Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51500

add_front_page_course_essentials uses incorrect context for permissions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 2.8.9, 2.9.3
    • Component/s: Navigation
    • Labels:
    • Testing Instructions:
      Hide

      On a stock Moodle install:

      1. Go into a course as a teacher
      2. Confirm under Navigation>Site pages you do not see Notes
      3. Confirm under Navigation>Site pages you do see Site Badges
      4. As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges
      5. As a teacher, go into a course
      6. Confirm under Navigation>Site pages you do not see Site Badges
      Show
      On a stock Moodle install: Go into a course as a teacher Confirm under Navigation>Site pages you do not see Notes Confirm under Navigation>Site pages you do see Site Badges As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges As a teacher, go into a course Confirm under Navigation>Site pages you do not see Site Badges
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull Master Branch:
      MDL-51500-master

      Description

      In the navigation lib, add_front_page_course_essentials(), it is passed a course (which actually in the code is always SITE), but it uses the current page context for permission checks.

      This leads to situations where links show up, but the user has no permissions to access them.

      The most blatant case is that Notes shows up to teachers in a course under Site pages>Notes, but when they click it they get a broken page (MDL-37377). This shows up in completely stock Moodle install with no config changes.

      But the problem can also happen with badges if you don't have moodle/badges:viewbadges set at the site level.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Nov/15