Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-48660

filter_user_list() should respect permission to view hidden activities

    XMLWordPrintable

Details

    • MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • MOODLE_27_STABLE, MOODLE_28_STABLE
    • MDL-48660-master
    • Hide

      0. Ensure availability restrictions are turned on at server level.
      1. In a test course, enrol two test users - a teacher and a student.
      2. Add a Forum and restrict access using a profile restriction so that the forum is only available if your Department is set to History.
      3. From the forum navigation, click 'Show/edit current subscribers', and turn editing on.
      EXPECTED: The list of potential subscribers includes the teacher (because they have viewhiddenactivities) but not the student.
      4. Edit the student's profile so that their department is set to History, and go to add subscribers again.
      EXPECTED: The list now also includes the student because they match the condition.

      Show
      0. Ensure availability restrictions are turned on at server level. 1. In a test course, enrol two test users - a teacher and a student. 2. Add a Forum and restrict access using a profile restriction so that the forum is only available if your Department is set to History. 3. From the forum navigation, click 'Show/edit current subscribers', and turn editing on. EXPECTED: The list of potential subscribers includes the teacher (because they have viewhiddenactivities) but not the student. 4. Edit the student's profile so that their department is set to History, and go to add subscribers again. EXPECTED: The list now also includes the student because they match the condition.

    Description

      Teachers who have capability 'moodle/course:viewhiddenactivities' get filtered out out by filter_user_list() even though they actually CAN access the module even if they don't satisfy conditions.

      At the same time it may still be useful to perform a condition-only filtering.

      Please consider adding the argument to respect view hidden permission.

      Also if it is possible to define _sql function, that will be just awesome!

      Attachments

        Issue Links

          Activity

            People

              quen Sam Marshall
              marina Marina Glancy
              Zachary Durber Zachary Durber
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Adrian Greeve Adrian Greeve
              Adrian Greeve, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie, Amaia Anabitarte, Bas Brands, Carlos Escobedo, Laurent David, Raquel Ortega, Sabina Abellan, Sara Arjona (@sarjona), Amaia Anabitarte, Bas Brands, Carlos Escobedo, Laurent David, Raquel Ortega, Sabina Abellan, Sara Arjona (@sarjona), Adrian Greeve, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie, Tim Hunt, Amaia Anabitarte, Bas Brands, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Kevin Percy, Laurent David, Mathew May, Mihail Geshoski, Raquel Ortega, Sabina Abellan, Sander Bangma, Sara Arjona (@sarjona), Shamim Rezaie
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                2/Feb/15