Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67016

When hiddenuserfields contains "mycourses", a user can't see his enrolled courses on his own profile page

XMLWordPrintable

    • MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE
    • MOODLE_36_STABLE, MOODLE_37_STABLE
    • MDL-67016-master-user-profile-see-own-courses
    • Hide
      1. Create 2 courses and enrol 2 students in both of them
      2. As an Admin, go to the configuration section containing "hiddenuserfields" (…/admin/settings.php?section=userpolicies).
      3. In the setting 'Hide user fields' (hiddenuserfield) mark "My Courses" (and others, if you wish) and save.
      4. Log in as a student in course 1
      5. Then view your own profile page.
      6. Verify you see a 'course profiles' heading under the course details section, which shows 2 courses.
      7. Inspect the profile of another student in the course
      8. Verify you can't see the course profiles section mentioned above. There will be a course details section - this is normal
      Show
      Create 2 courses and enrol 2 students in both of them As an Admin, go to the configuration section containing "hiddenuserfields" (…/admin/settings.php?section=userpolicies). In the setting 'Hide user fields' (hiddenuserfield) mark "My Courses" (and others, if you wish) and save. Log in as a student in course 1 Then view your own profile page. Verify you see a 'course profiles' heading under the course details section, which shows 2 courses. Inspect the profile of another student in the course Verify you can't see the course profiles section mentioned above. There will be a course details section - this is normal

      See https://tracker.moodle.org/browse/MDL-21394.

      Our version is Moodle 3.5.8. The problem is still present in master.

      https://github.com/moodle/moodle/blob/9f997f9bd7edc6ea0b4371804f9a78b84f866e51/lib/myprofilelib.php#L230-L233

      Configure "mycourses" as a hidden user field, login as a user without the capability "moodle/user:viewhiddendetails" and you can't see your own courses.

      Solution would just be to check for $iscurrentuser, e.g.:

          if (!isset($hiddenfields['mycourses']) || $iscurrentuser) {
              $showallcourses = optional_param('showallcourses', 0, PARAM_INT);
              if ($mycourses = enrol_get_all_users_courses($user->id, true, null)) {
                  $shown = 0;
      

            poggenpohlda Daniel Poggenpohl
            poggenpohlda Daniel Poggenpohl
            Luca Bösch Luca Bösch
            Jake Dallimore Jake Dallimore
            Gladys Basiana Gladys Basiana
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 50 minutes
                50m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.