mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #68045
[Bug 1999137] [NEW] add members to group if "owngroupsonly" is activ does not show users to institution staff
Public bug reported:
Settings:
- Mahara 22.04 (and also found in mahara 22.10)
- Only administrators and staff are allowed to create groups.
- "owngroupsonly" is activ
- isolated institutions is activ
Problem: add members to group if "owngroupsonly" is activ does not show users to institution staff
To reproduce try the following steps:
1. Log in as an institutional staff (who is allowed to greate groups).
2. Be sure that the user is NO member of any group espacaly has no other users in a group he is member.
3. Create a group A.
4. Go to the add user page for the group A.
5. The User can now see a list containing ALL users of the instititution in the potential members list.
6. Select one or more users and add them to the group A.
7. Now the list of potenial members is empty and no more users can be added to the group.
8. Create a new group B
9. Go to the add user page for the group B.
10. Now the list of potential members does NOT contain all users of the institution but only the users from group A.
11. Remove the users added in 6. Now the lists of potential members again in group A and group B contain all users of the institution.
Solution (line numbers belong to mahara 22.10 code and are different in 22.04):
In line 904 in search/internal/lib.php
$is_admin = $USER->get('admin') || $USER->get('staff');
does not check for institutional staff.
So always line 922
$searchsql .= '
AND u.id IN (' . implode(',', $membergroups) . ')';
creates an sql statment that only shows group members to the staff.
So it might should be added in line 914 just before if (get_config('owngroupsonly') && !$is_admin)
the folowing code line:
$is_admin = $USER->get('admin') || $USER->is_institutional_admin() || $USER->get('staff') || $USER->is_institutional_staff();
So the complete code might be:
$is_admin_or_staff = $USER->get('admin') || $USER->is_institutional_admin() || $USER->get('staff') || $USER->is_institutional_staff();
if (get_config('owngroupsonly') && !$is_admin_or_staff) {
// in search results only include users that are members of the same groups
// site admin and site staff users are excluded
$usergroups = get_column('group_member', 'group', 'member', $USER->get('id'));
$membergroups = get_column_sql('SELECT member FROM {group_member} WHERE "group" IN (' . implode(',', $usergroups) . ') AND member != ?', array($USER->get('id')));
if ($membergroups) {
$membergroups = array_unique($membergroups);
$searchsql .= '
AND u.id IN (' . implode(',', $membergroups) . ')';
}
}
** Affects: mahara
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1999137
Title:
add members to group if "owngroupsonly" is activ does not show users
to institution staff
Status in Mahara:
New
Bug description:
Settings:
- Mahara 22.04 (and also found in mahara 22.10)
- Only administrators and staff are allowed to create groups.
- "owngroupsonly" is activ
- isolated institutions is activ
Problem: add members to group if "owngroupsonly" is activ does not show users to institution staff
To reproduce try the following steps:
1. Log in as an institutional staff (who is allowed to greate groups).
2. Be sure that the user is NO member of any group espacaly has no other users in a group he is member.
3. Create a group A.
4. Go to the add user page for the group A.
5. The User can now see a list containing ALL users of the instititution in the potential members list.
6. Select one or more users and add them to the group A.
7. Now the list of potenial members is empty and no more users can be added to the group.
8. Create a new group B
9. Go to the add user page for the group B.
10. Now the list of potential members does NOT contain all users of the institution but only the users from group A.
11. Remove the users added in 6. Now the lists of potential members again in group A and group B contain all users of the institution.
Solution (line numbers belong to mahara 22.10 code and are different in 22.04):
In line 904 in search/internal/lib.php
$is_admin = $USER->get('admin') || $USER->get('staff');
does not check for institutional staff.
So always line 922
$searchsql .= '
AND u.id IN (' . implode(',', $membergroups) . ')';
creates an sql statment that only shows group members to the staff.
So it might should be added in line 914 just before if (get_config('owngroupsonly') && !$is_admin)
the folowing code line:
$is_admin = $USER->get('admin') || $USER->is_institutional_admin() || $USER->get('staff') || $USER->is_institutional_staff();
So the complete code might be:
$is_admin_or_staff = $USER->get('admin') || $USER->is_institutional_admin() || $USER->get('staff') || $USER->is_institutional_staff();
if (get_config('owngroupsonly') && !$is_admin_or_staff) {
// in search results only include users that are members of the same groups
// site admin and site staff users are excluded
$usergroups = get_column('group_member', 'group', 'member', $USER->get('id'));
$membergroups = get_column_sql('SELECT member FROM {group_member} WHERE "group" IN (' . implode(',', $usergroups) . ') AND member != ?', array($USER->get('id')));
if ($membergroups) {
$membergroups = array_unique($membergroups);
$searchsql .= '
AND u.id IN (' . implode(',', $membergroups) . ')';
}
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1999137/+subscriptions
Follow ups
