-
Bug
-
Resolution: Fixed
-
Blocker
-
3.4
-
MOODLE_34_STABLE
-
MOODLE_34_STABLE
-
MDL-60626-master -
Replication instructions
- Open the calendar as admin
- Add a user event for your user
- Check the DB and find the ID of that event
- Log out, log in as a different user
- Add an event for that user too
- Open the calendar month view
- Open dev tools, and find the DOMNode for the event you just added
- Find the "data-event-id="????" attribute and swap the ID for the one from the database
- Click on the link
Expected
You are shown an access denied message
Actual
You get to sneak a peek at their event