18968: User with "View/read Users" permission needs to have "User details" action available for all users, not just itself

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

18968	Bug reports	User / Groups / Roles	public	2023-07-19 17:26	2023-10-16 08:55

Reporter	tibor.pacalat	Assigned To	tibor.pacalat
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	6.1.x

Summary	18968: User with "View/read Users" permission needs to have "User details" action available for all users, not just itself
Description	User with "View/read Users" permission needs to have "User details" action available for all users, not just itself
Steps To Reproduce	Steps to reproduce With the user that only has "View/read Users" permission Try to see "User details" from the actions menu for yourself -> works Try to see "User details" for someone else -> the button is disabled Expected result User with "View/read Users" permission should have "User details" action enabled for all users. Actual result User with "View/read Users" permission has "User details" action enabled only for itself.
Tags	No tags attached.

Bug heat	10
Complete LimeSurvey version number (& build)	6.1.5
I will donate to the project if issue is resolved	No
Browser
Database type & version	.
Server OS (if known)
Webserver software & version (if known)
PHP Version	.

User List	There are no users monitoring this issue.

gabrieljenik 2023-09-20 18:01 manager ~77209	Master: https://github.com/LimeSurvey/LimeSurvey/pull/3475

guest 2023-09-21 15:23 viewer ~77219	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=35524

guest 2023-09-21 15:23 viewer ~77220	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=35525

LimeBot 2023-09-25 10:55 administrator ~77302	Fixed in Release 6.2.9+230925

gabrieljenik 2023-10-11 01:01 manager ~77615	v5: https://github.com/LimeSurvey/LimeSurvey/pull/3528

DenisChenu 2023-10-12 11:16 developer ~77656	Really related to all User permission … Code is OK, but logic still broken

tibor.pacalat 2023-10-12 14:48 administrator ~77666	@gabrieljenik when I try to look at the details of superadmin I get 500 http://ls-ce-5x/index.php/userManagement/viewUser?userid=1 <h1>PHP Error [500]</h1> <p>Trying to access array offset on value of type null (/var/www/ls-ce-5x/public/application/views/userManagement/partial/showuser.php:16)</p> <pre>#0 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/base/CErrorHandler.php(133): CErrorHandler->handleError() #1 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/base/CApplication.php(832): CErrorHandler->handle() #2 /var/www/ls-ce-5x/public/application/views/userManagement/partial/showuser.php(16): LSYii_Application->handleError() #3 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CBaseController.php(126): require() #4 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CBaseController.php(95): UserManagementController->renderInternal() #5 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CController.php(872): UserManagementController->renderFile() #6 /var/www/ls-ce-5x/public/application/controllers/UserManagementController.php(462): UserManagementController->renderPartial() #7 unknown(0): UserManagementController->actionViewUser() #8 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/actions/CAction.php(115): ReflectionMethod->invokeArgs() #9 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/actions/CInlineAction.php(47): CInlineAction->runWithParamsInternal() #10 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CController.php(308): CInlineAction->runWithParams() #11 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CController.php(286): UserManagementController->runAction() #12 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CController.php(265): UserManagementController->runActionWithFilters() #13 /var/www/ls-ce-5x/public/application/controllers/LSBaseController.php(145): UserManagementController->run() #14 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CWebApplication.php(282): UserManagementController->run() #15 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/web/CWebApplication.php(141): LSYii_Application->runController() #16 /var/www/ls-ce-5x/public/vendor/yiisoft/yii/framework/base/CApplication.php(185): LSYii_Application->processRequest() #17 /var/www/ls-ce-5x/public/index.php(161): LSYii_Application->run() </pre>

gabrieljenik 2023-10-12 15:15 manager ~77670	/var/www/ls-ce-5x/public/application/views/userManagement/partial/showuser.php: That file is not updated by the patch. It may come from somewhere else.

gabrieljenik 2023-10-12 15:19 manager ~77671	https://github.com/LimeSurvey/LimeSurvey/blame/9b67749428bac123a5e1939e37114cf99c5ade23/application/views/userManagement/partial/showuser.php#L16 That has been like that for 4 years. Maybe something else done somehwere else impacted on this screen. Maybe this is just seen because you have debug turned on. Try changin that line (16) as this in order to be able to test tis ticket and woraournd it: `$oUser->parentUser ? $oUser->parentUser['full_name'] : ''`

tibor.pacalat 2023-10-12 15:31 administrator ~77672	Yeah, this fixes the issue. I think we can leave it like that since I don't know which other views use this partial and it only occurs with debug=2.

guest 2023-10-12 15:31 viewer ~77673	Fix committed to 5.x branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=35611

tibor.pacalat 2023-10-12 15:32 administrator ~77675	Tested and merged.

DenisChenu 2023-10-12 17:33 developer ~77679 Last edited: 2023-10-12 17:34	That has been like that for 4 years. Maybe something else done somehwere else impacted on this screen. Need to be reported , usnure if we need to fix $oUser->getParentUser to alway return some value (empty string) or not ? Edit : https://github.com/LimeSurvey/LimeSurvey/blob/master/application/models/User.php#L647

gabrieljenik 2023-10-12 19:11 manager ~77680	Maybe just a new method parentName() ? That would be easier to use.

DenisChenu 2023-10-13 08:49 developer ~77687	Maybe just a new method parentName() ? We already have it : https://github.com/LimeSurvey/LimeSurvey/blob/master/application/models/User.php#L647 I edited my comment. We use it in Survey listing if i don't make error.

LimeBot 2023-10-16 08:55 administrator ~77728	Fixed in Release 5.6.41+231017

LimeSurvey: master c7ef1061 2023-09-21 14:47:06 Gabriel Jenik Committer: GitHub Details Diff	Fixed issue 18968: User with "View/read Users" permission needs to have "User details" action available for all users, not just itself (#3475) Co-authored-by: Lapiu Dev <devgit@lapiu.biz>	Affected Issues 18968
	mod - application/models/User.php	Diff File
LimeSurvey: master c7ef1061 2023-09-21 14:47:06 Gabriel Jenik Committer: GitHub Details Diff	Fixed issue 18968: User with "View/read Users" permission needs to have "User details" action available for all users, not just itself (#3475) Co-authored-by: Lapiu Dev <devgit@lapiu.biz>	Affected Issues 18968
	mod - application/models/User.php	Diff File
LimeSurvey: 5.x 672f2b8c 2023-10-12 15:31:48 Gabriel Jenik Committer: GitHub Details Diff	Fixed issue 18968: User with "View/read Users" permission needs to have "User details" action available for all users, not just itself (03528) Co-authored-by: Lapiu Dev <devgit@lapiu.biz>	Affected Issues 18968
	mod - application/models/User.php	Diff File

Date Modified	Username	Field	Change
2023-07-19 17:26	tibor.pacalat	New Issue
2023-09-14 14:37	gabrieljenik	Assigned To	=> gabrieljenik
2023-09-14 14:37	gabrieljenik	Status	new => assigned
2023-09-20 18:00	gabrieljenik	Severity	minor => partial_block
2023-09-20 18:01	gabrieljenik	Assigned To	gabrieljenik => DenisChenu
2023-09-20 18:01	gabrieljenik	Status	assigned => ready for code review
2023-09-20 18:01	gabrieljenik	Note Added: 77209
2023-09-20 18:01	gabrieljenik	Bug heat	0 => 2
2023-09-20 22:01	gabrieljenik	Assigned To	DenisChenu => tibor.pacalat
2023-09-20 22:01	gabrieljenik	Status	ready for code review => ready for testing
2023-09-21 14:47	tibor.pacalat	Status	ready for testing => resolved
2023-09-21 14:47	tibor.pacalat	Resolution	open => fixed
2023-09-21 15:23		Changeset attached	=> LimeSurvey master c7ef1061
2023-09-21 15:23		Changeset attached	=> LimeSurvey master c7ef1061
2023-09-21 15:23	guest	Note Added: 77219
2023-09-21 15:23	guest	Note Added: 77220
2023-09-21 15:23	guest	Bug heat	2 => 4
2023-09-21 15:23	guest	Bug heat	2 => 4
2023-09-25 10:55	LimeBot	Note Added: 77302
2023-09-25 10:55	LimeBot	Status	resolved => closed
2023-09-25 10:55	LimeBot	Bug heat	4 => 6
2023-10-11 01:01	gabrieljenik	Assigned To	tibor.pacalat => DenisChenu
2023-10-11 01:01	gabrieljenik	Status	closed => ready for code review
2023-10-11 01:01	gabrieljenik	Note Added: 77615
2023-10-12 11:11	DenisChenu	Relationship added	related to 19166
2023-10-12 11:16	DenisChenu	Note Added: 77656
2023-10-12 11:16	DenisChenu	Bug heat	6 => 8
2023-10-12 11:16	DenisChenu	Assigned To	DenisChenu => tibor.pacalat
2023-10-12 11:16	DenisChenu	Status	ready for code review => ready for testing
2023-10-12 14:48	tibor.pacalat	Note Added: 77666
2023-10-12 14:48	tibor.pacalat	Bug heat	8 => 10
2023-10-12 15:15	gabrieljenik	Note Added: 77670
2023-10-12 15:19	gabrieljenik	Note Added: 77671
2023-10-12 15:31	tibor.pacalat	Note Added: 77672
2023-10-12 15:31		Changeset attached	=> LimeSurvey 5.x 672f2b8c
2023-10-12 15:31	guest	Note Added: 77673
2023-10-12 15:32	tibor.pacalat	Status	ready for testing => resolved
2023-10-12 15:32	tibor.pacalat	Note Added: 77675
2023-10-12 17:33	DenisChenu	Note Added: 77679
2023-10-12 17:34	DenisChenu	Note Edited: 77679
2023-10-12 19:11	gabrieljenik	Note Added: 77680
2023-10-13 08:49	DenisChenu	Note Added: 77687
2023-10-16 08:55	LimeBot	Note Added: 77728
2023-10-16 08:55	LimeBot	Status	resolved => closed

View Issue Details

Steps to reproduce

Expected result

Actual result

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History