Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50782

/lib/ajax/service.php should not call require_login

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.9.3
    • 2.9.2
    • JavaScript
    • MOODLE_29_STABLE
    • MOODLE_29_STABLE
    • MDL-50782-master
    • Hide

      You must test this without MDL-50784 integrated / in your branch.

      Open the template library,
      In another browser tab log out
      Use the template library without reloading the page - it should still work (because the webservices it uses do not require a session).

      Edit lib/db/services.php
      Change 

      'core_output_load_template' => array(                                                                                           
              'classname'   => 'core\output\external',                                                                                    
              'methodname'  => 'load_template',                                                                                           
              'description' => 'Load a template for a renderable',                                                                        
              'type'        => 'read'                                                                                                     
          ),

      to:

      'core_output_load_template' => array(                                                                                           
              'classname'   => 'core\output\external',                                                                                    
              'methodname'  => 'load_template',                                                                                           
              'description' => 'Load a template for a renderable',                                                                        
              'type'        => 'write'                                                                                                     
          ),

      Use the template library without reloading the page - it should show exceptions "Web service is not available (it doesn't exist or might be disabled)".

      Show
      You must test this without MDL-50784 integrated / in your branch. Open the template library, In another browser tab log out Use the template library without reloading the page - it should still work (because the webservices it uses do not require a session). Edit lib/db/services.php Change 'core_output_load_template' => array( 'classname' => 'core\output\external', 'methodname' => 'load_template', 'description' => 'Load a template for a renderable', 'type' => 'read' ), to: 'core_output_load_template' => array( 'classname' => 'core\output\external', 'methodname' => 'load_template', 'description' => 'Load a template for a renderable', 'type' => 'write' ), Use the template library without reloading the page - it should show exceptions "Web service is not available (it doesn't exist or might be disabled)".

      Not all ajax services need to be logged in. E.g. blocks that show on the front page would need to work before someone logs in. The webservices themselves need to perform the correct validate_context checks and capability checks anyway, so removing this require_login from the ajax script handler will not reduce security.

            damyon Damyon Wiese
            damyon Damyon Wiese
            Frédéric Massart Frédéric Massart
            Andrew Lyons Andrew Lyons
            Rajesh Taneja Rajesh Taneja
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.