Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Upgraded from 2.05 to 2.57 caused permission issue

  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 3 months ago #145829 by katcher01
Hello, following an upgrade from 2.0.5 to 2.57+ I noticed existing users were now able to see all other users surveys. Is this supposed to happen? If so, is their a simple sql which we can run to update the permissions. I understand that the users must only have Create if we want the users to own /edit surveys they created.

MSSql, Windows apache 2.4 php 5.6.28

Thanks

Eric
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 3 months ago #145844 by DenisChenu
Hi : manual.limesurvey.org/Manage_users#Setti...rmissions_for_a_user

You surely have "Edit survey" checked for your users : then edit all survey (a user can always edit HIS survey).

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 3 months ago #145881 by katcher01
Hi, Denis, the issue is how can I remove the appropriate permissions from the 500+ users who are already upgraded with incorrect permissions. Do I have to do each user individually and set only Create? Is there some sql I can run directly on DB to fix?

Any suggestions would be appreciated.

Eric
The topic has been locked.
  • markusfluer
  • markusfluer's Avatar
  • Visitor
  • Visitor
7 years 3 months ago #145917 by markusfluer
Replied by markusfluer on topic Upgraded from 2.05 to 2.57 caused permission issue
Hello Katcher, what permission should you users have, create survey and update survey?
Or also import and export?

I can provide you with an sql.
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
7 years 3 months ago - 7 years 3 months ago #145929 by LouisGac
Also, a start build number would have been useful to help you.

We have many people who updated from 2.05 version to 2.50 without any problem. But, not so many people use MSSQL (and they're right). So maybe it's MSSQL bug in the DB upgrade process.

Knowing that 2.05 versions start with a db_version of 168, to find what went wrong, all the updates of permissions for db version superior to 168 should be checked.

You're lucky: I just did that work, and there is only one update of the permission table since 2.05, for db version 172:
github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L1180-L1199
Code:
                case 'mssql':
                    try{ setTransactionBookmark(); $oDB->createCommand()->dropIndex('permissions_idx2','{{permissions}}');} catch(Exception $e) { rollBackToTransactionBookmark(); };
                    try{ setTransactionBookmark(); $oDB->createCommand()->dropIndex('idxPermissions','{{permissions}}');} catch(Exception $e) { rollBackToTransactionBookmark(); };
                    alterColumn('{{permissions}}', 'entity_id', "INTEGER", false);
                    $oDB->createCommand()->createIndex('permissions_idx2','{{permissions}}','entity_id,entity,permission,uid',true);
                    break;

This piece of code probably went wrong on your server for some reason (MSSQL version?)
So just relaunch it, and you should be fine.
Last edit: 7 years 3 months ago by LouisGac.
The topic has been locked.
  • LouisGac
  • LouisGac's Avatar
  • Visitor
  • Visitor
7 years 3 months ago - 7 years 3 months ago #145930 by LouisGac
Also, if you have more than 500 users, and so if you are a professional user of LimeSurvey, I highly recommend you to use the comfortUpdate or to use one of our professional hosting solution to avoid those kind of problems in the future:
www.limesurvey.org/services

LimeSurvey professional hosting users benefit of our direct support.
If for any reason you would have faced such a problem on our hosting solution, it would have been resolved in few hours max.
Last edit: 7 years 3 months ago by LouisGac.
The topic has been locked.
  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 3 months ago #145962 by katcher01
Thanks for the reply,
First off:
Version 2.05+ Build 140116
DB Version 174
The topic has been locked.
  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 3 months ago #145964 by katcher01
Hello Markus,

Our old users were autocreated and had permission to create their own surveys. We do not want users to be able to see any other surveys other than their own. One Caveat, we may be creating some surveys which can have multiple survey admins. We are however going to handle those manually as one offs. The users on the other hand exist or will be autocreated with create perms only. This appears to be working with our basic custom reverse authentication (token check) plugin.
The topic has been locked.
  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 2 months ago #146176 by katcher01
Any News on this?

Thanks

Eric
The topic has been locked.
  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 2 months ago - 7 years 2 months ago #146216 by katcher01
Hello, I am a little confused about the permissions. On my production lime survey application (2.0.5) the lime_permissions seem to be set as

create_p = 1, read_p = 1, update_ =1, delete_p =1 yet each user can see only their own surveys. On 2.57, if these permissions are maintained, the survey admins can see/edit all surveys. Is this the desired outcome of the upgrade? Was the permission structure changed to provide global access to all surveys? I thought that if you set the create_p flag to 1 and the remaining to 0 a user would only be able to see and interact with their own surveys. Is that correct? If so, the upgrade worked but the feature changed and if I want the original setup i.e. survey admins can only see/edit etc their own surveys I have to change the upgraded perms to the following:

update dbo.lime_permissions set read_p = 0, update_p = 0, delete_p = 0 WHERE id in (select id from dbo.lime_permissions where read_p = 1 and update_p = 1 and delete_p = 1 and permission = 'surveys');


Is that correct?

Eric
Last edit: 7 years 2 months ago by katcher01. Reason: More details
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 2 months ago - 7 years 2 months ago #146218 by DenisChenu
In 2.05 : read/surveys permission or update/surveys permission is not used .

The owner of a survey have all rights on his survey then don't need an extra settings.

The manual in 2.05 show "read/surveys permission" : allow user to see all surveys

There is a bug in 2.05 but , dev most use LS as superadmin then don't see the bug for a long time. This is fixed in 2.6 if i remind, not in 2.5X

The Update SQL seems OK :)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 7 years 2 months ago by DenisChenu. Reason: The Update instructions seems OK :)
The topic has been locked.
  • katcher01
  • katcher01's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
7 years 2 months ago #146219 by katcher01
Thanks, when I run the upgrade on our productio site I will remember to run the sql to fix the permissions.

Best wishes for the new year!

Eric
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose