View Issue Details

This bug affects 1 person(s).
 2
IDProjectCategoryView StatusLast Update
08243Bug reportsSurvey participants (Tokens)public2013-10-09 11:22
Reporterabezverkhyy Assigned Toc_schmitz  
PrioritylowSeverityminor 
Status closedResolutionfixed 
Product Version2.00+ 
Fixed in Version2.00+ 
Summary08243: On token admin page, all buttons are shown even for a read-only user
Description

On the token administration page, all controls are always displayed, even if the current user has read-only rights.
The use of those controls is checked server-side but nothing is done to hide those buttons from the user.

I wrote a patch trying to solve this issue :
https://github.com/LimeSurvey/LimeSurvey/pull/141

Steps To Reproduce
  • log-in as admin
  • create a user with read-only rights
  • create an invite-only survey
  • generate some tokens
  • log-in as the read-only user
  • goto token management
  • you'll see buttons like "delete" that you won't be able to use, because rights will be checked by the server-side code
TagsNo tags attached.
Attached Files
token_admin_controls.png (16,155 bytes)   
token_admin_controls.png (16,155 bytes)   
Bug heat2
Complete LimeSurvey version number (& build)130913
I will donate to the project if issue is resolvedNo
Browser
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2013-10-09 10:51

administrator   ~26647

Thank you for the patch! For your next patch please, please adhere to the commit message standard laid out in http://manual.limesurvey.org/wiki/Standard_for_Git_commit_messages . Thank you!

c_schmitz

c_schmitz

2013-10-09 11:22

administrator   ~26651

2.00+ Build 121009 released

Related Changesets

LimeSurvey: master 639c36b2

2013-10-08 22:33:29

c_schmitz

Details Diff
Merge pull request #141 from Grapsus/fix_invite_controls

On token admin page, hide buttons the user isn't allowed to use
Affected Issues
08243
mod - application/controllers/admin/tokens.php Diff File
mod - application/views/admin/token/browse.php Diff File
mod - scripts/admin/tokens.js Diff File

Issue History

Date Modified Username Field Change
2013-10-07 13:24 abezverkhyy New Issue
2013-10-07 13:24 abezverkhyy File Added: token_admin_controls.png
2013-10-08 23:34 c_schmitz Assigned To => c_schmitz
2013-10-08 23:34 c_schmitz Status new => assigned
2013-10-09 10:50 c_schmitz Changeset attached => LimeSurvey master 639c36b2
2013-10-09 10:51 c_schmitz Note Added: 26647
2013-10-09 10:51 c_schmitz Status assigned => resolved
2013-10-09 10:51 c_schmitz Fixed in Version => 2.00+
2013-10-09 10:51 c_schmitz Resolution open => fixed
2013-10-09 11:22 c_schmitz Note Added: 26651
2013-10-09 11:22 c_schmitz Status resolved => closed
2016-12-08 10:39 c_schmitz Category Tokens => Survey participants (Tokens)