Moodle
  1. Moodle
  2. MDL-34945

WebDAV repository not displayed for non-admin users

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.2.4, 2.3.1, 2.4
    • Fix Version/s: 2.2.5, 2.3.2
    • Component/s: Repositories
    • Labels:
    • Testing Instructions:
      Hide

      Test pre-requisites

      • Enable the repository Flickr Public and WebDAV
      • Allow user and course instances for those repositories
      • Capability repository/webdav:view allowed for teacher (default)
      • Capability repository/webdav:view not set for student (default)

      Test #1

      1. Login as a teacher
      2. Navigate to Home ► Courses ► CATEGORY ► COURSE ► Repositories ► Course repositories
      3. Make sure you can create both Flickr and WebDAV instances in the course repositories
      4. Make sure both are displayed in the list of instances
      5. Make sure you can edit their settings

      Test #2

      1. Login as a student
      2. Navigate to Home ► My profile ► Repositories ► YOU ► Repositories
      3. Make sure you can create a Flickr instance
      4. Make sure the Flickr instance is displayed in the list
      5. Make sure you can edit the Flickr instance settings
      6. Make sure you CANNOT create a WebDAV
      Show
      Test pre-requisites Enable the repository Flickr Public and WebDAV Allow user and course instances for those repositories Capability repository/webdav:view allowed for teacher (default) Capability repository/webdav:view not set for student (default) Test #1 Login as a teacher Navigate to Home ► Courses ► CATEGORY ► COURSE ► Repositories ► Course repositories Make sure you can create both Flickr and WebDAV instances in the course repositories Make sure both are displayed in the list of instances Make sure you can edit their settings Test #2 Login as a student Navigate to Home ► My profile ► Repositories ► YOU ► Repositories Make sure you can create a Flickr instance Make sure the Flickr instance is displayed in the list Make sure you can edit the Flickr instance settings Make sure you CANNOT create a WebDAV
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-34945-master
    • Rank:
      43509

      Description

      When creating a private WebDAV repo as an editing teacher or a student (not tested with other roles), the repo isn't displayed in the list of available repository, nor in the filepicker.

      Steps to reproduce:

      1. Log in as an admin
      2. Activate "WebDAV repository" (Enabled and visible) in "Manage repositories" administration page.
      3. Check box "Allow users to add a repository instance into the user context" and save
      4. Observe under Settings: "0 User private instance(s)", then logout.
      5. Log in as a teacher or a student
      6. Click on "Repositories" under "My profile" in Navigation block
      7. Click on "Create "WebDAV repository" instance"
      8. Fill in the form and save
      9. After automatic redirection, observe that the WebDAV repository instance is not displayed in the table of available repos
      10. Navigate to "My private files" under "My profile" in Navigation block
      11. Click on "Add" to open the file picker
      12. Observe that the WebDAV repository instance is unavailable in the file picker

      Expected behaviour:

      • The WebDAV repository instance should be displayed in the table of available repos
      • The WebDAV repository instance should be available in the file picker

      Notes:

      • The repo instance in fact present, as seen when logged in as an admin in the "Manage repositories" administration page: "1 User private instance(s)"
      • This bug doesn't affect a admin user.

        Issue Links

          Activity

          Hide
          Michael de Raadt added a comment -

          Thanks for reporting that. It was an excellent report.

          I was able to reproduce the problem.

          Feel free to work on a solution with us.

          Show
          Michael de Raadt added a comment - Thanks for reporting that. It was an excellent report. I was able to reproduce the problem. Feel free to work on a solution with us.
          Hide
          Frédéric Massart added a comment -

          I am tracking down this issue, it might not be one because it relies on the capability repository/webdav:view which is off by default for students. Although, as a teacher I can't see it either...

          Show
          Frédéric Massart added a comment - I am tracking down this issue, it might not be one because it relies on the capability repository/webdav:view which is off by default for students. Although, as a teacher I can't see it either...
          Hide
          Frédéric Massart added a comment -

          By default the permission repository/webdav:view is set to teachers, managers, etc... not to authenticated users or students. What happens is that the permission is then not allowed in a system context, and so not in the user context either. The user context is the one required to view the Webdav instances created and to access them in your Private files.

          One workaround would be to add the capability to the Authenticate user role. Although, I think we should improve things a bit because it does not make sense to allow people to create their own instances if they can't edit them, or access them in their own user context.

          Show
          Frédéric Massart added a comment - By default the permission repository/webdav:view is set to teachers, managers, etc... not to authenticated users or students. What happens is that the permission is then not allowed in a system context, and so not in the user context either. The user context is the one required to view the Webdav instances created and to access them in your Private files. One workaround would be to add the capability to the Authenticate user role. Although, I think we should improve things a bit because it does not make sense to allow people to create their own instances if they can't edit them, or access them in their own user context.
          Hide
          Frédéric Massart added a comment -

          I am not 100% convinced by the patch I am providing here, but I am pushing it up for peer review to gather feedback. If accepted, that should be backported to 2.2 and 2.3.

          I added a check for the capability repository/xxx:view, to prevent the user from seeing/creating/editing an instance. IMO, if the user cannot see the instance, he should not be able to create the instance either.

          Show
          Frédéric Massart added a comment - I am not 100% convinced by the patch I am providing here, but I am pushing it up for peer review to gather feedback. If accepted, that should be backported to 2.2 and 2.3. I added a check for the capability repository/xxx:view , to prevent the user from seeing/creating/editing an instance. IMO, if the user cannot see the instance, he should not be able to create the instance either.
          Hide
          Rajesh Taneja added a comment -

          Patch looks good,
          pushing for integration review.

          Show
          Rajesh Taneja added a comment - Patch looks good, pushing for integration review.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

          TIA and ciao

          Show
          Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
          Hide
          Eloy Lafuente (stronk7) added a comment -

          About tests, 2 questions (to consider completing them).

          In test #1... should one student (with the cap set at that context) be able to see those course repos? And to create them?

          In test #2... i really think we should check both the view and create options and both with the capability granted and denied.

          Ciao

          Show
          Eloy Lafuente (stronk7) added a comment - About tests, 2 questions (to consider completing them). In test #1... should one student (with the cap set at that context) be able to see those course repos? And to create them? In test #2... i really think we should check both the view and create options and both with the capability granted and denied. Ciao
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Integrated (22, 23 & master), thanks!

          Show
          Eloy Lafuente (stronk7) added a comment - Integrated (22, 23 & master), thanks!
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Testes with teacher and student, all works as expected.

          Offtopic: Can you believe that I've spent 2 hours tracing/debugging this because my students were able to add webdav instances everywhere... and it was because I had edited the "authenticated user" role, exactly allowing repository/webdav:view to everybody? Crazy!

          Show
          Eloy Lafuente (stronk7) added a comment - Testes with teacher and student, all works as expected. Offtopic: Can you believe that I've spent 2 hours tracing/debugging this because my students were able to add webdav instances everywhere... and it was because I had edited the "authenticated user" role, exactly allowing repository/webdav:view to everybody? Crazy!
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Many thanks for the hard work.

          These changes have been spread upstream and are already available in the git and cvs repositories.

          Ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Many thanks for the hard work. These changes have been spread upstream and are already available in the git and cvs repositories. Ciao
          Hide
          Miguel Gonzalez Laredo added a comment -

          Hi Folks!

          We are experimenting the same problem ("WebDAV repository not displayed for non-admin users ") on Moodle 2.5.2+ (Build: 20131004) and WebDav. Maybe related?

          Any guidelines would be wellcomed!

          Thanks in advance

          Show
          Miguel Gonzalez Laredo added a comment - Hi Folks! We are experimenting the same problem ("WebDAV repository not displayed for non-admin users ") on Moodle 2.5.2+ (Build: 20131004) and WebDav. Maybe related? Any guidelines would be wellcomed! Thanks in advance

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: