Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19852

Database: Guest user capabilities do not respond as expected

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.5
    • Fix Version/s: None
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE

      Description

      I realize that there is some concern about allowing guests to have the ability to post content on Moodle sites. That said, I still believe that the overriding permissions should respect the capabilities and overrides assigned. Here is the scenario I found myself in when doing some work for a client. They wanted a database for people (including guests) to be able to submit a resume for available job postings. I set the permission override for the guest user to allow mod/data:writeentry. When I did this the /mod/data/edit.php page was redirecting to the view page and not working even though the button was there. I would have expected to be able to add entries at that point when logged in as guest. I noticed then that there was no way of distinguishing the entries so I removed the edit and delete options if they are a guest (i.e. using isguest function). Then the question came up about privacy concerns, so I wanted to disable mod/data:viewentry; however, with that disabled they could not see the view.php which had a require_capability check that I removed and instead did a localized check for has_capability for the same capability before printing out the list or single view. So with the attached patch, the capability checks are more accurate and follow what I consider to be the desired behavior. For example, the tabs in the above scenario just show the add entry tab for the guest user since that is all they can do. For non-guests the functionality remains the same. I would appreciate it if someone could review and do further testing with this patch. I will announce it in forums and try to get some feedback, votes, and further testing. Peace - Anthony

      Here is the URL for the forum discussion: http://moodle.org/mod/forum/discuss.php?d=72054#p562106

        Attachments

          Activity

            People

            Assignee:
            skodak Petr Skoda
            Reporter:
            aborrow Anthony Borrow
            Tester:
            Nobody Nobody
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: