Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51500

add_front_page_course_essentials uses incorrect context for permissions

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.2
    • 2.8.9, 2.9.3
    • Navigation
    • MOODLE_29_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MDL-51500-master
    • Hide

      On a stock Moodle install:

      1. Go into a course as a teacher
      2. Confirm under Navigation>Site pages you do not see Notes
      3. Confirm under Navigation>Site pages you do see Site Badges
      4. As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges
      5. As a teacher, go into a course
      6. Confirm under Navigation>Site pages you do not see Site Badges
      Show
      On a stock Moodle install: Go into a course as a teacher Confirm under Navigation>Site pages you do not see Notes Confirm under Navigation>Site pages you do see Site Badges As an admin, Edit the role go into Authenticated user, remove the permission moodle/badges:viewbadges As a teacher, go into a course Confirm under Navigation>Site pages you do not see Site Badges

    Description

      In the navigation lib, add_front_page_course_essentials(), it is passed a course (which actually in the code is always SITE), but it uses the current page context for permission checks.

      This leads to situations where links show up, but the user has no permissions to access them.

      The most blatant case is that Notes shows up to teachers in a course under Site pages>Notes, but when they click it they get a broken page (MDL-37377). This shows up in completely stock Moodle install with no config changes.

      But the problem can also happen with badges if you don't have moodle/badges:viewbadges set at the site level.

      Attachments

        Issue Links

          will be (partly) resolved by

          Improvement - An enhancement to an existing Moodle feature. MDL-33539 When in teacher role, Notes and Reports navigation links should be disable

          • Minor - Minor loss of function where workaround is possible
          • Closed
          will help resolve

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-37377 Teachers can create site notes but cannot access them from the Navigation block

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              emerrill Eric Merrill
              emerrill Eric Merrill
              cameron1729 cameron1729
              Dan Poltawski Dan Poltawski
              Mark Nelson Mark Nelson
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/15