-
Bug
-
Resolution: Fixed
-
Major
-
2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7, 2.7.1, 2.7.2, 2.8
-
MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
MDL-45636-course_master -
In this specific configuration a teacher is forbidden to "moodle/course:manageactivities" in the context of a single activity. When duplicating the activity using the drop down menu a YUI loading icon appears. Whereafter an error message pops up stating "You don't have permission to do this (Manage activities)". This only occurs when AJAX is enabled.
When AJAX is disabled the user is properly redirected to /course/modduplicate.php to confirm the duplication.
How to reproduce this error:
1. Add an activity to your course.
2. Edit permissions for that course, remove the teacher role from "moodle/course:manageactivities"
3. Make sure AJAX is enabled under /admin/settings.php?section=ajax
4. Log into an account having a teacher role in the course context where the activity lives.
5. Use the drop down menu and click "Duplicate"
6. Behold the error that is thrown on your screen.
What should happen:
1. Add an activity to your course.
2. Edit permissions for that course, remove the teacher role from "moodle/course:manageactivities"
3. Make sure AJAX is enabled under /admin/settings.php?section=ajax
4. Log into an account having a teacher role in the course context where the activity lives.
5. Use the drop down menu and click "Duplicate"
6. Behold the loading icon and see a duplicate emerge.
How to fix this error:
I was poking around to see where this error is thrown. When ajax is enabled the duplicate request is sent to /course/rest.php. On line 111 a require_capability is done for the activity context rather than the course context.
In /course/modduplicate.php the duplicate action checks the course context.
I changed line 111 from:
require_capability('moodle/course:manageactivities', $modcontext);
|
to:
require_capability('moodle/course:manageactivities', $coursecontext);
|
Now it is working as intended.