Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67300

Calendar: Inconsistent behaviour of managegroupentries capability

XMLWordPrintable

    • MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • MOODLE_37_STABLE, MOODLE_38_STABLE
    • MDL-67300-master
    • Hide
      1. In the role settings (site administration / Users / Permissions / Define roles):
        • Change the 'non-editing teacher' role to remove the moodle/calendar:manageentries capability, so that out of the calendar: capabilities, it only has moodle/calendar:managegroupentries.
        • Change the 'authenticated user' role to remove the moodle/calendar:manageownentries capability. (This represents a site configuration where the personal Moodle calendar is not used.)
      2. Give a test account the non-editing teacher role in a course.
      3. Create a group in that course and assign the test account to it.
      4. Log in as the test user and go to the calendar page (/calendar/).
      5. Select the test course from the 'Course' dropdown. You might need to press Return after this.
      6. Click 'New event' button to add a new calendar event, using arbitrary name and future date.
        • EXPECTED (no change): This should work OK. It should be pre-set as a group event (assuming the user doesn't have other capabilities elsewhere).
      7. Now try to edit the calendar event that you just created, for example changing the name.
        • EXPECTED: It should let you edit the event.
        • BEFORE FIX: This used to give a 'nopermissiontoupdatecalendar' error popup.
      Show
      In the role settings (site administration / Users / Permissions / Define roles): Change the 'non-editing teacher' role to remove the moodle/calendar:manageentries capability, so that out of the calendar: capabilities, it only has moodle/calendar:managegroupentries . Change the 'authenticated user' role to remove the moodle/calendar:manageownentries capability. (This represents a site configuration where the personal Moodle calendar is not used.) Give a test account the non-editing teacher role in a course. Create a group in that course and assign the test account to it. Log in as the test user and go to the calendar page (/calendar/). Select the test course from the 'Course' dropdown. You might need to press Return after this. Click 'New event' button to add a new calendar event, using arbitrary name and future date. EXPECTED (no change): This should work OK. It should be pre-set as a group event (assuming the user doesn't have other capabilities elsewhere). Now try to edit the calendar event that you just created, for example changing the name. EXPECTED: It should let you edit the event. BEFORE FIX: This used to give a 'nopermissiontoupdatecalendar' error popup.

      1. When creating a new calendar event in a specific course, which calls calendar_get_allowed_event_types with a passed-on course id, you need one of the following capabilities:

      moodle/calendar:manageentries (to create a course event)
      or
      moodle/calendar:managegroupentries, and a group membership or accessallgroups (to create a group event).

      The manageentries capability also gives you the same permissions as managegroupentries, i.e. if you can manage course entries, you can also manage group entries (for groups you belong to, or if you have accessallgroups).

      Overall, this behaviour seems fairly logical, so I'm assuming it is correct/intended.

      2. When editing a calendar event, calendar_get_allowed_event_types without passing in a courseid, you need

      moodle/calendar:manageentries on any course (for a course event)
      If you additionally have moodle/calendar:managegroupentries on that course, and a group membership or accessallgroups then you can also do group events.

      Notice that this is different: editing (with course id not passed) requires both manageentries AND managegroupentries in order to edit a group event, whereas creating (with course id passed) requires either manageentries OR managegroupentries.

      This strikes me as wrong. It also means you cannot correctly configure it so that some people can create tutor group events but not course ones (which is what we would like it do do). If you try to make that configuration, then it does indeed work so that these users can create tutor group events, but they then may be unable to edit the event they just created, which is obviously wrong.

      See test script for an example of how to reproduce this.

            quen Sam Marshall
            quen Sam Marshall
            Simey Lameze Simey Lameze
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Gladys Basiana Gladys Basiana
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours, 21 minutes
                7h 21m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.