Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31640

In course/search.php selected courses can't be moved to categories, no capability check while moving courses and turn editing on/off not working

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.1.6, 2.2.3
    • Component/s: Administration
    • Labels:
    • Environment:
      Removed blocklist param from the link.
    • Testing Instructions:
      Hide
      1. Log in as admin
      2. Turn editing on
      3. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      4. Click on link in "Instances" column > on blocks (Copy this link somewhere, we need it to trick manager to see this page)
      5. select some courses and move to different category.
      6. Remove course:create and category:manage role for manager in Misc category(Select category and click on settings->permission)
      7. Log in as manager
      8. Copy and paste above link and change sesskey (get it from page view)
      9. Make sure checkbox for courses in Misc category is disabled and you have no way to move the course to another category.
      10. use firebug and enable checkbox and try moving them to another category.
      11. Make sure you encounter error.
      12. Log in as admin
      13. assign manager course:create and category:manage on Misc and one more categories
      14. Log in as manager
      15. Copy and paste above link and change sesskey (get it from page view)
      16. You should be able to move course between the two categories only.
      Show
      Log in as admin Turn editing on On Site Admin panel go to Plugins > Blocks > Manage Blocks Click on link in "Instances" column > on blocks (Copy this link somewhere, we need it to trick manager to see this page) select some courses and move to different category. Remove course:create and category:manage role for manager in Misc category(Select category and click on settings->permission) Log in as manager Copy and paste above link and change sesskey (get it from page view) Make sure checkbox for courses in Misc category is disabled and you have no way to move the course to another category. use firebug and enable checkbox and try moving them to another category. Make sure you encounter error. Log in as admin assign manager course:create and category:manage on Misc and one more categories Log in as manager Copy and paste above link and change sesskey (get it from page view) You should be able to move course between the two categories only.
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull Master Branch:
      wip-mdl-31640-new

      Description

      Discover this issue while testing MDL-30388.

      There are few issues on course/search.php

      1. When trying to move courses to different category, the page jump to course/search.php without moving the course.
      2. No capability check done while moving the course
      3. Capability check should be based on category level and not system level (If user have system level create and manage capability, but have no capability on any category, then he should not be able to move the course)
      4. Turn editing on/off redirects user to search page.

      This occurs when there is blocklist param on the link.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    14/May/12