Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78463

Category manager bypasses student-permissions in other category

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 4.1.3
    • Roles / Access
    • None
    • MOODLE_401_STABLE

      Hello,

      There is a bug that category manager can view other participant information even if he/she/they are on a course as student in different category.

      Tested on Moodle 4.1.3

      Steps to repeat:

      0. Check that student-role has moodle/user:viewdetails set to "not set"
      1. Create a course to category1
      2. Create a forum-activity on this course and post something as user0.
      3. Assign manager permissions to user1 in category2
      4. Check that user1 doesn't have any other permissions than manager in category2.
      5. Add user1 to a course under category1 as a student
      5. Open the forum and click user0s name in the message -> profile information opens even though manager is on a student and student-role has moodle/user:viewdetails "not set" on system level

        1. BC1.png
          102 kB
          Kim Jared Lucas

            Unassigned Unassigned
            urpokarhu Jari Vilkman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.