Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50830

Incorrect permission checks in the singleview report

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.9
    • Fix Version/s: None
    • Component/s: Gradebook
    • Labels:
      None
    • Affected Branches:
      MOODLE_29_STABLE

      Description

      We found out, that a role corrector cannot edit grades in singleview, because he hasn't the capability moodle:grade/manage (grade/report/singleview/lib.php)
      However he has the capabilities moodle/grade:edit and moodle/singleview:view.

      We think, that the requested moodle:grade/manage should be replaced by the moodle/grade:edit capability in the function

      public function process_data($data) {
      if (has_capability('moodle/grade:manage', $this->context))
      { return $this->screen->process($data); }
      } 
      

      in line 54.

      To edit grades it is not necessary to be able to manage other settings related to grading.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              kosswa Kathrin Osswald
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: