Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17499

Horrible hack in can_delete_course in course/lib.php

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.8.7, 1.9.3, 2.0, 2.2, 2.3
    • Fix Version/s: None
    • Component/s: Libraries, Roles / Access
    • Labels:
      None
    • Testing Instructions:
      Hide

      Make sure your test user has 'moodle/course:create' but does NOT have 'moodle/course:delete'.

      Create a course and check that you can not delete it.

      Give that user 'moodle/course:delete' and check that they can now delete the course.

      Show
      Make sure your test user has 'moodle/course:create' but does NOT have 'moodle/course:delete'. Create a course and check that you can not delete it. Give that user 'moodle/course:delete' and check that they can now delete the course.
    • Affected Branches:
      MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull Master Branch:
      MDL-17499_course_delete

      Description

      This is all the fault of MDL-7796. That was supposed to be about restoring features that had gone away in the 1.7 roles upgrade. However, following this comment http://tracker.moodle.org/browse/MDL-7796?focusedCommentId=24645#action_24645, Vy implemented the new feature that course creators can delete 'their own' courses in the only way possible, via a nasty hack, since there is no way of knowing who created which course.

      I have checked and this was not the case in Moodle 1.6. Before roles, deleting courses was protected by a big fat isadmin() check.

      I would really like to change back to just using has_capability('moodle/course:delete');

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: