Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-7770

View User Profile capability in the roles system won't prevent users from viewing profiles

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.7.1, 1.8
    • 1.7
    • Roles / Access
    • None
    • linux, moodle 1.7
    • MySQL
    • MOODLE_17_STABLE
    • MOODLE_17_STABLE, MOODLE_18_STABLE

      The Roles system in 1.7 has a capability defined as such:

      Capabilities/moodle/user:viewdetails
      allows a user to view other user's profiles in context

      This role seems to offer the ability to permit or restrict access to view users profiles (which would include a user's email address). In my Moodle 1.7 installations, however, this capability will not restrict users from viewing profiles (whether at the site or course context). Even assigning a newly created role to a user who has no other roles in the system and applying the prohibit permission to that capability in that role will still allow the user to view a user's profile.

      Is this is the intended function, what is this capability supposed to do, or if not I believe there might be a bug in the way this capability is functioning.

            lazyfish Yu Zhang
            hintbw Brett Hinton (Inactive)
            Nobody Nobody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.