Moodle

Horrible hack in can_delete_course in course/lib.php

Details

  • Type: Bug Bug
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.8.7, 1.9.3, 2.0
  • Fix Version/s: None
  • Component/s: Libraries, Roles / Access
  • Labels:
    None
  • Affected Branches:
    MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE

Description

This is all the fault of MDL-7796. That was supposed to be about restoring features that had gone away in the 1.7 roles upgrade. However, following this comment http://tracker.moodle.org/browse/MDL-7796?focusedCommentId=24645#action_24645, Vy implemented the new feature that course creators can delete 'their own' courses in the only way possible, via a nasty hack, since there is no way of knowing who created which course.

I have checked and this was not the case in Moodle 1.6. Before roles, deleting courses was protected by a big fat isadmin() check.

I would really like to change back to just using has_capability('moodle/course:delete');

Activity

There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.