Affects Version/s: 2.9.3
Fix Version/s: None
Component/s: Events API
Moodle's event monitoring system is nice but however when a teacher wants to add a rule he has a huge list with all possible events. This list is too large for normal users and moreover he can add rules to events that are not intended for his role.
I'll give an example out of our Moodle system:
Our teachers don't have the capability to view the course log (capability report/log:view)
However a teacher can create and subscribe to this rule:
Log testcourse Logs Log report viewed 1 time(s) in 1 minute(s)
When an admin views the log of this specific course, the teacher gets a notification. However, when he clicks on the link to the log he gets the following message due to the missing capability:
Sorry, but you do not currently have permissions to do that (View course logs)
More information about this error
Error code: nopermissions
• line 786 of /lib/accesslib.php: required_capability_exception thrown
• line 115 of /report/log/index.php: call to require_capability()
So, it should not be possible to create and subscribe to rules that are not meant to be used by a specific role. We don't want to take the capability tool/monitor:managerules away from the teachers. They still should be able to create their own monitoring rules.
Now I wanted to start a discussion how this can be optimized so that each user only can create and subscribe to event monitoring rules he has the capabilities for?