View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
18544Bug reportsImport/Exportpublic2022-12-06 20:222023-01-16 14:34
Reportergabrieljenik Assigned Togabrieljenik  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version5.4.x 
Summary18544: Update Theme Options: Survey Group permissions are not checked correctly
Description

When updating theme options and updating the survey group, the code doing the permission checking seems buggy.
Also, when resetting.

Caght while reviewing 18460

Steps To Reproduce

To access that page you had to put the URL (eg: http://xxxxx/limesurvey/index.php/themeOptions/updateSurveyGroup?id=71&gsid=2)
If the group existed, it would let you in even if you didn't have permission.

Go to:
Survey Groups
On a specuific grou, go to Settings > Themes options for this survey group
Choose a theme

Grab the URL. Replace the gsid for a survey group id which you can't access.

Additional Information

Update

https://github.com/LimeSurvey/LimeSurvey/blob/3432032a525f8fca0dd3fc099db5c163f2e83f86/application/controllers/ThemeOptionsController.php#L371

If condition should use OR and not AND.
Also, seems there was a confussion in between SurveyGroup and SurveysInGroup, maybe?

Reset

https://github.com/LimeSurvey/LimeSurvey/blob/master/application/controllers/ThemeOptionsController.php#L627

Same as before applies.

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)5.x
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMariaDB 10.1.48
Server OS (if known)
Webserver software & version (if known)
PHP VersionPHP 7.4

Relationships

Relationship GraphDependency Graph
related to 18460 assignedgabrieljenik Feature requests Assigned survey group is gone after survey export/import 

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2022-12-07 08:34

developer   ~73014

Also, seems there was a confussion in between SurveyGroup and SurveysInGroup, maybe?

Yes, right surveysettings : https://github.com/LimeSurvey/LimeSurvey/blob/3432032a525f8fca0dd3fc099db5c163f2e83f86/application/models/SurveysGroups.php#L442
(or create a themeoptions at getPermissionData)
gabrieljenik

gabrieljenik

2022-12-15 17:22

manager   ~73146

Last edited: 2022-12-15 17:22

Changed permission type being checked and object whose is checked
https://github.com/LimeSurvey/LimeSurvey/pull/2795
gabrieljenik

gabrieljenik

2023-01-12 12:12

manager   ~73445

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34215
LimeBot

LimeBot

2023-01-16 14:34

administrator   ~73472

Fixed in Release 5.6.0+230116

Related Changesets

LimeSurvey: master 3821109c

2023-01-12 13:12

gabrieljenik

Committer: GitHub


Details Diff		 Fixed issue 18544: Update Theme Options: Survey Group permissions are not checked correctly (#2795)

Co-authored-by: lapiudevgit <devgit@lapiu.biz>		 Affected Issues
18544
mod - application/controllers/ThemeOptionsController.php Diff File

Issue History

Date Modified Username Field Change
2022-12-06 20:22 gabrieljenik New Issue
2022-12-06 20:22 gabrieljenik Issue generated from: 18460
2022-12-06 20:22 gabrieljenik Relationship added related to 18460
2022-12-06 20:22 gabrieljenik Description Updated
2022-12-06 20:23 gabrieljenik Status new => confirmed
2022-12-07 08:34 DenisChenu Note Added: 73014
2022-12-07 08:34 DenisChenu Bug heat 0 => 2
2022-12-07 19:35 gabrieljenik Assigned To => gabrieljenik
2022-12-07 19:35 gabrieljenik Status confirmed => assigned
2022-12-15 17:22 gabrieljenik Assigned To gabrieljenik => DenisChenu
2022-12-15 17:22 gabrieljenik Status assigned => ready for code review
2022-12-15 17:22 gabrieljenik Note Added: 73146
2022-12-15 17:22 gabrieljenik Bug heat 2 => 4
2022-12-15 17:22 gabrieljenik Note Edited: 73146
2022-12-15 17:24 gabrieljenik Description Updated
2022-12-15 17:24 gabrieljenik Steps to Reproduce Updated
2022-12-15 17:24 gabrieljenik Additional Information Updated
2022-12-15 17:29 gabrieljenik Steps to Reproduce Updated
2022-12-15 19:52 DenisChenu Assigned To DenisChenu =>
2022-12-15 19:52 DenisChenu Status ready for code review => ready for testing
2023-01-05 15:58 gabrieljenik Assigned To => ollehar
2023-01-05 15:58 gabrieljenik Status ready for testing => ready for merge
2023-01-12 12:12 gabrieljenik Changeset attached => LimeSurvey master 3821109c
2023-01-12 12:12 gabrieljenik Note Added: 73445
2023-01-12 12:12 gabrieljenik Assigned To ollehar => gabrieljenik
2023-01-12 12:12 gabrieljenik Resolution open => fixed
2023-01-16 14:34 LimeBot Note Added: 73472
2023-01-16 14:34 LimeBot Status ready for merge => closed
2023-01-16 14:34 LimeBot Bug heat 4 => 6