Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59847

Check situation when city/country are hiddenfields and identityfields at the same time

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Human testing is not strictly necessary as the functionality is covered by unit tests.

      If required, the human testing should focus on following scenarios. No point to provide detailed steps to reproduce as those were already checked obviously. The human testing could be more of exploration style seeking for more places not covered by this patch.

      1. Select Country and City as hiddenuserfields fields (Users > Permissions > User policies > Hide user fields)
      2. Select Country and City as showuseridentity fields (Users > Permissions > User policies > Show user identity)
      3. Check various places where we display list of users, both inside courses and outside courses - such as:
        • Course participants page
        • Group membership UI inside a course
        • Manual enrolment UI inside a course
        • Cohort membership UI outside a course
      4. Make sure that depending on the logged user and the permissions:
        1. The user needs https://docs.moodle.org/en/Capabilities/moodle/site:viewuseridentity to have the fields Country and City shown as user identifiers on these lists. Without this capability, they should not appear at all.
        2. When outside the course, the user also needs to have https://docs.moodle.org/en/Capabilities/moodle/user:viewhiddendetails to see the hiddenCountry and City fields in lists
        3. When inside a course, the user also needs to have https://docs.moodle.org/35/en/Capabilities/moodle/course:viewhiddenuserfields to see the Country and City fields in lists

      Please note that currently, displaying these fields on users profile pages is implemented separately and has not been affected in this issue.

      Show
      Human testing is not strictly necessary as the functionality is covered by unit tests. If required, the human testing should focus on following scenarios. No point to provide detailed steps to reproduce as those were already checked obviously. The human testing could be more of exploration style seeking for more places not covered by this patch. Select Country and City as hiddenuserfields fields (Users > Permissions > User policies > Hide user fields) Select Country and City as showuseridentity fields (Users > Permissions > User policies > Show user identity) Check various places where we display list of users, both inside courses and outside courses - such as: Course participants page Group membership UI inside a course Manual enrolment UI inside a course Cohort membership UI outside a course Make sure that depending on the logged user and the permissions: The user needs https://docs.moodle.org/en/Capabilities/moodle/site:viewuseridentity to have the fields Country and City shown as user identifiers on these lists. Without this capability, they should not appear at all. When outside the course, the user also needs to have https://docs.moodle.org/en/Capabilities/moodle/user:viewhiddendetails to see the hiddenCountry and City fields in lists When inside a course, the user also needs to have https://docs.moodle.org/35/en/Capabilities/moodle/course:viewhiddenuserfields to see the Country and City fields in lists Please note that currently, displaying these fields on users profile pages is implemented separately and has not been affected in this issue.
    • Affected Branches:
      MOODLE_34_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_34_STABLE, MOODLE_35_STABLE
    • Pull from Repository:
    • Pull 3.4 Branch:
    • Pull 3.5 Branch:
    • Pull Master Branch:
      MDL-59847-master

      Description

      Create a situation when city/country are in both $CFG->showuseridentity and $CFG->hiddenuserfields

      Make sure that user who has 'moodle/site:viewuseridentity' capability but does not have capability 'moodle/course:viewhiddenuserfields' can never see city and country of other users.

      Before MDL-59436 the lists $CFG->showuseridentity and $CFG->hiddenuserfields never overlapped and it is VERY possible that we do not check viewhiddenuserfields when preparing list of showuseridentity fields

      See also discussions https://tracker.moodle.org/browse/MDL-59370?focusedCommentId=475653&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-475653

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Sep/18