Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50782

/lib/ajax/service.php should not call require_login

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.2
    • 2.9.3
    • JavaScript
    • MOODLE_29_STABLE
    • MOODLE_29_STABLE
    • MDL-50782-master
    • Hide

      You must test this without MDL-50784 integrated / in your branch.

      Open the template library,
      In another browser tab log out
      Use the template library without reloading the page - it should still work (because the webservices it uses do not require a session).

      Edit lib/db/services.php
      Change

      'core_output_load_template' => array(                                                                                           
              'classname'   => 'core\output\external',                                                                                    
              'methodname'  => 'load_template',                                                                                           
              'description' => 'Load a template for a renderable',                                                                        
              'type'        => 'read'                                                                                                     
          ),        
      

      to:

      'core_output_load_template' => array(                                                                                           
              'classname'   => 'core\output\external',                                                                                    
              'methodname'  => 'load_template',                                                                                           
              'description' => 'Load a template for a renderable',                                                                        
              'type'        => 'write'                                                                                                     
          ),        
      

      Use the template library without reloading the page - it should show exceptions "Web service is not available (it doesn't exist or might be disabled)".

      Show
      You must test this without MDL-50784 integrated / in your branch. Open the template library, In another browser tab log out Use the template library without reloading the page - it should still work (because the webservices it uses do not require a session). Edit lib/db/services.php Change 'core_output_load_template' => array( 'classname' => 'core\output\external', 'methodname' => 'load_template', 'description' => 'Load a template for a renderable', 'type' => 'read' ), to: 'core_output_load_template' => array( 'classname' => 'core\output\external', 'methodname' => 'load_template', 'description' => 'Load a template for a renderable', 'type' => 'write' ), Use the template library without reloading the page - it should show exceptions "Web service is not available (it doesn't exist or might be disabled)".

    Description

      Not all ajax services need to be logged in. E.g. blocks that show on the front page would need to work before someone logs in. The webservices themselves need to perform the correct validate_context checks and capability checks anyway, so removing this require_login from the ajax script handler will not reduce security.

      Attachments

        Issue Links

          Activity

            People

              damyon Damyon Wiese
              damyon Damyon Wiese
              Frédéric Massart Frédéric Massart
              Andrew Lyons Andrew Lyons
              Rajesh Taneja Rajesh Taneja
              David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/15