Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58054

'Hide my email' should not hide real email from notifications to users with 'viewuseridentity' capability

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Create a course with a teacher and a student
      2. Edit student's profile: set 'Email display' to 'Hide my email from everyone'
      3. Check that 'Show user identity' has 'Email' ticked on Site Administration -> Users -> Permissions -> User Policies
      4. Check that the Teacher has a permission 'site:viewuseridentity' for the Course
      5. Check that the Teacher has enabled Email notifications for Messages (Preferences -> Message preferences) 
      6. As a Student, compose a new message to a Teacher
      7. Check that the email came to the Teacher's mailbox with a real Student's email
      Show
      Create a course with a teacher and a student Edit student's profile: set 'Email display' to 'Hide my email from everyone' Check that 'Show user identity' has 'Email' ticked on Site Administration -> Users -> Permissions -> User Policies Check that the Teacher has a permission 'site:viewuseridentity' for the Course Check that the Teacher has enabled Email notifications for Messages (Preferences -> Message preferences)  As a Student, compose a new message to a Teacher Check that the email came to the Teacher's mailbox with a real Student's email
    • Affected Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • Pull Master Branch:

      Description

      It was said that users with 'viewuseridentity' capability (teachers, non-editing teachers, managers) were able to see their students' email addresses no matter if they've chosen to hide email in preferences. I think that the same should apply to notifications as well, otherwise it doesn't look consistent.

      This piece of code that defines whether to show the true address should be fixed to respect course managers and teachers.

          if (\core\ip_utils::is_domain_in_allowed_list(substr($from->email, strpos($from->email, '@') + 1), $alloweddomains)
                      && ($from->maildisplay == core_user::MAILDISPLAY_EVERYONE
                      || ($from->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY
                      && enrol_get_shared_courses($user, $from, false, true)))) {
              return true;
          }
      

      https://moodle.org/mod/forum/discuss.php?d=325559

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pavel.m.sokolov Pavel Sokolov
              Reporter:
              pavel.m.sokolov Pavel Sokolov
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated: