Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-35144

course/index.php doesn't check capabilities properly when permitting editing

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.1, 2.4.3
    • Fix Version/s: 2.3.7, 2.4.4
    • Component/s: Administration
    • Labels:
    • Testing Instructions:
      Hide

      1. Create a new user
      2. Create a new role with only moodle/category:manage allowed and assignable only at Site
      3. Assign the user to that role at Site context
      4. Log in as that user. They should have the ability to see the edit courses page and they should see it in editing mode.
      5. Repeat for cap moodle/course:create

      Show
      1. Create a new user 2. Create a new role with only moodle/category:manage allowed and assignable only at Site 3. Assign the user to that role at Site context 4. Log in as that user. They should have the ability to see the edit courses page and they should see it in editing mode. 5. Repeat for cap moodle/course:create
    • Affected Branches:
      MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE, MOODLE_24_STABLE

      Description

      The only capability that is checked to see if editing is permitted on this page (of anything) is moodle/site:manageblocks. This doesn't matter for much for an admin or Manager who will have that cap but this will make it impossible to switch on editing if a more restrictive role is being set up.

      There are other caps that may permit editing on this page - e.g. moodle/category:manage. This is not checked and will not work.

      The page should really call $PAGE->set_other_editing_capability('capability') to permit reasonably additional caps to allow editing.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/May/13