Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74317

Edit mode cannot be turned on/off when using other capabilities

    XMLWordPrintable

Details

    • MOODLE_400_STABLE
    • MOODLE_400_STABLE
    • MDL-74317-400
    • Hide
      1. Log in as admin
      2. Create two users: "User1" and "User2"
      3. Log out
      4. Log in as User1
      5. Go to User1's Dashboard
      6. Toggle edit mode
      7. Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page
      8. Toggle edit mode and confirm Edit mode is OFF
      9. Go to User1's profile page
      10. Toggle edit mode
      11. Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page (in the block drawer)
      12. Toggle edit mode and confirm Edit mode is OFF
      13. Go to User2's profile page
      14. Confirm that the Edit switch is not shown
      15. Log out
      16. Log in as admin
      17. Go to Site administration > Users > Define roles and Prohibit the permission "moodle/my:manageblocks" to the authenticated user role
      18. Log out
      19. Log in as User1
      20. Go to User1's Dashboard
      21. Confirm that the edit switch button is not shown on the page
      22. Go to User1's profile page
      23. Toggle edit mode
      24. Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page (in the block drawer)
      25. Toggle edit mode and confirm Edit mode is OFF
      26. Navigate to <WWWROOT>/user/profile.php?id=2
      27. Confirm that the Edit switch is not shown
      28. Log in as admin
      29. Create 2 courses: "Course1" and "Course2"
      30. Enrol User1 to be a teacher in Course1
      31. Enrol User2 to be a student in Course1
      32. Enrol User1 to be a student in Course2
      33. Go to Site administration > Users > Define roles and Prohibit the permission "moodle/site:manageblocks" to the Teacher's role
      34. Log out
      35. Log in as User1
      36. Go to "My courses"
      37. Go to Course1
      38. Toggle edit mode
      39. Confirm that Edit mode is ON and we are shown the option to "Add an activity or resource" to the page
      40. Toggle edit mode and confirm Edit mode is OFF
      41. Click on the "Grades" tab
      42. Toggle edit mode
      43. Confirm that Edit mode is ON (don't turn off edit mode)
      44. Go to "My courses"
      45. Go to Course2
      46. Confirm that the Edit mode switch is not shown at all and that we are not able to add or edit activities in this course
      47. Log out
      48. Log in as admin
      49. Go to Site administration > Users > Define roles and Allow the permissions moodle/tag:manage and "moodle/tag:editblocks" to the authenticated user role
      50. Log out
      51. Log in as User1
      52. Navigate to <WWWROOT>/tag/manage.php
      53. Toggle edit mode
      54. Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page (in the block drawer)
      Show
      Log in as admin Create two users: "User1" and "User2" Log out Log in as User1 Go to User1's Dashboard Toggle edit mode Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page Toggle edit mode and confirm Edit mode is OFF Go to User1's profile page Toggle edit mode Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page (in the block drawer) Toggle edit mode and confirm Edit mode is OFF Go to User2's profile page Confirm that the Edit switch is not shown Log out Log in as admin Go to Site administration > Users > Define roles and Prohibit the permission " moodle/my:manageblocks " to the authenticated user role Log out Log in as User1 Go to User1's Dashboard Confirm that the edit switch button is not shown on the page Go to User1's profile page Toggle edit mode Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page (in the block drawer) Toggle edit mode and confirm Edit mode is OFF Navigate to <WWWROOT>/user/profile.php?id=2 Confirm that the Edit switch is not shown Log in as admin Create 2 courses: "Course1" and "Course2" Enrol User1 to be a teacher in Course1 Enrol User2 to be a student in Course1 Enrol User1 to be a student in Course2 Go to Site administration > Users > Define roles and Prohibit the permission " moodle/site:manageblocks " to the Teacher's role Log out Log in as User1 Go to "My courses" Go to Course1 Toggle edit mode Confirm that Edit mode is ON and we are shown the option to "Add an activity or resource" to the page Toggle edit mode and confirm Edit mode is OFF Click on the "Grades" tab Toggle edit mode Confirm that Edit mode is ON (don't turn off edit mode) Go to "My courses" Go to Course2 Confirm that the Edit mode switch is not shown at all and that we are not able to add or edit activities in this course Log out Log in as admin Go to Site administration > Users > Define roles and Allow the permissions moodle/tag:manage and "moodle/tag:editblocks" to the authenticated user role Log out Log in as User1 Navigate to <WWWROOT>/tag/manage.php Toggle edit mode Confirm that Edit mode is ON and we are shown the option to "Add a block" to the page (in the block drawer)

    Description

      This scenario occurs when the unrelated capability `moodle/my:manageblocks` has been removed from authenticated users. When navigating to their profile, a user will see the "Edit mode" toggle, because they still have the permission to `moodle/user:manageownblocks`, but the button never toggles on.

      The webservice (and editmode.php file) should refer to the `moodle/user:manageownblocks` when toggling from the profile page.

      It also appears that the capability `moodle/user:manageblocks` would be ineffective to toggle editing on/off on someone else's profile.

      Replication steps

      • Prohibit the permission moodle/my:manageblocks to the authenticated user role
      • Login as a non-admin
      • Navigate to your profile
      • Toggle edit mode

      Expected

      • Edit mode is toggled on or off

      Actual

      • The toggle does nothing

      NOTE: A similar situation also happens in other places where other editing capabilities are used to justify user_allowed_editing and are not taken into account in the API or editmode.php page.

      Attachments

        Issue Links

          Activity

            People

              davidmatamoros David Matamoros
              fred Frédéric Massart
              Paul Holden Paul Holden
              Jun Pataleta Jun Pataleta
              Gladys Basiana Gladys Basiana
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/May/22

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 2 hours, 15 minutes
                  2d 2h 15m