Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-41594

List of hidden categories is shown to users without the correct permission

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.5.1, 2.6
    • Fix Version/s: 2.5.3
    • Component/s: Course
    • Labels:
    • Testing Instructions:
      Hide

      Only way I could reproduce this bug:

      1. Log in as admin/manager
      2. Create hidden category "A" on the top level
      3. Manually update in DB course_categories table and change parent of category "A" to some non-existing id.
      4. As admin purge caches and view the courses list, the category is still shown dimmed
      5. Log out
      6. As guest view the courses list, make sure the hidden category does not appear
      Show
      Only way I could reproduce this bug: Log in as admin/manager Create hidden category "A" on the top level Manually update in DB course_categories table and change parent of category "A" to some non-existing id. As admin purge caches and view the courses list, the category is still shown dimmed Log out As guest view the courses list, make sure the hidden category does not appear
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      wip-MDL-41594-master

      Description

      In latest version of moodle 2.5.1+ (Build: 20130830) and probably earlier user who has no permission (eg. guest) to view hidden categories of courses can see them as administrator - hidden (dimmed) but when category is clicked error unknowcategory is displayed.
      "Affected categories" are caregories without children and parent=0.
      I spend hours to learn how it works an why that way (upgrading finally from v1.9) and I found a solution of this bug . In method get_tree($id) in file coursecatlib.php

       
      --- /tmp/moodle.org/lib/coursecatlib.php        2013-08-30 03:42:53.000000000 +0200
      +++ coursecatlib.php    2013-09-04 13:49:15.000000000 +0200
      @@ -581,6 +581,9 @@
                   } else {
                       // parent not found. This is data consistency error but next fix_course_sortorder() should fix it
                       $all[0][] = $record->id;
      +                   if (!$record->visible) {
      +                           $all['0i'][] = $record->id;
      +                   }
                   }
                   $count++;
               }
      

      Is there any way to disable permanently cache? - debugging is much simpler then

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    11/Nov/13