Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43045

Role name missing in security overview report

    XMLWordPrintable

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide
      1. Login as an admin
      2. Edit the "Authenticated User" role
      3. Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage".
      4. View the security overview report at Site Admin > Reports > Security
      5. You should see a "Critical" risk for "Default Role for all users"
      6. The description should say "The default user role "Authenticated User" is incorrectly defined!"
      Show
      Login as an admin Edit the "Authenticated User" role Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage". View the security overview report at Site Admin > Reports > Security You should see a "Critical" risk for "Default Role for all users" The description should say "The default user role "Authenticated User" is incorrectly defined!"
    • Affected Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      master_MDL-43045

      Description

      Steps to reproduce

      1. Edit the "Authenticated User" role
      2. Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage".
      3. View the security overview report at Site Admin > Reports > Security Overview

      What happens

      You will get a Critical issue with "Default role for all users" but the description will say:

      "The default user role "" is incorrectly defined!"

      What should happen

      The description should say "The default user role "Authenticated User" is incorrectly defined!"

      For bonus points, it would be great if the detailed description printed a list of the capabilities that caused the report to fail.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              simoncoggins Simon Coggins
              Reporter:
              simoncoggins Simon Coggins
              Peer reviewer:
              Rajesh Taneja
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Sam Hemelryk
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                13/Jan/14