Fixed issue #14312: Importing participants from CSV is not possible f…

…or user with survey/create global permission
LimeSurvey · Dec 20, 2018 · 2dc64f3 · 2dc64f3 · Shnoulle · Dec 20, 2018
1 parent d6bc2c5
commit 2dc64f3
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/application/controllers/admin/tokens.php b/application/controllers/admin/tokens.php
@@ -1675,7 +1675,7 @@ public function importldap($iSurveyId)
         $iSurveyId = (int) $iSurveyId;
         $survey = Survey::model()->findByPk($iSurveyId);
         $aData = array();
-        if (!Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import')) {
+        if (!(Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import') || Permission::model()->hasGlobalPermission('surveys', 'update'))) {
             Yii::app()->session['flashmessage'] = gT("You do not have permission to access this page.");
             $this->getController()->redirect(array("/admin/survey/sa/view/surveyid/{$iSurveyId}"));
         }
@@ -1918,7 +1918,7 @@ public function import($iSurveyId)
         $aData = array();
         $iSurveyId = (int) $iSurveyId;
         $survey = Survey::model()->findByPk($iSurveyId);
-        if (!Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import')) {
+        if (!(Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import') || Permission::model()->hasGlobalPermission('surveys', 'update'))) {
             Yii::app()->session['flashmessage'] = gT("You do not have permission to access this page.");
             $this->getController()->redirect(array("/admin/survey/sa/view/surveyid/{$iSurveyId}"));
         }

diff --git a/application/views/admin/token/token_bar.php b/application/views/admin/token/token_bar.php
@@ -14,7 +14,7 @@
             <?php if( isset($token_bar['buttons']['view']) ): ?>
 
                 <!-- Display tokens -->
-                <?php if (Permission::model()->hasSurveyPermission($oSurvey->sid, 'tokens', 'read')): ?>
+                <?php if (Permission::model()->hasSurveyPermission($oSurvey->sid, 'tokens', 'read') || Permission::model()->hasGlobalPermission('surveys', 'update')): ?>
                     <a class="btn btn-default pjax" href='<?php echo $this->createUrl("admin/tokens/sa/browse/surveyid/$oSurvey->sid"); ?>' role="button">
                         <span class="fa fa-list-alt text-success"></span>
                         <?php eT("Display participants"); ?>
@@ -30,7 +30,7 @@
 
                 <!-- Add new token entry -->
                 <ul class="dropdown-menu">
-                <?php if (Permission::model()->hasSurveyPermission($oSurvey->sid, 'tokens', 'create')): ?>
+                <?php if (Permission::model()->hasSurveyPermission($oSurvey->sid, 'tokens', 'create') || Permission::model()->hasGlobalPermission('surveys', 'update')): ?>
                 <li>
                     <a class="pjax" href="<?php echo $this->createUrl("admin/tokens/sa/addnew/surveyid/$oSurvey->sid"); ?>" >
                         <span class="icon-add"></span>
@@ -48,7 +48,7 @@
                 <?php endif; ?>
 
                 <!-- Import tokens -->
-                <?php if (Permission::model()->hasSurveyPermission($oSurvey->sid, 'tokens', 'import')): ?>
+                <?php if (Permission::model()->hasSurveyPermission($oSurvey->sid, 'tokens', 'import') || Permission::model()->hasGlobalPermission('surveys', 'update')): ?>
                     <li role="separator" class="divider"></li>
                     <li>
                         <small><?php eT("Import participants from:"); ?></small>