Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68487

Update default guest capabilities to prohibit block/online_users:viewlist by default

    XMLWordPrintable

    Details

    • Affected Branches:
      MOODLE_310_STABLE, MOODLE_38_STABLE

      Description

      Update:

      Currently, guest users have the block/online_users:viewlist capability in the system context by default, which means they can see the list of online users, which may cause some privacy concerns.

      It seems like a better approach would be to update the default for new sites, so that capability is prohibited on guest users by default. Site admins can enable it if they see fit, but it means the information isn't automatically shared.

      Original description:

      A guest is able to see the list of online users. There is no way to avoid it.

      Even if you remove the block from the frontpage, the guest can manually browse to /my/ and there the block can not be removed.

      If you can't apply the patch I will supply then you may need to disable to block for the entire site.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            meirm Meir Michanie
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: