View Issue Details

IDProjectCategoryView StatusLast Update
17075Bug reportsUser / Groups / Rolespublic2021-02-15 22:40
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version4.4.4 
Fixed in Version4.4.4 
Summary17075: User roles : all rights are enabled
DescriptionWhen edit user roles, no way to remove permission
Steps To ReproduceSee screencast
Additional Informationhttps://forums.limesurvey.org/forum/installation-a-update-issues/123615-user-can-see-own-survey-but-can-t-access-it#211802
TagsNo tags attached.
Complete LimeSurvey version number (& build)4.4.4
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database & DB-Versionnot relevant?
Server OS (if known)not relevant ?
Webserver software & version (if known)not relevant ?
PHP Versionnot relevant ?

Activities

DenisChenu

DenisChenu

2021-02-10 14:23

developer  

Peek 10-02-2021 14-21.gif (649,056 bytes)
ollehar

ollehar

2021-02-10 14:33

administrator   ~62103

Last edited: 2021-02-10 14:33

View 2 revisions

Denis, do you have access to severity level? Is this really minor?
DenisChenu

DenisChenu

2021-02-10 14:38

developer   ~62104

major ?

I don't like block …
ollehar

ollehar

2021-02-10 14:40

administrator   ~62105

One could argue it's blocking the workflow to assign permissions...? Or?
DenisChenu

DenisChenu

2021-02-10 14:46

developer   ~62106

@ollehar : do you have any idea why this issue didn't happen before ?

See forum post :
> I immediately downgraded to 4.4.1 again.

by user
… …
DenisChenu

DenisChenu

2021-02-10 14:46

developer   ~62107

Public survey : no issue ;)

partial_block if you use roles only :)
DenisChenu

DenisChenu

2021-02-10 15:16

developer   ~62109

https://github.com/LimeSurvey/LimeSurvey/pull/1755

I'm sure at 100% of my fix but
- Rename a function (not in API)
- Remove the call of https://manual.limesurvey.org/BeforeHasPermission with userid = 0 when checking permission for userid > 0
ollehar

ollehar

2021-02-10 16:45

administrator   ~62118

Renaming functions are fine. As long as it makes sense. :)
ollehar

ollehar

2021-02-10 16:46

administrator   ~62119

> Public survey : no issue ;)

I consider "block" to be "blocking for a workflow [for many users]" - can be admin interface or anything.

Partial block = blocking workflow for some users.
DenisChenu

DenisChenu

2021-02-10 17:05

developer   ~62122

Last edited: 2021-02-10 17:05

View 2 revisions

> I consider "block" to be "blocking for a workflow [for many users]" - can be admin interface or anything.

Here :
- before : some user didn't have access (without issue)
- after : all user have access to all (with issue)

But all action can be done ;)

It's not block (but it's a major potential leak of data ;) )
ollehar

ollehar

2021-02-10 17:08

administrator   ~62123

Last edited: 2021-02-10 17:08

View 2 revisions

> But all action can be done ;)

Not the workflow of controlling permissions...

Anyway.
DenisChenu

DenisChenu

2021-02-10 17:10

developer   ~62124

:D

**major potential leak of data **

But on a new feature ;) role didn't exist in 3.X
ollehar

ollehar

2021-02-10 17:13

administrator   ~62125

New severity level for security issues needed?
DenisChenu

DenisChenu

2021-02-10 17:14

developer   ~62126

Maybe :)
DenisChenu

DenisChenu

2021-02-10 17:14

developer   ~62127

But i like to have
minor
**major**
block

for start
DenisChenu

DenisChenu

2021-02-11 14:56

developer   ~62164

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31053
lime_release_bot

lime_release_bot

2021-02-15 22:40

administrator   ~62271

Fixed in Release 4.4.7+210215

Related Changesets

LimeSurvey: master 6dbe2cb4

2021-02-10 15:11:34

DenisChenu

Details Diff
Fixed issue 17075: User roles : all rights are enabled
Dev: clarify functionname in Permission
Dev: use directly DB checking
Affected Issues
17075
mod - application/models/Permission.php Diff File
mod - application/models/Permissiontemplates.php Diff File
mod - application/views/admin/permissiontemplates/partials/_permissions.php Diff File

LimeSurvey: master 08aba601

2021-02-11 14:56:06

ollehar


Committer: GitHub Details Diff
Fixed issue 17075: User roles : all rights are enabled

Merge pull request #1755 from Shnoulle/master_17075
Affected Issues
17075
mod - application/models/Permission.php Diff File
mod - application/models/Permissiontemplates.php Diff File
mod - application/views/admin/permissiontemplates/partials/_permissions.php Diff File

Issue History

Date Modified Username Field Change
2021-02-10 14:23 DenisChenu New Issue
2021-02-10 14:23 DenisChenu File Added: Peek 10-02-2021 14-21.gif
2021-02-10 14:33 ollehar Note Added: 62103
2021-02-10 14:33 ollehar Note Edited: 62103 View Revisions
2021-02-10 14:38 DenisChenu Severity minor => partial_block
2021-02-10 14:38 DenisChenu Note Added: 62104
2021-02-10 14:38 DenisChenu Assigned To => DenisChenu
2021-02-10 14:38 DenisChenu Status new => assigned
2021-02-10 14:40 ollehar Note Added: 62105
2021-02-10 14:46 DenisChenu Note Added: 62106
2021-02-10 14:46 DenisChenu Note Added: 62107
2021-02-10 15:16 DenisChenu Assigned To DenisChenu => ollehar
2021-02-10 15:16 DenisChenu Status assigned => testing
2021-02-10 15:16 DenisChenu Note Added: 62109
2021-02-10 16:45 ollehar Note Added: 62118
2021-02-10 16:46 ollehar Note Added: 62119
2021-02-10 17:05 DenisChenu Note Added: 62122
2021-02-10 17:05 DenisChenu Note Edited: 62122 View Revisions
2021-02-10 17:08 ollehar Note Added: 62123
2021-02-10 17:08 ollehar Note Edited: 62123 View Revisions
2021-02-10 17:10 DenisChenu Note Added: 62124
2021-02-10 17:13 ollehar Note Added: 62125
2021-02-10 17:14 DenisChenu Note Added: 62126
2021-02-10 17:14 DenisChenu Note Added: 62127
2021-02-11 14:56 ollehar Changeset attached => LimeSurvey master 08aba601
2021-02-11 14:56 DenisChenu Changeset attached => LimeSurvey master 6dbe2cb4
2021-02-11 14:56 DenisChenu Note Added: 62164
2021-02-11 14:56 DenisChenu Assigned To ollehar => DenisChenu
2021-02-11 14:56 DenisChenu Resolution open => fixed
2021-02-11 15:50 DenisChenu Status testing => resolved
2021-02-11 15:50 DenisChenu Fixed in Version => 4.4.4
2021-02-15 22:40 lime_release_bot Note Added: 62271
2021-02-15 22:40 lime_release_bot Status resolved => closed