-
Bug
-
Resolution: Fixed
-
Minor
-
4.0
-
MOODLE_400_STABLE
-
MOODLE_400_STABLE
-
This scenario occurs when the unrelated capability `moodle/my:manageblocks` has been removed from authenticated users. When navigating to their profile, a user will see the "Edit mode" toggle, because they still have the permission to `moodle/user:manageownblocks`, but the button never toggles on.
The webservice (and editmode.php file) should refer to the `moodle/user:manageownblocks` when toggling from the profile page.
It also appears that the capability `moodle/user:manageblocks` would be ineffective to toggle editing on/off on someone else's profile.
Replication steps
- Prohibit the permission moodle/my:manageblocks to the authenticated user role
- Login as a non-admin
- Navigate to your profile
- Toggle edit mode
Expected
- Edit mode is toggled on or off
Actual
- The toggle does nothing
NOTE: A similar situation also happens in other places where other editing capabilities are used to justify user_allowed_editing and are not taken into account in the API or editmode.php page.