Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17499

Horrible hack in can_delete_course in course/lib.php

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 1.8.7, 1.9.3, 2.0, 2.2, 2.3, 3.4
    • Libraries, Roles / Access
    • MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_34_STABLE
    • MDL-17499_course_delete
    • Hide

      Make sure your test user has 'moodle/course:create' but does NOT have 'moodle/course:delete'.

      Create a course and check that you can not delete it.

      Give that user 'moodle/course:delete' and check that they can now delete the course.

      Show
      Make sure your test user has 'moodle/course:create' but does NOT have 'moodle/course:delete'. Create a course and check that you can not delete it. Give that user 'moodle/course:delete' and check that they can now delete the course.

      This is all the fault of MDL-7796. That was supposed to be about restoring features that had gone away in the 1.7 roles upgrade. However, following this comment http://tracker.moodle.org/browse/MDL-7796?focusedCommentId=24645#action_24645, Vy implemented the new feature that course creators can delete 'their own' courses in the only way possible, via a nasty hack, since there is no way of knowing who created which course.

      I have checked and this was not the case in Moodle 1.6. Before roles, deleting courses was protected by a big fat isadmin() check.

      I would really like to change back to just using has_capability('moodle/course:delete');

            Unassigned Unassigned
            timhunt Tim Hunt
            Ankit Agarwal Ankit Agarwal
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.