-
Bug
-
Resolution: Fixed
-
Minor
-
3.3.4, 3.4, 3.5
-
MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
-
MOODLE_33_STABLE, MOODLE_34_STABLE
-
MDL-61005-master -
cohort/lib.php cohort_get_all_cohorts() states:
The function assumes that user capability to view/manage cohorts on system level
- has already been verified. This function only checks if such capabilities have been
- revoked in child (categories) contexts.
then it calls:
$excludedcontexts = cohort_get_invisible_contexts())
which finds the contexts that all cohorts might be in and then checks:
if (!has_any_capability(array('moodle/cohort:manage', 'moodle/cohort:view'), context::instance_by_id($ctx->id)))
using the context of the cohorts.
Problem is that it also includes the system level context in the loop and then checks to see if the user has cohort:manage or cohort:view at the system context and if not, excludes the system level cohorts from the list.
system level cohorts are "special" and permission can be provided at the course-level using the capability "moodle/cohort:view" so it should not be checking the system level context in that loop inside cohort_get_invisible_cohorts.
hard to reproduce in core, but I'm looking at a separate improvement - re-using the admin tool_lp/cohort searchable cohort selector in the enrolment cohort sync plugin which discovered this particular issue.
I'll try to provide a pull request to deal with this at some point.
- blocks
-
MDL-49417 Cohort enrollment screen no longer searchable
- Closed