Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30697

Wrong capability check for role assign button in course?

    XMLWordPrintable

    Details

      Description

      In /course/lib.php, line 3177, there is the output for the "assign role" button which will be shown in a course in editing mode near every activity:

          if (has_capability('moodle/course:managegroups', $modcontext)){
              $context = get_context_instance(CONTEXT_MODULE, $mod->id);
              $assign = '<a class="editing_assign" title="'.$str->assign.'" href="'.$CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.
                  $context->id.'"><img src="'.$OUTPUT->pix_url('i/roles') . '" alt="'.$str->assign.'" class="iconsmall"/></a>';
          } else {
              $assign = '';
          }

      I think the capability check is wrong as this button has nothing to do with groups. Shouldn't it be:

          if (has_capability('moodle/role:assign', $modcontext)){
              $context = get_context_instance(CONTEXT_MODULE, $mod->id);
              $assign = '<a class="editing_assign" title="'.$str->assign.'" href="'.$CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.
                  $context->id.'"><img src="'.$OUTPUT->pix_url('i/roles') . '" alt="'.$str->assign.'" class="iconsmall"/></a>';
          } else {
              $assign = '';
          }

      ?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              abias Alexander Bias
              Integrator:
              Sam Hemelryk
              Tester:
              Sam Hemelryk
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Jan/12