Bug #2121
Any one can delete thematic items (registered users)
Description
This works in sessions and courses
Associated revisions
History
Updated by Julio Montoya over 10 years ago
Updated by This should work also to edit the content I did not test it yet but I guess so
Updated by Julio Montoya over 10 years ago
- Status changed from New to Needs testing
- Assignee changed from Julio Montoya to Curt Ricardo Rodriguez Salazar
- % Done changed from 0 to 90
This is a partial fix because i'm working in other task bt#1651
I have some other changes to do, but this should fix most of the security problems
Updated by Julio Montoya over 10 years ago
- Subject changed from Any user can delete thematic items of any course to Any user can delete thematic items
Updated by Julio Montoya over 10 years ago
- Subject changed from Any user can delete thematic items to Any one can delete thematic items (registered users)
Updated by Bryan Fuertes Malca over 9 years ago
Updated by Bryan Fuertes Malca - Assignee changed from Curt Ricardo Rodriguez Salazar to Bryan Fuertes Malca
Updated by
Updated by Yannick Warnier almost 9 years ago
- Status changed from Needs testing to Needs more info
- Assignee set to Eric Petitdemange
Hi Coursenligne,
Can we ask you to review this one? Basically, you should just check that a student cannot delete attendances or thematic advance items... If he can't you can close :-)
Updated by Eric Petitdemange almost 9 years ago
Updated by Just to ensure, can you tell me how I can perform the test?
As "apprenant, login z, pwd z, I don't see where I can delete things, but I may not be register as pair as your needs
Updated by Yannick Warnier almost 9 years ago
That's OK, you're testing it the right way. We just need you to look around and see if, as a student, you find any way to delete stuff. To go into the security aspect of it, you should also check as teacher what the link is when you delete something, then logout, login as a student and try to put that delete link again and see if it works (it should tell you that you are not authorized).
Do this in the attendance tool and in the thematic advance, and we should be fully covered.
Updated by Eric Petitdemange almost 9 years ago
Testing with typing in the full address /main/admin/course_list... Get an error message telling me I don't have access to this page.
Updated by Eric Petitdemange almost 9 years ago
- Status changed from Needs more info to Feature implemented
Closed as KO.
I detected an issue I open a case ;)
Updated by Yannick Warnier almost 9 years ago
Coursenligne 45 wrote:
Closed as KO.
You mean "Closed as OK", right? (watch the details! :-))
Updated by Eric Petitdemange almost 9 years ago
Yes :)
This one is really closed!
The platform is doing what I would expect...
Fixing unwanted delete items see #2121