Moodle

View User Profile capability in the roles system won't prevent users from viewing profiles

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.7
  • Fix Version/s: 1.7.1, 1.8
  • Component/s: Roles / Access
  • Labels:
    None
  • Environment:
    linux, moodle 1.7
  • Database:
    MySQL
  • Affected Branches:
    MOODLE_17_STABLE
  • Fixed Branches:
    MOODLE_17_STABLE, MOODLE_18_STABLE

Description

The Roles system in 1.7 has a capability defined as such:

Capabilities/moodle/user:viewdetails
allows a user to view other user's profiles in context

This role seems to offer the ability to permit or restrict access to view users profiles (which would include a user's email address). In my Moodle 1.7 installations, however, this capability will not restrict users from viewing profiles (whether at the site or course context). Even assigning a newly created role to a user who has no other roles in the system and applying the prohibit permission to that capability in that role will still allow the user to view a user's profile.

Is this is the intended function, what is this capability supposed to do, or if not I believe there might be a bug in the way this capability is functioning.

Activity

Hide
Permalink
Yu Zhang added a comment -

Hi, thanks for the report, this should be fixed now, please verify if this works for you.

Show
Yu Zhang added a comment - Hi, thanks for the report, this should be fixed now, please verify if this works for you.

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.