Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17499

Horrible hack in can_delete_course in course/lib.php

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Do
    • 1.8.7, 1.9.3, 2.0, 2.2, 2.3, 3.4
    • None
    • Libraries, Roles / Access
    • MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_34_STABLE
    • MDL-17499_course_delete
    • Hide

      Make sure your test user has 'moodle/course:create' but does NOT have 'moodle/course:delete'.

      Create a course and check that you can not delete it.

      Give that user 'moodle/course:delete' and check that they can now delete the course.

      Show
      Make sure your test user has 'moodle/course:create' but does NOT have 'moodle/course:delete'. Create a course and check that you can not delete it. Give that user 'moodle/course:delete' and check that they can now delete the course.

    Description

      This is all the fault of MDL-7796. That was supposed to be about restoring features that had gone away in the 1.7 roles upgrade. However, following this comment http://tracker.moodle.org/browse/MDL-7796?focusedCommentId=24645#action_24645, Vy implemented the new feature that course creators can delete 'their own' courses in the only way possible, via a nasty hack, since there is no way of knowing who created which course.

      I have checked and this was not the case in Moodle 1.6. Before roles, deleting courses was protected by a big fat isadmin() check.

      I would really like to change back to just using has_capability('moodle/course:delete');

      Attachments

        Issue Links

          has a non-specific relationship to

          Sub-task - Issues are sometimes broken into multiple sub-tasks. MDL-13130 core_course_delete_courses

          • Major - Major loss of function, incorrect output
          • Closed

          Activity

            People

              Unassigned Unassigned
              timhunt Tim Hunt
              Ankit Agarwal Ankit Agarwal
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: