Moodle
  1. Moodle
  2. MDL-7971

course:viewhiddencategories permission needed?

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.9.3
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      The get_categories function in datalib.php tests has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)) when deciding whether or not the user should be able to see each invisible category in the list.

      This means that if you want a user to be able to see hidden categories you have to give them course:create permission. That seems a bit excessive to me, as I want people to be able to navigate to courses inside these hidden categories e.g my teacher's sandbox where they have permissions INSIDE the course, but I don't want them to be able to add courses anywhere.

      May I suggest a new viewhiddencategories permission that would sit beside viewhiddencourses? Or just use viewhiddencourses in this function?

        Gliffy Diagrams

          Activity

          Hide
          Jenny Gray added a comment -

          OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility

          It just needs to be used in the get_categories function, I think?

          Show
          Jenny Gray added a comment - OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility It just needs to be used in the get_categories function, I think?
          Hide
          Scott Elliott added a comment -

          I think this issue is still out there in 1.9.

          Is there some reason why this can't be switched to moodle/category:visibility ?

          As it stands, this function keeps teachers from seeing hidden categories.

          Here's a quick view of places that seem to use this function:

          ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) {
          ./lib/datalib.php: if ($categories = get_categories($categoryid)) {
          ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only
          ./course/index.php: if (Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found.
          ./course/index.php: $categories = get_categories($movecategory->parent);
          ./course/index.php: $categories = get_categories($movecategory->parent);
          ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively
          ./course/lib.php: $categories = get_categories();

          Scott

          Show
          Scott Elliott added a comment - I think this issue is still out there in 1.9. Is there some reason why this can't be switched to moodle/category:visibility ? As it stands, this function keeps teachers from seeing hidden categories. Here's a quick view of places that seem to use this function: ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) { ./lib/datalib.php: if ($categories = get_categories($categoryid)) { ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only ./course/index.php: if ( Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found. ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively ./course/lib.php: $categories = get_categories(); Scott
          Hide
          Jenny Gray added a comment -

          OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!

          Show
          Jenny Gray added a comment - OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!
          Hide
          Petr Skoda added a comment -

          reviewed, thanks

          Show
          Petr Skoda added a comment - reviewed, thanks

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: