Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50568

Site participants page and navigation item have wrong cap check

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      • Add authenticated user role the cap 'moodle/site:viewparticipants' but not 'moodle/course:viewparticipants'
      • Login as normal user, you should be able to see and access navigation item "Site pages > Participants"
      • Add authenticated user role the cap 'moodle/course:viewparticipants' but not 'moodle/site:viewparticipants'
      • Login as normal user, you should neither see navigation item "Site pages -> Participants" nor able to access /user/index.php?id=1 directly
      Show
      Add authenticated user role the cap 'moodle/site:viewparticipants' but not 'moodle/course:viewparticipants' Login as normal user, you should be able to see and access navigation item "Site pages > Participants" Add authenticated user role the cap 'moodle/course:viewparticipants' but not 'moodle/site:viewparticipants' Login as normal user, you should neither see navigation item "Site pages -> Participants" nor able to access /user/index.php?id=1 directly
    • Affected Branches:
      MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull Master Branch:
      wip-MDL-50568-master

      Description

      To display navigation node:

      https://github.com/moodle/moodle/blob/MOODLE_28_STABLE/lib/navigationlib.php#L2602

              if (has_capability('moodle/course:viewparticipants',  context_system::instance())) {
                  $coursenode->add(get_string('participants'), new moodle_url('/user/index.php?id='.$course->id), self::TYPE_CUSTOM, get_string('participants'), 'participants');
              }
      

      To display the participants page itself:
      https://github.com/moodle/moodle/blob/MOODLE_28_STABLE/user/index.php#L76..L79

      if ($isfrontpage) {
          $PAGE->set_pagelayout('admin');
          require_capability('moodle/site:viewparticipants', $systemcontext);
      } else {
      

      To replicate:

      • Add authenticated user role the cap 'moodle/site:viewparticipants' but not 'moodle/course:viewparticipants'
      • You can not see the navigation item but you can access /user/index.php?id=1
      • Add authenticated user role the cap 'moodle/course:viewparticipants' but not 'moodle/site:viewparticipants'
      • You can see the navigation item "Site pages -> Participants" but if you click you get an error

        Attachments

          Activity

            People

            • Assignee:
              marina Marina Glancy
              Reporter:
              marina Marina Glancy
              Peer reviewer:
              Simey Lameze
              Integrator:
              David Monllaó
              Tester:
              Frédéric Massart
              Participants:
              Component watchers:
              Jake Dallimore, Jun Pataleta, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                6/Jul/15