View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|17659||Bug reports||User / Groups / Roles||public||2021-10-12 09:37||2021-10-14 12:10|
|Summary||17659: Deleting a user that is owner of a survey group|
|Description||According to https://forums.limesurvey.org/forum/can-i-do-this-with-limesurvey/125344-mass-deletion-of-users the systems does not work properly when you delete a user that is owner of a survey group.|
|Tags||No tags attached.|
|Complete LimeSurvey version number (& build)||5.x|
|I will donate to the project if issue is resolved||No|
|Database type & version||N/A|
|Server OS (if known)|
|Webserver software & version (if known)|
|Need example survey and instructions on how to reproduce.|
|Example survey? The bug is not about one survey but|
Example survey? The bug is not about one survey but survey group. To reproduce: Add a user. Add a survey group, set owner to be the user you just created. Delete the user.
See attached picture, or the result in the DB:
MariaDB [lime]> select gsid,title,owner_id from lime_surveys_groups;
| gsid | title | owner_id |
| 1 | Default | 1 |
| 2 | group1 | 2 |
2 rows in set (0.000 sec)
MariaDB [lime]> select uid from lime_users;
| uid |
| 1 |
1 row in set (0.000 sec)
@Jmantysalo : with debug set to 2 : you don't have error on SurveysGroups list ?
You can set another owner on edition (with the right to edit …)
Setting debug to 2 does not make any change. I can set new owner for a group, hence this is not so severe bug.
Btw, application/controllers/UserManagementController.php already contains a line
//todo REFACTORING user permissions should be deleted also ... (in table permissions)
which could be done with this, I guess.
> Setting debug to 2 does not make any change. I can set new owner for a group, hence this is not so severe bug.
great news !
> //todo REFACTORING user permissions should be deleted also ... (in table permissions)
Permission and owner are not the same thing in my opinion :)
the question is more : if user A delete user B :
1. did we change owner of all model (Survey + Survey group + User groups (if i don't make error)) to give it to user A **even if this user don't have access** : (must be tested)
2. Dis we set owner to null value ?
3. Did we set owner to 1st super admin
4. Dis we keep like this.
|Usually DB:s contain foreign keys... Those would force developers to think about things like this. A user can be referenced by 1) survey, 2) survey group, 3) permission and 4) label set. At least those, maybe more.|
|Label set ?|
> Label set ?
My bad. No owner for a label set.
then : must check
1. Owner of survey
2. Owner of surveys group
3. Owner of user group (used ?)
4. Global participant ?
Must delete when delete user
1. Permission for this user
2. UserInGroup for this user
3. Global participant sharing
|2021-10-12 09:37||Jmantysalo||New Issue|
|2021-10-12 10:54||ollehar||Note Added: 66830|
|2021-10-12 10:54||ollehar||Bug heat||0 => 2|
|2021-10-12 12:39||Jmantysalo||Note Added: 66831|
|2021-10-12 12:39||Jmantysalo||Bug heat||2 => 4|
|2021-10-12 12:42||Jmantysalo||Note Added: 66832|
|2021-10-12 12:42||Jmantysalo||File Added: survey-group-no-owner.png|
|2021-10-13 09:07||DenisChenu||Note Added: 66840|
|2021-10-13 09:07||DenisChenu||Bug heat||4 => 6|
|2021-10-14 07:16||Jmantysalo||Note Added: 66846|
|2021-10-14 09:05||DenisChenu||Note Added: 66847|
|2021-10-14 11:05||Jmantysalo||Note Added: 66848|
|2021-10-14 11:12||galads||Assigned To||=> galads|
|2021-10-14 11:12||galads||Status||new => confirmed|
|2021-10-14 11:43||DenisChenu||Note Added: 66850|
|2021-10-14 11:51||Jmantysalo||Note Added: 66851|
|2021-10-14 12:10||DenisChenu||Note Added: 66852|