Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69672

Check the context used by the content bank is allowed

XMLWordPrintable

    • MOODLE_310_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
    • MOODLE_39_STABLE
    • MDL-69672-master
    • Hide
      1. As an admin go to your profile page.
      2. Inspect the page and check the classes in <body> tag. There is a class called 'context-XX'. Save the number on that class; it's the id of your user level context.
      3. Go to site content bank.
      4. Confirm there is no error message.
      5. Change the contextid parameter value in the URL and use the XX id saved in step 2.
      6. Confirm there is a 'Context is not allowed' error message.
      7. Go back to the site content bank.
      8. Click on the Upload option.
      9. Confirm there is no error message.
      10. Change the contextid parameter value in the URL and use the XX id saved in step 2.
      11. Confirm there is a 'Context is not allowed' error message.
      12. Go back to the site content bank.
      13. Click on the Add button and choose any of the options available in the dropdown.
      14. Confirm there is no error message.
      15. Change the contextid parameter value in the URL and use the XX id saved in step 2.
      16. Confirm there is a 'Context is not allowed' error message.
      Show
      As an admin go to your profile page. Inspect the page and check the classes in <body> tag. There is a class called 'context-XX'. Save the number on that class; it's the id of your user level context. Go to site content bank. Confirm there is no error message. Change the contextid parameter value in the URL and use the XX id saved in step 2. Confirm there is a 'Context is not allowed' error message. Go back to the site content bank. Click on the Upload option. Confirm there is no error message. Change the contextid parameter value in the URL and use the XX id saved in step 2. Confirm there is a 'Context is not allowed' error message. Go back to the site content bank. Click on the Add button and choose any of the options available in the dropdown. Confirm there is no error message. Change the contextid parameter value in the URL and use the XX id saved in step 2. Confirm there is a 'Context is not allowed' error message.
    • Moppies Kanban

      Content bank is allowed for different context levels: system, course category and course. 

      Although there is no way to access/manage content banks for user, activity or block level via UI, there's no checking to confirm the context level is allowed. 

      So an admin or a user with appropriate capabilities in a user, activity or block context would be able to use the content bank in that context. We should not allow that. 

        1. MDL-69672.jpg
          MDL-69672.jpg
          53 kB

            amaia Amaia Anabitarte
            amaia Amaia Anabitarte
            Carlos Escobedo Carlos Escobedo
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Anna Carissa Sadia Anna Carissa Sadia
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours
                7h

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.