Check out the LimeSurvey source code on GitHub!

Hiding Survey 'Owner' Detail & Preventing User Changing Password

More
5 years 7 months ago #63246 by sheddington
Hi,

Can I hide the survey 'owner' field in the 'List Surveys' page for a user with all user rights turned off?

Also, is there a way to have a user who cannot change their password? (to use with a Demo account, access to which is given to different people).

thanks in advance for any help!

Please Log in to join the conversation.

More
5 years 7 months ago #63348 by sheddington
I can probably cover the 2nd part of my question by setting up a seperate Demo with a locked down database.

First part seems like it should be that way by default. Why show a user without rights who the survey owner is and a list of all users on the system? Letting all users know the other user names, including administrator name, isn't ideal behaviour.

Please Log in to join the conversation.

More
5 years 7 months ago - 5 years 7 months ago #63349 by Ben_V

by setting up a seperate Demo with a locked down database.

I'm not sure if you have already valued the optional security settings:
$demoModeOnly: If this option is set to true, then LimeSurvey will go into Demo mode. The Demo mode changes the following things:
Disables changing of the admin user's details and password
Disables uploading files on the template editor
Disables sending email invitations and reminders
Disables doing a database dump
Disables the ability to save the following global settings: Site name, Default language, Default Htmleditor Mode, XSS filter


Ressource: docs.limesurvey.org/Optional+settings#Security

Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
Last Releases => 2.6x.x goo.gl/ztWfIV | 2.06/2.6.x => bit.ly/1Qv44A1
Demo Surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)
Last Edit: 5 years 7 months ago by Ben_V.

Please Log in to join the conversation.

More
5 years 7 months ago #63358 by sheddington
Thanks Benitov, will definitely use that for the Demo version.

For the live version, where I would like either no 'owner' to be visible in the 'list surveys' page (when viewed by a user with all rights unticked), or that at least they don't see a list of everyone on the system when they click to try edit the owner, the following on the same page seems like it should in theory work...

"usercontrolSameGroupPolicy : set to true by default. By default non admin users defined in the LimeSurvey management interface will only be able to see other users if they belong to at least one group this user belongs to."

...however, after checking this is true in both config file and in global settings, it still is allowing the 'no-privileges' user to see a list of all users (I have created a user group just for this user, so this should, by the above description, mean they can't see everyone outside the group).

Am I missing something obvious here?

I noticed while doing this that the main admin user is placed by default in any new group created and it doesn't look like they can be removed from a group.

thanks

Please Log in to join the conversation.

More
5 years 7 months ago #63460 by sheddington
Just out of interest then, what exactly does the usercontrolSameGroupPolicy setting change, if it doesn't stop 'non-admin users' from seeing other users?

I take it a "non-admin user" is one with no ticks on the 'Set user rights' page?

Please Log in to join the conversation.

More
5 years 5 months ago #66157 by sheddington
No takers?

Do I need to post this somewhere different as a bug? Seems like a bug to me.

Please Log in to join the conversation.

More
5 years 5 months ago #66171 by Mazi

sheddington wrote: "usercontrolSameGroupPolicy : set to true by default. By default non admin users defined in the LimeSurvey management interface will only be able to see other users if they belong to at least one group this user belongs to."

...however, after checking this is true in both config file and in global settings, it still is allowing the 'no-privileges' user to see a list of all users (I have created a user group just for this user, so this should, by the above description, mean they can't see everyone outside the group).

Please test if the problem still exists at the latest release . If so please open a ticket at the Bugtracker and...
  1. Give as much information as possible
  2. Attach your survey. You can mark your ticket "private" so that only the developers will be able to take a look at it.
  3. Provide step-by-step instructions how to reproduce the problem.
  4. If possible/helpful please provide screenshots

Afterwards please post the link to the Bugtracker so we can follow the progress.

Thanks!


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
5 years 5 months ago #66185 by sheddington

Please Log in to join the conversation.

More
5 years 4 months ago #66378 by Mazi
Thanks for reporting bugs. This problem will be solved at the next (weekly) release with build number > 11054


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form