Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78502

Grade export does not check for permissions before redirecting

    XMLWordPrintable

Details

    • MOODLE_401_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-78502-401
    • MDL-78502-402
    • Hide
      1. Log in as admin
      2. Create new user
      3. Create course
      4. Enrol user as teacher in course
      5. Navigate to course Permissions
      6. Remove the following capabilities from the Teacher role
        • gradeexport/ods:view
        • gradeimport/csv:view
      7. Log out
      8. Log in as test user
      9. Navigate to course Grades
      10. Select Export from tertiary navigation
      11. Confirm page loads without exceptions
      12. Confirm Export as shows Plain text file as default
      13. Select Import from tertiary navigation
      14. Confirm page loads without exceptions
      15. Confirm Import as shows Paste from spreadsheet as default
      Show
      Log in as admin Create new user Create course Enrol user as teacher in course Navigate to course Permissions Remove the following capabilities from the Teacher role gradeexport/ods:view gradeimport/csv:view Log out Log in as test user Navigate to course Grades Select Export from tertiary navigation Confirm page loads without exceptions Confirm Export as shows Plain text file as default Select Import from tertiary navigation Confirm page loads without exceptions Confirm Import as shows Paste from spreadsheet as default

    Description

      Grade export does not check for permissions before redirecting to the first export format (grade/export/index.php line 43) and results in no way for users to export grades if the first export format capability (ods) is set to not allowed (even though other formats are allowed). Users get redirected to a no permissions error with no way to change formats. 

      Steps to reproduce: 

      1. Login as administrator
      2. Navigate to Site administration -> Users -> Permissions -> Capability overview
      3. Select capability: gradeexport/ods:view: Use OpenDocument grade export
        and Roles: Teacher 
        click 'Get the overview' button
      4. Select teacher in the table below
      5. On the Viewing the definition of role 'Teacher' page, press the edit button
      6. Go down to the 'Use OpenDocument grade export gradeexport/ods:view' capability and make sure the allow checkbox is not checked (no permission), then save changes. 
      7. Log out of administrator account and login as a teacher
      8. Navigate to a course then go to grades
      9. In the dropdown at the top of the gradebook select 'Export'
      10. See the permission error message and no way to export in another format. Screenshot below.

      Expected behaviour:

      If the user does not have the capability to use the first export format, they should still be able to navigate to export in other formats that they do have permissions to use using the export option. Ideally it should just navigate to the next export format that the user does have permissions to view, like in the screenshot below.

      Attachments

        Issue Links

          Activity

            People

              pholden Paul Holden
              radzisze Anthony Radziszewski
              Andrew Lyons Andrew Lyons
              Mathew May Mathew May
              Kim Jared Lucas Kim Jared Lucas
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 9 minutes
                  1h 9m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.