Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58054

'Hide my email' should not hide real email from notifications to users with 'viewuseridentity' capability

XMLWordPrintable

    • MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • Hide
      1. Create a course with a teacher and a student
      2. Edit student's profile: set 'Email display' to 'Hide my email from everyone'
      3. Check that 'Show user identity' has 'Email' ticked on Site Administration -> Users -> Permissions -> User Policies
      4. Check that the Teacher has a permission 'site:viewuseridentity' for the Course
      5. Check that the Teacher has enabled Email notifications for Messages (Preferences -> Message preferences) 
      6. As a Student, compose a new message to a Teacher
      7. Check that the email came to the Teacher's mailbox with a real Student's email
      Show
      Create a course with a teacher and a student Edit student's profile: set 'Email display' to 'Hide my email from everyone' Check that 'Show user identity' has 'Email' ticked on Site Administration -> Users -> Permissions -> User Policies Check that the Teacher has a permission 'site:viewuseridentity' for the Course Check that the Teacher has enabled Email notifications for Messages (Preferences -> Message preferences)  As a Student, compose a new message to a Teacher Check that the email came to the Teacher's mailbox with a real Student's email

      It was said that users with 'viewuseridentity' capability (teachers, non-editing teachers, managers) were able to see their students' email addresses no matter if they've chosen to hide email in preferences. I think that the same should apply to notifications as well, otherwise it doesn't look consistent.

      This piece of code that defines whether to show the true address should be fixed to respect course managers and teachers.

          if (\core\ip_utils::is_domain_in_allowed_list(substr($from->email, strpos($from->email, '@') + 1), $alloweddomains)
                      && ($from->maildisplay == core_user::MAILDISPLAY_EVERYONE
                      || ($from->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY
                      && enrol_get_shared_courses($user, $from, false, true)))) {
              return true;
          }
      

      https://moodle.org/mod/forum/discuss.php?d=325559

            Unassigned Unassigned
            pavel.m.sokolov Pavel Sokolov
            Votes:
            3 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.