Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-26335

moodle_user_get_users_by_id says it requires moodle/user:viewdetails, but it really requires moodle/user:viewalldetails


    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.0.3
    • Component/s: Web Services
    • Labels:
    • Affected Branches:
    • Fixed Branches:


      When setting up a user account for web services, one of the required steps is to "Enable capabilities for the user".

      The documentation states:

      The last step, and the trickiest, is to grant the right permission to the external system user. It would need the following capabilities:

      • "webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use" matching the enabled protocols.
      • the required capabilities by the web service functions. These required capabilities are listed when you add a function to the service.

      Steps to reproduce:

      1. Add a new "External Service" called "Get users"
      2. Tick "Enabled" and "Authorized users only", and click "Add Service"
      3. Click "Add functions"
      4. Select "moodle_user_get_users_by_id" and click "Add functions"

      Note that under "Required capabilities", moodle/user:viewdetails is listed as the only capability

      5. Visit /admin/settings.php?section=externalservices to see the list of services, and click "Authorized users".
      6. Add a user to the list of authorized users.
      7. Create a new role with the capabilities webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use and moodle/user:viewdetails
      8. Assign the role to the authorized user
      9. From your external system, attempt to get the details of a user with a known id, using the protocol of your choice

      Expected behaviour:

      The user's details are returned

      Observed behaviour (REST):

      <EXCEPTION class="required_capability_exception">
      <MESSAGE>Sorry, but you do not currently have permissions to do that (View user full information)</MESSAGE>

        Gliffy Diagrams




              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created:
                  Fix Release Date: