Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50666

Role filter on enrolled users page unnecessarily shows all roles in the system

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Add patch and run notifications
        Site administration / ▶︎ Users / ▶︎ Permissions / ▶︎ Define roles
        Open the 'Allow role to view' tab
        Check all roles can see all other roles by default
        In the manager row, uncheck all roles except student and teacher
        Click save and check changes are persisted
      2. Open the 'Manage roles' tab
        Click 'Add a new role'
        Select the 'manager' role as archetype and press continue
        Give the new role a shortname and fullname (wokemanager)
        Click 'Create this role'
        Open the 'Allow role to view' tab
        Check that the wokemanager role is able to view the same roles as the existing manager role
        In the wokemanager row, check all roles
        Click save and check changes are persisted
        Create an additional role called hiddenstudent, based on the student archetype, do not allow the manager role to view or assign it
        Create an additional role called hiddenbutassignablestudent, based on the student archetype, do not allow the manager role to view but allow them to assign it
      3. Create a new course
        Create some new users named after the roles manager, wokemanager, hiddenstudent, hiddenbutassignablestudent, student and enrol them in the new course with their matching roles
        Create a new user that isn't assigned to the course
      4. Role assignments:
        Log in as manager
        Go to the course and open the enrolled users report
        The wokemanager and hiddenstudent user should be listed as having 'No Roles'
        The hiddenbutassignablestudent user should be listed as having 'hiddenbutassignablestudent' role - assignable takes precedence over hidden in this scenario
        Click the pencil to edit role assignments for student, click the drop down, 'hiddenstudent' role should not be visible, hiddenbutassignablestudent should be
        Click enrol user button, hiddenstudent role should not be visible, hiddenbutassignablestudent should be
      5. Log in as wokemanager
        Go to the course and open the enrolled users report
        All user roles should be listed as normal
        Click enrol user button, all roles should be visible
        Click the pencil to edit role assignments for student, all roles should be visible
      6. Badges:
        Log in as manager
        Go to the course, course administration > badges > add new badge
        Fill in the first page
        Add a manual issue by role criteria
        Only the teacher role should be present
      7. Log in as wokemanager
        Go to the course, course administration > badges > add new badge
        Fill in the first page
        Add a manual issue by role criteria
        Only the teacher role should be present
      8. Groups:
        Log in as wokemanager
        Go to the course, edit groups
        Create a new group and click add/remove users
        All users in the potential members box should be listed under the correct group
        Add all the users to the group
        All users in the group members box should be listed under the correct group
      9. Log in as manager
        Go to the course, edit groups
        Select the new group
        The student user should be listed under the student group
        Al other users should be in the No roles group
      10. report_stats:
        Configure the statistics report and generate some data
        Log in as manager
        Open the statistics report
        Only student and teacher roles should be available in the filters
      11. Log in as wokemanager
        Open the statistics report
        All roles should be available in the filters
      12. Everywhere else:
        Lists of roles presented to users should be filtered. I believe I have found all uses in core.
      Show
      Add patch and run notifications Site administration / ▶︎ Users / ▶︎ Permissions / ▶︎ Define roles Open the 'Allow role to view' tab Check all roles can see all other roles by default In the manager row, uncheck all roles except student and teacher Click save and check changes are persisted Open the 'Manage roles' tab Click 'Add a new role' Select the 'manager' role as archetype and press continue Give the new role a shortname and fullname (wokemanager) Click 'Create this role' Open the 'Allow role to view' tab Check that the wokemanager role is able to view the same roles as the existing manager role In the wokemanager row, check all roles Click save and check changes are persisted Create an additional role called hiddenstudent, based on the student archetype, do not allow the manager role to view or assign it Create an additional role called hiddenbutassignablestudent, based on the student archetype, do not allow the manager role to view but allow them to assign it Create a new course Create some new users named after the roles manager, wokemanager, hiddenstudent, hiddenbutassignablestudent, student and enrol them in the new course with their matching roles Create a new user that isn't assigned to the course Role assignments: Log in as manager Go to the course and open the enrolled users report The wokemanager and hiddenstudent user should be listed as having 'No Roles' The hiddenbutassignablestudent user should be listed as having 'hiddenbutassignablestudent' role - assignable takes precedence over hidden in this scenario Click the pencil to edit role assignments for student, click the drop down, 'hiddenstudent' role should not be visible, hiddenbutassignablestudent should be Click enrol user button, hiddenstudent role should not be visible, hiddenbutassignablestudent should be Log in as wokemanager Go to the course and open the enrolled users report All user roles should be listed as normal Click enrol user button, all roles should be visible Click the pencil to edit role assignments for student, all roles should be visible Badges: Log in as manager Go to the course, course administration > badges > add new badge Fill in the first page Add a manual issue by role criteria Only the teacher role should be present Log in as wokemanager Go to the course, course administration > badges > add new badge Fill in the first page Add a manual issue by role criteria Only the teacher role should be present Groups: Log in as wokemanager Go to the course, edit groups Create a new group and click add/remove users All users in the potential members box should be listed under the correct group Add all the users to the group All users in the group members box should be listed under the correct group Log in as manager Go to the course, edit groups Select the new group The student user should be listed under the student group Al other users should be in the No roles group report_stats: Configure the statistics report and generate some data Log in as manager Open the statistics report Only student and teacher roles should be available in the filters Log in as wokemanager Open the statistics report All roles should be available in the filters Everywhere else: Lists of roles presented to users should be filtered. I believe I have found all uses in core.
    • Affected Branches:
      MOODLE_28_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE
    • Pull Master Branch:

      Description

      On the enrolled users page within a course (/enrol/users.php?id=<COURSE-ID>), there's a filter bar which contains a role filter dropdown.

      This dropdown contains all roles which exist in the system. This causes confusion for teachers and might be a data leak (if there are roles on system level which shouldn't be publicly known).

      I propose to remove all roles from this dropdown which can't be assigned on course level as these roles won't produce any filter results as far as I see.

        Attachments

          Activity

            People

            • Votes:
              5 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                17/May/18