Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 3.4, 3.4.4, 3.5.1
-
Component/s: Roles / Access, User management
-
Labels:
Description
Create a situation when city/country are in both $CFG->showuseridentity and $CFG->hiddenuserfields
Make sure that user who has 'moodle/site:viewuseridentity' capability but does not have capability 'moodle/course:viewhiddenuserfields' can never see city and country of other users.
Before the lists $CFG->showuseridentity and $CFG->hiddenuserfields never overlapped and it is VERY possible that we do not check viewhiddenuserfields when preparing list of showuseridentity fieldsMDL-59436
See also discussions https://tracker.moodle.org/browse/MDL-59370?focusedCommentId=475653&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-475653
Attachments
Issue Links
- has a non-specific relationship to
-
MDL-60191 Visibility problems with identity fields like email or phone
-
- Closed
-