User can still fill out questionnaire even though it's not row level secured #7531

tommydeboer · 2018-07-11T09:42:04Z

Add a group c6
Upload this questionnaire
Make a user member of the C6_VIEWER role
Give role C6_VIEWER permission to EDIT c6_questionnaire
Log in as admin and start the questionnaire
Observe that the questionnaire won't start because No row level security enabled for questionnaire, this is not allowed
Log in as the user and start the questionnaire

The questionnaire won't start.

The user can fill out the questionnaire anyway.

The text was updated successfully, but these errors were encountered:

ConnorStroomberg · 2018-07-11T10:03:46Z

Related to As group manager I want questionnaires to be row-level secured by default http://wiki.gcc.rug.nl/ticket/5970

dennishendriksen · 2018-07-16T12:46:08Z

Cannot reproduce:

@tommydeboer can you double check with current master?

tommydeboer · 2018-07-17T07:11:35Z

@dennishendriksen The description is wrong, sorry. It happens when:

you turn off RLS
let a user edit
turn on RLS
user can continue editing because the RLS check is done at the start of a questionnaire

dennishendriksen · 2018-07-17T07:20:34Z

In that case I think we can fix it after 7.0

tommydeboer · 2018-07-17T07:21:14Z

Agreed

tommydeboer added this to the Sprint 122 milestone Jul 11, 2018

dennishendriksen added bug 7.0.0-RC mod:questionnaires labels Jul 12, 2018

mswertz modified the milestones: Sprint 122, Sprint 123 Jul 16, 2018

dennishendriksen self-assigned this Jul 16, 2018

dennishendriksen assigned tommydeboer and unassigned dennishendriksen Jul 16, 2018

tommydeboer removed their assignment Jul 17, 2018

tommydeboer removed this from the Sprint 123 milestone Jul 17, 2018

dennishendriksen modified the milestone: Review or discussion needed Jul 17, 2018

LuukDijkhuis added this to the Backlog First milestone Aug 8, 2018

dennishendriksen added 7.1 and removed 7.0.0-RC labels Sep 7, 2018

Provide feedback