Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow site user to vote in hidden poll via public link #779

Closed
SystemKeeper opened this issue Jan 25, 2020 · 8 comments
Closed

Allow site user to vote in hidden poll via public link #779

SystemKeeper opened this issue Jan 25, 2020 · 8 comments
Labels
bug
Milestone
1.3

Comments

@SystemKeeper
Copy link

I'd like to discuss a current (v1.1.5) behaviour of polls regarding public links in connection with poll-visibility and app-restriction.

Let's assume we created a private poll (not visible for other users) and created a public link. Now this public link is send to different users, but behaves differently, depending on the user:

  • User is not a nextcloud-user
    Behaves as one would expect. A anon-user can add their votes through the shared public link.

  • User is a logged-in nextcloud-user

  1. The user is allowed to use the polls app (no group restriction under Apps -> Polls)
    In this case the user is able to see the poll, but not make any votes, as it's a private poll and was not shared directly with this user.
  2. The user is not allowed to use the polls app (ie. is not part of a group which is set in Apps -> Polls)
    In this case opening the public link will bring the user to the default files app.

I'm not sure what the intended behaviour here should be, but it shouldn't be like it is now.
I guess if a public link is shared, it shouldn't matter if the receiving user is a logged-in nextcloud user (with or without permission to use the app) or an anon-user. After all, it's a public link.

Any thoughts?
@dartcafe
Copy link
Collaborator

How it should be:

  • a hidden poll is hidden for users of the site (not in the list of the apps)
  • if a site user enters the poll via a public link, he should be able to vote as any unauthorized user.

So, this is a bug, because, the site user can access the poll, but is not allowed to vote.

@dartcafe dartcafe added the bug label Jan 26, 2020
@dartcafe dartcafe changed the title Public links / Visibility / App restriction Allow site user to vote in hidden poll via public link Jan 26, 2020
@dartcafe dartcafe added this to the next milestone Jan 26, 2020
@dartcafe
Copy link
Collaborator

dartcafe commented Jan 26, 2020
edited
Loading

Workaround: set votes with public polls to visible or invite site user individually.

dartcafe added a commit that referenced this issue Jan 26, 2020
@dartcafe
Allow site user to vote in hidden poll via public link #779
e3d6fc0
@dartcafe dartcafe mentioned this issue Jan 26, 2020
Merged
@SystemKeeper
Copy link
Author

Does that cover the case when the use of the app is restricted to a group by the admin?

@dartcafe
Copy link
Collaborator

Unfortunately not, access is prevented by core. In this case, the user has to log out or use a private window in browser.

@SystemKeeper
Copy link
Author

Ok, that's what I though. Thanks for fixing the other issue!

@dartcafe dartcafe modified the milestones: next, 1.2 Jan 26, 2020
dartcafe added a commit that referenced this issue Jan 26, 2020
@dartcafe
Merge pull request #783 from nextcloud/fixPublicAccess
e1ad75f 
Allow site user to vote in hidden poll via public link #779
@dartcafe
Copy link
Collaborator

dartcafe commented Jan 26, 2020
edited
Loading

@SystemKeeper While waiting for the 1.1 release, you may check this issue in https://github.com/nextcloud/polls/releases/tag/v1.2.0-beta

@SystemKeeper
Copy link
Author

Hey @dartcafe Thx, hope i can get to this later, will report back.

@dartcafe dartcafe mentioned this issue Jan 28, 2020
Merged
@dartcafe dartcafe mentioned this issue Jan 28, 2020
Merged
@SystemKeeper
Copy link
Author

Looks like it's working now, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
1.3
Development

No branches or pull requests
2 participants
@SystemKeeper @dartcafe