Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31750

Capability check needs to be improved in course/edit.php and Course/category.php

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Deferred
    • Icon: Blocker Blocker
    • None
    • 2.2.1
    • Course
    • MOODLE_22_STABLE
    • wip-MDL-31750-master
    • Hide

      Things to do

      • Create a course creator
      • Add a couple of categories
      • Add a couple of courses under one of the categories

      Testing steps

      1. Go to [Settings ► Site administration ► Users ► Permissions ► Define roles]
      2. Click on Course creator.
      3. Click edit and show advanced and then do a search for site:manageblocks and set it to 'Allow'.
      4. Click 'allow' for manage categories (moodle/category:manage).
      5. login as the course creator.
      6. Go to [Settings ► Site administration ► Courses ► Add/edit courses]
      7. Click on misc.
        [Test] Try selecting and then moving courses to a different category. This will take you to an error page saying "You can not move this course to the category specified".
      • Repeat steps 1 - 3 but set moodle/course:delete to 'Allow'.

      [Test] Expected outcome: You should now be able to move courses to different categories.

      Show
      Things to do Create a course creator Add a couple of categories Add a couple of courses under one of the categories Testing steps Go to [Settings ► Site administration ► Users ► Permissions ► Define roles] Click on Course creator. Click edit and show advanced and then do a search for site:manageblocks and set it to 'Allow'. Click 'allow' for manage categories (moodle/category:manage). login as the course creator. Go to [Settings ► Site administration ► Courses ► Add/edit courses] Click on misc. [Test] Try selecting and then moving courses to a different category. This will take you to an error page saying "You can not move this course to the category specified". Repeat steps 1 - 3 but set moodle/course:delete to 'Allow'. [Test] Expected outcome: You should now be able to move courses to different categories.

      For moving a course from one category to another user should have both course:create and category:manage capability.
      Unfortunately, we are just checking for course:create capability in course/edit_form.php

      Also, Course/category.php should follow the same checks.

            abgreeve Adrian Greeve
            rajeshtaneja Rajesh Taneja
            Rajesh Taneja Rajesh Taneja
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Votes:
            2 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.