Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37026

The function user_can_assign() in accesslib.php always returns false for administrators.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.6, 2.3, 2.4
    • Fix Version/s: 2.2.7, 2.3.4, 2.4.1
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide

      Test pre-requisites

      • A course with students enrolled in it.

      Test steps

      1. Navigate to the participants page of a course with students in it as the administrator.
        • Observe an icon for editing which will redirect you to the enrolment page.
      2. Change the current role to 'Teacher' or 'Student'.
        • The edit icon should still be present on the page.
      Show
      Test pre-requisites A course with students enrolled in it. Test steps Navigate to the participants page of a course with students in it as the administrator. Observe an icon for editing which will redirect you to the enrolment page. Change the current role to 'Teacher' or 'Student'. The edit icon should still be present on the page.
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip-MDL-37026-master

      Description

      While fixing an issues with icons I discovered that the edit icon for assigning roles on the participants page was not enabled for the administrator.

      After some further investigation I discovered the area where the problem lies.
      user_can_assign() calls get_user_roles(). get_user_roles() does a search on the role_assignments table which administrators are not entered into. It finds no records and so no permission is given for assigning roles.

      A change needs to be made in either of these functions (both in accesslib.php) to check for administrators.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            poltawski Dan Poltawski added a comment -

            Hi Adrian,

            This looks good, normally this would be covered by has_capability returning true for admins, but it makes sense because we are initially doing a negative 'has_capability' check and then checking the db.

            [Y] Syntax
            [-] Output
            [Y] Whitespace
            [-] Language
            [-] Databases
            [Y] Testing
            [Y] Security
            [-] Documentation
            [Y] Git
            [Y] Sanity check

            Show
            poltawski Dan Poltawski added a comment - Hi Adrian, This looks good, normally this would be covered by has_capability returning true for admins, but it makes sense because we are initially doing a negative 'has_capability' check and then checking the db. [Y] Syntax [-] Output [Y] Whitespace [-] Language [-] Databases [Y] Testing [Y] Security [-] Documentation [Y] Git [Y] Sanity check
            Hide
            abgreeve Adrian Greeve added a comment -

            Thanks for looking this over for me Dan,

            As I mentioned before, It seemed like a logical check, but I wasn't sure if I was missing the big picture.

            Sending for integration review.

            Show
            abgreeve Adrian Greeve added a comment - Thanks for looking this over for me Dan, As I mentioned before, It seemed like a logical check, but I wasn't sure if I was missing the big picture. Sending for integration review.
            Hide
            samhemelryk Sam Hemelryk added a comment -

            Thanks Adrian this has been integrated now.

            Show
            samhemelryk Sam Hemelryk added a comment - Thanks Adrian this has been integrated now.
            Hide
            salvetore Michael de Raadt added a comment -

            Test results: Success!

            Tested in 2.2, 2.3 and master.

            Show
            salvetore Michael de Raadt added a comment - Test results: Success! Tested in 2.2, 2.3 and master.
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Many thanks for your effort, the whole Moodle Community will be enjoying your great solutions starting now!

            Closing, ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Many thanks for your effort, the whole Moodle Community will be enjoying your great solutions starting now! Closing, ciao

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  14/Jan/13