17422: Survey Deletion view/read permission seems to be granted by default to the user and can’t be revoked

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

17422	Bug reports	User / Groups / Roles	public	2021-07-08 07:27	2021-09-21 09:45

Reporter	sdsAdm1n	Assigned To	DenisChenu
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	5.x
Fixed in Version	5.x

Summary	17422: Survey Deletion view/read permission seems to be granted by default to the user and can’t be revoked
Description	On survey level, when trying to assign permissions to any user, the View/Read permission on Survey Deletion is granted by default. Tried to revoke that permission and clicked on Save button. but, after previewing the user permissions page again, we found that View/Read permission for deletion has been set again.
Steps To Reproduce	Create user Go to a survey -> Survey Permissions page Select the user from user drop down list, and Click Add User button. here you will see the deletion permissions granted by default. Apply required permissions, remove View/Read permissions from Survey Deletion. Click Save button. Visit the user permission page again, and you see the deletion permission still there.
Tags	No tags attached.
Attached Files	deletePermission.png (87,298 bytes) deletePermission.png (87,298 bytes)

Bug heat	6
Complete LimeSurvey version number (& build)	Version 5.0.5+210621
I will donate to the project if issue is resolved	No
Browser	Chrome
Database type & version	MS SQL Server 2016
Server OS (if known)
Webserver software & version (if known)
PHP Version	7.4

User List	There are no users monitoring this issue.

DenisChenu 2021-07-08 08:43 developer ~65249	Confirm the issue

DenisChenu 2021-07-08 08:45 developer ~65250 Last edited: 2021-09-17 10:20	Permission checked are survey/read … and yes : is user are in Survey permisison he has the global "read" Permission on survey.

DenisChenu 2021-07-08 08:50 developer ~65251 Last edited: 2021-09-17 10:20	PS : the sentence is false, it's "Global permission on survey" The Global read permission on this survey is given because it's a needed permission. 2 solution : Replace sentence and put "Global persmisson on this survey" and show forced permission as disabled/checked Hide the forced permission (3.X hide the forced permission)

DenisChenu 2021-07-08 20:35 developer ~65265 Last edited: 2021-09-17 10:20	https://github.com/LimeSurvey/LimeSurvey/pull/1959

galads 2021-07-12 10:13 reporter ~65267 Last edited: 2021-09-17 10:20	@DenisChenu , your PR does not include the changes you mentioned. But I think this should be a "survey permission level" and not "global permission". The permission on the reported issue is "delete permission on the survey level", this should be disabled by default.

DenisChenu 2021-07-12 11:03 developer ~65268 Last edited: 2021-09-17 10:20	It's a display error. In 3.X : there are a specific test to show the checkbox `!($sPKey == 'survey' && $sPDetailKey == 'read')` The line check for survey, and only one right "delete" since read is removed. Here i put the solution 2 : Hide the forced permission (3.X hide the forced permission) You prefer solution 1 : Replace sentence and put "Global permission on this survey" and show forced permission as disabled/checked (with a indication about "to remove this right : you need to remove user form permission)?

DenisChenu 2021-07-12 11:10 developer ~65269 Last edited: 2021-09-17 10:20	See : https://github.com/LimeSurvey/LimeSurvey/blob/4347d95adde007a39c269bd23cd1195db9ad5eb9/application/models/Permission.php#L106 Then : read is true (it's the default value) But hidden in HTML only : https://github.com/LimeSurvey/LimeSurvey/blob/4347d95adde007a39c269bd23cd1195db9ad5eb9/application/controllers/admin/surveypermission.php#L497

galads 2021-08-04 14:55 reporter ~65815 Last edited: 2021-09-17 10:20	tested ok

DenisChenu 2021-08-09 16:10 developer ~65887 Last edited: 2021-09-17 10:20	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=32488

c_schmitz 2021-09-21 09:45 administrator ~66558	New version released

LimeSurvey: master beb3cf14 2021-08-09 16:10:11 DenisChenu Committer: GitHub Details Diff	Fixed issue 17422: Survey Deletion view/read permission seems to be granted (#1959) Dev: Check if forced by minimal read : don't display checkbox in view Dev: Alt : show checkbox as checked and disable ?	Affected Issues 17422
	mod - application/controllers/admin/surveypermission.php	Diff File
	mod - application/extensions/UserPermissionsWidget/views/table.php	Diff File
	mod - application/models/Survey.php	Diff File
	mod - application/models/SurveysGroups.php	Diff File
	mod - application/models/services/PermissionManager.php	Diff File

Date Modified	Username	Field	Change
2021-07-08 07:27	sdsAdm1n	New Issue
2021-07-08 07:27	sdsAdm1n	File Added: deletePermission.png
2021-07-08 08:43	DenisChenu	Note Added: 65249
2021-07-08 08:45	DenisChenu	Note Added: 65250
2021-07-08 08:45	DenisChenu	Assigned To	=> DenisChenu
2021-07-08 08:45	DenisChenu	Status	new => assigned
2021-07-08 08:50	DenisChenu	Note Added: 65251
2021-07-08 20:15	DenisChenu	Summary	Survey Deletion view/read permission is granted by default to the user and can’t be revoked => Survey Deletion view/read permission seems to be granted by default to the user and can’t be revoked
2021-07-08 20:15	DenisChenu	Description Updated
2021-07-08 20:15	DenisChenu	Steps to Reproduce Updated
2021-07-08 20:35	DenisChenu	Assigned To	DenisChenu => c_schmitz
2021-07-08 20:35	DenisChenu	Status	assigned => ready for testing
2021-07-08 20:35	DenisChenu	Note Added: 65265
2021-07-09 15:16	galads	Assigned To	c_schmitz =>
2021-07-09 15:16	galads	Sync to Zoho Project	=> \|Yes\|
2021-07-12 10:13	galads	Note Added: 65267
2021-07-12 10:15	galads	Assigned To	=> galads
2021-07-12 10:15	galads	Status	ready for testing => confirmed
2021-07-12 11:03	DenisChenu	Note Added: 65268
2021-07-12 11:10	DenisChenu	Note Added: 65269
2021-08-04 14:55	galads	Note Added: 65815
2021-08-04 14:55	galads	Status	confirmed => ready for code review
2021-08-09 16:10	DenisChenu	Changeset attached	=> LimeSurvey master beb3cf14
2021-08-09 16:10	DenisChenu	Note Added: 65887
2021-08-09 16:10	DenisChenu	Assigned To	galads => DenisChenu
2021-08-09 16:10	DenisChenu	Resolution	open => fixed
2021-09-17 10:20	DenisChenu	Status	ready for code review => resolved
2021-09-17 10:20	DenisChenu	Fixed in Version	=> 5.x
2021-09-21 09:45	c_schmitz	Note Added: 66558
2021-09-21 09:45	c_schmitz	Bug heat	4 => 6
2021-09-21 09:45	c_schmitz	Status	resolved => closed

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History