Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-26335

moodle_user_get_users_by_id says it requires moodle/user:viewdetails, but it really requires moodle/user:viewalldetails

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.0.3
    • Component/s: Web Services
    • Labels:
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      When setting up a user account for web services, one of the required steps is to "Enable capabilities for the user".

      The documentation states:

      The last step, and the trickiest, is to grant the right permission to the external system user. It would need the following capabilities:

      • "webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use" matching the enabled protocols.
      • the required capabilities by the web service functions. These required capabilities are listed when you add a function to the service.

      Steps to reproduce:

      1. Add a new "External Service" called "Get users"
      2. Tick "Enabled" and "Authorized users only", and click "Add Service"
      3. Click "Add functions"
      4. Select "moodle_user_get_users_by_id" and click "Add functions"

      Note that under "Required capabilities", moodle/user:viewdetails is listed as the only capability

      5. Visit /admin/settings.php?section=externalservices to see the list of services, and click "Authorized users".
      6. Add a user to the list of authorized users.
      7. Create a new role with the capabilities webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use and moodle/user:viewdetails
      8. Assign the role to the authorized user
      9. From your external system, attempt to get the details of a user with a known id, using the protocol of your choice

      Expected behaviour:

      The user's details are returned

      Observed behaviour (REST):

      <EXCEPTION class="required_capability_exception">
      <MESSAGE>Sorry, but you do not currently have permissions to do that (View user full information)</MESSAGE>
      </EXCEPTION>

        Gliffy Diagrams

          Activity

          Hide
          tsala Helen Foster added a comment -

          Chris, thanks for your report.

          Show
          tsala Helen Foster added a comment - Chris, thanks for your report.
          Hide
          jerome Jérôme Mouneyrac added a comment -

          integration git server has just been updated, PULL request need to be recreated.

          Show
          jerome Jérôme Mouneyrac added a comment - integration git server has just been updated, PULL request need to be recreated.
          Hide
          tsala Helen Foster added a comment -

          This issue is fixed in this week's 2.0.2+. Thanks Jerome

          Show
          tsala Helen Foster added a comment - This issue is fixed in this week's 2.0.2+. Thanks Jerome

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                5/May/11