-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
3.2.2, 3.3.5, 3.4.2
-
MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
-
It was said that users with 'viewuseridentity' capability (teachers, non-editing teachers, managers) were able to see their students' email addresses no matter if they've chosen to hide email in preferences. I think that the same should apply to notifications as well, otherwise it doesn't look consistent.
This piece of code that defines whether to show the true address should be fixed to respect course managers and teachers.
if (\core\ip_utils::is_domain_in_allowed_list(substr($from->email, strpos($from->email, '@') + 1), $alloweddomains) |
&& ($from->maildisplay == core_user::MAILDISPLAY_EVERYONE |
|| ($from->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY |
&& enrol_get_shared_courses($user, $from, false, true)))) { |
return true; |
}
|
- has a non-specific relationship to
-
MDL-59097 Reply-to is not set in instant message email notifications
- Closed
- has been marked as being related by
-
MDL-37479 Deprecate capability course:useremail, as it's not used.
- Closed
- has to be done after
-
MDL-58038 Email: Allowed domain name check fails for all domains except last one (PHP_EOL mismatch)
- Closed