Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52105

Useless and incorrectly restrictive CAP_PROHIBIT for 'enrol/self:holdkey'

    Details

    • Testing Instructions:
      Hide
      Creating key holder role with key holder capability.
      1. Log in as admin.
      2. Go to Site administration ► Users ► Permissions ► Define roles
      3. Click on Add new role
      4. Don't select an archetype or role preset, just press Continue button.
      5. In the Adding a new role form:
        • Give the new role the Key holder short and full name
        • On context types, click on Course checkbox
        • Search for enrol/self:holdkey and click on Allow checkbox
        • Click on Create this new role
      Enabling key holder course contact.
      1. Go to Site administration ► Appearance ► Courses.
      2. On Course contacts mark Key holder checkbox and save.
      Testing the manager role capability changes.
      1. Create a new course.
      2. Go to Course Administration ► Users ► Enrolment methods.
      3. Enable Self enrolment and click on Edit.
      4. Add an enrolment key and save it.
      5. Go to Course Administration ► Users ► Enrolled users.
      6. Enrol an user with manager role (If you use mdk, you can use m1, or m2...)
      7. Log out and log in as manager
      8. Go to Course Administration ► Users ► Permissions.
      9. Search for enrol/self:holdkey
      10. Please note Manager is not marked as prohibited.
      11. Add Manager on Roles with Permission.
      12. Log out. On site home, select the course you've just created.
      13. Try to login with an existing user, but not enroled.
      14. Make sure you see a message: You should have received this enrolment key from: followed by the picture and the full name of the manager.
      15. Enter the enrolment key and make sure you are enroled in the course.
      16. Log out and log in as admin.
      17. Create a new user.
      18. Go to the course you've created.
      19. Enrol this new user and give him the Key holder role.
      20. Go to Course Administration ► Users ► Permissions.
      21. Search for enrol/self:holdkey and remove Manager role of the allowed list.
      22. Log out and try to log in again, with a different user, but not enrolled in that course.
      23. Make sure the you see that message and now the user displayed is the one you created.
      Show
      Creating key holder role with key holder capability. Log in as admin. Go to Site administration ► Users ► Permissions ► Define roles Click on Add new role Don't select an archetype or role preset, just press Continue button. In the Adding a new role form: Give the new role the Key holder short and full name On context types, click on Course checkbox Search for enrol/self:holdkey and click on Allow checkbox Click on Create this new role Enabling key holder course contact. Go to Site administration ► Appearance ► Courses. On Course contacts mark Key holder checkbox and save. Testing the manager role capability changes. Create a new course. Go to Course Administration ► Users ► Enrolment methods. Enable Self enrolment and click on Edit . Add an enrolment key and save it. Go to Course Administration ► Users ► Enrolled users. Enrol an user with manager role (If you use mdk, you can use m1, or m2...) Log out and log in as manager Go to Course Administration ► Users ► Permissions. Search for enrol/self:holdkey Please note Manager is not marked as prohibited. Add Manager on Roles with Permission . Log out. On site home, select the course you've just created. Try to login with an existing user, but not enroled. Make sure you see a message: You should have received this enrolment key from: followed by the picture and the full name of the manager. Enter the enrolment key and make sure you are enroled in the course. Log out and log in as admin. Create a new user. Go to the course you've created. Enrol this new user and give him the Key holder role. Go to Course Administration ► Users ► Permissions. Search for enrol/self:holdkey and remove Manager role of the allowed list. Log out and try to log in again, with a different user, but not enrolled in that course. Make sure the you see that message and now the user displayed is the one you created.
    • Affected Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE, MOODLE_31_STABLE
    • Pull from Repository:
    • Pull 3.1 Branch:
    • Pull Master Branch:
      MDL-52105-master
    • Sprint:
      3.2 Sprint 4

      Description

      Raised by Tim Hunt in the developers chat, it seems that an "incorrect" CAP_PROHIBIT was introduced by MDL-26017, for managers, on 'enrol/self:holdkey', apparently with the wrong assumption of managers being displayed always as key holders.

      I've had not time to verify this... but unless I'm wrong:

      1) There was not need to set such prohibit @ system level at all. Blank (not set) was enough. Not sure if that came from the old days where admins were returned always or what.

      2) That prohibit effectively prevents any manager to be a key holder ever (prohibit always wins). And that seems to be an incorrect restriction, in fact can imagine sites assigning manager roles wanting to be also key-holders, it's not crazy at all.

      So this is about to:

      a) confirm that it's not needed to have such system level prohibit and verify key-holders functionality works perfectly without it.
      b) confirm that managers are allowed to be key-holders.
      c) hopefully covered with acceptance tests.

      For your consideration, ciao

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  1 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    12/Sep/16