Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50568

Site participants page and navigation item have wrong cap check

    XMLWordPrintable

Details

    • MOODLE_28_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • wip-MDL-50568-master
    • Hide
      • Add authenticated user role the cap 'moodle/site:viewparticipants' but not 'moodle/course:viewparticipants'
      • Login as normal user, you should be able to see and access navigation item "Site pages > Participants"
      • Add authenticated user role the cap 'moodle/course:viewparticipants' but not 'moodle/site:viewparticipants'
      • Login as normal user, you should neither see navigation item "Site pages -> Participants" nor able to access /user/index.php?id=1 directly
      Show
      Add authenticated user role the cap 'moodle/site:viewparticipants' but not 'moodle/course:viewparticipants' Login as normal user, you should be able to see and access navigation item "Site pages > Participants" Add authenticated user role the cap 'moodle/course:viewparticipants' but not 'moodle/site:viewparticipants' Login as normal user, you should neither see navigation item "Site pages -> Participants" nor able to access /user/index.php?id=1 directly

    Description

      To display navigation node:

      https://github.com/moodle/moodle/blob/MOODLE_28_STABLE/lib/navigationlib.php#L2602

              if (has_capability('moodle/course:viewparticipants',  context_system::instance())) {
                  $coursenode->add(get_string('participants'), new moodle_url('/user/index.php?id='.$course->id), self::TYPE_CUSTOM, get_string('participants'), 'participants');
              }
      

      To display the participants page itself:
      https://github.com/moodle/moodle/blob/MOODLE_28_STABLE/user/index.php#L76..L79

      if ($isfrontpage) {
          $PAGE->set_pagelayout('admin');
          require_capability('moodle/site:viewparticipants', $systemcontext);
      } else {
      

      To replicate:

      • Add authenticated user role the cap 'moodle/site:viewparticipants' but not 'moodle/course:viewparticipants'
      • You can not see the navigation item but you can access /user/index.php?id=1
      • Add authenticated user role the cap 'moodle/course:viewparticipants' but not 'moodle/site:viewparticipants'
      • You can see the navigation item "Site pages -> Participants" but if you click you get an error

      Attachments

        Activity

          People

            marina Marina Glancy
            marina Marina Glancy
            Simey Lameze Simey Lameze
            David Monllaó David Monllaó
            Frédéric Massart Frédéric Massart
            David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              6/Jul/15