Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56285

In learning plan templates, cannot move competencies around even if capability "templatemanage" is given to the role because of bad context check

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.1.3
    • 3.1, 3.1.1, 3.1.2
    • Competencies
    • MOODLE_31_STABLE
    • MOODLE_31_STABLE
    • MDL-56285-master
    • Hide
      • connect with admin account
      • create category "Cat test template"
      • create a competency framework in category "Cat test template"
      • add competency A and competency B
      • create a learning plan template in the category "Cat test template"
      • add new role "Managetemplate" in category "Cat test template"
      • create a user "User templatemanage"
      • go the category "Cat test template" and in assign role, add the user to the role
      • connect with "User templatemanage" and go to the category "Cat test template"
      • go the template learning plan and reorder the competencies (drag and drop)
      • make sure there is no permission error.
      Show
      connect with admin account create category "Cat test template" create a competency framework in category "Cat test template" add competency A and competency B create a learning plan template in the category "Cat test template" add new role "Managetemplate" in category "Cat test template" create a user "User templatemanage" go the category "Cat test template" and in assign role, add the user to the role connect with "User templatemanage" and go to the category "Cat test template" go the template learning plan and reorder the competencies (drag and drop) make sure there is no permission error.

      While testing around with learning plan templates, we manage to come across a bug concerning the capability "templatemanage". it seems that Moodle checks the capability at the system level :

      Competency/api.php
        /**
           * Move the template competency up or down in the display list.
           *
           * Requires moodle/competency:templatemanage capability at the system context.
           *
           * @param int $templateid The template id
           * @param int $competencyidfrom The id of the competency we are moving.
           * @param int $competencyidto The id of the competency we are moving to.
           * @return boolean
           */
          public static function reorder_template_competency($templateid, $competencyidfrom, $competencyidto) {
              static::require_enabled();
             // First we do a permissions check.
              $context = context_system::instance();
       
              require_capability('moodle/competency:templatemanage', $context);
      

      Moodle should check the context of the template instead :

       /**
           * Move the template competency up or down in the display list.
           *
           * Requires moodle/competency:templatemanage capability at the system context.
           *
           * @param int $templateid The template id
           * @param int $competencyidfrom The id of the competency we are moving.
           * @param int $competencyidto The id of the competency we are moving to.
           * @return boolean
           */
          public static function reorder_template_competency($templateid, $competencyidfrom, $competencyidto) {
              static::require_enabled();
       
             // First we do a permissions check.
              $template = new template($templateid);
      if (!$template->can_manage()) {
          throw new required_capability_exception($template->get_context(), 'moodle/competency:templatemanage','nopermissions', '');
      }
      

      Otherwise, a user within a category context will get a "no permission" error every time he/she tries to move a competency in his learning plan templates.

            taboubii Issam Taboubi
            melrome Melvin Romero
            Frédéric Massart Frédéric Massart
            Dan Poltawski Dan Poltawski
            Simey Lameze Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.