Fixed issue #9355: Group rights cannot be set

LimeSurvey · Nov 12, 2014 · fa92429 · fa92429
1 parent 39994ee
commit fa92429
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/application/controllers/admin/surveypermission.php b/application/controllers/admin/surveypermission.php
@@ -10,7 +10,7 @@
  * other free or open source software licenses.
  * See COPYRIGHT.php for copyright notices and details.
  */
- 
+
 /**
 * surveypermission
 *
@@ -31,7 +31,7 @@ function index($surveyid)
         $aViewUrls = array();
         $clang = Yii::app()->lang;
         $imageurl = Yii::app()->getConfig('adminimageurl');
-            
+
         if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','read'))
         {
             $aBaseSurveyPermissions=Permission::model()->getSurveyBasePermissions();
@@ -83,7 +83,7 @@ function index($surveyid)
                         {
                             $group_ids_query = implode(",", $group_ids);
                             unset($group_ids);
-                            $result4 = UserGroup::model()->findAll("ugid IN ($group_ids_query)");                        
+                            $result4 = UserGroup::model()->findAll("ugid IN ($group_ids_query)");
 
                             foreach ($result4 as $resul4row)
                             {
@@ -96,7 +96,7 @@ function index($surveyid)
                         $surveysecurity .= "<tr>\n";
 
                         $surveysecurity .= "<td>\n";
-                        
+
                         if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','update'))
                         {
                             if($PermissionRow['uid']!=Yii::app()->user->getId() || Permission::model()->hasGlobalPermission('superadmin','read')) // Can not update own security
@@ -171,7 +171,7 @@ function index($surveyid)
             }
             else
             {
-            
+
             }
             if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','create'))
             {
@@ -182,7 +182,7 @@ function index($surveyid)
                 . "<input style='width: 15em;' type='submit' value='".$clang->gT("Add user")."'  onclick=\"if (document.getElementById('uidselect').value == -1) { alert('".$clang->gT("Please select a user first","js")."'); return false;}\"/>"
                 . "<input type='hidden' name='action' value='addsurveysecurity' />"
                 . "</li></ul></form>\n";
-                
+
                 $surveysecurity .=  CHtml::form(array("admin/surveypermission/sa/addusergroup/surveyid/{$surveyid}"), 'post', array('class'=>"form44"))."<ul><li>\n"
                 . "<label for='ugidselect'>".$clang->gT("User group").": </label><select id='ugidselect' name='ugid'>\n"
                 . getSurveyUserGroupList('htmloptions',$surveyid)
@@ -227,7 +227,7 @@ function addusergroup($surveyid)
             $addsummary .= "<div class=\"messagebox ui-corner-all\" >\n";
 
             $result = Survey::model()->findAll('sid = :surveyid AND owner_id = :owner_id',array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID']));
-            if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'create') 
+            if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'create')
                 && in_array($postusergroupid,getSurveyUserGroupList('simpleugidarray',$surveyid))
                 )
             {
@@ -311,7 +311,7 @@ function adduser($surveyid)
             $addsummary .= "<div class=\"messagebox ui-corner-all\">\n";
 
             $result = Survey::model()->findAll('sid = :sid AND owner_id = :owner_id AND owner_id != :postuserid',array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
-            if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'create') 
+            if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'create')
                 &&  in_array($postuserid,getUserList('onlyuidarray'))
                 )
             {
@@ -387,7 +387,7 @@ function set($surveyid)
         }
         elseif( $action == "setusergroupsurveysecurity" )
         {
-            if ( !Permission::model()->hasGlobalPermission('superadmin','read') && !in_array($postusergroupid,getUserList('onlyuidarray')) ) // User can not change own security (except for superadmin ?)
+            if ( !Permission::model()->hasGlobalPermission('superadmin','read') && !in_array($postusergroupid,getUserGroupList(null, 'simplegidarray')) ) // User can not change own security (except for superadmin ?)
             {
                 $this->getController()->error('Access denied');
             }
@@ -431,7 +431,7 @@ function set($surveyid)
             . "</tr></thead>\n";
 
             //content
-            
+
             $aBasePermissions=Permission::model()->getSurveyBasePermissions();
 
             $oddcolumn=false;