Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-7971

course:viewhiddencategories permission needed?

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.9.3
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      The get_categories function in datalib.php tests has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)) when deciding whether or not the user should be able to see each invisible category in the list.

      This means that if you want a user to be able to see hidden categories you have to give them course:create permission. That seems a bit excessive to me, as I want people to be able to navigate to courses inside these hidden categories e.g my teacher's sandbox where they have permissions INSIDE the course, but I don't want them to be able to add courses anywhere.

      May I suggest a new viewhiddencategories permission that would sit beside viewhiddencourses? Or just use viewhiddencourses in this function?

        Gliffy Diagrams

          Activity

          Hide
          jenny-gray Jenny Gray added a comment -

          OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility

          It just needs to be used in the get_categories function, I think?

          Show
          jenny-gray Jenny Gray added a comment - OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility It just needs to be used in the get_categories function, I think?
          Hide
          selliott Scott Elliott added a comment -

          I think this issue is still out there in 1.9.

          Is there some reason why this can't be switched to moodle/category:visibility ?

          As it stands, this function keeps teachers from seeing hidden categories.

          Here's a quick view of places that seem to use this function:

          ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) {
          ./lib/datalib.php: if ($categories = get_categories($categoryid)) {
          ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only
          ./course/index.php: if (Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found.
          ./course/index.php: $categories = get_categories($movecategory->parent);
          ./course/index.php: $categories = get_categories($movecategory->parent);
          ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively
          ./course/lib.php: $categories = get_categories();

          Scott

          Show
          selliott Scott Elliott added a comment - I think this issue is still out there in 1.9. Is there some reason why this can't be switched to moodle/category:visibility ? As it stands, this function keeps teachers from seeing hidden categories. Here's a quick view of places that seem to use this function: ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) { ./lib/datalib.php: if ($categories = get_categories($categoryid)) { ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only ./course/index.php: if ( Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found. ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively ./course/lib.php: $categories = get_categories(); Scott
          Hide
          jenny-gray Jenny Gray added a comment -

          OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!

          Show
          jenny-gray Jenny Gray added a comment - OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!
          Hide
          skodak Petr Skoda added a comment -

          reviewed, thanks

          Show
          skodak Petr Skoda added a comment - reviewed, thanks

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Oct/08