details

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History