Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The voting results (the graphical version) are always shown to any user that can view the vote. Even though the permission for "View Voting Results" is not checked, it is still shown.
Comment | File | Size | Author |
---|---|---|---|
#19 | 1347134-19.patch | 430 bytes | amateescu |
#16 | drupal-n1347134-15-d7.patch | 532 bytes | DamienMcKenna |
#10 | 1347134-view_voting_results_permission_name-10.patch | 561 bytes | c31ck |
#8 | 1347134-view_voting_results_permission_name-8.patch | 535 bytes | c31ck |
#7 | 1347134-view_voting_results_permission_name-7.patch | 498 bytes | c31ck |
Comments
Comment #1
Shyamala CreditAttribution: Shyamala commentedThe Bug replicated. Even when the the permission for "View Voting Results" is not checked the Results Tab are visible. The perm for "View Voting Results" not passed to _poll_menu_access.
Added patch for Drupal 7 & Drupal 8
Comment #2
David4514 CreditAttribution: David4514 commentedThanks... That solves part of the problem. Now, when a user clicks on the results link or tab, they get access denied. It would be nice if the links/tabs themselves disappeared.
The problem is there is no need for the user to do that. After submitting a "vote" they are shown the voting results in a graphical format (horizontal bar graph). This graph is shown whether or not the user is allowed to see the results or not. Is there some way that this graph can be suppressed if the user in not authorized to see results?
[Edit: I think I understand my disconnect. What you mean by the permission "View voting results" is that this allows you to see the list of people (or IP addresses for anonymous) that have voted, how they voted, and when. The way I had interpreted "View voting results" was that would allow someone to see the summation of the voting results which you represent with your horizontal bar graphs. I had expected that anyone without "View voting results" permission should not be able to see this summation. I would still like to see this as a separate choice. I had really just accidently tripped over another bug.]
Comment #3
amateescu CreditAttribution: amateescu commentedI think the patch(es) from #2 are valid for the scope of this issue, they are fixing the actual bug. As for #3, that should be a feature request for D8 because I'm pretty sure we can't change the UX at this stage in D7.
Setting to NW because we could use a test here..
Comment #4
amateescu CreditAttribution: amateescu commentedAfter taking another look at this issue and a talk with @webchik on IRC, the real problem is the human readable name of the permission, which is totally misleading:
We don't have the functionality to hide/view voting results, as the name would suggest (there's a long-standing feature request for it in #85840: Hide poll results). My proposal is to just change the human readable name of this permission.
How about 'View detailed voting results'?
Comment #5
David4514 CreditAttribution: David4514 commentedThat would be a big help! While I'll still hope for a future feature that can hide the graphical results, a better description of what the permission means could save someone else from spending hours trying to figure this out. Thanks!!!!
Comment #6
xjmI might suggest that we additionally add a permission description explaining just what the detailed results are?
Comment #7
c31ck CreditAttribution: c31ck commentedAdding a permission description would indeed help to clarify this even more. How about 'View detailed info, such as username and time, about all recorded votes.'?
Comment #8
c31ck CreditAttribution: c31ck commentedUploaded wrong patch in previous comment.
Comment #9
xjmWell, in the interface text, we should use the full word "information." I'd reword as:
Any other proposals? :)
Edited.
Comment #10
c31ck CreditAttribution: c31ck commentedYes, that's better, changed patch accordingly.
Comment #11
yoroy CreditAttribution: yoroy commentedCan we load load some of those specifics given in the description, add it to the label and not need the description anymore?
"View detailed vote information" or
"View detailed information for all votes" as variation on what xjm suggests, 'recorded' is not needed I think.
"View details for all votes" <- I think I like this one best
Comment #12
amateescu CreditAttribution: amateescu commentedTagging for the Usability team.
Comment #13
yoroy CreditAttribution: yoroy commentedAt the very least, we shouldn't need parentheses and 'etc.' in a description. Any thoughts on the suggestions in #11?
Comment #14
amateescu CreditAttribution: amateescu commentedI like "View details for all votes" too, it's closer to the 'inspect all votes' machine name.
Comment #15
David4514 CreditAttribution: David4514 commented"View details for all votes" as the title works for me.
My concern is that someone not familiar with this module will assume that the graphical representation with the vote counts represents the "detail" information. I fell into that trap before I finally figured out what my problem was.
A solution may be as easy including a description in a help page.
Comment #16
DamienMcKennaFYI the patch in #1 for D7 has the wrong directory structure:
D7 doesn't have a directory named "core". Try this one instead.
Comment #17
DamienMcKennaIgnore #16, I hadn't read #4 yet. I guess to stop people being able to see the results page would take another permission, or a contrib module.
As you were.
X-)
Comment #18
DamienMcKennaFYI this module might help people who need more flexibility on poll permissions: http://drupal.org/project/poll_extras
Comment #19
amateescu CreditAttribution: amateescu commentedSo, do we have an agreement on 'View details for all votes'? :)
Comment #20
David4514 CreditAttribution: David4514 commentedIt is good for me!
Comment #21
c31ck CreditAttribution: c31ck commentedAgreed.
Comment #22
xjmI'll take the plunge. :)
Comment #23
webchickGiven that at http://groups.drupal.org/node/210973 I didn't really get much pushback on the idea of having a looser standard of string translations for admin-facing strings, I think this is ok for D7.
Committed and pushed to 8.x and 7.x. Thanks for the clarification! Since this change breaks translations, tagging to mention in the 7.13 release notes.
Comment #24
xjmHmm, did we have replies from translators though? On the other hand, the string is clearly wrong so translations of it were probably wrong too.