Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78502

Grade export does not check for permissions before redirecting

XMLWordPrintable

    • MOODLE_401_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-78502-401
    • Hide
      1. Log in as admin
      2. Create new user
      3. Create course
      4. Enrol user as teacher in course
      5. Navigate to course Permissions
      6. Remove the following capabilities from the Teacher role
        • gradeexport/ods:view
        • gradeimport/csv:view
      7. Log out
      8. Log in as test user
      9. Navigate to course Grades
      10. Select Export from tertiary navigation
      11. Confirm page loads without exceptions
      12. Confirm Export as shows Plain text file as default
      13. Select Import from tertiary navigation
      14. Confirm page loads without exceptions
      15. Confirm Import as shows Paste from spreadsheet as default
      Show
      Log in as admin Create new user Create course Enrol user as teacher in course Navigate to course Permissions Remove the following capabilities from the Teacher role gradeexport/ods:view gradeimport/csv:view Log out Log in as test user Navigate to course Grades Select Export from tertiary navigation Confirm page loads without exceptions Confirm Export as shows Plain text file as default Select Import from tertiary navigation Confirm page loads without exceptions Confirm Import as shows Paste from spreadsheet as default

      Grade export does not check for permissions before redirecting to the first export format (grade/export/index.php line 43) and results in no way for users to export grades if the first export format capability (ods) is set to not allowed (even though other formats are allowed). Users get redirected to a no permissions error with no way to change formats. 

      Steps to reproduce: 

      1. Login as administrator
      2. Navigate to Site administration -> Users -> Permissions -> Capability overview
      3. Select capability: gradeexport/ods:view: Use OpenDocument grade export
        and Roles: Teacher 
        click 'Get the overview' button
      4. Select teacher in the table below
      5. On the Viewing the definition of role 'Teacher' page, press the edit button
      6. Go down to the 'Use OpenDocument grade export gradeexport/ods:view' capability and make sure the allow checkbox is not checked (no permission), then save changes. 
      7. Log out of administrator account and login as a teacher
      8. Navigate to a course then go to grades
      9. In the dropdown at the top of the gradebook select 'Export'
      10. See the permission error message and no way to export in another format. Screenshot below.

      Expected behaviour:

      If the user does not have the capability to use the first export format, they should still be able to navigate to export in other formats that they do have permissions to use using the export option. Ideally it should just navigate to the next export format that the user does have permissions to view, like in the screenshot below.

            pholden Paul Holden
            radzisze Anthony Radziszewski
            Andrew Lyons Andrew Lyons
            Mathew May Mathew May
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            5 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 9 minutes
                1h 9m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.