Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-48660

filter_user_list() should respect permission to view hidden activities

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      0. Ensure availability restrictions are turned on at server level.
      1. In a test course, enrol two test users - a teacher and a student.
      2. Add a Forum and restrict access using a profile restriction so that the forum is only available if your Department is set to History.
      3. From the forum navigation, click 'Show/edit current subscribers', and turn editing on.
      EXPECTED: The list of potential subscribers includes the teacher (because they have viewhiddenactivities) but not the student.
      4. Edit the student's profile so that their department is set to History, and go to add subscribers again.
      EXPECTED: The list now also includes the student because they match the condition.

      Show
      0. Ensure availability restrictions are turned on at server level. 1. In a test course, enrol two test users - a teacher and a student. 2. Add a Forum and restrict access using a profile restriction so that the forum is only available if your Department is set to History. 3. From the forum navigation, click 'Show/edit current subscribers', and turn editing on. EXPECTED: The list of potential subscribers includes the teacher (because they have viewhiddenactivities) but not the student. 4. Edit the student's profile so that their department is set to History, and go to add subscribers again. EXPECTED: The list now also includes the student because they match the condition.
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-48660-master
    • Pull Master Diff URL:

      Description

      Teachers who have capability 'moodle/course:viewhiddenactivities' get filtered out out by filter_user_list() even though they actually CAN access the module even if they don't satisfy conditions.

      At the same time it may still be useful to perform a condition-only filtering.

      Please consider adding the argument to respect view hidden permission.

      Also if it is possible to define _sql function, that will be just awesome!

        Attachments

          Issue Links

          Discovered while testing

          Improvement - An enhancement to an existing Moodle feature. MDL-48625 Function to filter list of users who can see the activity

          • Minor - Minor loss of function where workaround is possible
          • Open

            Activity

              People

              • Assignee:
                quen Sam Marshall
                Reporter:
                marina Marina Glancy
                Peer reviewer:
                Zachary Durber
                Integrator:
                Eloy Lafuente (stronk7)
                Tester:
                Adrian Greeve
                Participants:
                Component watchers:
                Damyon Wiese, Adrian Greeve, Mihail Geshoski, Peter Dias, Sam Marshall, Jake Dallimore, Jun Pataleta, Ryan Wyllie, Amaia Anabitarte, Bas Brands, Carlos Escobedo, Sara Arjona (@sarjona), Víctor Déniz Falcón, Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze, Tim Hunt, Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  2/Feb/15