Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59172

update user_can_view_profile to check for "viewalldetails"

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      This is covered by unit tests, but we'll check anyway

      1. Make sure there are no courses on your site. We don't want interference here.
      2. As admin user, create a course and enrol a student. Remember the student id
      3. Now, assign a course creator at system level.
      4. Log in as the course creator and view your profile
      5. Swap the ?id=x for the student id and confirm that you can't access the profile.
      6. Now, log in as admin again and edit the course creator role.
      7. Grant the 'viewalldetails' capability to this role.
      8. Now, log in as the course creator again and try to view the student profile like you did before.
      9. Confirm that you are able to view the student profile
      10. Clean up: Remove the 'viewalldetails' capability from the course creator role.
      Show
      This is covered by unit tests, but we'll check anyway Make sure there are no courses on your site. We don't want interference here. As admin user, create a course and enrol a student. Remember the student id Now, assign a course creator at system level. Log in as the course creator and view your profile Swap the ?id=x for the student id and confirm that you can't access the profile. Now, log in as admin again and edit the course creator role. Grant the 'viewalldetails' capability to this role. Now, log in as the course creator again and try to view the student profile like you did before. Confirm that you are able to view the student profile Clean up: Remove the 'viewalldetails' capability from the course creator role.
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE
    • Epic Link:
    • Pull from Repository:
    • Pull Master Branch:
      MDL-59172-master
    • Pull Master Diff URL:
    • Sprint:
      3.4 Sprint 3

      Description

      Api user_can_view_profile() should check for both "viewdetail" and "viewalldetails" caps.

        Attachments

          Activity

            People

            • Assignee:
              jaked Jake Dallimore
              Reporter:
              ankit_frenz Ankit Agarwal
              Peer reviewer:
              Ankit Agarwal
              Integrator:
              Dan Poltawski
              Tester:
              Mark Nelson
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Sep/17