From 57b81c93f5ac90319b67ec15d182c7829eefab3f Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20Mudr=C3=A1k?= Date: Tue, 23 Aug 2016 14:10:41 +0200 Subject: [PATCH] MDL-55667 navigation: Do not display site participants link to students The problem here was that user/index.php checks the system level capability moodle/site:viewparticipants when the user is on the front page, and the moodle/course:viewparticipants on non-front pages. But the navigation displayed the link by mistake even in situations, when the user has the capability moodle/course:viewparticipants on the front page (typically when the default role for the front page is set to student). Added behat tests for reproducing the bug and also for checking the basic functionality of the feature. --- .../tests/behat/participants_link.feature | 45 +++++++++++++++++++ lib/navigationlib.php | 5 ++- 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 blocks/navigation/tests/behat/participants_link.feature diff --git a/blocks/navigation/tests/behat/participants_link.feature b/blocks/navigation/tests/behat/participants_link.feature new file mode 100644 index 00000000000..5b2f4d6afba --- /dev/null +++ b/blocks/navigation/tests/behat/participants_link.feature @@ -0,0 +1,45 @@ +@block @block_navigation +Feature: Displaying the link to the Participants page + In order to see the course / site participants + As a student / admin respectively + I need a link to the Participants page be displayed (but only if I can access that page) + + Background: + Given the following "users" exist: + | username | firstname | lastname | email | + | student1 | Student | One | student1@example.com | + | student2 | Student | Two | student2@example.com | + And the following "courses" exist: + | fullname | shortname | + | Course1 | C1 | + And the following "course enrolments" exist: + | user | course | role | + | student1 | C1 | student | + + @javascript + Scenario: Course participants link is displayed to enrolled students after expanding the course node + When I log in as "student1" + And I expand "C1" node + Then "Participants" "link" should exist in the "Navigation" "block" + And I navigate to "Participants" node in "My courses > C1" + And I should see "Participants" + And "Student One" "link" should exist + And "Student Two" "link" should not exist + + Scenario: Site participants link is displayed to admins + When I log in as "admin" + Then "Participants" "link" should exist in the "Navigation" "block" + And I navigate to "Participants" node in "Site pages" + And I should see "Participants" + And "Student One" "link" should exist + And "Student Two" "link" should exist + + @javascript + Scenario: Site participants link is not displayed to students (MDL-55667) + Given I log in as "admin" + And I set the following administration settings values: + | defaultfrontpageroleid | Student (student) | + And I log out + When I log in as "student2" + And I expand "Site pages" node + Then "Participants" "link" should not exist in the "Navigation" "block" diff --git a/lib/navigationlib.php b/lib/navigationlib.php index c495a63489d..ec308c6bf87 100644 --- a/lib/navigationlib.php +++ b/lib/navigationlib.php @@ -2600,6 +2600,7 @@ class global_navigation extends navigation_node { } $sitecontext = context_system::instance(); + $isfrontpage = ($course->id == SITEID); // Hidden node that we use to determine if the front page navigation is loaded. // This required as there are not other guaranteed nodes that may be loaded. @@ -2608,8 +2609,8 @@ class global_navigation extends navigation_node { // Participants. // If this is the site course, they need to have moodle/site:viewparticipants at the site level. // If no, then they need to have moodle/course:viewparticipants at the course level. - if ((($course->id == SITEID) && has_capability('moodle/site:viewparticipants', $sitecontext)) || - has_capability('moodle/course:viewparticipants', context_course::instance($course->id))) { + if (($isfrontpage && has_capability('moodle/site:viewparticipants', $sitecontext)) || + (!$isfrontpage && has_capability('moodle/course:viewparticipants', context_course::instance($course->id)))) { $coursenode->add(get_string('participants'), new moodle_url('/user/index.php?id='.$course->id), self::TYPE_CUSTOM, get_string('participants'), 'participants'); } -- 2.43.0