Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-65235

Login as feature should not expose user private messages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Reopened
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.5.3
    • Fix Version/s: None
    • Component/s: Messages, User management
    • Labels:
      None
    • Affected Branches:
      MOODLE_35_STABLE

      Description

      There're some privacy issues for 'loginas' capability. It reveals the user's private information like conversations. Since our teachers use 'login as' to debug their courses, it's essential to set up some more granular permissions, so they do not access messaging of a chosen user.

      Or is it supposed to work like this?

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: