View Issue Details

This bug affects 2 person(s).
IDProjectCategoryView StatusLast Update
17739Bug reportsUser / Groups / Rolespublic2021-11-30 10:20
ReporterMapache Assigned Togalads  
Status acknowledgedResolutionopen 
Product Version5.2.x 
Summary17739: list_surveys JSON-RPC API method does not obey $sUsername if set
Descriptionusing a dedicated API-user-account like "api" does not return only those surveys that belong to a given user but all surveys.
Steps To ReproduceSteps to reproduce
1) add a user account like "api"
2) grant "Use internal database authentication" permission
3) grant View/read permissions on "Surveys"
4) run {"method": "list_surveys", "params": ["TOKEN", null], "id": 1} and {"method": "list_surveys", "params": ["TOKEN", "SOMEEXISTINGUSER"], "id": 1} against the API

Expected result
{"method": "list_surveys", "params": ["TOKEN", null], "id": 1} => return all surveys for every user
{"method": "list_surveys", "params": ["TOKEN", "SOMEEXISTINGUSER"], "id": 1} => return surveys for SOMEEXISTINGUSER

Actual result
{"method": "list_surveys", "params": ["TOKEN", null], "id": 1} => returns all surveys for every user
{"method": "list_surveys", "params": ["TOKEN", "SOMEEXISTINGUSER"], "id": 1} => also returns all surveys for every user
Bug heat8
Complete LimeSurvey version number (& build)5.2.2+211115 (starting from 4.3.34)
I will donate to the project if issue is resolvedNo
Database type & versionMySQL 8.0
Server OS (if known)
Webserver software & version (if known)
PHP Version7.4.25

Users monitoring this issue

User List DarioRoig


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-11-18 23:30 Mapache New Issue
2021-11-18 23:32 Mapache Tag Attached: api
2021-11-19 09:19 galads Assigned To => galads
2021-11-19 09:19 galads Status new => acknowledged
2021-11-30 10:19 DarioRoig Bug heat 0 => 6
2021-11-30 10:20 DarioRoig Issue Monitored: DarioRoig
2021-11-30 10:20 DarioRoig Bug heat 6 => 8