Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58054

'Hide my email' should not hide real email from notifications to users with 'viewuseridentity' capability

    XMLWordPrintable

Details

    • MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • Hide
      1. Create a course with a teacher and a student
      2. Edit student's profile: set 'Email display' to 'Hide my email from everyone'
      3. Check that 'Show user identity' has 'Email' ticked on Site Administration -> Users -> Permissions -> User Policies
      4. Check that the Teacher has a permission 'site:viewuseridentity' for the Course
      5. Check that the Teacher has enabled Email notifications for Messages (Preferences -> Message preferences) 
      6. As a Student, compose a new message to a Teacher
      7. Check that the email came to the Teacher's mailbox with a real Student's email
      Show
      Create a course with a teacher and a student Edit student's profile: set 'Email display' to 'Hide my email from everyone' Check that 'Show user identity' has 'Email' ticked on Site Administration -> Users -> Permissions -> User Policies Check that the Teacher has a permission 'site:viewuseridentity' for the Course Check that the Teacher has enabled Email notifications for Messages (Preferences -> Message preferences)  As a Student, compose a new message to a Teacher Check that the email came to the Teacher's mailbox with a real Student's email

    Description

      It was said that users with 'viewuseridentity' capability (teachers, non-editing teachers, managers) were able to see their students' email addresses no matter if they've chosen to hide email in preferences. I think that the same should apply to notifications as well, otherwise it doesn't look consistent.

      This piece of code that defines whether to show the true address should be fixed to respect course managers and teachers.

          if (\core\ip_utils::is_domain_in_allowed_list(substr($from->email, strpos($from->email, '@') + 1), $alloweddomains)
                      && ($from->maildisplay == core_user::MAILDISPLAY_EVERYONE
                      || ($from->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY
                      && enrol_get_shared_courses($user, $from, false, true)))) {
              return true;
          }
      

      https://moodle.org/mod/forum/discuss.php?d=325559

      Attachments

        Issue Links

          Activity

            People

              pavel.m.sokolov Pavel Sokolov
              pavel.m.sokolov Pavel Sokolov
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated: