Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43619

Roles: Reset role destroys all overrides without telling user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.3, 2.6.1
    • Fix Version/s: 2.5.5, 2.6.2
    • Component/s: Roles / Access
    • Labels:
    • Testing Instructions:
      Hide

      NOTE: If the issue has not been fixed, this test script destroys all overrides on 'authenticated user' role across the system, and even after the fix it will still reset your authenticated user capabilities, so make sure you only do this on a test system where you don't care!

      NOTE: This issue affects Moodle 2.5. Although I have submitted a fix for newer versions too, the reset functionality has changed and the function is no longer called anywhere in Moodle 2.6+, so the change in later versions only affects potential third-party code that calls the function. Test script is for Moodle 2.5 only.

      1. Go to any course.
      2. Under course administration, go to Users/Permissions.
      3. Look for mod/workshop:submit permission.
      4. Click the + button and add that permission to the 'Authenticated user' role.
      5. Back on the permissions screen, notice that 'Authenticated user' is now shown against that role (in addition to Student).
      6. Go to site administration/users/permissions/define roles.
      7. Click to edit the 'authenticated user' role.
      8. Find mod/glossary:addinstance permission, set it to allow, and save changes.
      9. Click to view the 'authenticated user' role. (While on this screen, have a look to confirm that mod/glossary:addinstance is set to allow.)
      10. Click the 'Reset to defaults' button.
      11. Click Yes at the confirmation prompt.

      EXPECTED: The role does not have the mod/glossary:addinstance capability any more (this was existing working behaviour)

      12. Go back to the test course and the Users / Permissions screen.
      13. Look for mod/workshop:submit.

      EXPECTED: The mod/workshop:submit permission still allows 'Authenticated User' as well as student. (Before fix, authenticated user had disappeared from this list.)

      Show
      NOTE: If the issue has not been fixed, this test script destroys all overrides on 'authenticated user' role across the system, and even after the fix it will still reset your authenticated user capabilities, so make sure you only do this on a test system where you don't care! NOTE: This issue affects Moodle 2.5. Although I have submitted a fix for newer versions too, the reset functionality has changed and the function is no longer called anywhere in Moodle 2.6+, so the change in later versions only affects potential third-party code that calls the function. Test script is for Moodle 2.5 only. 1. Go to any course. 2. Under course administration, go to Users/Permissions. 3. Look for mod/workshop:submit permission. 4. Click the + button and add that permission to the 'Authenticated user' role. 5. Back on the permissions screen, notice that 'Authenticated user' is now shown against that role (in addition to Student). 6. Go to site administration/users/permissions/define roles. 7. Click to edit the 'authenticated user' role. 8. Find mod/glossary:addinstance permission, set it to allow, and save changes. 9. Click to view the 'authenticated user' role. (While on this screen, have a look to confirm that mod/glossary:addinstance is set to allow.) 10. Click the 'Reset to defaults' button. 11. Click Yes at the confirmation prompt. EXPECTED: The role does not have the mod/glossary:addinstance capability any more (this was existing working behaviour) 12. Go back to the test course and the Users / Permissions screen. 13. Look for mod/workshop:submit. EXPECTED: The mod/workshop:submit permission still allows 'Authenticated User' as well as student. (Before fix, authenticated user had disappeared from this list.)
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Pull Master Branch:
      MDL-43619-master

      Description

      In the Moodle 2.5 roles interface, if you edit the Student role (say) and click the reset button, you get this warning message: 'Are you sure that you want to reset role "Student (student)" to defaults? The defaults are taken from the selected archetype (student).'

      The actual result is that in addition to resetting the role capabilities, it also wipes out any overrides for that role across the entire system. This would appear to be a case of dataloss, as the warning message did not indicate that overrides would be erased.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Mar/14