Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31640

In course/search.php selected courses can't be moved to categories, no capability check while moving courses and turn editing on/off not working

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.2
    • 2.1.6, 2.2.3
    • Administration
    • Removed blocklist param from the link.
    • MOODLE_22_STABLE
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • wip-mdl-31640-new
    • Hide
      1. Log in as admin
      2. Turn editing on
      3. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      4. Click on link in "Instances" column > on blocks (Copy this link somewhere, we need it to trick manager to see this page)
      5. select some courses and move to different category.
      6. Remove course:create and category:manage role for manager in Misc category(Select category and click on settings->permission)
      7. Log in as manager
      8. Copy and paste above link and change sesskey (get it from page view)
      9. Make sure checkbox for courses in Misc category is disabled and you have no way to move the course to another category.
      10. use firebug and enable checkbox and try moving them to another category.
      11. Make sure you encounter error.
      12. Log in as admin
      13. assign manager course:create and category:manage on Misc and one more categories
      14. Log in as manager
      15. Copy and paste above link and change sesskey (get it from page view)
      16. You should be able to move course between the two categories only.
      Show
      Log in as admin Turn editing on On Site Admin panel go to Plugins > Blocks > Manage Blocks Click on link in "Instances" column > on blocks (Copy this link somewhere, we need it to trick manager to see this page) select some courses and move to different category. Remove course:create and category:manage role for manager in Misc category(Select category and click on settings->permission) Log in as manager Copy and paste above link and change sesskey (get it from page view) Make sure checkbox for courses in Misc category is disabled and you have no way to move the course to another category. use firebug and enable checkbox and try moving them to another category. Make sure you encounter error. Log in as admin assign manager course:create and category:manage on Misc and one more categories Log in as manager Copy and paste above link and change sesskey (get it from page view) You should be able to move course between the two categories only.

    Description

      Discover this issue while testing MDL-30388.

      There are few issues on course/search.php

      1. When trying to move courses to different category, the page jump to course/search.php without moving the course.
      2. No capability check done while moving the course
      3. Capability check should be based on category level and not system level (If user have system level create and manage capability, but have no capability on any category, then he should not be able to move the course)
      4. Turn editing on/off redirects user to search page.

      This occurs when there is blocklist param on the link.

      Attachments

        Issue Links

          Activity

            People

              rajeshtaneja Rajesh Taneja
              rwijaya Rossiani Wijaya
              Rossiani Wijaya Rossiani Wijaya
              Sam Hemelryk Sam Hemelryk
              Ankit Agarwal Ankit Agarwal
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                14/May/12