Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69672

Check the context used by the content bank is allowed

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As an admin go to your profile page.
      2. Inspect the page and check the classes in <body> tag. There is a class called 'context-XX'. Save the number on that class; it's the id of your user level context.
      3. Go to site content bank.
      4. Confirm there is no error message.
      5. Change the contextid parameter value in the URL and use the XX id saved in step 2.
      6. Confirm there is a 'Context is not allowed' error message.
      7. Go back to the site content bank.
      8. Click on the Upload option.
      9. Confirm there is no error message.
      10. Change the contextid parameter value in the URL and use the XX id saved in step 2.
      11. Confirm there is a 'Context is not allowed' error message.
      12. Go back to the site content bank.
      13. Click on the Add button and choose any of the options available in the dropdown.
      14. Confirm there is no error message.
      15. Change the contextid parameter value in the URL and use the XX id saved in step 2.
      16. Confirm there is a 'Context is not allowed' error message.
      Show
      As an admin go to your profile page. Inspect the page and check the classes in <body> tag. There is a class called 'context-XX'. Save the number on that class; it's the id of your user level context. Go to site content bank. Confirm there is no error message. Change the contextid parameter value in the URL and use the XX id saved in step 2. Confirm there is a 'Context is not allowed' error message. Go back to the site content bank. Click on the Upload option. Confirm there is no error message. Change the contextid parameter value in the URL and use the XX id saved in step 2. Confirm there is a 'Context is not allowed' error message. Go back to the site content bank. Click on the Add button and choose any of the options available in the dropdown. Confirm there is no error message. Change the contextid parameter value in the URL and use the XX id saved in step 2. Confirm there is a 'Context is not allowed' error message.
    • Affected Branches:
      MOODLE_310_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
    • Fixed Branches:
      MOODLE_39_STABLE
    • Pull from Repository:
    • Pull 3.9 Branch:
    • Pull 3.10 Branch:
      MDL-69672-310
    • Pull Master Branch:
      MDL-69672-master
    • Sprint:
      Moppies Kanban

      Description

      Content bank is allowed for different context levels: system, course category and course. 

      Although there is no way to access/manage content banks for user, activity or block level via UI, there's no checking to confirm the context level is allowed. 

      So an admin or a user with appropriate capabilities in a user, activity or block context would be able to use the content bank in that context. We should not allow that. 

        Attachments

          Activity

            People

            Assignee:
            amaia Amaia Anabitarte
            Reporter:
            amaia Amaia Anabitarte
            Peer reviewer:
            Carlos Escobedo
            Integrator:
            Eloy Lafuente (stronk7)
            Tester:
            Anna Carissa Sadia
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              9/Nov/20

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours
                7h