[MDL-48660] filter_user_list() should respect permission to view hidden activities - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.3, 2.8, 2.9
Fix Version/s: 2.7.5, 2.8.3
Component/s: Assignment, Conditional activities, Feedback, Forum, Quiz
Labels:
- ci
- triaged

Testing Instructions:

Hide

0. Ensure availability restrictions are turned on at server level.
1. In a test course, enrol two test users - a teacher and a student.
2. Add a Forum and restrict access using a profile restriction so that the forum is only available if your Department is set to History.
3. From the forum navigation, click 'Show/edit current subscribers', and turn editing on.
EXPECTED: The list of potential subscribers includes the teacher (because they have viewhiddenactivities) but not the student.
4. Edit the student's profile so that their department is set to History, and go to add subscribers again.
EXPECTED: The list now also includes the student because they match the condition.

Show
0. Ensure availability restrictions are turned on at server level. 1. In a test course, enrol two test users - a teacher and a student. 2. Add a Forum and restrict access using a profile restriction so that the forum is only available if your Department is set to History. 3. From the forum navigation, click 'Show/edit current subscribers', and turn editing on. EXPECTED: The list of potential subscribers includes the teacher (because they have viewhiddenactivities) but not the student. 4. Edit the student's profile so that their department is set to History, and go to add subscribers again. EXPECTED: The list now also includes the student because they match the condition.
Affected Branches:
MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
Fixed Branches:
MOODLE_27_STABLE, MOODLE_28_STABLE
Pull from Repository:
https://github.com/sammarshallou/moodle.git
Pull Master Branch:
~~MDL-48660~~-master
Pull Master Diff URL:
https://github.com/sammarshallou/moodle/compare/master...MDL-48660-master

Description

Teachers who have capability 'moodle/course:viewhiddenactivities' get filtered out out by filter_user_list() even though they actually CAN access the module even if they don't satisfy conditions.

At the same time it may still be useful to perform a condition-only filtering.

Please consider adding the argument to respect view hidden permission.

Also if it is possible to define _sql function, that will be just awesome!

Attachments

Issue Links

Discovered while testing

MDL-48625 Function to filter list of users who can see the activity

Open

Activity

People

Assignee:: Sam Marshall

Reporter:: Marina Glancy

Peer reviewer:: Zachary Durber

Integrator:: Eloy Lafuente (stronk7)

Tester:: Adrian Greeve

Participants:: Adrian Greeve, CiBoT, Eloy Lafuente (stronk7), Marina Glancy, Sam Marshall, Tim Hunt, Zachary Durber

Component watchers:: Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan, Sam Marshall, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Tim Hunt, Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 19/Dec/14 6:49 PM

Updated:: 30/Jan/15 3:11 AM

Resolved:: 30/Jan/15 3:11 AM

Fix Release Date:: 2/Feb/15