Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66209

Competency framework import tool page loads for users who cannot submit it

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.5.7, 3.6.5, 3.7.1
    • Fix Version/s: None
    • Component/s: Competencies
    • Labels:
    • Affected Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE

      Description

      The competency framework import tool ({wwwroot}/admin/tool/lpimportcsv/index.php) page is available to all logged in users, despite requiring the moodle/competency:competencymanage competency to perform the import.

      The result is that users can choose a file to upload, map the columns, and attempt to submit, all before being rejected if they do not have the relevant capability.

      To avoid confusion and wasted time by users, it would be better to check the capability before attempting to load the page, and redirect if the user does not have permission to upload the framework.

      Note: This is not considered a security issue, since no privilege escalation is taking place (any attempt to upload without the required capability is rejected).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              michaelh Michael Hawkins
              Participants:
              Component watchers:
              Damyon Wiese, Jean-Philippe Gaudreau, Steve Massicotte, Serge Gauthier, Issam Taboubi, Adrian Greeve, Mihail Geshoski, Peter Dias
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: