Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-36987

Users should not be able to edit locked profile fields

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Go in Home
        / ► Site administration
        / ► Plugins
        / ► Authentication
        / ► Manual accounts
      2. Set Surname or other field(s) to "Locked"
      3. Log in with a student account
      4. Go to Settings/Edit my account
      5. Make sure the field is not editable

      Please note that there is an open issue for Description field - MDL-37704

      Show
      Go in Home / ► Site administration / ► Plugins / ► Authentication / ► Manual accounts Set Surname or other field(s) to "Locked" Log in with a student account Go to Settings/Edit my account Make sure the field is not editable Please note that there is an open issue for Description field - MDL-37704
    • Workaround:
      Hide

      Here is the code I used to retrieve config for the plugin (including the 'normal' config in other admin settings, and the field locking config needed for user profile fields):

      // Note: The user profile field locking information is stored under
      // the wrong plugin name (with a slash) so this cannot use the normal
      // get_config function.
      $records = $DB->get_records_select('config_plugins', 'plugin=? OR plugin=?',
              array('auth_sams_soap', 'auth/sams_soap'), '', 'id, name, value');
      $associative = array();
      foreach ($records as $rec) {
          $associative[$rec->name] = $rec->value;
      }
      self::$cachedconfig = (object)$associative;

      Show
      Here is the code I used to retrieve config for the plugin (including the 'normal' config in other admin settings, and the field locking config needed for user profile fields): // Note: The user profile field locking information is stored under // the wrong plugin name (with a slash) so this cannot use the normal // get_config function. $records = $DB->get_records_select('config_plugins', 'plugin=? OR plugin=?', array('auth_sams_soap', 'auth/sams_soap'), '', 'id, name, value'); $associative = array(); foreach ($records as $rec) { $associative[$rec->name] = $rec->value; } self::$cachedconfig = (object)$associative;
    • Affected Branches:
      MOODLE_23_STABLE, MOODLE_27_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE
    • Pull Master Branch:
      wip-MDL-36987-master

      Description

      In the config_plugins table, auth plugins would normally have the 'plugin' field set to auth_plugin (supposing the plugin is called 'plugin').

      However in the user profile field locking options, it uses the plugin field auth/plugin.

      See admin/auth_config.php function print_auth_lock_options around line 108:

      $pluginconfig = get_config("auth/$auth");
      

      This is crap, not sure what should be done about it though (it's not causing me serious problems, now that I know about it I have a workaround for my actual issue).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marina Marina Glancy
              Reporter:
              quen Sam Marshall
              Peer reviewer:
              Frédéric Massart
              Integrator:
              Damyon Wiese
              Tester:
              Sam Hemelryk
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              19 Vote for this issue
              Watchers:
              20 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Nov/14