@DenisChenu Is this related to 18468 ?
What do you think?

Added missing setting details.

@DenisChenu Is this related to 18468 ?

same number issue , then yes 18468 is related to 18468 :)

Else : it's an old issue here. User list are really complex …

@Mazi : you have a old 2.6lts to check how it work ? Maybe a 2.50 too ? And in 3.X ?
I think it's this behaviour since years now …

Update to set as a better behaviour are dangerous .
Did you remind when we add a REAL permission system for Survey some year ago ?
A lot of user complain there user see survey of other user … because we really use 'View' permission system.

Before 2.00 (or maybe in 2.05 too) : view survey didn't allow to view ALL survey.

Got it : https://bugs.limesurvey.org/view.php?id=9571

And see comment : https://bugs.limesurvey.org/view.php?id=9571#c31846

At this date : there are a lot of Forum user complaining about new situation

@DeniChenu, at version 2.6.7 the "Users can see users from own group only" does NOT have to be changed. It behaves different. There is no such bug.

3.X have the issue ?

@DenisChenu, just test ;-)

I can confirm that this is NOT an issue at LS 3.x.

Then i think we must back to 3.X system :)

About expected result :

Users can see users from own group only to Yes
User have Permission read all user
See other users which exist at the same (default) user group within the dropdown only ? (i think yes, unsure)
See other users which exist at the same (default) user group in management only ? (i think yes, unsure)
User do not have Permission read all user
See other users which exist at the same (default) user group within the dropdown ? (i think yes)
No user management access

Users can see users from own group only to No
User have Permission read all user
See other users (all) ? (i think yes)
User do not have Permission read all user
See other users (all) in drop-down ? (i think yes (unsure))
No user management access

@gabrieljenik : seems totally related to the withListRight scope ;)

same number issue , then yes 18468 is related to 18468 :)

Sorry, meant #18356

Sorry, meant 18356

I don't think :l pother are related to role.
I don't know real usage of role …

@gabrieljenik : seems totally related to the withListRight scope ;)

But now this is related to user listing, not survey listing.
You mean that method should be applied to user-* objects?

Want to take this?

You mean that method should be applied to user-* objects?

Yes , i think it can be more clear

Want to take this?

I want to have clear decision about expected result … with and without "Users can see users from own group only" option.
After : yes.

Can we assign this to a developer? For some larger institutions this turns out to be a show stopper.

Maybe a complete User permission system is needed ?

@DenisChenu, I do not think that for fixing this bug we need a completely new user permission system. That would be a little too much. It is a simple bug, the settings doesn't seem to be taken into account.

Hi @Mazy,

We have been trying to reproduce this and couldn't.
In LTS and 5.x has the same behaviour, and believe correct one.

Can you please try to reproduce / clarify?

See other users which exist at the same (default) user group within the dropdown.

What do you mean by "default"?

Actual result
No users are present within the dropdown.

Are you including the user in a group?
Maybe it is there is no group from where to show users?

Must confirm this behavior

https://bugs.limesurvey.org/view.php?id=18468#c73031

(and maybe add it to manual)

Use have view all user

What do you mean? A permission?

Sorry :

User have Permission read at user on Global

I update

I think the problem here lies on this expectation same (default) user group
There is no default user group.
If you are not on a group, you are not part of any group.

Does this clarifies or makes more sense @Mazi?

Thing is that by default, 90% of users are not in a user group. Simply because most users do not use user groups.

So question is: Should we have/add a default user group?

To the common user not seeing any other users though having been assigned the permission to see them is confusing.

So your expectation is:

• Users can see users from own group only to Yes
• If the user is not assigned to any group, it should be able to see users that have no group.

Isn't that a security concern? Isn't that too broad of a situation where lot of unexpected stuff could happen?

If someone should see users, he should have "read" permission at global level, right?

@gabrieljenik, by default users need view permissions to see others.

And yes, I think they should see all other users. If this is not intended, then one should not assign the view permissions which is not set by default anyway. But if it is set, the user should see others. Otherwise it makes no sense.

We are talkig about the following, right?

Scenario:

• User does have "user read permission" at global level
  Behaviour:
  ==> Assign survey permissions to others: Filled with all users
  (no matter other stuff)

Scenario:

• User does NOT have "user read permission" at global level
• "User can see users from own group only": Yes
  Behaviour:
  A) If user is not assigned to any group
  ==> Assign survey permissions to others: Empty
  B) If user is assigned to a group
  ==> Assign survey permissions to others: Filled with users from same group.

What do you think?

Not sure about what should happen on this scenario:

• User does NOT have "user read permission" at global level
• "User can see users from own group only": No
  Behaviour:
  A) If user is not assigned to any group
  ==> Assign survey permissions to others: ???
  B) If user is assigned to a group
  ==> Assign survey permissions to others: ???

@gabrieljenik: The first scenarios look correct to me. I still think it is the VIEW permission though, not READ, but we may mean the same thing.

As for the last scenario: If there are no permissions to view users at global level, then they should never see any other users.

As for the last scenario: If there are no permissions to view users at global level, then they should never see any other users.

Scenario:

• User does NOT have "user read permission" at global level
• "User can see users from own group only": No
  Behaviour:
  A) If user is not assigned to any group
  Assign survey permissions to others: Empty
  B) If user is assigned to a group
  Assign survey permissions to others: Empty.

I agree with you.

Ok, I will review and update :)

In current 3.X (LOL) seem Group member can only see own group: is used ONLY for user dropdown.

User with read all Users + "User can see users from own group only": to YES

• User can see all user in user management
• User can see only himself in Survey Permission

Then : seems OK to allow user with Read all user permission to see ALL user in dropdown too. No new secret appear. Maybe add a comment on manual (or in Group member can only see own group settings )

Scenario

Current
Users can see users from own group only to Yes
User have Permission read all user

• See other users in same group within the dropdown only
• See ALL other users in management

Move to

Users can see users from own group only to Yes
User have Permission read all user

• See ALL other users within the dropdown only
• See ALL other users in management

Please find below a summary.
Both 3.xLTS and v5 behave alike.

If you are OK, we will fix the situations highlighted in yellow

Also, we would change the label of the setting from "Group member can only see own group" to "Group member can see users from own group?".
And add some help text saying this will provide users which don't have "global user view permission", the possibility to see users from same group.

Thoughts?

image.png (23,881 bytes)   

image.png (23,881 bytes)   

If you are OK, we will fix the situations highlighted in yellow

Looking at your summary : user without Read right permission see all users currently ? It's a terrible issue …

The expected part is for Permission dropdown ?

Also, we would change the label of the setting from "Group member can only see own group" to "Group member can see users from own group?".
And add some help text saying this will provide users which don't have "global user view permission", the possibility to see users from same group.

:+1:

The expected part is for Permission dropdown ?

Yes, the element inspected is the user dropdown list on the assign survey permission screen.
I guess we should also check it when assigning the permission as well.

Yes, the element inspected is the user dropdown list on the assign survey permission screen.

Yes : same list used for owner update etc … i think

I guess we should also check it when assigning the permission as well.

Currently : Survey and SurveyGroup use same code.

I guess we should also check it when assigning the permission as well.

Currently : Survey and SurveyGroup use same code.

I was referring that we should check not only for building the dropdown list, but also when processing the permission assignment operation.

I was referring that we should check not only for building the dropdown list, but also when processing the permission assignment operation.

Oh , yes : when GIVE persmision : check if user is allowed to see user.
And in the list of user : show only user oin same group

This part are more complex …

PR v5: https://github.com/LimeSurvey/LimeSurvey/pull/3175

PR has some failing tests.

I have tested this, but I am not sure if there are still some changes required on the PR or not @ollehar.

There are an issue with new implementation, we loose an ability

Before

1. We can disable user management access (with email and login) but allow to select any user in Permission list. Not possible in new implementation.*

If a superadmin want user didn't see other user (except with user/read permission) : he can just activate "user group" system.

If he want users can give permission to all other users : he don't set this. : we loose this part.

then i think we need an option to get this possibility.

And about user/read permission : in 3.X User see only email of own groups : we loose too this option. I think we need a new option too to limit access to UserView by group

I should take some time to review and understand a bit more your comment.

We can disable user management access (with email and login) but allow to select any user in Permission list. Not possible in new implementation

I don't understand this.
What do you mean by disable "user management access".

If he want users can give permission to all other users : he don't set this. : we loose this part.

I don't understand this. Can you provide an example?

And about user/read permission : in 3.X User see only email of own groups : we loose too this option. I think we need a new option too to limit access to UserView by group

Not sure I full y understand, but from I am getting, I believe we didn't loose it but made it straight.
That was the table about right?

What do you mean by disable "user management access".

An user without any user permission

If he want users can give permission to all other users : he don't set this. : we loose this part.

Today (without Group member can only see own group)

• Create an user#1 and give him Survey create Permssion
• Create another user#2 without any permission
• user#1 create Survey#1
• user#1 can give permission to Survey#1 to user#2
• user#1 know only "User name" of user#2, no email or login name access.

Tomorrow, to allow this you must give

• user#1 view all user global permission
• user#1 have access to user#2 email address and login name

You broke one GDPR criteria : https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

And lost, with "Group member can only see own group" ro ON

User#1 have global permission User/read
User#1 are in Group#1
User#2 are in group#1
User#3 are in group#2

user#1 can check email and login of User#2, but have npo access of User#3 email address.

I mean : there are a difference between

1. View username and only username and loginname
2. View username + email address

I will need to review all the situations you gave.

Still, the table reviewed on 2023-05-23, holds? or need to updated?
Is there any case there which is not working properly?

I don't know … ping @ollehar @Mazi @c_schmitz

The real upset line is the 3rd line in the screen

User read all User Permission + "Group member can only see own group" to ON

• Current situation : This user see only some user
• Tomorrow : This user see all user.

The real upset line is the 3rd line in the screen

User read all User Permission + "Group member can only see own group" to ON
Current situation : This user see only some user
Tomorrow : This user see all user.

Well, in curren situation, as he has read permissin to all usuers, he can go to user permissions and see all users, right?
Read permission overrules "group setting"

Als, recall there was a problem in the wording of that setting:

Also, we would change the label of the setting from "Group member can only see own group" to "Group member can see users from own group?".
And add some help text saying this will provide users which don't have "global user view permission", the possibility to see users from same group.

I understand you were OK with that.

Status reads "Ready for testing". Is there a PR? Discussion status?

https://bugs.limesurvey.org/view.php?id=18468#c75236

PR v5: https://github.com/LimeSurvey/LimeSurvey/pull/3175

Discussion status? Probably these:
A) Lastest post from myself: https://bugs.limesurvey.org/view.php?id=18468#c75650
B) https://github.com/LimeSurvey/LimeSurvey/pull/3175#discussion_r1229837578