Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73672

Navigation: clicking on 'Reports' in the course setting navigation takes you to the logs report, even if you don't have permission

    XMLWordPrintable

Details

    • MOODLE_311_STABLE
    • MOODLE_311_STABLE
    • MDL-73672-311
    • Hide
      1. Log in as Admin and navigate to `Site administration > Users > Define roles`
        2. Do editing teacher role (editingteacher)
        3. Search on Capability Field with keyword `report/log:view`
        4. Uncheck `report/log:view` checkbox and `Save Change`
        5. Log out, log in as a Teacher and go to any course.
        6. Go to `Setting > More...` and click on the Reports link.
        Expected: Navigate to the closest valid report page: Competency breakdown
      2. 1. Login as Admin and navigate to `Site administration > Users > Permissions > Define roles`
        2. Editing Role Teacher (editingteacher) and prohibit all permission to view report (eg: report/log:view, report/loglive:view, report/outline:view, report/participation:view, moodle/competency:coursecompetencyview)
        3. Log in as a Teacher and go to that course.
        4. Navigate to the course report
        Expected: Cause the teacher is prohibited from viewing any course report so a warning message will be shown `No reports accessible`
      3. 1. The Teacher has permission to view the report log (report/log:view) log into the system.
        2. Navigate to the course report log (`...More > logs`)
        3. Click on the Report links in the breadcrumb to verify that we will be redirected to the course report log page.
        4. Open the incognito tab (keep the previous tab) and log in as Admin into the system. After that, prohibit permission to view the report log (report/log:view) for the Teacher role.
        5. At the tab that has the Teacher login, click on the Report links in the breadcrumb.
        Expected: we will be navigated to the first valid report - Competency breakdown instead of showing an error message "Sorry, but you do not currently have permissions to do that..."
      Show
      Log in as Admin and navigate to `Site administration > Users > Define roles` 2. Do editing teacher role (editingteacher) 3. Search on Capability Field with keyword `report/log:view` 4. Uncheck `report/log:view` checkbox and `Save Change` 5. Log out, log in as a Teacher and go to any course. 6. Go to `Setting > More...` and click on the Reports link. Expected: Navigate to the closest valid report page: Competency breakdown 1. Login as Admin and navigate to `Site administration > Users > Permissions > Define roles` 2. Editing Role Teacher (editingteacher) and prohibit all permission to view report (eg: report/log:view, report/loglive:view, report/outline:view, report/participation:view, moodle/competency:coursecompetencyview) 3. Log in as a Teacher and go to that course. 4. Navigate to the course report Expected: Cause the teacher is prohibited from viewing any course report so a warning message will be shown `No reports accessible` 1. The Teacher has permission to view the report log (report/log:view) log into the system. 2. Navigate to the course report log (`...More > logs`) 3. Click on the Report links in the breadcrumb to verify that we will be redirected to the course report log page. 4. Open the incognito tab (keep the previous tab) and log in as Admin into the system. After that, prohibit permission to view the report log (report/log:view) for the Teacher role. 5. At the tab that has the Teacher login, click on the Report links in the breadcrumb. Expected: we will be navigated to the first valid report - Competency breakdown instead of showing an error message "Sorry, but you do not currently have permissions to do that..."
    • 2

    Description

      Steps to reproduce:

      1. Create or select a test course, which is using Classic theme.
      2. Override the teacher role, so that it has 'moodle/site:viewreports', but not 'report/log:view'.
      3. Log in as that teacher, and go to that course.
      4. In the course settings block, click the word 'Reports'.

      Actual result: 'Reports' is a link which takes you to .../report/view.php?courseid=123, and that then un-conditionally redirects you to /report/log/index.php?id=... which does require_capability('report/log:view', $context); so you get a fatal error.

      report/view.php probably needs some slighly more clever redirect logic.

       Noting that 4.0 most likely won't suffer from this bug because there's now a listing-style page for all course reports. I.e. there's no longer a report immediately loaded when clicking "Reports".

      Attachments

        1. Step  1_6_Screenshot.PNG
          Step 1_6_Screenshot.PNG
          61 kB
        2. Step  2_4_Screenshot.PNG
          Step 2_4_Screenshot.PNG
          31 kB
        3. Step  3_3_Screenshot.PNG
          Step 3_3_Screenshot.PNG
          43 kB
        4. Step  3_5_Screenshot.PNG
          Step 3_5_Screenshot.PNG
          58 kB

        Issue Links

          Activity

            People

              khoand Khoa Nguyen Dang
              timhunt Tim Hunt
              Tim Hunt Tim Hunt
              Ilya Tregubov Ilya Tregubov
              Gladys Basiana Gladys Basiana
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              2 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/May/22

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 36 minutes
                  2h 36m