Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51415

Review the use of is_enrolled in external functions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 2.9.3
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      1. Create a course with group mode "Separate groups" Forced
      2. Create two groups, enrol different users in the two groups
      3. Create one activity, like a forum, with groups forced
      4. As admin, enable "Mobile services": Plugins ► Web Services ► Mobile
      5. Create a Token for the admin user:
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      6. Next, you can do a CURL REST call simulating a WS client
        • You need to replace the wstoken, cmid (with the course module id of the activity) and the URL of your moodle instance

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'cmid=125&wsfunction=core_group_get_activity_allowed_groups&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' | python -m "json.tool"

      7. Confirm that you receive a json structure containing the information of all the activity groups
      8. With the same token run the following command (replace courseid with the course where the activity is and userid with any user in the course)

        curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'userid=106&courseid=4&wsfunction=core_user_view_user_profile&wstoken=a70d553bbaf6d9b260a9e5c701b3c46e'

      9. Confirm that you can see new entries in the course log (User profile viewed) for that course and the user. The origin for the new log entries is "ws"
      10. Now as teacher create some notes (course notes) for any user and run this command (replacing the courseid and userid values):

        curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'userid=0&courseid=4&wsfunction=core_notes_view_notes&wstoken=a70d553bbaf6d9b260a9e5c701b3c46e'

      11. Confirm that you can see new entries in the course log (note profile viewed) for that course and the user. The origin for the new log entries is "ws"
      Show
      Create a course with group mode "Separate groups" Forced Create two groups, enrol different users in the two groups Create one activity, like a forum, with groups forced As admin, enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for the admin user: Click on Site administration ► Plugins ► Web services ► Manage tokens Next, you can do a CURL REST call simulating a WS client You need to replace the wstoken, cmid (with the course module id of the activity) and the URL of your moodle instance curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'cmid=125&wsfunction=core_group_get_activity_allowed_groups&wstoken=ffbe3a3002f235bf9d01fd9369e10b66' | python -m "json.tool" Confirm that you receive a json structure containing the information of all the activity groups With the same token run the following command (replace courseid with the course where the activity is and userid with any user in the course) curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'userid=106&courseid=4&wsfunction=core_user_view_user_profile&wstoken=a70d553bbaf6d9b260a9e5c701b3c46e' Confirm that you can see new entries in the course log (User profile viewed) for that course and the user. The origin for the new log entries is "ws" Now as teacher create some notes (course notes) for any user and run this command (replacing the courseid and userid values): curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'userid=0&courseid=4&wsfunction=core_notes_view_notes&wstoken=a70d553bbaf6d9b260a9e5c701b3c46e' Confirm that you can see new entries in the course log (note profile viewed) for that course and the user. The origin for the new log entries is "ws"
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-51415-master

      Description

      David Monllaó mentioned in MDL-50966 that the use of is_enrolled in external functions some times leads to unexpected results mainly for admin users.

      We should review the use of is_enrolled in all the external functions, and additional utility function should be created (maybe at accesslib level) to check if a user can view courses based on capabilities and enrolment.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Nov/15