From 977be654cc70d27279176e8886261999e8dc2e0a Mon Sep 17 00:00:00 2001
From: Patrick Donelan <pat@patspam.com>
Date: Tue, 9 Jun 2009 03:26:44 +0000
Subject: [PATCH] Fixed bug in privs check for Survey::www_showFeedback

---
 lib/WebGUI/Asset/Wobject/Survey.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/WebGUI/Asset/Wobject/Survey.pm b/lib/WebGUI/Asset/Wobject/Survey.pm
index 1199880df..e6e6a8fd3 100644
--- a/lib/WebGUI/Asset/Wobject/Survey.pm
+++ b/lib/WebGUI/Asset/Wobject/Survey.pm
@@ -1582,8 +1582,9 @@ sub www_showFeedback {
     my $responseUser = WebGUI::User->new($self->session, $responseUserId);
     return if !$responseUser;
     
-    # Only continue if user owns the response (or user is allowed to view reports)
-    if ($responseUserId ne $self->session->user->userId && !$responseUser->isInGroup( $self->get('groupToViewReports') )) {
+    # Only continue if current user is allowed to view this response
+    unless ( $self->session->user->userId eq $responseUserId || $self->session->user->isInGroup( $self->get('groupToViewReports') ) ) {
+        $self->session->log->warn("User is not allowed to view responseId: $responseId, which belongs to user: $responseUserId");
         return $self->session->privilege->insufficient();
     }