search

ohmage / gwt-front-end

The javascript/GWT code behind the front end.
6 stars 2 forks source link

ACL: campaign-shared, survey-private: author has access #241

Closed stevenolen closed 12 years ago

stevenolen commented 12 years ago

It appears that the author of a campaign is able to view a private survey response by exporting the responses from a particular campaign.

Test:

  1. Author campaign, remove yourself from the class campaign is related to.
  2. Take survey with restricted user in that class.
  3. export responses to csv with the campaign author.

Based on the test cases document this isn't correct. Perhaps this is a server issue?

stevenolen commented 12 years ago

Resubmitted as a server issue.