Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-36987

Users should not be able to edit locked profile fields

    XMLWordPrintable

Details

    • MOODLE_23_STABLE, MOODLE_27_STABLE
    • MOODLE_27_STABLE
    • wip-MDL-36987-master
    • Hide

      Here is the code I used to retrieve config for the plugin (including the 'normal' config in other admin settings, and the field locking config needed for user profile fields):

      // Note: The user profile field locking information is stored under
      // the wrong plugin name (with a slash) so this cannot use the normal
      // get_config function.
      $records = $DB->get_records_select('config_plugins', 'plugin=? OR plugin=?',
              array('auth_sams_soap', 'auth/sams_soap'), '', 'id, name, value');
      $associative = array();
      foreach ($records as $rec) {
          $associative[$rec->name] = $rec->value;
      }
      self::$cachedconfig = (object)$associative;

      Show
      Here is the code I used to retrieve config for the plugin (including the 'normal' config in other admin settings, and the field locking config needed for user profile fields): // Note: The user profile field locking information is stored under // the wrong plugin name (with a slash) so this cannot use the normal // get_config function. $records = $DB->get_records_select('config_plugins', 'plugin=? OR plugin=?', array('auth_sams_soap', 'auth/sams_soap'), '', 'id, name, value'); $associative = array(); foreach ($records as $rec) { $associative[$rec->name] = $rec->value; } self::$cachedconfig = (object)$associative;
    • Hide
      1. Go in Home
        / ► Site administration
        / ► Plugins
        / ► Authentication
        / ► Manual accounts
      2. Set Surname or other field(s) to "Locked"
      3. Log in with a student account
      4. Go to Settings/Edit my account
      5. Make sure the field is not editable

      Please note that there is an open issue for Description field - MDL-37704

      Show
      Go in Home / ► Site administration / ► Plugins / ► Authentication / ► Manual accounts Set Surname or other field(s) to "Locked" Log in with a student account Go to Settings/Edit my account Make sure the field is not editable Please note that there is an open issue for Description field - MDL-37704

    Description

      In the config_plugins table, auth plugins would normally have the 'plugin' field set to auth_plugin (supposing the plugin is called 'plugin').

      However in the user profile field locking options, it uses the plugin field auth/plugin.

      See admin/auth_config.php function print_auth_lock_options around line 108:

      $pluginconfig = get_config("auth/$auth");
      

      This is crap, not sure what should be done about it though (it's not causing me serious problems, now that I know about it I have a workaround for my actual issue).

      Attachments

        Issue Links

          Activity

            People

              marina Marina Glancy
              quen Sam Marshall
              Frédéric Massart Frédéric Massart
              Damyon Wiese Damyon Wiese
              Sam Hemelryk Sam Hemelryk
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski
              Votes:
              19 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                10/Nov/14