Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51712

Teachers can no longer see hidden profile fields for their students

XMLWordPrintable

    • MOODLE_29_STABLE
    • MOODLE_29_STABLE
    • MDL-51712-master
    • Hide
      1. As admin, go to Site administration ► Users ► Permissions ► User policies. Select all the fields
      2. Create a new user (to be a student) with some information in a few fields
      3. Add a teacher to a course
      4. Log in as that teacher. Enrol the student user in that course.
      5. In the enrolled users list click the icon of the student
      6. You should be able to see all the user's fields that were filled in, including their email
      7. Remove the site:viewuseridentity capability from the teacher role
      8. Go back to the student's course profile
      9. You should not see the user's email
      10. Go back and add the site:viewuseridentity capability back to the teacher
      11. Go to Site administration ► Users ► Permissions ► User policies
      12. Remove email from the showuseridentity setting
      13. Go back to the student's course profile
      14. You should not see the user's email
      15. Go back and tick email on showuseridentity again.
      16. Go to the student's full profile
      17. You should not be able to see the user's fields, and not their email either
      18. Enrol another student and log in as that student
      19. View the first student's profile.
      20. You should not be able to see the hidden fields
      21. Create a user and give them the manager role in the site context.
      22. Enrol them as a student in the same course you used before
      23. Check that they can see the hidden fields both on the user profile, and on the course profile
      24. Edit the student role and give it the user:viewhiddendetails permission (set to allow)
      25. Log in as student
      26. Go to another student's page
      27. Make sure you can view their details

      You may want to empty the hiddenuserfields list and get rid of the user:viewhiddendetails capability from student now so that you don't have weird results in a test many years from now

      Show
      As admin, go to Site administration ► Users ► Permissions ► User policies. Select all the fields Create a new user (to be a student) with some information in a few fields Add a teacher to a course Log in as that teacher. Enrol the student user in that course. In the enrolled users list click the icon of the student You should be able to see all the user's fields that were filled in , including their email Remove the site:viewuseridentity capability from the teacher role Go back to the student's course profile You should not see the user's email Go back and add the site:viewuseridentity capability back to the teacher Go to Site administration ► Users ► Permissions ► User policies Remove email from the showuseridentity setting Go back to the student's course profile You should not see the user's email Go back and tick email on showuseridentity again. Go to the student's full profile You should not be able to see the user's fields , and not their email either Enrol another student and log in as that student View the first student's profile. You should not be able to see the hidden fields Create a user and give them the manager role in the site context. Enrol them as a student in the same course you used before Check that they can see the hidden fields both on the user profile, and on the course profile Edit the student role and give it the user:viewhiddendetails permission (set to allow) Log in as student Go to another student's page Make sure you can view their details You may want to empty the hiddenuserfields list and get rid of the user:viewhiddendetails capability from student now so that you don't have weird results in a test many years from now

      As part of the profile page refactoring in https://github.com/moodle/moodle/commit/b19cc4ef25740cc7aae543f9ca85b7263274a47a for MDL-45898, the lines

      if (has_capability('moodle/user:viewhiddendetails', $context)) {

      and

      if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {

      became

      if (has_capability('moodle/user:viewhiddendetails', $usercontext)) {

      This has resulted in teachers being unable to view any hidden fields in their students' profiles, although the help string for the 'hiddenuserfields' admin config setting still states "Select which user information fields you wish to hide from other users other than course teachers/admins".

      Assuming this was a deliberate change, the string 'confighiddenuserfields' just needs updating, but I wonder whether it was deliberate.

            johno John Okely
            tonybutler Tony Butler
            Simey Lameze Simey Lameze
            David Monllaó David Monllaó
            Jun Pataleta Jun Pataleta
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.