-
Bug
-
Resolution: Fixed
-
Minor
-
3.7
-
MOODLE_37_STABLE
-
MOODLE_36_STABLE, MOODLE_37_STABLE
-
MDL-65101_master -
Hi there,
while testing the new messaging interface and the newly introduced capability moodle/site:messageanyuser, we've stumbled over this issue.
Status quo and problem
As far as we understand users with that capability can write to other users even if they have been blocked by them. For example user A has the capability and user B blocks user A, user A can still write messages to user B.
The strange thing is that if user B changes his privacy restriction setting to "My contacts only", the user A, who has the capability cannot send messages to B anymore.
On the one hand, blocking feels more strict than just allowing contacts to contact me. On the other hand if the capability is called messageanyuser and "ignores" blocking, it's surprising that this setting levers this out.
Steps to reproduce
- Having users A and B in your system
- Make sure that moodle/site:messageanyuser is given to teachers
- Go to a course X (or create one) and enrol user A as teacher and user B as student
- Login as user B, open the messaging interface and search for user A
- In the list, click on the three dots for user A and click on context menu item "Block user"
- Confirm the blocking action by clicking the button "Block"
- Verify that you see the information "You have blocked this user in the past" with the button "Unblock user"
- Login as user A
- Open the messaging interface and search for user B
- Make sure that you have the messaging text area
- Enter a message and send it to user B
- Login as user B and see that he's got a new message from user A and the blocking icon is shown after the name of user A
- Now change the privacy setting to "My contacts only"
- Login as A again
- Go to the conversation with B and click on it
- See that you cannot write to B anymore because you see the hint "B is not in your contacts. You need to request Adam Ant to add you as a contact to be able to message them."
Proposal
Either this is intended behavior, then the capability should be defined in a more restrictive way or should get another title (maybe messsageblockedusers).
We would assume that this is not intended behavior, because in that case it would be possible for students to prevent messages from their teachers. And we don't think that it's practicable that a teacher requests contact approval for many of his students...
If it's not intended, then this is a bug (as I declared the issue) and the capability should also make it possible to override this privacy setting.
Analogous to MDL-65093, the user then should also get a hint that the privacy setting has no effect on users with this capability.
Best, Kathrin