Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30697

Wrong capability check for role assign button in course?

    Details

      Description

      In /course/lib.php, line 3177, there is the output for the "assign role" button which will be shown in a course in editing mode near every activity:

          if (has_capability('moodle/course:managegroups', $modcontext)){
              $context = get_context_instance(CONTEXT_MODULE, $mod->id);
              $assign = '<a class="editing_assign" title="'.$str->assign.'" href="'.$CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.
                  $context->id.'"><img src="'.$OUTPUT->pix_url('i/roles') . '" alt="'.$str->assign.'" class="iconsmall"/></a>';
          } else {
              $assign = '';
          }

      I think the capability check is wrong as this button has nothing to do with groups. Shouldn't it be:

          if (has_capability('moodle/role:assign', $modcontext)){
              $context = get_context_instance(CONTEXT_MODULE, $mod->id);
              $assign = '<a class="editing_assign" title="'.$str->assign.'" href="'.$CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.
                  $context->id.'"><img src="'.$OUTPUT->pix_url('i/roles') . '" alt="'.$str->assign.'" class="iconsmall"/></a>';
          } else {
              $assign = '';
          }

      ?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    9/Jan/12