Moodle

[moodle/role:switchroles] permission needs/forces [moodle/role:assign] to be granted

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.8
  • Fix Version/s: None
  • Component/s: Roles / Access
  • Labels:
    None
  • Environment:
  • Database:
    Any
  • Affected Branches:
    MOODLE_18_STABLE

Description

If you grant [moodle/role:switchroles] to any role, without granting [moodle/role:assign] to that role, the "Change rol to..." combo does not appear, even if you grant the necesary assignments in the "allow role assignments" or "allow role overrides" tabs.

In my opinion, both permissions relate to very different "capabilities" in a semantic way, although internally I understand that Moodle does a temporal "role assignment" when you "switch roles".

But, it's very common, mostly using external enrolment on a database, that someone could want any role to be able to switch to a lower role (usually "student"), but don't want to be able to assing that role to users (since they come from the external enrolment database).

Anyway, if those options are related (ie., you need to grant one for the other to work), it should at least be forced internally, or unified in one option, or at least documented

Issue Links

This issue will be resolved by:
MDL-11313 Removing [moodle/role:assign] as Requisite for Switch Roles Minor Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Yu Zhang added a comment -

For security, you can only switch to roles that you are allowed to assign, i.e. you are not allowed to switch to admin roles, etc. So instead of making another allow_switch setting for this, we are using role:assign and allow_assign settings.

I have put down some notes in
http://docs.moodle.org/en/Capabilities/moodle/role:switchroles

Cheers,
Yu

Show
Yu Zhang added a comment - For security, you can only switch to roles that you are allowed to assign, i.e. you are not allowed to switch to admin roles, etc. So instead of making another allow_switch setting for this, we are using role:assign and allow_assign settings. I have put down some notes in http://docs.moodle.org/en/Capabilities/moodle/role:switchroles Cheers, Yu
Hide
Permalink
James Williamson added a comment -

I agree that these two very different uses of roles be separated, if possible. One use is required by the system for security reasons, the other is required by end-users such as Instructor and Course Creators for display and information purposes.

Show
James Williamson added a comment - I agree that these two very different uses of roles be separated, if possible. One use is required by the system for security reasons, the other is required by end-users such as Instructor and Course Creators for display and information purposes.
Hide
Permalink
Susana Leitão added a comment -

I also agree that these are 2 different and separate functionalities. In my opinion it is very important for the teacher to have a student view, disregarding if he/she has or not permission to enroll students to his/her course.

Show
Susana Leitão added a comment - I also agree that these are 2 different and separate functionalities. In my opinion it is very important for the teacher to have a student view, disregarding if he/she has or not permission to enroll students to his/her course.
Hide
Permalink
Jerome Mouneyrac added a comment -

This issue will be resolved by MDL-11313

Show
Jerome Mouneyrac added a comment - This issue will be resolved by MDL-11313

People

Vote (1)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.