Hi there,

I found when I grant an access to specific role to "access electoral list", all users in this role can access all polls. I think it would be better to restrict the access to the user who owns the poll.

What I did, I just add this && ($user->uid == $node->uid) after 'access' => user_access('access electoral list') in advpoll.module and it works with me. However, the admin no more be able to access electoral list for the users' polls. Any better idea how to control this?

Thank you.

Comments

ChrisKennedy’s picture

Version: master » 6.x-1.x-dev

Okay, what if "access electoral list" gives you access to your own polls, but if you have both "access electoral list" and "administer polls" you can access every electoral list?

Marat’s picture

Category: bug » feature

Yes you are right ... but if I am not missing some setting, I found that I need to give users the "administer polls" permission to be able to administrate their electoral list, without this permission they will not be able to restrict voting to electoral list.

This permission gives them the ability to administrate the electoral list of their polls and the others' poll as well, and as you mentioned. "edit own polls" permission is not enough to grant users the ability to show the "Restrict voting to electoral list" option rather than edit their own electoral list.

LarsKramer’s picture

It doesn't seem logical to me having a permission "Create polls" when a user with that permission is not allowed to add voters to the electoral list. What good is it being able to create a poll if noone can vote on it? I think the permission to edit electoral list for own polls should simply be included with the create own polls. What do you think?

gobinathm’s picture

Issue summary: View changes
Status: Active » Closed (outdated)

D6 is EOL hence this issue won't be fixed (or) attended. So closing it.