Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Incomplete
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: Quiz, Roles / Access
    • Labels:
      None
    • Difficulty:
      Difficult
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE
    • Rank:
      26296

      Description

      Rights management: work with Tim to ensure nothing gets through which should not, and nothing that should get through is blocked

      Confirm a list of operations which require a certain level of rights. See that these operations are treated according to Moodle guidelines.

      • quiz_print_pagecontrols(): //TODO: check user privileges for all the controls
      • quiz_simple_question_list(); TODO: check the below for checks etc that may have been missed in the new code of question_tostring
      • minor: $hasattempts disables elements in the UI, but checks should be made for it also in command processing, if $hasattempts don't allow changes. Giving feedback to user in case they are trying something that is not possible would be optimal, but since the UI elements are disabled already, it requires "hacking" to try to do so anyway and feedback is less than critical.

        Activity

        Olli Savolainen created issue -
        Hide
        Olli Savolainen added a comment -

        A cursory check suggests that no further checks are needed or I do not understand the intricacies of the rights system well enough.

        No rights checks added to the new functions, among which are also quiz_print_pagecontrols() and quiz_simple_question_list() - these only print static info and controls for adding questions from scratch so I guess the check that /mod/quiz/edit.php makes before doing anything else should be enough.

        Show
        Olli Savolainen added a comment - A cursory check suggests that no further checks are needed or I do not understand the intricacies of the rights system well enough. No rights checks added to the new functions, among which are also quiz_print_pagecontrols() and quiz_simple_question_list() - these only print static info and controls for adding questions from scratch so I guess the check that /mod/quiz/edit.php makes before doing anything else should be enough.
        Olli Savolainen made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Incomplete [ 4 ]
        Hide
        Tim Hunt added a comment -

        As a developer, most of the time all you need to understand about the roles and capabilities system is that you should do

        if (has_capability('something', $context);

        wherever necessary. I think you are right that in this case, the check on mod/quiz:manage in edit.php covers most bases - because the edit and preview icons should already be checking the appropriate moodle/question:xxx capabilities.

        Show
        Tim Hunt added a comment - As a developer, most of the time all you need to understand about the roles and capabilities system is that you should do if (has_capability('something', $context); wherever necessary. I think you are right that in this case, the check on mod/quiz:manage in edit.php covers most bases - because the edit and preview icons should already be checking the appropriate moodle/question:xxx capabilities.
        Hide
        Olli Savolainen added a comment -

        For the lack of things to be fixed found, closing.

        Show
        Olli Savolainen added a comment - For the lack of things to be fixed found, closing.
        Olli Savolainen made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Martin Dougiamas made changes -
        Workflow jira [ 29611 ] MDL Workflow [ 61462 ]
        Martin Dougiamas made changes -
        Workflow MDL Workflow [ 61462 ] MDL Full Workflow [ 90654 ]

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: