Fixed issue #16621: In RemoteControl the parameter conditions and tok…

…en for list_participants() do not allow multiple token IDs anymore (#1828)
LimeSurvey · Mar 29, 2021 · a12a92d · a12a92d
1 parent 3ff0af2
commit a12a92d
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 4 deletions.
diff --git a/application/helpers/remotecontrol/remotecontrol_handle.php b/application/helpers/remotecontrol/remotecontrol_handle.php
@@ -2068,6 +2068,12 @@ public function list_groups($sSessionKey, $iSurveyID, $sLanguage = null)
      *
      * If $bUnused is true, user will get the list of uncompleted tokens (token_return functionality).
      * Parameters iStart and iLimit are used to limit the number of results of this call.
+     * Starting with version 4.3.0 it is not possible anymore to query for several IDs just using
+     * an array of values - instead you have use the 'IN' operator.
+     * Examples of conditions:
+     *     array ('tid => 'IN','1','3','26')
+     *     array('email' => 'info@example.com')
+     *     array('validuntil' => array('>', '2019-01-01 00:00:00'))
      *
      * By default return each participant with basic information
      * * tid : the token id
@@ -2082,7 +2088,11 @@ public function list_groups($sSessionKey, $iSurveyID, $sLanguage = null)
      * @param int  $iLimit Number of participants to return
      * @param bool $bUnused If you want unused tokens, set true
      * @param bool|array $aAttributes The extented attributes that we want
-     * @param array $aConditions Optional conditions to limit the list, e.g. with array('email' => 'info@example.com') or array('validuntil' => array('>', '2019-01-01 00:00:00'))
+     * @param array $aConditions Optional conditions to limit the list, either as a key=>value array for simple comparisons
+     *              or as key=>array(operator,value[,value[...]]) using an operator.
+     *              Valid operators are  ['<', '>', '>=', '<=', '=', '<>', 'LIKE', 'IN']
+     *              Only the IN operator allows for several values. The same key can be used several times.
+     *              All conditions are connected by AND.
      * @return array The list of tokens
      */
     public function list_participants($sSessionKey, $iSurveyID, $iStart = 0, $iLimit = 10, $bUnused = false, $aAttributes = false, $aConditions = array())
@@ -2110,11 +2120,11 @@ public function list_participants($sSessionKey, $iSurveyID, $iStart = 0, $iLimit
                 if (count($aConditions) > 0) {
                     $aConditionFields = array_flip(Token::model($iSurveyID)->getMetaData()->tableSchema->columnNames);
                     // NB: $valueOrTuple is either a value or tuple like [$operator, $value].
-                    $oCriteria->compare('tid', '>='.$iStart);
+                    $oCriteria->compare('tid', '>=' . $iStart);
                     foreach ($aConditions as $columnName => $valueOrTuple) {
                         if (is_array($valueOrTuple)) {
                             /** @var string[] List of operators allowed in query. */
-                            $allowedOperators = ['<', '>', '>=', '<=', '=', '<>', 'LIKE'];
+                            $allowedOperators = ['<', '>', '>=', '<=', '=', '<>', 'LIKE', 'IN'];
                             /** @var string */
                             $operator = $valueOrTuple[0];
                             if (!in_array($operator, $allowedOperators)) {
@@ -2123,6 +2133,10 @@ public function list_participants($sSessionKey, $iSurveyID, $iStart = 0, $iLimit
                                 /** @var mixed */
                                 $value = $valueOrTuple[1];
                                 $oCriteria->addSearchCondition($columnName, $value);
+                            } elseif ($operator === 'IN') {
+                                /** @var mixed */
+                                $values = array_slice($valueOrTuple, 1);
+                                $oCriteria->addInCondition($columnName, $values);
                             } else {
                                 /** @var mixed */
                                 $value = $valueOrTuple[1];
@@ -2147,7 +2161,7 @@ public function list_participants($sSessionKey, $iSurveyID, $iStart = 0, $iLimit
                 if (count($oTokens) == 0) {
                     return array('status' => 'No survey participants found.');
                 }
-                
+
                 $extendedAttributes = array();
                 if ($aAttributes) {
                     $aBasicDestinationFields = Token::model($iSurveyID)->tableSchema->columnNames;

diff --git a/application/models/FailedLoginAttempt.php b/application/models/FailedLoginAttempt.php
@@ -31,6 +31,10 @@ public static function model($class = __CLASS__)
     {
         /** @var self $model */
         $model = parent::model($class);
+        // When running tests this might be empty
+        if (!isset($_SERVER['REMOTE_ADDR'])) {
+            $_SERVER['REMOTE_ADDR'] = '';
+        }
         return $model;
     }
 

diff --git a/tests/unit/helpers/RemoteControlListParticipantsTest.php b/tests/unit/helpers/RemoteControlListParticipantsTest.php
@@ -97,6 +97,67 @@ public function testConditionEquality()
         $this->assertEquals($expected, $list);
     }
 
+
+
+    /**
+     * Test so that validuntil works with IN operator.
+     *
+     * @return void
+     */
+    public function testConditionIn()
+    {
+        \Yii::import('application.helpers.remotecontrol.remotecontrol_handle', true);
+        \Yii::import('application.helpers.viewHelper', true);
+        \Yii::import('application.libraries.BigData', true);
+
+        // Create handler.
+        $admin   = new \AdminController('dummyid');
+        $handler = new \remotecontrol_handle($admin);
+
+        // Get session key.
+        $sessionKey = $handler->get_session_key(
+            self::$username,
+            self::$password
+        );
+        $this->assertNotEquals(['status' => 'Invalid user name or password'], $sessionKey);
+
+        /** @var array */
+        $list = $handler->list_participants(
+            $sessionKey,
+            self::$surveyId,
+            0,
+            999,
+            false,
+            [],
+            ['tid' => ["IN","1","2"]]
+        );
+
+        $expected = [
+            [
+                'tid' => "1",
+                'token' => "c",
+                'participant_info' => [
+                    'firstname' => "a",
+                    'lastname' => "b",
+                    'email' => "a@a.a"
+                ],
+            ],
+            [
+                'tid' => "2",
+                'token' => "e",
+                'participant_info' => [
+                    'firstname' => "q",
+                    'lastname' => "w",
+                    'email' => "q@q.com"
+                ],
+            ]
+
+        ];
+
+        $this->assertEquals($expected, $list);
+    }
+
+
     /**
      * Test condition with empty return result.
      *