Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74344

Comment Report's capabilities are misaligned

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.11.8, 4.0.2
    • 3.10.10
    • Comments
    • MOODLE_310_STABLE
    • MOODLE_311_STABLE, MOODLE_400_STABLE
    • Hide
      1. Log in as admin
      2. Create a test user
      3. Navigate to Users > Permissions > Define roles in site administration
      4. Create a new role:
        • Context types where this role may be assigned: System
        • moodle/site:configview: Allow
        • moodle/comment:delete: Allow
      5. Navigate to Users > Permissions > Assign system roles in site administration
      6. Assign test user to your new role
      7. Create a comment:
        1. Navigate to your profile
        2. Press Miscellaneous > Blog entries
        3. Add a new entry
        4. Press Comments (0) and enter a comment on the blog entry
      8. Log out
      9. Log in as test user
      10. Navigate to Reports > Comments in site administration
      11. Confirm page loads
      12. Delete the comment
      13. Confirm comments are deleted
      14. Log out
      15. Log in as admin
      16. Navigate to Users > Permissions > Define roles in site administration
      17. Edit the new role and set "moodle/comment:delete" to "Not allowed" (so uncheck the Allow checkbox).
      18. Log out
      19. Log in as test user
      20. Navigate to Reports in site administration
      21. Confirm the "Comments" option doesn't appear
      22. Access to /comment/index.php
      23. Confirm the "Access denied" error is displayed.
      Show
      Log in as admin Create a test user Navigate to Users > Permissions > Define roles in site administration Create a new role: Context types where this role may be assigned: System moodle/site:configview: Allow moodle/comment:delete: Allow Navigate to Users > Permissions > Assign system roles in site administration Assign test user to your new role Create a comment: Navigate to your profile Press Miscellaneous > Blog entries Add a new entry Press Comments (0) and enter a comment on the blog entry Log out Log in as test user Navigate to Reports > Comments in site administration Confirm page loads Delete the comment Confirm comments are deleted Log out Log in as admin Navigate to Users > Permissions > Define roles in site administration Edit the new role and set "moodle/comment:delete" to "Not allowed" (so uncheck the Allow checkbox). Log out Log in as test user Navigate to Reports  in site administration Confirm the "Comments" option doesn't appear Access to /comment/index.php Confirm the "Access denied" error is displayed.

      To view the Comment report, you need 'moodle/comment:delete', but to have the report show in the nav tree, you need 'moodle/site:viewreports'.  that means someone with generic access to reports will see a link for the report, but when they visit the page will see an error message for not having the proper permission.

       

      This is obviously a super minor bug, but it also has a super minor fix; just update the ./admin/settings/plugins.php setting (around line ~480) to use 'moodle/comment:delete' instead of 'moodle/site:viewreports'.

        1. Step No.11_Screenshot.PNG
          Step No.11_Screenshot.PNG
          34 kB
        2. Step No.13_Screenshot.PNG
          Step No.13_Screenshot.PNG
          26 kB
        3. Step No.21_Screenshot.PNG
          Step No.21_Screenshot.PNG
          24 kB
        4. Step No.23_Screenshot.PNG
          Step No.23_Screenshot.PNG
          48 kB

            pholden Paul Holden
            cobaltblue David Wipperfurth
            Laurent David Laurent David
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            Gladys Basiana Gladys Basiana
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 5 minutes
                2h 5m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.