Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51500

add_front_page_course_essentials uses incorrect context for permissions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 2.8.9, 2.9.3
    • Component/s: Navigation
    • Labels:
    • Testing Instructions:
      Hide

      On a stock Moodle install:

      1. Go into a course as a teacher
      2. Confirm under Navigation>Site pages you do not see Notes
      3. Confirm under Navigation>Site pages you do see Site Badges
      4. As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges
      5. As a teacher, go into a course
      6. Confirm under Navigation>Site pages you do not see Site Badges
      Show
      On a stock Moodle install: Go into a course as a teacher Confirm under Navigation>Site pages you do not see Notes Confirm under Navigation>Site pages you do see Site Badges As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges As a teacher, go into a course Confirm under Navigation>Site pages you do not see Site Badges
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull Master Branch:
      MDL-51500-master

      Description

      In the navigation lib, add_front_page_course_essentials(), it is passed a course (which actually in the code is always SITE), but it uses the current page context for permission checks.

      This leads to situations where links show up, but the user has no permissions to access them.

      The most blatant case is that Notes shows up to teachers in a course under Site pages>Notes, but when they click it they get a broken page (MDL-37377). This shows up in completely stock Moodle install with no config changes.

      But the problem can also happen with badges if you don't have moodle/badges:viewbadges set at the site level.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              emerrill Eric Merrill
              Reporter:
              emerrill Eric Merrill
              Peer reviewer:
              cameron1729
              Integrator:
              Dan Poltawski
              Tester:
              Mark Nelson
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Nov/15