Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-34945

WebDAV repository not displayed for non-admin users

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.2.4, 2.3.1, 2.4
    • Fix Version/s: 2.2.5, 2.3.2
    • Component/s: Repositories
    • Labels:
    • Testing Instructions:
      Hide

      Test pre-requisites

      • Enable the repository Flickr Public and WebDAV
      • Allow user and course instances for those repositories
      • Capability repository/webdav:view allowed for teacher (default)
      • Capability repository/webdav:view not set for student (default)

      Test #1

      1. Login as a teacher
      2. Navigate to Home ► Courses ► CATEGORY ► COURSE ► Repositories ► Course repositories
      3. Make sure you can create both Flickr and WebDAV instances in the course repositories
      4. Make sure both are displayed in the list of instances
      5. Make sure you can edit their settings

      Test #2

      1. Login as a student
      2. Navigate to Home ► My profile ► Repositories ► YOU ► Repositories
      3. Make sure you can create a Flickr instance
      4. Make sure the Flickr instance is displayed in the list
      5. Make sure you can edit the Flickr instance settings
      6. Make sure you CANNOT create a WebDAV
      Show
      Test pre-requisites Enable the repository Flickr Public and WebDAV Allow user and course instances for those repositories Capability repository/webdav:view allowed for teacher (default) Capability repository/webdav:view not set for student (default) Test #1 Login as a teacher Navigate to Home ► Courses ► CATEGORY ► COURSE ► Repositories ► Course repositories Make sure you can create both Flickr and WebDAV instances in the course repositories Make sure both are displayed in the list of instances Make sure you can edit their settings Test #2 Login as a student Navigate to Home ► My profile ► Repositories ► YOU ► Repositories Make sure you can create a Flickr instance Make sure the Flickr instance is displayed in the list Make sure you can edit the Flickr instance settings Make sure you CANNOT create a WebDAV
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-34945-master

      Description

      When creating a private WebDAV repo as an editing teacher or a student (not tested with other roles), the repo isn't displayed in the list of available repository, nor in the filepicker.

      Steps to reproduce:

      1. Log in as an admin
      2. Activate "WebDAV repository" (Enabled and visible) in "Manage repositories" administration page.
      3. Check box "Allow users to add a repository instance into the user context" and save
      4. Observe under Settings: "0 User private instance(s)", then logout.
      5. Log in as a teacher or a student
      6. Click on "Repositories" under "My profile" in Navigation block
      7. Click on "Create "WebDAV repository" instance"
      8. Fill in the form and save
      9. After automatic redirection, observe that the WebDAV repository instance is not displayed in the table of available repos
      10. Navigate to "My private files" under "My profile" in Navigation block
      11. Click on "Add" to open the file picker
      12. Observe that the WebDAV repository instance is unavailable in the file picker

      Expected behaviour:

      • The WebDAV repository instance should be displayed in the table of available repos
      • The WebDAV repository instance should be available in the file picker

      Notes:

      • The repo instance in fact present, as seen when logged in as an admin in the "Manage repositories" administration page: "1 User private instance(s)"
      • This bug doesn't affect a admin user.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            salvetore Michael de Raadt added a comment -

            Thanks for reporting that. It was an excellent report.

            I was able to reproduce the problem.

            Feel free to work on a solution with us.

            Show
            salvetore Michael de Raadt added a comment - Thanks for reporting that. It was an excellent report. I was able to reproduce the problem. Feel free to work on a solution with us.
            Hide
            fred Frédéric Massart added a comment -

            I am tracking down this issue, it might not be one because it relies on the capability repository/webdav:view which is off by default for students. Although, as a teacher I can't see it either...

            Show
            fred Frédéric Massart added a comment - I am tracking down this issue, it might not be one because it relies on the capability repository/webdav:view which is off by default for students. Although, as a teacher I can't see it either...
            Hide
            fred Frédéric Massart added a comment -

            By default the permission repository/webdav:view is set to teachers, managers, etc... not to authenticated users or students. What happens is that the permission is then not allowed in a system context, and so not in the user context either. The user context is the one required to view the Webdav instances created and to access them in your Private files.

            One workaround would be to add the capability to the Authenticate user role. Although, I think we should improve things a bit because it does not make sense to allow people to create their own instances if they can't edit them, or access them in their own user context.

            Show
            fred Frédéric Massart added a comment - By default the permission repository/webdav:view is set to teachers, managers, etc... not to authenticated users or students. What happens is that the permission is then not allowed in a system context, and so not in the user context either. The user context is the one required to view the Webdav instances created and to access them in your Private files. One workaround would be to add the capability to the Authenticate user role. Although, I think we should improve things a bit because it does not make sense to allow people to create their own instances if they can't edit them, or access them in their own user context.
            Hide
            fred Frédéric Massart added a comment -

            I am not 100% convinced by the patch I am providing here, but I am pushing it up for peer review to gather feedback. If accepted, that should be backported to 2.2 and 2.3.

            I added a check for the capability repository/xxx:view, to prevent the user from seeing/creating/editing an instance. IMO, if the user cannot see the instance, he should not be able to create the instance either.

            Show
            fred Frédéric Massart added a comment - I am not 100% convinced by the patch I am providing here, but I am pushing it up for peer review to gather feedback. If accepted, that should be backported to 2.2 and 2.3. I added a check for the capability repository/xxx:view , to prevent the user from seeing/creating/editing an instance. IMO, if the user cannot see the instance, he should not be able to create the instance either.
            Hide
            rajeshtaneja Rajesh Taneja added a comment -

            Patch looks good,
            pushing for integration review.

            Show
            rajeshtaneja Rajesh Taneja added a comment - Patch looks good, pushing for integration review.
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

            TIA and ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            About tests, 2 questions (to consider completing them).

            In test #1... should one student (with the cap set at that context) be able to see those course repos? And to create them?

            In test #2... i really think we should check both the view and create options and both with the capability granted and denied.

            Ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - About tests, 2 questions (to consider completing them). In test #1... should one student (with the cap set at that context) be able to see those course repos? And to create them? In test #2... i really think we should check both the view and create options and both with the capability granted and denied. Ciao
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Integrated (22, 23 & master), thanks!

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Integrated (22, 23 & master), thanks!
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Testes with teacher and student, all works as expected.

            Offtopic: Can you believe that I've spent 2 hours tracing/debugging this because my students were able to add webdav instances everywhere... and it was because I had edited the "authenticated user" role, exactly allowing repository/webdav:view to everybody? Crazy!

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Testes with teacher and student, all works as expected. Offtopic: Can you believe that I've spent 2 hours tracing/debugging this because my students were able to add webdav instances everywhere... and it was because I had edited the "authenticated user" role, exactly allowing repository/webdav:view to everybody? Crazy!
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Many thanks for the hard work.

            These changes have been spread upstream and are already available in the git and cvs repositories.

            Ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Many thanks for the hard work. These changes have been spread upstream and are already available in the git and cvs repositories. Ciao
            Hide
            mglaredo Miguel Gonzalez Laredo added a comment -

            Hi Folks!

            We are experimenting the same problem ("WebDAV repository not displayed for non-admin users ") on Moodle 2.5.2+ (Build: 20131004) and WebDav. Maybe related?

            Any guidelines would be wellcomed!

            Thanks in advance

            Show
            mglaredo Miguel Gonzalez Laredo added a comment - Hi Folks! We are experimenting the same problem ("WebDAV repository not displayed for non-admin users ") on Moodle 2.5.2+ (Build: 20131004) and WebDav. Maybe related? Any guidelines would be wellcomed! Thanks in advance

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Sep/12