Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59172

update user_can_view_profile to check for "viewalldetails"

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      This is covered by unit tests, but we'll check anyway

      1. Make sure there are no courses on your site. We don't want interference here.
      2. As admin user, create a course and enrol a student. Remember the student id
      3. Now, assign a course creator at system level.
      4. Log in as the course creator and view your profile
      5. Swap the ?id=x for the student id and confirm that you can't access the profile.
      6. Now, log in as admin again and edit the course creator role.
      7. Grant the 'viewalldetails' capability to this role.
      8. Now, log in as the course creator again and try to view the student profile like you did before.
      9. Confirm that you are able to view the student profile
      10. Clean up: Remove the 'viewalldetails' capability from the course creator role.
      Show
      This is covered by unit tests, but we'll check anyway Make sure there are no courses on your site. We don't want interference here. As admin user, create a course and enrol a student. Remember the student id Now, assign a course creator at system level. Log in as the course creator and view your profile Swap the ?id=x for the student id and confirm that you can't access the profile. Now, log in as admin again and edit the course creator role. Grant the 'viewalldetails' capability to this role. Now, log in as the course creator again and try to view the student profile like you did before. Confirm that you are able to view the student profile Clean up: Remove the 'viewalldetails' capability from the course creator role.
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE
    • Epic Link:
    • Pull from Repository:
    • Pull Master Branch:
      MDL-59172-master
    • Sprint:
      3.4 Sprint 3

      Description

      Api user_can_view_profile() should check for both "viewdetail" and "viewalldetails" caps.

        Attachments

          Activity

            People

            Assignee:
            jaked Jake Dallimore
            Reporter:
            ankit_frenz Ankit Agarwal
            Peer reviewer:
            Ankit Agarwal
            Integrator:
            Dan Poltawski
            Tester:
            Mark Nelson
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              11/Sep/17