20420: Copy survey fails with generic 500 error when user lacks permission for the survey’s owner group (should show proper authorizati

This issue affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update
20420	Bug reports	User / Groups / Roles	public	2026-02-09 14:00	2026-02-09 14:00

Reporter	Mauro	Assigned To
Priority	none	Severity	crash
Status	new	Resolution	open

Summary	20420: Copy survey fails with generic 500 error when user lacks permission for the survey’s owner group (should show proper authorizati
Description	When a user tries to copy a survey that belongs to a survey group they are not authorized to use (survey created under a different group), LimeSurvey shows a generic “500 internal server error - Failed to copy survey”. After enabling debug and adding extra logs, the actual error is an authorization error on gsid (survey group): “You are not allowed to use this group”. This looks like the backend is throwing an exception during copy instead of validating permissions and returning a user-friendly message (403/permission error) before attempting to save the destination survey.
Steps To Reproduce	Create (or have) a survey S owned/created under Survey group A (gsid = A). Create a user U that has permissions to access surveys (e.g., can view/copy surveys) but is not a member / not authorized for Survey group A. Login as U. In the survey list, use the “Copy” action (row action) on survey S. Confirm copy. ##Expected behavior The UI should show a clear permission error such as: “You are not authorized to use this group (Survey group A). Choose a permitted group or request access.” The operation should not crash with a 500. Ideally, the copy dialog should prevent the action or allow selecting a target group the user is authorized to use. ##Actual behavior UI shows: “500: Internal Server Error - Failed to copy survey” (generic). In server logs / debug, the underlying save error contains: Errors: Array ( [gsid] => Array ( [0] =>You are not allowed to use this group ) ) ##Additional information / Logs Observed in application/models/services/CopySurvey.php during destination survey save. The failure happens at the moment destination survey is saved (destination survey inherits gsid that user cannot use). The exception message is generic (“Failed to copy survey”) and does not surface the real authorization reason. ##Impact Misleading 500 error causes operational noise and support escalations. Real root cause is permissions, not system failure. Users cannot self-resolve because the UI hides the actual reason. ##Suggested fix / improvement Validate group permission before attempting to save the destination survey. If unauthorized, return a permission error (HTTP 403 and UI message). Alternatively, when destinationSurvey->save() fails due to gsid authorization, catch that specific error and show it in the UI instead of throwing a generic exception. Optionally allow choosing a target group (one the user is authorized to use) in the copy flow. ##Workaround Add the user to the survey’s group (or grant access to that group), then copy works.
Tags	No tags attached.
Attached Files	image (2).png (118,529 bytes) image (1).png (32,641 bytes) image (1).png (32,641 bytes)

Bug heat	0
Complete LimeSurvey version number (& build)	LimeSurvey 6.16.5 (Build 260127)
I will donate to the project if issue is resolved	No
Browser	Chrome
Database type & version	sqlsrv
Server OS (if known)	Linux (Ubuntu kernel 5.15.0-168-generic
Webserver software & version (if known)
PHP Version	8.3.30

User List	There are no users monitoring this issue.

Date Modified	Username	Field
2026-02-09 14:00	Mauro	New Issue
2026-02-09 14:00	Mauro	File Added: image (2).png
2026-02-09 14:00	Mauro	File Added: image (1).png

View Issue Details

Users monitoring this issue

Activities

Issue History