Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51500

add_front_page_course_essentials uses incorrect context for permissions

XMLWordPrintable

    • MOODLE_29_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MDL-51500-master
    • Hide

      On a stock Moodle install:

      1. Go into a course as a teacher
      2. Confirm under Navigation>Site pages you do not see Notes
      3. Confirm under Navigation>Site pages you do see Site Badges
      4. As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges
      5. As a teacher, go into a course
      6. Confirm under Navigation>Site pages you do not see Site Badges
      Show
      On a stock Moodle install: Go into a course as a teacher Confirm under Navigation>Site pages you do not see Notes Confirm under Navigation>Site pages you do see Site Badges As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges As a teacher, go into a course Confirm under Navigation>Site pages you do not see Site Badges

      In the navigation lib, add_front_page_course_essentials(), it is passed a course (which actually in the code is always SITE), but it uses the current page context for permission checks.

      This leads to situations where links show up, but the user has no permissions to access them.

      The most blatant case is that Notes shows up to teachers in a course under Site pages>Notes, but when they click it they get a broken page (MDL-37377). This shows up in completely stock Moodle install with no config changes.

      But the problem can also happen with badges if you don't have moodle/badges:viewbadges set at the site level.

            emerrill Eric Merrill
            emerrill Eric Merrill
            cameron1729 cameron1729
            Dan Poltawski Dan Poltawski
            Mark Nelson Mark Nelson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.