Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31640

In course/search.php selected courses can't be moved to categories, no capability check while moving courses and turn editing on/off not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.1.6, 2.2.3
    • 2.2
    • Administration
    • Removed blocklist param from the link.
    • MOODLE_22_STABLE
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • wip-mdl-31640-new
    • Hide
      1. Log in as admin
      2. Turn editing on
      3. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      4. Click on link in "Instances" column > on blocks (Copy this link somewhere, we need it to trick manager to see this page)
      5. select some courses and move to different category.
      6. Remove course:create and category:manage role for manager in Misc category(Select category and click on settings->permission)
      7. Log in as manager
      8. Copy and paste above link and change sesskey (get it from page view)
      9. Make sure checkbox for courses in Misc category is disabled and you have no way to move the course to another category.
      10. use firebug and enable checkbox and try moving them to another category.
      11. Make sure you encounter error.
      12. Log in as admin
      13. assign manager course:create and category:manage on Misc and one more categories
      14. Log in as manager
      15. Copy and paste above link and change sesskey (get it from page view)
      16. You should be able to move course between the two categories only.
      Show
      Log in as admin Turn editing on On Site Admin panel go to Plugins > Blocks > Manage Blocks Click on link in "Instances" column > on blocks (Copy this link somewhere, we need it to trick manager to see this page) select some courses and move to different category. Remove course:create and category:manage role for manager in Misc category(Select category and click on settings->permission) Log in as manager Copy and paste above link and change sesskey (get it from page view) Make sure checkbox for courses in Misc category is disabled and you have no way to move the course to another category. use firebug and enable checkbox and try moving them to another category. Make sure you encounter error. Log in as admin assign manager course:create and category:manage on Misc and one more categories Log in as manager Copy and paste above link and change sesskey (get it from page view) You should be able to move course between the two categories only.

      Discover this issue while testing MDL-30388.

      There are few issues on course/search.php

      1. When trying to move courses to different category, the page jump to course/search.php without moving the course.
      2. No capability check done while moving the course
      3. Capability check should be based on category level and not system level (If user have system level create and manage capability, but have no capability on any category, then he should not be able to move the course)
      4. Turn editing on/off redirects user to search page.

      This occurs when there is blocklist param on the link.

            rajeshtaneja Rajesh Taneja
            rwijaya Rossiani Wijaya
            Rossiani Wijaya Rossiani Wijaya
            Sam Hemelryk Sam Hemelryk
            Ankit Agarwal Ankit Agarwal
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.