Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43916

User email addresses shown when setting and capabilities do not allow it

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.5.4, 2.6.1
    • Fix Version/s: 2.4.9, 2.5.5, 2.6.2
    • Component/s: Forum, Quiz
    • Labels:
    • Testing Instructions:
      Hide
      1. Set $CFG->showuseridentity to include email.
      2. Set non-editing tetcher role to not have moodle/site:viewuseridentity in some course (this may be default?)
      3. Enrol a student in that course.
      4. As admin, go to the two places affected by this patch, and verify that you can see the email addresses.
        • Manage forum subscribers.
        • Quiz add user override.
      5. As non-editing teacher, go to those two pages (this may require overriding some capabilities) and verify that you cannot see the email addresses there.
      Show
      Set $CFG->showuseridentity to include email. Set non-editing tetcher role to not have moodle/site:viewuseridentity in some course (this may be default?) Enrol a student in that course. As admin, go to the two places affected by this patch, and verify that you can see the email addresses. Manage forum subscribers. Quiz add user override. As non-editing teacher, go to those two pages (this may require overriding some capabilities) and verify that you cannot see the email addresses there.
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE

      Description

      The browse list of users in "Forum Subscriber" (Forum administration > Show/edit current subscribers) and the user selector when changing a quiz setting for a particular user (Quiz administration > User overrides > Add user override - Override user field) is not taking into account the $CFG->showuseridentity config settings and the moodle/site:viewuseridentity capability to see emails.

      Steps to reproduce it:
      1. Create a course
      2. Create a quiz in the course.
      3. Go to Site administration > Users > Permissions > User policies and make sure you have all checkboxes unchecked for the "Show user identity" setting.
      4. Make sure the capability to see full user identity in lists (moodle/site:viewuseridentity) is set to 'No'
      5. Go to the course and click on "News forum", then go to Forum administration > Show/edit current subscribers
      Result: The list of subscribers and their emails.
      Expected: The list of subscribers without their emails.
      6. Go to the course an click over the quiz created in the step #2, then go to Quiz administration > User overrides > Add user override and see the Override user field.
      Result: The user selector contains a list of users and their emails.
      Expected: The user selector contains a list of users with just their full names (without emails).

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Mar/14