View Issue Details

This bug affects 2 person(s).
IDProjectCategoryView StatusLast Update
18289Bug reportsUser / Groups / Rolespublic2023-10-02 11:12
ReporterDenisChenu Assigned To 
Status confirmedResolutionopen 
Product Version5.3.x 
Summary18289: User with group creation allowed can not see is own group

If you set an user with Create user + create group can not see own group in Survey and SurveyGroup permission

Steps To Reproduce

Steps to reproduce

  1. usercontrolSameGroupPolicy as true
  2. Create an user with User read/create permission + UserGroup read/create permission
  3. Set User group Policy to On
  4. Allow user to create Survey
  5. Connect as this user
  6. Create a new user
  7. Create a new group
  8. Add the user to this group
  9. Create a survey
  10. Check permission list

Expected result

See the new Group created

Actual result

Nothing in list

Additional Information
  1. usercontrolSameGroupPolicy as true here.
TagsNo tags attached.
Bug heat12
Complete LimeSurvey version number (& build)5.3.28
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant


parent of 18281 closedtibor.pacalat Users in group are not deleted 
related to 18294 closedgabrieljenik User can not see group created and user in group created 

Users monitoring this issue





2022-07-27 18:17

developer   ~71199

The origin of this issue seems : current user was not set in Created group. In 3.X : if an user create a group : he was included in it.

Now : it was not in group, and can add it himself in group …



2022-07-27 18:19

developer   ~71201

Confirm the origin of the issue.

In 3.X : current user added (and can not delete himself via GUI)

But we can easily fix to include owner_id for group + for user



2022-07-29 09:08

developer   ~71239

But we can easily fix to include owner_id for group + for user

Work for getUserGroupList() function :
Not for getUserList function ( complex to update this one)



2022-08-04 16:12

developer   ~71326

@gabrieljenik : you can not add owner_id to user list else you can give access to a group where user was removed from group in 3.X

In 3.X

  1. User 1 create UserGroupA (user can see this group) and UserGroupB
  2. Superadmin remove user 1 from UserGroupA
  3. User 1 can NOT see UserGroupA but still see UserGroupB

Update to 5.X now : no issue User 1 can NOT see UserGroupA but still see UserGroupB

If you fix the owner_id system User 1 can see UserGroupA .

Maybe reset the owner_id when update ? Since it's not used ?



2022-08-22 21:08

manager   ~71514

From what I read here, there 2 problems:

Problem 1)
View si retrieveing groups with the wrong query/logic criteria.
New LS5 schema by owner is not used.

Problem 2)
Some old groups created in LS3 could present permission issues with this LS5 logic
Very hard to sharply identify these groups.

I would work on #1 and then somehow show an alert ro superadmins on grups that are candidates #2.




2022-08-24 08:23

developer   ~71523

Problem : User with group creation allowed can not see is own group

Reason :
in 3.X (2.05 until 5.3.28).: we don't use owner_id
In 3.X : when user create group : it was added to group.
In 5.0.0 : we don't use owner_id (OK why not)
In 5.0.0 : when user create group : it was NOT added to group.

Problem 1)
View si retrieveing groups with the wrong query/logic criteria.
New LS5 schema by owner is not used.

It's NOT the problem …
The problem is : We don't add current user when he create a group.

If you add owner_id to permission : this potentially BROKE current permission system. Potentially : some user can see forbidden user name …

Then you need to update API version (5.5.0 to 6.0.0) if you add owner_id to manager UserGroup
My opinion : it can be done only in DEV
And you need to be allowed to update owner via GUI
You can add a complete Permission system (GUI and lot of part of SurveyGroup can be reused)



2023-10-02 11:12

developer   ~77459

Like user : my opinion : remove the not really used Update and Delete permission

  1. Remove it from definition
  2. Remove it i a DB update (set whole to 0)
  3. owner can do whole on UserGroup
  4. After : manage ALL user group (update / delete) are a new feature.

Issue History

Date Modified Username Field Change
2022-07-27 18:15 DenisChenu New Issue
2022-07-27 18:17 DenisChenu Note Added: 71199
2022-07-27 18:17 DenisChenu Bug heat 0 => 2
2022-07-27 18:19 DenisChenu Assigned To => DenisChenu
2022-07-27 18:19 DenisChenu Status new => confirmed
2022-07-27 18:19 DenisChenu Note Added: 71201
2022-07-29 09:05 DenisChenu Assigned To DenisChenu =>
2022-07-29 09:08 DenisChenu Note Added: 71239
2022-07-29 10:16 DenisChenu Relationship added related to 18294
2022-08-04 15:36 gabrieljenik Assigned To => gabrieljenik
2022-08-04 15:36 gabrieljenik Status confirmed => assigned
2022-08-04 15:36 gabrieljenik Severity minor => partial_block
2022-08-04 16:12 DenisChenu Note Added: 71326
2022-08-22 21:08 gabrieljenik Note Added: 71514
2022-08-22 21:08 gabrieljenik Bug heat 2 => 4
2022-08-22 21:09 gabrieljenik Assigned To gabrieljenik =>
2022-08-22 21:09 gabrieljenik Status assigned => feedback
2022-08-23 15:49 DenisChenu Relationship added parent of 18281
2022-08-24 08:23 DenisChenu Note Added: 71523
2022-08-24 08:23 DenisChenu Status feedback => new
2022-08-25 21:58 gabrieljenik Assigned To => gabrieljenik
2022-08-25 21:58 gabrieljenik Status new => confirmed
2022-08-25 21:58 gabrieljenik Assigned To gabrieljenik =>
2022-09-01 13:27 DenisChenu Steps to Reproduce Updated
2022-09-01 13:27 DenisChenu Additional Information Updated
2023-05-22 15:34 geraldC Issue Monitored: geraldC
2023-05-22 15:34 geraldC Bug heat 4 => 6
2023-05-22 15:35 guest Bug heat 6 => 12
2023-10-02 11:12 DenisChenu Note Added: 77459