Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-65235

Login as feature should not expose user private messages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Reopened
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.5.3
    • Fix Version/s: None
    • Component/s: Messages, User management
    • Labels:
      None
    • Affected Branches:
      MOODLE_35_STABLE

      Description

      There're some privacy issues for 'loginas' capability. It reveals the user's private information like conversations. Since our teachers use 'login as' to debug their courses, it's essential to set up some more granular permissions, so they do not access messaging of a chosen user.

      Or is it supposed to work like this?

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            pavel.m.sokolov Pavel Sokolov
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: