From ddf117019aba385806b300392662ad7a004c36e5 Mon Sep 17 00:00:00 2001
From: Denis Chenu <denis@sondages.pro>
Date: Mon, 1 Aug 2022 18:20:39 +0200
Subject: [PATCH] Fixed issue #18288: Can't assign groups to surveys (#2549)

Fixed issue #18297: Survey permissions menu does not work
Dev: always use getUserGroupList
Dev: this function do the filter, return all usergroup for superadmin
---
 .../controllers/admin/SurveyPermission.php    |  8 +----
 application/helpers/common_helper.php         | 29 +++++++++----------
 2 files changed, 14 insertions(+), 23 deletions(-)

diff --git a/application/controllers/admin/SurveyPermission.php b/application/controllers/admin/SurveyPermission.php
index a44a41cbbe4..8d94269aaac 100644
--- a/application/controllers/admin/SurveyPermission.php
+++ b/application/controllers/admin/SurveyPermission.php
@@ -39,7 +39,6 @@ public function index($iSurveyID)
         $aViewUrls = array();
 
         $imageurl = Yii::app()->getConfig('adminimageurl');
-
         if (!Permission::model()->hasSurveyPermission($iSurveyID, 'surveysecurity', 'read')) {
             $this->getController()->error('Access denied');
             return;
@@ -51,12 +50,12 @@ public function index($iSurveyID)
 
         $aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions();
         $userList = getUserList('onlyuidarray'); // Limit the user list for the samegrouppolicy
+        $authorizedGroupsList = getUserGroupList(); // Limit the group list for the samegrouppolicy
         App()->getClientScript()->registerPackage('jquery-tablesorter');
         App()->getClientScript()->registerScriptFile(App()->getConfig('adminscripts') . 'surveypermissions.js');
         // FIXME this HTML stuff MUST BE IN VIEWS!!
         $surveysecurity = "<div id='edit-permission' class='side-body " . getSideBodyClass(false) . "'>";
         $surveysecurity .= viewHelper::getViewTestTag('surveyPermissions');
-
         $surveysecurity .= "<h3>" . gT("Survey permissions") . "</h3>\n";
         $surveysecurity .= '<div class="row"><div class="col-lg-12 content-right">';
         $result2 = Permission::model()->getUserDetails($iSurveyID);
@@ -74,11 +73,6 @@ public function index($iSurveyID)
             $surveysecurity .= "</tr></thead>\n";
 
             // Foot first
-
-            if (shouldFilterUserGroupList()) {
-                $authorizedGroupsList = getUserGroupList();
-            }
-
             $surveysecurity .= "<tbody>\n";
             $row = 0;
             foreach ($result2 as $PermissionRow) {
diff --git a/application/helpers/common_helper.php b/application/helpers/common_helper.php
index db9ce0c6e9f..030695e5da8 100644
--- a/application/helpers/common_helper.php
+++ b/application/helpers/common_helper.php
@@ -661,7 +661,7 @@ function getUserList($outputformat = 'fullinfoarray')
     if (!empty(Yii::app()->session['loginID'])) {
         $myuid = sanitize_int(Yii::app()->session['loginID']);
     }
-    $usercontrolSameGroupPolicy = Yii::app()->getConfig('usercontrolSameGroupPolicy');
+    $usercontrolSameGroupPolicy = App()->getConfig('usercontrolSameGroupPolicy');
     if (
         !Permission::model()->hasGlobalPermission('superadmin', 'read') && isset($usercontrolSameGroupPolicy) &&
         $usercontrolSameGroupPolicy == true
@@ -4141,17 +4141,19 @@ function shouldFilterUserGroupList()
 
 /**
 * Get a list of all user groups
+* All user group or filtered according to usercontrolSameGroupPolicy
 * @returns array
 */
 function getUserGroupList()
 {
     $sQuery = "SELECT distinct a.ugid, a.name, a.owner_id FROM {{user_groups}} AS a LEFT JOIN {{user_in_groups}} AS b ON a.ugid = b.ugid WHERE 1=1 ";
     if (shouldFilterUserGroupList()) {
-        $sQuery .= "AND uid = " . Yii::app()->session['loginID'];
+        $userid = intval(App()->session['loginID']);
+        $sQuery .= "AND (b.uid = {$userid})";
     }
     $sQuery .= " ORDER BY name";
 
-    $sresult = Yii::app()->db->createCommand($sQuery)->query(); //Checked
+    $sresult = App()->db->createCommand($sQuery)->query(); //Checked
     if (!$sresult) {
         return "Database Error";
     }
@@ -4424,27 +4426,22 @@ function getSurveyUserGroupList($outputformat, $surveyid)
     $surveyid = sanitize_int($surveyid);
 
     $surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da
-    FROM {{user_groups}} AS a
-    LEFT JOIN (
-    SELECT b.ugid
-    FROM {{user_in_groups}} AS b
-    LEFT JOIN (SELECT * FROM {{permissions}}
-    WHERE entity_id = {$surveyid} and entity='survey') AS c ON b.uid = c.uid WHERE c.uid IS NULL
-    ) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL ORDER BY a.name";
+        FROM {{user_groups}} AS a
+        LEFT JOIN (
+        SELECT b.ugid
+        FROM {{user_in_groups}} AS b
+        LEFT JOIN (SELECT * FROM {{permissions}}
+        WHERE entity_id = {$surveyid} and entity='survey') AS c ON b.uid = c.uid WHERE c.uid IS NULL
+        ) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL ORDER BY a.name";
     $surveyidresult = Yii::app()->db->createCommand($surveyidquery)->query(); //Checked
     $aResult = $surveyidresult->readAll();
 
-    $authorizedGroupsList = [];
-    if (shouldFilterUserGroupList()) {
-        $authorizedGroupsList = getUserGroupList();
-    }
-
+    $authorizedGroupsList = getUserGroupList();
     $svexist = false;
     $surveyselecter = "";
     $simpleugidarray = [];
     foreach ($aResult as $sv) {
         if (
-            Yii::app()->getConfig('usercontrolSameGroupPolicy') == false ||
             in_array($sv['ugid'], $authorizedGroupsList)
         ) {
             $surveyselecter .= "<option";