Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30697

Wrong capability check for role assign button in course?

    XMLWordPrintable

Details

    Description

      In /course/lib.php, line 3177, there is the output for the "assign role" button which will be shown in a course in editing mode near every activity:

          if (has_capability('moodle/course:managegroups', $modcontext)){
              $context = get_context_instance(CONTEXT_MODULE, $mod->id);
              $assign = '<a class="editing_assign" title="'.$str->assign.'" href="'.$CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.
                  $context->id.'"><img src="'.$OUTPUT->pix_url('i/roles') . '" alt="'.$str->assign.'" class="iconsmall"/></a>';
          } else {
              $assign = '';
          }

      I think the capability check is wrong as this button has nothing to do with groups. Shouldn't it be:

          if (has_capability('moodle/role:assign', $modcontext)){
              $context = get_context_instance(CONTEXT_MODULE, $mod->id);
              $assign = '<a class="editing_assign" title="'.$str->assign.'" href="'.$CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.
                  $context->id.'"><img src="'.$OUTPUT->pix_url('i/roles') . '" alt="'.$str->assign.'" class="iconsmall"/></a>';
          } else {
              $assign = '';
          }

      ?

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              abias Alexander Bias
              Sam Hemelryk Sam Hemelryk
              Sam Hemelryk Sam Hemelryk
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Jan/12