Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59826

context_header() sometimes obscures profile information for users with permission

    XMLWordPrintable

Details

    • MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • MOODLE_32_STABLE, MOODLE_33_STABLE
    • MDL-59826-master
    • Hide
      • Make sure you have just 1 course on the site with only 1 enrolled student, s1.
      • Edit the manager role (define roles) and set 'viewdetails' and 'viewalldetails' to prevent.
      • Assign manager role to a user at system level.
      • Edit permissions in the course and override the manager role's capabilities, setting 'viewdetails' to 'allow'.
      • Now, log in as the manager user and navigate to the course participants page and click on the single student user's name.
      • Observe you DO now see the user header (the context_header) on the page (i.e. the user pic), and that you DO see the profile information below. 
      • Now, go to your profile page and change the id param to that of the user, s1.
      • Confirm that you can view their profile successfully.
      Show
      Make sure you have just 1 course on the site with only 1 enrolled student, s1. Edit the manager role (define roles) and set 'viewdetails' and 'viewalldetails' to prevent. Assign manager role to a user at system level. Edit permissions in the course and override the manager role's capabilities, setting 'viewdetails' to 'allow'. Now, log in as the manager user and navigate to the course participants page and click on the single student user's name. Observe you DO now see the user header (the context_header) on the page (i.e. the user pic), and that you DO see the profile information below.   Now, go to your profile page and change the id param to that of the user, s1. Confirm that you can view their profile successfully.
    • 3.4 Sprint 4

    Description

      Replication steps as per MDL-58953 (assuming MDL-59825 hasn't landed yet - if it has, you won't be able to replicate the failure, however the patch will still improve performance).

      • Make sure you have just 1 course on the site with only 1 enrolled student, s1.
      • Edit the manager role (define roles) and set 'viewdetails' and 'viewalldetails' to prevent.
      • Assign manager role to a user at system level.
      • Edit permissions in the course and override the manager role's capabilities, setting 'viewdetails' to 'allow'.
      • Now, log in as the manager user and navigate to the course participants page and click on the single student user's name.
      • Observe you don't see any user header (the context_header) on the page (i.e. no user pic), but that you DO see the profile information below. 

      This is a bug, caused by user_can_view_profile() failing to properly check all courses, at least when called from within context_header() without the $course param.

      As mentioned on MDL-58953:

      Now, this can be solved by fixing the user_can_view_profile() so it properly checks all courses (MDL-59825), however, I think a more practical solution (and better performing) would be to pass the $course object to user_can_view_profile() when we're sure the page is a course page. If we're certain we're in a specific course, then we know there's no way we can view the profile of a user within another course, so we don't need to consider this, and can get a performance win by restricting the scope too. 

      Attachments

        Issue Links

          Activity

            People

              jaked Jake Dallimore
              jaked Jake Dallimore
              Adrian Greeve Adrian Greeve
              Andrew Lyons Andrew Lyons
              Ryan Wyllie Ryan Wyllie
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/Sep/17