Dev Fixed bug where insufficient permissions would return invalid ses…

…sion key status.
LimeSurvey · Sep 28, 2013 · e39ad3d · e39ad3d
1 parent 2e5e8f1
commit e39ad3d
Show file tree

Hide file tree

Showing 2 changed files with 2,925 additions and 24 deletions.
diff --git a/application/helpers/remotecontrol/remotecontrol_handle.php b/application/helpers/remotecontrol/remotecontrol_handle.php
@@ -1939,31 +1939,37 @@ public function list_surveys($sSessionKey, $sUser=NULL)
 
 	public function list_users($sSessionKey = null)
 	{
-	   if ($this->_checkSessionKey($sSessionKey))
-       {
-		   if( Permission::model()->hasGlobalPermission('superadmin','read') )
-		   {
-			   $users = User::model()->findAll();
-
-				if(count($users)==0)
-					return array('status' => 'No surveys found');
-
-				foreach ($users as $user)
-				{
-					$attributes = $user->attributes;
-
-					foreach ($user->permissions as $permission)
-					{
-						$attributes['permissions'][] = $permission->attributes;
-					}
-					unset($attributes['password']);
-					$data[] = $attributes;
-				}
-				return $data;
-        }
-        else
+		if ($this->_checkSessionKey($sSessionKey))
+		{
+			if( Permission::model()->hasGlobalPermission('superadmin','read') )
+			{
+				$users = User::model()->findAll();
+
+				 if(count($users)==0)
+					 return array('status' => 'No surveys found');
+
+				 foreach ($users as $user)
+				 {
+					 $attributes = $user->attributes;
+
+					 foreach ($user->permissions as $permission)
+					 {
+						 $attributes['permissions'][] = $permission->attributes;
+					 }
+					 unset($attributes['password']);
+					 $data[] = $attributes;
+				 }
+				 return $data;
+			}
+			else
+			{
+				return array('status' => 'Permission denied.');
+			}
+		}
+		else
+		{
 			return array('status' => 'Invalid session key');
-	}
+		}
 	}
     /**
      * RPC routine to to initialise the survey's collection of tokens where new participant tokens may be later added.