Fixed Issue : Fixed error messages and functionality in list_surveys

Dev: User gets message when he has no permission to list surveys Dev: Superuser now can list all surveys (besides certain users) Dev: Minor fix in Survey model
LimeSurvey · Jul 31, 2012 · 20a69d6 · 20a69d6
1 parent 0ed6000
commit 20a69d6
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 23 deletions.
diff --git a/application/controllers/admin/remotecontrol.php b/application/controllers/admin/remotecontrol.php
@@ -467,46 +467,65 @@ public function set_survey_properties($sSessionKey, $iSurveyID, $aSurveyData)
   /**
      * RPC Routine to list the ids and info of surveys belonging to a user.
      * Returns array of ids and info.
-     * If user is admin he can get surveys of every user (parameter sUser)
-     * else only the syrveys belonging to the user requesting will be shown.
+     * If user is admin he can get surveys of every user (parameter sUser) or all surveys (sUser=null)
+     * Else only the syrveys belonging to the user requesting will be shown.
      * 
      * @access public
      * @param string $sSessionKey Auth credentials
-     * @param string $suser Optional username to get list of surveys
+     * @param string $sUser Optional username to get list of surveys
      * @return array The list of surveys
      */
-	public function list_surveys($sSessionKey, $suser='')
+	public function list_surveys($sSessionKey, $sUser=NULL)
 	{
        if ($this->_checkSessionKey($sSessionKey))
        {
-		   $current_user =  Yii::app()->session['user'];
-		   if( Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 and $suser !='')
-				$current_user = $suser;
-
-		   $aUserData = User::model()->findByAttributes(array('users_name' => $current_user));		   
-		   if (!isset($aUserData))
-				return array('status' => 'Invalid user');	   
-
-		   $aUserSurveys = Survey::model()->findAllByAttributes(array("owner_id"=>$aUserData->attributes['uid'])); 		   
-		   if(count($aUserSurveys)==0)
-				return array('status' => 'No surveys found');
+		   $sCurrentUser =  Yii::app()->session['user'];
+
+		   if( Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1)
+		   {
+				if ($sUser == null)
+					$aUserSurveys = Survey::model()->findAll(); //list all surveys
+				else
+				{
+				   $aUserData = User::model()->findByAttributes(array('users_name' => $sUser));		   
+				   if (!isset($aUserData))
+						return array('status' => 'Invalid user');
+					else
+						$aUserSurveys = Survey::model()->findAllByAttributes(array("owner_id"=>$aUserData->attributes['uid'])); 					
+				}		
+			}
+			else
+			{
+				if (($sCurrentUser == $sUser) || ($sUser == null) )
+				{
+					$sUid =  User::model()->findByAttributes(array('users_name' => $sCurrentUser))->uid;
+					$aUserSurveys = Survey::model()->findAllByAttributes(array("owner_id"=>$sUid)); 										
+				}
+				else
+					return array('status' => 'No permission');
+			}
 
-			foreach ($aUserSurveys as $aSurvey)
+		   if(count($aUserSurveys)==0)
+				return array('status' => 'No surveys found');		   
+
+			foreach ($aUserSurveys as $oSurvey)
 				{
-				$aSurveyLanguageSettings = Surveys_languagesettings::model()->findByAttributes(array('surveyls_survey_id' => $aSurvey->primaryKey, 'surveyls_language' => $aSurvey->language));
-				if (!isset($aSurveyLanguageSettings))
+				$oSurveyLanguageSettings = Surveys_languagesettings::model()->findByAttributes(array('surveyls_survey_id' => $oSurvey->primaryKey, 'surveyls_language' => $oSurvey->language));
+				if (!isset($oSurveyLanguageSettings))
 					$aSurveyTitle = '';
 				else
-					$aSurveyTitle = $aSurveyLanguageSettings->attributes['surveyls_title'];
-				$aData[]= array('sid'=>$aSurvey->primaryKey,'surveyls_title'=>$aSurveyTitle,'startdate'=>$aSurvey->attributes['startdate'],'expires'=>$aSurvey->attributes['expires'],'active'=>$aSurvey->attributes['active']);
+					$aSurveyTitle = $oSurveyLanguageSettings->attributes['surveyls_title'];
+				$aData[]= array('sid'=>$oSurvey->primaryKey,'surveyls_title'=>$aSurveyTitle,'startdate'=>$oSurvey->attributes['startdate'],'expires'=>$oSurvey->attributes['expires'],'active'=>$oSurvey->attributes['active']);
 				}
-			return $aData;
+			return $aData;		   
         }
         else
 			return array('status' => 'Invalid session key');				
 	}
 
 
+
+
     /**
     * RPC Routine that launches a newly created survey.
     *

diff --git a/application/models/Survey.php b/application/models/Survey.php
@@ -97,7 +97,7 @@ public function rules()
         array('bounce_email', 'xssfilter'),
         array('faxto', 'xssfilter'),
         array('active', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),
-        array('anonymized', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),        
+       array('anonymized', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),        
         array('savetimings', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),        
         array('datestamp', 'in','range'=>array('Y','N'), 'allowEmpty'=>true), 
         array('usecookie', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),   
@@ -172,7 +172,7 @@ public function xssfilter($attribute,$params)
     public function tmplfilter($attribute,$params)
     {
         if(!array_key_exists($this->$attribute,getTemplateList()))
-			$this->addError($attribute, 'Invalid template!');
+			$this->$attribute = 'default';
     }