Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73672

Navigation: clicking on 'Reports' in the course setting navigation takes you to the logs report, even if you don't have permission

XMLWordPrintable

    • MOODLE_311_STABLE
    • MOODLE_311_STABLE
    • Hide
      1. Log in as Admin and navigate to `Site administration > Users > Define roles`
        2. Do editing teacher role (editingteacher)
        3. Search on Capability Field with keyword `report/log:view`
        4. Uncheck `report/log:view` checkbox and `Save Change`
        5. Log out, log in as a Teacher and go to any course.
        6. Go to `Setting > More...` and click on the Reports link.
        Expected: Navigate to the closest valid report page: Competency breakdown
      2. 1. Login as Admin and navigate to `Site administration > Users > Permissions > Define roles`
        2. Editing Role Teacher (editingteacher) and prohibit all permission to view report (eg: report/log:view, report/loglive:view, report/outline:view, report/participation:view, moodle/competency:coursecompetencyview)
        3. Log in as a Teacher and go to that course.
        4. Navigate to the course report
        Expected: Cause the teacher is prohibited from viewing any course report so a warning message will be shown `No reports accessible`
      3. 1. The Teacher has permission to view the report log (report/log:view) log into the system.
        2. Navigate to the course report log (`...More > logs`)
        3. Click on the Report links in the breadcrumb to verify that we will be redirected to the course report log page.
        4. Open the incognito tab (keep the previous tab) and log in as Admin into the system. After that, prohibit permission to view the report log (report/log:view) for the Teacher role.
        5. At the tab that has the Teacher login, click on the Report links in the breadcrumb.
        Expected: we will be navigated to the first valid report - Competency breakdown instead of showing an error message "Sorry, but you do not currently have permissions to do that..."
      Show
      Log in as Admin and navigate to `Site administration > Users > Define roles` 2. Do editing teacher role (editingteacher) 3. Search on Capability Field with keyword `report/log:view` 4. Uncheck `report/log:view` checkbox and `Save Change` 5. Log out, log in as a Teacher and go to any course. 6. Go to `Setting > More...` and click on the Reports link. Expected: Navigate to the closest valid report page: Competency breakdown 1. Login as Admin and navigate to `Site administration > Users > Permissions > Define roles` 2. Editing Role Teacher (editingteacher) and prohibit all permission to view report (eg: report/log:view, report/loglive:view, report/outline:view, report/participation:view, moodle/competency:coursecompetencyview) 3. Log in as a Teacher and go to that course. 4. Navigate to the course report Expected: Cause the teacher is prohibited from viewing any course report so a warning message will be shown `No reports accessible` 1. The Teacher has permission to view the report log (report/log:view) log into the system. 2. Navigate to the course report log (`...More > logs`) 3. Click on the Report links in the breadcrumb to verify that we will be redirected to the course report log page. 4. Open the incognito tab (keep the previous tab) and log in as Admin into the system. After that, prohibit permission to view the report log (report/log:view) for the Teacher role. 5. At the tab that has the Teacher login, click on the Report links in the breadcrumb. Expected: we will be navigated to the first valid report - Competency breakdown instead of showing an error message "Sorry, but you do not currently have permissions to do that..."
    • 2

      Steps to reproduce:

      1. Create or select a test course, which is using Classic theme.
      2. Override the teacher role, so that it has 'moodle/site:viewreports', but not 'report/log:view'.
      3. Log in as that teacher, and go to that course.
      4. In the course settings block, click the word 'Reports'.

      Actual result: 'Reports' is a link which takes you to .../report/view.php?courseid=123, and that then un-conditionally redirects you to /report/log/index.php?id=... which does require_capability('report/log:view', $context); so you get a fatal error.

      report/view.php probably needs some slighly more clever redirect logic.

       Noting that 4.0 most likely won't suffer from this bug because there's now a listing-style page for all course reports. I.e. there's no longer a report immediately loaded when clicking "Reports".

        1. Step  1_6_Screenshot.PNG
          Step 1_6_Screenshot.PNG
          61 kB
        2. Step  2_4_Screenshot.PNG
          Step 2_4_Screenshot.PNG
          31 kB
        3. Step  3_3_Screenshot.PNG
          Step 3_3_Screenshot.PNG
          43 kB
        4. Step  3_5_Screenshot.PNG
          Step 3_5_Screenshot.PNG
          58 kB

            khoand Khoa Nguyen Dang
            timhunt Tim Hunt
            Tim Hunt Tim Hunt
            Ilya Tregubov Ilya Tregubov
            Gladys Basiana Gladys Basiana
            Votes:
            2 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 36 minutes
                2h 36m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.