Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60433

Groups are not correctly handled by Web Services in the database module

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings
      2. Create a database in a course with groups enabled (using a template like the image gallery) and add a couple of entries
      3. Once the entries are created, configure the database to use separate groups
      4. Configure the course to allow guest users
      5. Now, access the site via the mobile app using a normal user account. The user mustn't be enrolled in the course where the database is.
      6. Using the search option in the app (magnifying glass) look for the course and access it.
      7. Access the database activity and check that you can see the entries created
      8. Perform a search in the database and check that you see correctly the search result in the app
      9. You can compare what you see in the app to what you see on the website when you are logged in using the same user account. You should see the same entries
      10. Now, enrol a couple of users as students in the course in different groups
      11. Create one entry in the database with each student account
      12. Check that via the mobile app that one student can see only the entries he has created and the entries that were previously created (in step 2). (Log-in with the course's student user accounts in the mobile app to check this)
      13. You should not be able to see other users groups entries
      Show
      As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings Create a database in a course with groups enabled (using a template like the image gallery) and add a couple of entries Once the entries are created, configure the database to use separate groups Configure the course to allow guest users Now, access the site via the mobile app using a normal user account. The user mustn't be enrolled in the course where the database is. Using the search option in the app (magnifying glass) look for the course and access it. Access the database activity and check that you can see the entries created Perform a search in the database and check that you see correctly the search result in the app You can compare what you see in the app to what you see on the website when you are logged in using the same user account. You should see the same entries Now, enrol a couple of users as students in the course in different groups Create one entry in the database with each student account Check that via the mobile app that one student can see only the entries he has created and the entries that were previously created (in step 2). (Log-in with the course's student user accounts in the mobile app to check this) You should not be able to see other users groups entries
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-60433-master

      Description

      Originally reported in MOBILE-2226

      The groupid 0 is valid even if the user can't view all groups, the reason is that the inner API actually checks this case and return only entries not linked to groups.

      This is affecting several Web Services

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Nov/17