View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 252
IDProjectCategoryView StatusDate SubmittedLast Update
04079Bug reportsSecuritypublic2010-01-29 00:122010-02-02 23:43
ReporterMazi Assigned Touser372 
PrioritynormalSeveritypartial_block 
Status closedResolutionno change required 
Product Version1.87+ 
Summary04079: User with sufficient rights is not allowed to change answers
Description

I. A user who is not superadmin but has sufficient rights is not allowed to update given answers.

How to reproduce:

  1. When being logged in as admin add a new user to your system, let's call her "Sandra".
  2. Assign all rights to Sandra but not the superadmin right.
  3. Choose a survey which contains some answers.
  4. For this survey assign all available rights to Sandra at "survey security settings"
  5. Log out
  6. Log in using the Sandra user
  7. Choose survey -> browse responses -> display responses
  8. Click the ID of a certain data set on the left
  9. Click "edit this entry" and check the "save" button on the bottom on the page

--> You can't save!

Additional Information

Two more user right problems I just noticed

II. When creating a new user and using the email address of an already existing user the error message says "Failed to add user. The user name already exists.". This error message is pretty misleading because the user NAME didn't exist yet, only the email address.

III. When creating a new user without existing name or email I got "Email to sandra (sandra@marcel-minke.de) failed." - "Invalid address: <blank>". The email address is valid and doesn't look strange so where does this error message come from?

TagsNo tags attached.
Bug heat252
Complete LimeSurvey version number (& build)8321
I will donate to the project if issue is resolved
BrowserFirefox 3
Database type & versionMS SQL Server 2005
Server OS (if known)Win XP Sp 3
Webserver software & version (if known)Apache 2.2
PHP Version5.2.11

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2010-02-02 11:45

administrator   ~10948

Actually I fail to see where this is an error.
There is no according survey permission to edit a response so it can't be given.
c_schmitz

c_schmitz

2010-02-02 12:16

administrator   ~10949

Mazi: please move this to the idea tracker if you want this to be implemented in a survey permission re-design.
c_schmitz

c_schmitz

2010-02-02 23:43

administrator   ~10962

It would need a new version and 2 days of work to redesign the survey permissions properly with a CRUD system.

Issue History

Date Modified Username Field Change
2010-01-29 00:12 Mazi New Issue
2010-01-29 00:12 Mazi Status new => assigned
2010-01-29 00:12 Mazi Assigned To => user372
2010-01-29 00:12 Mazi LimeSurvey build number => 8321
2010-01-29 00:12 Mazi Browser => Firefox 3
2010-01-29 00:12 Mazi Database & DB-Version => MS SQL Server 2005
2010-01-29 00:12 Mazi Operating System (Server) => Win XP Sp 3
2010-01-29 00:12 Mazi Webserver => Apache 2.2
2010-01-29 00:12 Mazi PHP Version => 5.2.11
2010-02-02 11:45 c_schmitz Note Added: 10948
2010-02-02 12:16 c_schmitz Note Added: 10949
2010-02-02 16:00 c_schmitz Status assigned => closed
2010-02-02 16:00 c_schmitz Resolution open => no change required
2010-02-02 23:43 c_schmitz Note Added: 10962