Moodle
  1. Moodle
  2. MDL-7971

course:viewhiddencategories permission needed?

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.9.3
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE
    • Rank:
      27619

      Description

      The get_categories function in datalib.php tests has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)) when deciding whether or not the user should be able to see each invisible category in the list.

      This means that if you want a user to be able to see hidden categories you have to give them course:create permission. That seems a bit excessive to me, as I want people to be able to navigate to courses inside these hidden categories e.g my teacher's sandbox where they have permissions INSIDE the course, but I don't want them to be able to add courses anywhere.

      May I suggest a new viewhiddencategories permission that would sit beside viewhiddencourses? Or just use viewhiddencourses in this function?

        Activity

        Hide
        Jenny Gray added a comment -

        OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility

        It just needs to be used in the get_categories function, I think?

        Show
        Jenny Gray added a comment - OK, I'm an idiot. There is already an appropriate permission moodle/category:visibility It just needs to be used in the get_categories function, I think?
        Hide
        Scott Elliott added a comment -

        I think this issue is still out there in 1.9.

        Is there some reason why this can't be switched to moodle/category:visibility ?

        As it stands, this function keeps teachers from seeing hidden categories.

        Here's a quick view of places that seem to use this function:

        ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) {
        ./lib/datalib.php: if ($categories = get_categories($categoryid)) {
        ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only
        ./course/index.php: if (Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found.
        ./course/index.php: $categories = get_categories($movecategory->parent);
        ./course/index.php: $categories = get_categories($movecategory->parent);
        ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively
        ./course/lib.php: $categories = get_categories();

        Scott

        Show
        Scott Elliott added a comment - I think this issue is still out there in 1.9. Is there some reason why this can't be switched to moodle/category:visibility ? As it stands, this function keeps teachers from seeing hidden categories. Here's a quick view of places that seem to use this function: ./lib/datalib.php:function get_categories($parent='none', $sort=NULL, $shallow=true) { ./lib/datalib.php: if ($categories = get_categories($categoryid)) { ./blocks/course_list/block_course_list.php: $categories = get_categories("0"); // Parent = 0 ie top-level categories only ./course/index.php: if ( Unable to render embedded object: File ($categories = get_categories()) { /// No category yet) not found. ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: $categories = get_categories($movecategory->parent); ./course/index.php: if ($categories = get_categories($category->id)) { // Print all the children recursively ./course/lib.php: $categories = get_categories(); Scott
        Hide
        Jenny Gray added a comment -

        OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!

        Show
        Jenny Gray added a comment - OK, I've thought it through again and I still think this capability should be changed. Martin is obviously focussed on other stuff (understandably) so I'm going to commit this fix with my fingers crossed!
        Hide
        Petr Škoda added a comment -

        reviewed, thanks

        Show
        Petr Škoda added a comment - reviewed, thanks

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: