Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32353

Backup checkboxes clickable if permission no and default no

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1, 2.2.2, 2.3
    • Fix Version/s: 2.1.6, 2.2.3
    • Component/s: Backup
    • Labels:
    • Database:
      Any
    • Testing Instructions:
      Hide

      Default moodle install. Add a course and a user. Put that user in as a Teacher (editing teacher) (user w/o the moodle/backup:userinfo or moodle/backup:anonymise capabilities, but with other backup capabilities).

      As that user, go to the first backup page, "Include enrolled users" is properly Xed out, but "Anonymize user information" is not, even thought the user doesn't have that capability.

      Now go into (as an admin) Settings->Course->Backup->General Backup Defaults, and change backup_general_users to No.
      As the user, go back into the backup first page. Notice that "Include enrolled users" is now unchecked and clickable (and if you click it all the children that should shouldn't have are clickable too). If you click it and continue you will get an exception.

      Should not be clickable.

      Show
      Default moodle install. Add a course and a user. Put that user in as a Teacher (editing teacher) (user w/o the moodle/backup:userinfo or moodle/backup:anonymise capabilities, but with other backup capabilities). As that user, go to the first backup page, "Include enrolled users" is properly Xed out, but "Anonymize user information" is not, even thought the user doesn't have that capability. Now go into (as an admin) Settings->Course->Backup->General Backup Defaults, and change backup_general_users to No. As the user, go back into the backup first page. Notice that "Include enrolled users" is now unchecked and clickable (and if you click it all the children that should shouldn't have are clickable too). If you click it and continue you will get an exception. Should not be clickable.
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull Master Branch:

      Description

      This is true for both "Include enrolled users" and "Anonymize user information" on the Initial settings step of backup.

      Default moodle install. Add a course and a user. Put that user in as a Teacher (editing teacher) (user w/o the moodle/backup:userinfo or moodle/backup:anonymise capabilities, but with other backup capabilities).

      As that user, go to the first backup page, "Include enrolled users" is properly Xed out, but "Anonymize user information" is not, even thought the user doesn't have that capability.

      Now go into (as an admin) Settings->Course->Backup->General Backup Defaults, and change backup_general_users to No.
      As the user, go back into the backup first page. Notice that "Include enrolled users" is now unchecked and clickable (and if you click it all the children that should shouldn't have are clickable too). If you click it and continue you will get an exception (hence why this is not a security flaw).

      Basically:
      Capability Yes and Default Yes = Checked and changeable
      Capability Yes and Default No = Unchecked and changeable
      Capability No and Default Yes = Xed out
      Capability No and Default No = Unchecked and changeable (Should be Xed out)

      The same logic flaw applies to both "Include enrolled users" (moodle/backup:userinfo) and "Anonymize user information" (moodle/backup:anonymise)

      I've already tracked it down and have a proposed patch, which I'll add here as soon as I have a MDL number.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  14/May/12