Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-82502

Course edit menu issues when manageactivities is unset

XMLWordPrintable

      Hi moodle team, we have 4.3.4 (Build: 20240422) Moodle version on our sites, a similar issue is present when the course:manageactivities capability is unset for teacher roles for example. Not only when clicking Hide/show action, but also when clicking duplicate activity i see the following error:
      Sorry, but you do not currently have permissions to do that (Manage activities)
      As requested by sarjona in MDL-77572. I was able to replicate the issue in https://sandbox.moodledemo.net/, see the images attached to each scenario.

      Replication steps:

      Make sure you have DEBUGGING enable on site.

      Duplicate option issue:

      1. Log in to a site on 4.3
      2. Log in as a user with the Teacher role with course:manageactivities Deactivated
      3. Navigate to a course the user is enrolled into
      4. Click on the kebab menu of an activity
      5. Click on Duplicate option
      6. See the ERROR on Screen.

      See the image below:

       

      Hide/show option via AJAX issue:

      1. Log in to a site on 4.3 as Admin
      2. Navigate to a course the user is enrolled into
      3. Click on the kebab menu of an activity
      4. Click on Availability
      5. Click on any of the show/hide options (it works)
      6. Without closing the actual page, go another tab and switch Role to Teacher (with course:manageactivities Deactivated)
      7. Go back to the admin tab
      8. Click on the kebab menu of an activity
      9. Click on Availability
      10. Click on any of the show/hide options
      11. See Permissions error displayed on screen, this is a way to force the same behavior for Hide/show. Since via AJAX the webservice needs the capability.

      See image below:

      Investigation notes:

      • For any case (Hide/show or duplicate) the AJAX requests are not being sent by default, clicking the options reloads the page.
      • In the case of Hide/show action in course/format/classes/stateactions.php we are asking for the course:manageactivities capability and the definition of the
        core_courseformat_update_course webservice only asks for ['moodle/course:sectionvisibility, moodle/course:activityvisibility'] capabilities in lib/db/services.php. So i think we have a capabilities conflict here, it works since we are not doing it via AJAX, and we don't ask for the capability in course/mod.php.
      • For Duplicate action, in course/mod.php we require moodle/course:manageactivities capability to be set, causing the error message from this ticket.

      – Is course:manageactivities required in both cases? or should we avoid displaying those kebab options to the user?

        1. (1) 10 Passed -- (Main)MDL-82502.png
          (1) 10 Passed -- (Main)MDL-82502.png
          59 kB
        2. MDL-82502_actionsmenu.png
          MDL-82502_actionsmenu.png
          21 kB
        3. Screenshot 2024-07-16 at 8.44.30 AM.png
          Screenshot 2024-07-16 at 8.44.30 AM.png
          148 kB
        4. Screenshot 2024-07-16 at 8.46.12 AM.png
          Screenshot 2024-07-16 at 8.46.12 AM.png
          199 kB

            pholden Paul Holden
            thebryanopen228 Bryan Cruz
            Luca Bösch Luca Bösch
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            3 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 32 minutes
                32m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.