Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-41594

List of hidden categories is shown to users without the correct permission

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.5.1, 2.6
    • Fix Version/s: 2.5.3
    • Component/s: Course
    • Labels:
    • Testing Instructions:
      Hide

      Only way I could reproduce this bug:

      1. Log in as admin/manager
      2. Create hidden category "A" on the top level
      3. Manually update in DB course_categories table and change parent of category "A" to some non-existing id.
      4. As admin purge caches and view the courses list, the category is still shown dimmed
      5. Log out
      6. As guest view the courses list, make sure the hidden category does not appear
      Show
      Only way I could reproduce this bug: Log in as admin/manager Create hidden category "A" on the top level Manually update in DB course_categories table and change parent of category "A" to some non-existing id. As admin purge caches and view the courses list, the category is still shown dimmed Log out As guest view the courses list, make sure the hidden category does not appear
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      wip-MDL-41594-master

      Description

      In latest version of moodle 2.5.1+ (Build: 20130830) and probably earlier user who has no permission (eg. guest) to view hidden categories of courses can see them as administrator - hidden (dimmed) but when category is clicked error unknowcategory is displayed.
      "Affected categories" are caregories without children and parent=0.
      I spend hours to learn how it works an why that way (upgrading finally from v1.9) and I found a solution of this bug . In method get_tree($id) in file coursecatlib.php

       
      --- /tmp/moodle.org/lib/coursecatlib.php        2013-08-30 03:42:53.000000000 +0200
      +++ coursecatlib.php    2013-09-04 13:49:15.000000000 +0200
      @@ -581,6 +581,9 @@
                   } else {
                       // parent not found. This is data consistency error but next fix_course_sortorder() should fix it
                       $all[0][] = $record->id;
      +                   if (!$record->visible) {
      +                           $all['0i'][] = $record->id;
      +                   }
                   }
                   $count++;
               }
      

      Is there any way to disable permanently cache? - debugging is much simpler then

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marina Marina Glancy
              Reporter:
              lsanocki Ł.Sanocki
              Peer reviewer:
              Dan Poltawski
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Ankit Agarwal
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Nov/13