-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
4.3
-
MOODLE_403_STABLE
We noticed it while trying to move a setting in Workplace to the new subcategory 'coursedefaultsettings' added in MDL-78530
All settings in the 'Courses' category are wrapped in one big "if" statement that checks a presence of one of the 6 specific capabilities:
https://github.com/moodle/moodle/blob/v4.3.0/admin/settings/courses.php#L38
However the settings added to it have different capabilities, for example 'Default completion' is supposed to check capability 'moodle/course:manageactivities', see
https://github.com/moodle/moodle/blob/v4.3.0/admin/settings/courses.php#L268-L272
So basically, if the user only has capability 'moodle/course:manageactivities' but none of the capabilities listed in the beginning of the file, they will not see this item in the site administration. However they will be able to visit the page 'course/defaultcompletion.php' directly.
This applies to several other items, including managing course custom fields, groups settings, etc.
Also all subcategories of 'courses' section (i.e. 'coursedefaultsettings') are also only added if the user has one of these 6 capabilities. The category 'course' is created unconditionally, empty categories are not shown in the site administration