Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43045

Role name missing in security overview report

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide
      1. Login as an admin
      2. Edit the "Authenticated User" role
      3. Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage".
      4. View the security overview report at Site Admin > Reports > Security
      5. You should see a "Critical" risk for "Default Role for all users"
      6. The description should say "The default user role "Authenticated User" is incorrectly defined!"
      Show
      Login as an admin Edit the "Authenticated User" role Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage". View the security overview report at Site Admin > Reports > Security You should see a "Critical" risk for "Default Role for all users" The description should say "The default user role "Authenticated User" is incorrectly defined!"
    • Affected Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE
    • Pull from Repository:
    • Pull 2.6 Branch:
      m26_MDL-43045
    • Pull Master Branch:
      master_MDL-43045

      Description

      Steps to reproduce

      1. Edit the "Authenticated User" role
      2. Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage".
      3. View the security overview report at Site Admin > Reports > Security Overview

      What happens

      You will get a Critical issue with "Default role for all users" but the description will say:

      "The default user role "" is incorrectly defined!"

      What should happen

      The description should say "The default user role "Authenticated User" is incorrectly defined!"

      For bonus points, it would be great if the detailed description printed a list of the capabilities that caused the report to fail.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            simoncoggins Simon Coggins added a comment -

            Patch to fix the missing role name.

            Show
            simoncoggins Simon Coggins added a comment - Patch to fix the missing role name.
            Hide
            salvetore Michael de Raadt added a comment -

            Thanks for reporting that and providing a fix.

            Feel free to add testing instructions and push it to peer review.

            Show
            salvetore Michael de Raadt added a comment - Thanks for reporting that and providing a fix. Feel free to add testing instructions and push it to peer review.
            Hide
            simoncoggins Simon Coggins added a comment -

            Done, thanks.

            Show
            simoncoggins Simon Coggins added a comment - Done, thanks.
            Hide
            rajeshtaneja Rajesh Taneja added a comment -

            Thanks Simon,

            Patch is spot-on, can you please create branches for 24, 25 and 26.

            Also, in your git commit message, it will be nice to include code area http://docs.moodle.org/dev/Commit_cheat_sheet#Provide_clear_commit_messages

            Probably git message can be "MDL-43045 report: Fix missing role name in security overview report"

            Show
            rajeshtaneja Rajesh Taneja added a comment - Thanks Simon, Patch is spot-on, can you please create branches for 24, 25 and 26. Also, in your git commit message, it will be nice to include code area http://docs.moodle.org/dev/Commit_cheat_sheet#Provide_clear_commit_messages Probably git message can be " MDL-43045 report: Fix missing role name in security overview report"
            Hide
            simoncoggins Simon Coggins added a comment -

            Done

            Show
            simoncoggins Simon Coggins added a comment - Done
            Hide
            rajeshtaneja Rajesh Taneja added a comment -

            Thanks Simon,

            Pushing for integration.

            Show
            rajeshtaneja Rajesh Taneja added a comment - Thanks Simon, Pushing for integration.
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Integrated (24, 25, 26 & master), thanks!

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Integrated (24, 25, 26 & master), thanks!
            Hide
            samhemelryk Sam Hemelryk added a comment -

            Tested and passed thanks Simon

            Show
            samhemelryk Sam Hemelryk added a comment - Tested and passed thanks Simon
            Hide
            poltawski Dan Poltawski added a comment -

            Congratulations, this change has now made its way upstream. Thanks for your contribution!

            “ Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live. ” - Rick Osborne

            Show
            poltawski Dan Poltawski added a comment - Congratulations, this change has now made its way upstream. Thanks for your contribution! “ Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live. ” - Rick Osborne

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Jan/14