Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49934

Admins or managers are not able to retrieve assignments info via get_assignments

    XMLWordPrintable

Details

    • MOODLE_29_STABLE, MOODLE_31_STABLE
    • MOODLE_31_STABLE
    • MDL-49934-master
    • Hide
      1. As admin or teacher, create a new course with an assignment (default settings)
      2. Enable "Mobile services": Plugins ► Web Services ► Mobile
      3. Create a Token for the Moodle main admin user:
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      4. Ensure that the admin user (or the user you created the token for) is not enrolled in the course you created in the first step.
      5. Next, you can do a CURL REST call simulating a WS client.
        • You need to replace the wstoken and URL.
        • You need to replace also the courseids value to match the course you created in the first step.

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=4&wsfunction=mod_assign_get_assignments&wstoken=ffbe3a3002f235bf9d01fd9369e10b66'

          Note, you can use jsonlint.com to validate and format the json returned string or append "| python -m json.tool" to automatically format the command output

      6. Confirm that
        • The json returned does NOT contain any assignment.
      7. Now, do the same request but adding this new parameter: &includenotenrolledcourses=1
      8. Confirm that
        • Now, you see the assignment information
      Show
      As admin or teacher, create a new course with an assignment (default settings) Enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for the Moodle main admin user: Click on Site administration ► Plugins ► Web services ► Manage tokens Ensure that the admin user (or the user you created the token for) is not enrolled in the course you created in the first step. Next, you can do a CURL REST call simulating a WS client. You need to replace the wstoken and URL. You need to replace also the courseids value to match the course you created in the first step. curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=4&wsfunction=mod_assign_get_assignments&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' Note, you can use jsonlint.com to validate and format the json returned string or append "| python -m json.tool" to automatically format the command output Confirm that The json returned does NOT contain any assignment. Now, do the same request but adding this new parameter: &includenotenrolledcourses=1 Confirm that Now, you see the assignment information

    Description

      This external function doesn't work for not-enrolled users (even if they are admins or managers with global roles that can access the course and manage it).

      The functions uses incorrectly the enrol_get_users_courses function instead of relying in validate_context checks

      Attachments

        Activity

          People

            jleyva Juan Leyva
            jleyva Juan Leyva
            Adrian Greeve Adrian Greeve
            David Monllaó David Monllaó
            Marina Glancy Marina Glancy
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              23/May/16