Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-80813

All course-related admin settings have extra capabilities check in Site administration

XMLWordPrintable

    • MOODLE_403_STABLE

      We noticed it while trying to move a setting in Workplace to the new subcategory 'coursedefaultsettings' added in MDL-78530

      All settings in the 'Courses' category are wrapped in one big "if" statement that checks a presence of one of the 6 specific capabilities:

      https://github.com/moodle/moodle/blob/v4.3.0/admin/settings/courses.php#L38

      However the settings added to it have different capabilities, for example 'Default completion' is supposed to check capability 'moodle/course:manageactivities', see
      https://github.com/moodle/moodle/blob/v4.3.0/admin/settings/courses.php#L268-L272

      So basically, if the user only has capability 'moodle/course:manageactivities' but none of the capabilities listed in the beginning of the file, they will not see this item in the site administration. However they will be able to visit the page 'course/defaultcompletion.php' directly.

      This applies to several other items, including managing course custom fields, groups settings, etc.

      Also all subcategories of 'courses' section (i.e. 'coursedefaultsettings') are also only added if the user has one of these 6 capabilities. The category 'course' is created unconditionally, empty categories are not shown in the site administration

            Unassigned Unassigned
            marina Marina Glancy
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.