Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 2.2.8, 2.3.5, 2.4.2
-
Component/s: Files API, Repositories
-
Testing Instructions:
-
Workaround:
-
Affected Branches:MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
-
Fixed Branches:MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
-
Pull from Repository:
-
Pull Master Branch:
MDL-38474-master
Description
Teachers (or any other role on a course context), are not able to browse the Server files repository. Error message: "No permission to access this repository"
This is a regression created by MDL-36426 when the security of the repositories have been enhanced.
The problem here being that the Server files repository (repository/local) is defined on a system context, but browse course files. So the logic checks that the user has the capability on a system context, who doesn't (cannot be a teacher on a system level).
A workaround is to create a new role, with the only capability repository/local:view set to allowed, and give that role to teachers but on a system level.
This could apply to coursefiles too
Attachments
Issue Links
- Discovered while testing
-
MDL-38500 Repository names have to be unique (not sure why) but no check on create, only edit.
-
- Closed
-