Issue Details (XML | Word | Printable)

Key: MDL-9723
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Martin Dougiamas
Reporter: Michael Schneider
Votes: 0
Watchers: 2
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle

Cannot change roles on sticky blocks

Created: 06/May/07 11:53 PM   Updated: 18/Oct/07 07:05 AM
Return to search
Component/s: Blocks
Affects Version/s: 1.8
Fix Version/s: 1.8.3, 1.9

Environment: moodle 1.8 on linux
Issue Links:
Dependency
 
Relates
 

Database: MySQL
Participants: Martin Dougiamas, Michael Schneider, Mike Churchward and Petr Skoda
Security Level: None
Resolved date: 24/Aug/07
Affected Branches: MOODLE_18_STABLE
Fixed Branches: MOODLE_18_STABLE, MOODLE_19_STABLE


 Description  « Hide
On the sticky blocks admin page, the role icon has an empty "contextid" parameters. So it is not possible to generate sticky blocks for teachers only.

Brief analysis:
It looks like validate_context fails because ist gets the id of the "block_pinned" table and not the id of the corresponding record in table block.

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Mike Churchward added a comment - 16/Aug/07 04:35 AM - edited
This appears to be caused by an incorrect 'contextid' on the 'assign roles' icon for sticky blocks. It seems to always pick a context id associated with a block on the main site page, rather than the actual sticky block...

Investigating further...

Ah. I see why. The pinned blocks still use 'CONTEXT_BLOCK', but are stored in a separate block table than blocks. Blocks are in 'block_instance', while sticky blocks are in 'block_pinned'. This means that the 'get_context_instance' function is getting records with an instance id referring to the wrong table. Worse yet, they may actually create a context id record for the wrong block!

Note that the original complaint said that icon had an empty context id. Unfortunately, it may not be empty if it finds a regular block entry with the same id as the sticky block.


[ Permalink | « Hide ]
Petr Skoda added a comment - 16/Aug/07 04:51 AM
I think we should create a new context for pinned blocks....

Petr Skoda made changes - 16/Aug/07 04:52 AM
Field Original Value New Value
Fix Version/s 1.9 [ 10190 ]
Mike Churchward made changes - 16/Aug/07 04:53 AM
Priority Minor [ 4 ] Critical [ 2 ]
[ Permalink | « Hide ]
Mike Churchward added a comment - 16/Aug/07 04:54 AM
...and just so we understand the issues here, if I DO assign a role or override a role to a sticky block, I actually may be assigning or overriding to a completely different block on a different page.

Mike Churchward made changes - 16/Aug/07 04:57 AM
Security Serious security issue [ 10000 ]
Petr Skoda made changes - 16/Aug/07 05:11 AM
Security Serious security issue [ 10000 ] Minor security issue [ 10001 ]
[ Permalink | « Hide ]
Mike Churchward added a comment - 16/Aug/07 05:22 AM - edited
I don't think introducing a new CONTEXT will work. Context's are element specific - BLOCK, COURSE, etc. A block's pinned nature is just a state - that is a 'pinned' block is still a block. How would we add new capabilities to blocks? Would we need to add capabilities for both CONTEXT_BLOCK and CONTEXT_BLOCKPINNED?

I think the better fix is to get rid of the 'block_pinned' table and add a 'pinned' field to the 'block_instance' table.


[ Permalink | « Hide ]
Martin Dougiamas added a comment - 23/Aug/07 03:37 PM
Hmm ....

I do agree that block_pinned could be better re-implemented with a single new column in block_instance, just for increased simplicity alone.

About the contexts, it's a bit tricky to think about since the one "instance" appears site-wide within various other contexts, and so may inherit different permissions from the various parent contexts. Do we process all this like a normal block, effectively treating each place it appears as a sort of virtual instance?

Or are pinned blocks an exception to heirarchy rules, with their own context under SYSTEM level?

Needs some thinking about.


moodler committed 1 file to 'Moodle CVS' - 24/Aug/07 10:17 AM
Hide role assign button from pinned blocks (always) MDL-9723
MODIFY blocks/moodleblock.class.php   Rev. 1.92    (+7 -6 lines)
[ Permalink | « Hide ]
Martin Dougiamas added a comment - 24/Aug/07 10:18 AM
In the meantime I've removed the roles assign button from ever showing on sticky/pinned blocks.

I'll file a new bug for improving sticky blocks.


Martin Dougiamas made changes - 24/Aug/07 10:18 AM
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
moodler committed 1 file to 'Moodle CVS' on branch 'MOODLE_18_STABLE' - 24/Aug/07 10:23 AM
Hide roles button on sticky blocks MDL-9723 Merged from head
MODIFY blocks/moodleblock.class.php   Rev. 1.79.2.6    (+6 -5 lines)
Martin Dougiamas made changes - 24/Aug/07 10:24 AM
Security Minor security issue [ 10001 ]
Fix Version/s 1.8.3 [ 10230 ]
Martin Dougiamas made changes - 24/Aug/07 10:27 AM
Link This issue has been marked as being related by MDL-10977 [ MDL-10977 ]
[ Permalink | « Hide ]
Mike Churchward added a comment - 24/Aug/07 08:52 PM
From what I can tell, the only reason that pinned blocks are in a separate table is to manage the positions easier. If that's true, they could be moved to the same table and just rewrite the code to deal with position issues.

Alan Trick made changes - 18/Oct/07 07:05 AM
Link This issue will help resolve MDL-11814 [ MDL-11814 ]

Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators