[phpesp-dev] [ phpesp-Bugs-1311839 ] Can not add respondent

[SourceForge.net <no...@so...>]

Bugs item #1311839, was opened at 2005-10-03 08:21
Message generated for change (Comment added) made by greggmc
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1311839&group_id=8956

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Admin
Group: v1.7
Status: Open
Resolution: None
Priority: 5
Submitted By: Neil (neilsourceforge)
Assigned to: Nobody/Anonymous (nobody)
Summary: Can not add respondent

Initial Comment:
I could not replicate this problem using the 'demo' site. 
Adding a respondent, using the instructions below, 
works on the demo site.

At my installation:
An attempt to add a respondent to their group from 
the 'Manage Respondent Accounts' page meets the 
response '[ This account does not have permission to 
access this group. ]'

This feedback is obtained when selecting the link 'Add a 
New Respondent'. When the same information is stored 
in a file and the link 'Bulk Upload Respondents' is 
selected the respondent is added. The developer's 
account is fully privileged with the following attributes:
Disabled   No
Design Surveys   Yes
Change Survey Status   Yes
Export Survey Data   Yes
Group Editor   Yes
Administer Designers   Yes
Administer Respondents   Yes

The fact that a respondent can be added using Bulk 
Upload implies it is not a permissions issue. Can 
anyone provide insight on how to correct this?


----------------------------------------------------------------------

>Comment By: Matthew Gregg (greggmc)
Date: 2006-04-24 14:36

Message:
Logged In: YES 
user_id=14116

I just fixed a bug relating to the expiration field that was
causing issues adding/editing designers/respondents.  I'm
not sure it's related to this bug, but it did cause problems
adding users.  I'll generate a new release shortly.

----------------------------------------------------------------------

Comment By: Neil (neilsourceforge)
Date: 2006-04-11 15:04

Message:
Logged In: YES 
user_id=1181273

This request has been open since October of last year.

Developers can not add a single respondent and can not 
delete a respondent. They can Bulk Upload only.

A SuperUser account can delete single respondents but I 
would prefer each developer to manage their own respondents 
and not have to intervene.

Can this be fixed or can someone offer an explanation why a 
developer is told they do not have permission? Every 
attribute per developer has been allowed.

.../neil patterson

----------------------------------------------------------------------

Comment By: Neil (neilsourceforge)
Date: 2006-01-24 09:15

Message:
Logged In: YES 
user_id=1181273

The test continues to fail with release 1.8.

.../neil patterson

----------------------------------------------------------------------

Comment By: Matthew Gregg (greggmc)
Date: 2006-01-23 19:48

Message:
Logged In: YES 
user_id=14116

This bug is marked 1.7.  Have you tried to reproduce this
with the current ESP version of 1.8?

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2006-01-23 19:39

Message:
Logged In: NO 

there is a bug in admrespondent.inc and admdesigner.inc.
Look for my changes identified by //Ryan Schroeder

       /* delete user */
        if(isset($_POST['delete'])) {
                unset($_POST['submit']);
                $u = _addslashes($_POST['u']);
                $r = _addslashes($_POST['r']);
                // Ryan Schroeder
                $theRealm = $_POST['r'];
                /* check acl */
                if($_SESSION['acl']['superuser'] == 'Y' ||
                        // Ryan Schroeder
                        in_array($theRealm,
$_SESSION['acl']['pgroup']) ||
                        auth_no_access(_('to access this
group'))) {
                        $sql = "DELETE FROM
".$GLOBALS['ESPCONFIG']['designer_table']." WHERE
username=$u AND realm=$r";
                        if(!execute_sql($sql) ||
affected_rows() < 1) {
                                /* unsucessfull -- abort */
                                $errstr .= mkerror(_('Cannot
delete account.') .' ('.
                                        ErrorMsg() .')');
                        }
                }
                if(empty($errstr)) {
                        include(esp_where('designers'));
                        return;
                }
        }

        /* submitted */
        if(isset($_POST['submit'])) {
                $u         = _addslashes($_POST['u']);
                $r         = _addslashes($_POST['r']);
                $password  = _addslashes($_POST['password']);
                $fname     = _addslashes($_POST['fname']);
                $lname     = _addslashes($_POST['lname']);
                $email     = _addslashes($_POST['email']);
                $pdesign   = _addslashes($_POST['pdesign']);
                $pstatus   = _addslashes($_POST['pstatus']);
                $pdata     = _addslashes($_POST['pdata']);
                $pall      = _addslashes($_POST['pall']);
                $pgroup    = _addslashes($_POST['pgroup']);
                $puser     = _addslashes($_POST['puser']);
                $disabled  = _addslashes($_POST['disabled']);
                // Ryan Schroeder
                $theRealm = $_POST['r'];

.....

                /* new user */
        /* check acl */
        if($_SESSION['acl']['superuser'] == 'Y' ||
            // Ryan Schroeder
            in_array($theRealm, $_SESSION['acl']['pgroup']) ||
 


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1311839&group_id=8956