Course managment Page thorws exception when user is not logged in.

Course managment Page thorws exception when user is not logged in.

by Faisal Kaleem -
Number of replies: 4
Picture of Core developers Picture of Translators
Before I report this as a bug on moodle tracker I thought should be posted here.

Steps to recreate issue:

  1. Make sure user is not logged in
  2. Visit course management page with direct URL hit e.g: {yourdomain.tld}

    /course/management.php?categoryid=11&courseid=46

  3. throws either permission error or not Can't found data record database table course.

I observed this in 3.8.3 but other version could have been effected.

Possible Fix

Move "require_login();" on line before it tries to throw exception

Average of ratings: -
In reply to Faisal Kaleem

Re: Course managment Page thorws exception when user is not logged in.

by David Mudrák -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators

Thank you Faisal. You did not provide more detailed information such as which line throws the exception. Just to note, exceptions resulting from unprivileged access to a page via direct URL are consider as actual feature, not a bug. It would be a bug if there was a clickable link displayed to a guest user that would lead to this page. I am not sure your use case qualifies as a bug. As I can see, the file course/management.php calls the require_login() immediately after processing all the input parameters and setting up the context. That is expected, unless I am missing something.

Average of ratings: -
In reply to David Mudrák

Re: Course managment Page thorws exception when user is not logged in.

by Davo Smith -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just a thought here - if the user is not logged in, then surely they should be redirected to the login page, then returned to this page, before being shown an error that relates to them not having access to the particular course (if the course really does not exist, then the error is probably OK as it is).

Use cases whereby this might occur:

  • A user with correct access bookmarks the page - when they click on the bookmark later, they may not be logged in yet; for most Moodle pages, this would result in a login screen, before ending up on the correct page
  • (Similarly) a user visits the page in question, then goes off to do something else, on their return they refresh the page (or click on a legitimate link to this page), but their login has timed out. Again - I would expect a login page, followed by displaying the page in question, rather than an error.

I haven't actually tested this out - I'm just going by the description in the original post.

Average of ratings: -
In reply to Davo Smith

Re: Course managment Page thorws exception when user is not logged in.

by Faisal Kaleem -
Picture of Core developers Picture of Translators
Thanks Davo. This is what I meant
Average of ratings: -
In reply to David Mudrák

Re: Course managment Page thorws exception when user is not logged in.

by Faisal Kaleem -
Picture of Core developers Picture of Translators
Thank you @David, Yes I failed to give enough info and yes its not bug but related with UX I guess.

The following error is displayed when Error reporting is enabled.

You don't have permission to view this list of courses.

More information about this error
Debug info:
Error code: cannotviewcategory
Stack trace:

line 263 of /course/classes/category.php: moodle_exception thrown
line 55 of /course/management.php: call to core_course_category::get()

So at the line 55 in managment.php file it calls a function in category.php which has $strictness = MUST_EXISTS by default so it gives throws exception, I would suggest to move require_login() from line #112 to before line #52 where it says if($courseid)

Thanks.
Average of ratings: -