From 374d3e770085b1f30c066a03d08d78dd750fdc66 Mon Sep 17 00:00:00 2001 From: Tim Hunt Date: Tue, 24 Nov 2020 17:20:12 +0000 Subject: [PATCH] MDL-70320 permission overrides: role names were double-escaped --- .../tests/behat/edit_permissions.feature | 38 +++++++++++++++--- lib/amd/build/permissionmanager.min.js | Bin 3400 -> 3401 bytes lib/amd/build/permissionmanager.min.js.map | Bin 17918 -> 17919 bytes lib/amd/src/permissionmanager.js | 2 +- .../permissionmanager_panelcontent.mustache | 7 ++-- lib/templates/permissionmanager_role.mustache | 5 ++- 6 files changed, 40 insertions(+), 12 deletions(-) diff --git a/admin/tool/behat/tests/behat/edit_permissions.feature b/admin/tool/behat/tests/behat/edit_permissions.feature index e3ffc92aef1..52599d31dca 100644 --- a/admin/tool/behat/tests/behat/edit_permissions.feature +++ b/admin/tool/behat/tests/behat/edit_permissions.feature @@ -6,14 +6,18 @@ Feature: Edit capabilities Background: Given the following "users" exist: - | username | firstname | lastname | email | - | teacher1 | Teacher | 1 | teacher1@example.com | + | username | firstname | lastname | + | teacher1 | Teacher | 1 | + | tutor | Teaching | Assistant | + | student | Student | One | And the following "courses" exist: - | fullname | shortname | category | - | Course 1 | C1 | 0 | + | fullname | shortname | + | Course 1 | C1 | And the following "course enrolments" exist: - | user | course | role | - | teacher1 | C1 | editingteacher | + | user | course | role | + | teacher1 | C1 | editingteacher | + | tutor | C1 | teacher | + | student | C1 | student | Scenario: Default system capabilities modification Given I log in as "admin" @@ -60,3 +64,25 @@ Feature: Edit capabilities Then "mod/forum:deleteanypost" capability has "Prohibit" permission And "mod/forum:editanypost" capability has "Prevent" permission And "mod/forum:addquestion" capability has "Allow" permission + + @javascript + Scenario: Edit permissions escapes role names correctly + When I am on the "C1" "Course" page logged in as "admin" + And I navigate to "Edit settings" in current page administration + And I set the following fields to these values: + | Your word for 'Teacher' | Teacher >= editing | + | Your word for 'Non-editing teacher' | Teacher < "editing" | + | Your word for 'Student' | Studier & 'learner' | + And I press "Save and display" + And I navigate to course participants + Then I should see "Teacher >= editing (Teacher)" in the "Teacher 1" "table_row" + And I should see "Teacher < \"editing\" (Non-editing teacher)" in the "Teaching Assistant" "table_row" + And I should see "Studier & 'learner' (Student)" in the "Student One" "table_row" + And I navigate to "Permissions" in current page administration + And I should see "Teacher >= editing" in the "mod/forum:replypost" "table_row" + And I should see "Teacher < \"editing\"" in the "mod/forum:replypost" "table_row" + And I should see "Studier & 'learner'" in the "mod/forum:replypost" "table_row" + And I follow "Prohibit" + And "Teacher >= editing" "button" in the "Prohibit role" "dialogue" should be visible + And "Teacher < \"editing\"" "button" in the "Prohibit role" "dialogue" should be visible + And "Studier & 'learner'" "button" in the "Prohibit role" "dialogue" should be visible diff --git a/lib/amd/build/permissionmanager.min.js b/lib/amd/build/permissionmanager.min.js index f53bd414708c7d58f0faa75595b4ab1be18703ed..3e200156772f1a4ff7996a79b746d32d1988b2d6 100644 GIT binary patch delta 19 acmX>hby8}BI~QA0X-P?b-ew=JKTH5ilm~DC delta 18 ZcmX>pbwX-`I~QwaUO{QeW?!y9OaMd-2Lu2B diff --git a/lib/amd/build/permissionmanager.min.js.map b/lib/amd/build/permissionmanager.min.js.map index 8413c766c4fb197e0599d97d84e6abac06d83487..63e284bc594606e2cc0b57fc1b2c4130b64264fc 100644 GIT binary patch delta 66 zcmey@&G^5YaYM4WVxXgAj?Jny+r4K80Mio{s{jB1 delta 65 zcmez0&G@gIaYM4WqQ9eKj {{message}}
{{#roles}} - + {{/roles}}
diff --git a/lib/templates/permissionmanager_role.mustache b/lib/templates/permissionmanager_role.mustache index d2a1652dc38..b30865371b8 100644 --- a/lib/templates/permissionmanager_role.mustache +++ b/lib/templates/permissionmanager_role.mustache @@ -27,7 +27,8 @@ * action Context variables required for this template: - * rolename Name of the role rendered + * rolename Name of the role rendered - must have been prepared for output with format_string, + or more likely one of the role API functions like role_fix_names. * roleid Id of the role * action WEhich action is done on click * spanclass class attribute of span @@ -43,7 +44,7 @@ "linkclass": "preventlink", "adminurl" : "http://localhost/moodle/admin/"} }} - {{rolename}}  + {{{rolename}}}  {{#icon}} {{#pix}}{{icon}}, core, {{iconalt}}{{/pix}} -- 2.43.0