Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-7971

course:viewhiddencategories permission needed?

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.9.3
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      The get_categories function in datalib.php tests has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)) when deciding whether or not the user should be able to see each invisible category in the list.

      This means that if you want a user to be able to see hidden categories you have to give them course:create permission. That seems a bit excessive to me, as I want people to be able to navigate to courses inside these hidden categories e.g my teacher's sandbox where they have permissions INSIDE the course, but I don't want them to be able to add courses anywhere.

      May I suggest a new viewhiddencategories permission that would sit beside viewhiddencourses? Or just use viewhiddencourses in this function?

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            jenny-gray Jenny Gray added a comment -

            OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility

            It just needs to be used in the get_categories function, I think?

            Show
            jenny-gray Jenny Gray added a comment - OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility It just needs to be used in the get_categories function, I think?
            Hide
            selliott Scott Elliott added a comment -

            I think this issue is still out there in 1.9.

            Is there some reason why this can't be switched to moodle/category:visibility ?

            As it stands, this function keeps teachers from seeing hidden categories.

            Here's a quick view of places that seem to use this function:

            ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) {
            ./lib/datalib.php: if ($categories = get_categories($categoryid)) {
            ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only
            ./course/index.php: if (Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found.
            ./course/index.php: $categories = get_categories($movecategory->parent);
            ./course/index.php: $categories = get_categories($movecategory->parent);
            ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively
            ./course/lib.php: $categories = get_categories();

            Scott

            Show
            selliott Scott Elliott added a comment - I think this issue is still out there in 1.9. Is there some reason why this can't be switched to moodle/category:visibility ? As it stands, this function keeps teachers from seeing hidden categories. Here's a quick view of places that seem to use this function: ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) { ./lib/datalib.php: if ($categories = get_categories($categoryid)) { ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only ./course/index.php: if ( Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found. ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively ./course/lib.php: $categories = get_categories(); Scott
            Hide
            jenny-gray Jenny Gray added a comment -

            OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!

            Show
            jenny-gray Jenny Gray added a comment - OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!
            Hide
            skodak Petr Skoda added a comment -

            reviewed, thanks

            Show
            skodak Petr Skoda added a comment - reviewed, thanks

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  15/Oct/08