MDL-63895 user: Hide suspended enrolments to user without capability
authorVíctor Déniz Falcón <victor@moodle.com>
Wed, 29 May 2019 09:46:03 +0000 (10:46 +0100)
committerVíctor Déniz Falcón <victor@moodle.com>
Thu, 12 Sep 2019 11:04:43 +0000 (12:04 +0100)
Users without course:viewsuspendedusers capability should not view suspended
users on the participant list

user/lib.php

index d38ad9b..0c23775 100644 (file)
@@ -1313,7 +1313,7 @@ function user_get_participants_sql($courseid, $groupid = 0, $accesssince = 0, $r
     // Default filter settings. We only show active by default, especially if the user has no capability to review enrolments.
     $onlyactive = true;
     $onlysuspended = false;
-    if (has_capability('moodle/course:enrolreview', $context)) {
+    if (has_capability('moodle/course:enrolreview', $context) && (has_capability('moodle/course:viewsuspendedusers', $context))) {
         switch ($statusid) {
             case ENROL_USER_ACTIVE:
                 // Nothing to do here.