-
Bug
-
Resolution: Fixed
-
Minor
-
3.7.3, 3.8, 3.9
-
MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
-
MOODLE_37_STABLE, MOODLE_38_STABLE
-
MDL-67300-master -
1. When creating a new calendar event in a specific course, which calls calendar_get_allowed_event_types with a passed-on course id, you need one of the following capabilities:
moodle/calendar:manageentries (to create a course event)
or
moodle/calendar:managegroupentries, and a group membership or accessallgroups (to create a group event).
The manageentries capability also gives you the same permissions as managegroupentries, i.e. if you can manage course entries, you can also manage group entries (for groups you belong to, or if you have accessallgroups).
Overall, this behaviour seems fairly logical, so I'm assuming it is correct/intended.
2. When editing a calendar event, calendar_get_allowed_event_types without passing in a courseid, you need
moodle/calendar:manageentries on any course (for a course event)
If you additionally have moodle/calendar:managegroupentries on that course, and a group membership or accessallgroups then you can also do group events.
Notice that this is different: editing (with course id not passed) requires both manageentries AND managegroupentries in order to edit a group event, whereas creating (with course id passed) requires either manageentries OR managegroupentries.
This strikes me as wrong. It also means you cannot correctly configure it so that some people can create tutor group events but not course ones (which is what we would like it do do). If you try to make that configuration, then it does indeed work so that these users can create tutor group events, but they then may be unable to edit the event they just created, which is obviously wrong.
See test script for an example of how to reproduce this.