|
|
| Participants: |
moodle.com and Tim Hunt
|
| Security Level: |
None
|
| Affected Branches: |
MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE
|
This is all the fault of MDL-7796. That was supposed to be about restoring features that had gone away in the 1.7 roles upgrade. However, following this comment http://tracker.moodle.org/browse/MDL-7796?focusedCommentId=24645#action_24645, Vy implemented the new feature that course creators can delete 'their own' courses in the only way possible, via a nasty hack, since there is no way of knowing who created which course.
I have checked and this was not the case in Moodle 1.6. Before roles, deleting courses was protected by a big fat isadmin() check.
I would really like to change back to just using has_capability('moodle/course:delete');
|
|
Description
|
This is all the fault of MDL-7796. That was supposed to be about restoring features that had gone away in the 1.7 roles upgrade. However, following this comment http://tracker.moodle.org/browse/MDL-7796?focusedCommentId=24645#action_24645, Vy implemented the new feature that course creators can delete 'their own' courses in the only way possible, via a nasty hack, since there is no way of knowing who created which course.
I have checked and this was not the case in Moodle 1.6. Before roles, deleting courses was protected by a big fat isadmin() check.
I would really like to change back to just using has_capability('moodle/course:delete'); |
Show » |
| No changes have yet been made on this issue.
|
|
Bug
Open
Major
Horrible hack in can_delete_course in course/lib.php
