Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59429

Changes to current site admins not logged

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Log into a site with multiple users.
      2. Navigate to Site administration>Users>Site administrators (under Permissions).
      3. Click a user under Potential users (I will call it user2), and click Add, then Continue, to add user2 as administrator.
      4. Keep the Site administrators tab open, and in a separate tab, navigate to Site administration>Reports>Config changes.
      5. CONFIRM there is a new row logged with the correct date, your (admin) user's name, plugin = core, setting = siteadmins, and the Original value lists the correct user IDs that were set as admins before you added the new one. Also CONFIRM the New value is the same list, but with user2's user ID included in the list.
      6. Return to the Site administrators tab (opened in step 2) (but don't close the Config changes tab).
      7. Click user2's name under Existing users, then click Set main admin.
      8. Return to the Config changes tab, and refresh the page. You should now see a similar row to step 5. CONFIRM the user IDs in the original/new values are the same, but user2's ID is now first in the list (confirms they are the main admin).
      9. Return to the Site administrators tab, set the main admin back as it was before (so user2 is again listed under Existing users).
      10. Click user2's name, then click Remove and then Continue, to remove user2 from the list of admins.
      11. Return to the Config changes tab, and CONFIRM the log shows user2's ID has been removed from the list of admins.
      12. Navigate to Site administration>Reports>logs.
      13. Click get these logs.
      14. CONFIRM the appropriate logs are showing for the changes made in the steps above.
      Show
      Log into a site with multiple users. Navigate to Site administration>Users>Site administrators (under Permissions). Click a user under Potential users (I will call it user2), and click Add, then Continue, to add user2 as administrator. Keep the Site administrators tab open, and in a separate tab, navigate to Site administration>Reports>Config changes. CONFIRM there is a new row logged with the correct date, your (admin) user's name, plugin = core, setting = siteadmins, and the Original value lists the correct user IDs that were set as admins before you added the new one. Also CONFIRM the New value is the same list, but with user2's user ID included in the list. Return to the Site administrators tab (opened in step 2) (but don't close the Config changes tab). Click user2's name under Existing users , then click Set main admin . Return to the Config changes tab, and refresh the page. You should now see a similar row to step 5. CONFIRM the user IDs in the original/new values are the same, but user2's ID is now first in the list (confirms they are the main admin). Return to the Site administrators tab, set the main admin back as it was before (so user2 is again listed under Existing users). Click user2's name, then click Remove and then Continue, to remove user2 from the list of admins. Return to the Config changes tab, and CONFIRM the log shows user2's ID has been removed from the list of admins. Navigate to Site administration>Reports>logs. Click get these logs. CONFIRM the appropriate logs are showing for the changes made in the steps above.
    • Affected Branches:
      MOODLE_31_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_36_STABLE
    • Pull Master Branch:
      MDL-59429-master

      Description

      If you add or remove users from the site admins list, this action doesn't appear to be recorded in either the Config changes report or the site's Logs report.

      This a fairly serious change with potential security repercussions and one may be required to produce an audit of these changes but I can't see that this is possible.

      Personally I think this should appear in the Config changes report.

        Attachments

          Activity

            People

            • Votes:
              13 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                3/Dec/18

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 10 minutes
                10m