Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47628

Availability: Grouping confusing for sites which used groupmembersonly [2.8]

    XMLWordPrintable

Details

    • MOODLE_28_STABLE
    • MOODLE_29_STABLE
    • MDL-47628-master
    • Hide

      Note: Also covered by Behat tests in core_availability.

      0. Ensure that conditional availability is enabled at system level.
      1. On a course, add e.g. a forum.
      2. Expand the 'common' section.
      EXPECTED: There's an 'Add group/grouping access restriction' button under the group settings, but it's greyed out.
      3. Select 'Separate groups' under group mode.
      EXPECTED: Button becomes enabled.
      4. Click button, and expand 'Restrict access'.
      EXPECTED: Button goes disabled again. A group restriction (any group) becomes visible in 'Restrict access'.
      5. Delete the group restriction.
      EXPECTED: Button available again.
      6. Select a grouping (if there aren't any groupings on the course, go back and create one).
      7. Click the button again.
      EXPECTED: This time it adds a grouping restriction set to the correct grouping.

      Show
      Note: Also covered by Behat tests in core_availability. 0. Ensure that conditional availability is enabled at system level. 1. On a course, add e.g. a forum. 2. Expand the 'common' section. EXPECTED: There's an 'Add group/grouping access restriction' button under the group settings, but it's greyed out. 3. Select 'Separate groups' under group mode. EXPECTED: Button becomes enabled. 4. Click button, and expand 'Restrict access'. EXPECTED: Button goes disabled again. A group restriction (any group) becomes visible in 'Restrict access'. 5. Delete the group restriction. EXPECTED: Button available again. 6. Select a grouping (if there aren't any groupings on the course, go back and create one). 7. Click the button again. EXPECTED: This time it adds a grouping restriction set to the correct grouping.

    Description

      If an activity such as a forum is setup for separate groups, and assigned to a grouping, people not in that grouping see the activity on their course page. This is different behavior than is seen in 2.7 or below.

        • if the user clicks on it, they are give an error message, but they shouldn't see the forum in the first place.

      I say it could be a security error, as this could provide some information to some people who aren't supposed to see it, so its really more of a data access issue.

      To re-create -
      1. create a course site with at least 2 people (sam and betty)
      2. create two groups with one person in each group (lets say group a and b)
      3. put sam in group a, and betty in group b
      4. create two groupings (a and b), putting just group a in grouping a, and b in b.
      5. create an activity (forum) "forum for just grouping a", set to seprate groups and select grouping A.
      6. Do a login as betty, she'll see "forum for just grouping a"
      Betty shouldn't see that forum at all.

          1. Also I notice that a configuration option on grouping has been removed from the experimental server setting area.

      Attachments

        Issue Links

          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-50878 Clicking on the button "Add group or grouping access restrictions" in "Common module settings" added to a collapsed settings "Restrict access" so it's not clear

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              quen Sam Marshall
              smileyatic Steven Miley
              Dan Poltawski Dan Poltawski
              Sam Hemelryk Sam Hemelryk
              Jetha Chan Jetha Chan
              Amaia Anabitarte, Carlos Escobedo, Laurent David, Sabina Abellan, Sara Arjona (@sarjona), Adrian Greeve, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/May/15