Using Moodle 4.0.8 and the latest block_exaport (a2bfb7df9abf25c1fc68ca50737917e855f17aaf).
In “My CV” many categories of information (“Education history”, “Employment history”, “Certifications, accreditations and awards”, “Books and publications”, “Memberships”, “My goals”, “My skills”) can have files attached to items. In the view editor in “My views” the “CV information” block has the “With attachment files” checkbox; when that checkbox is checked, the attached file appears in the view. However, when the view is subsequently shared with some other users, those other users cannot access these attached files — a hyperlink to the file appears, but clicking the hyperlink produces a “file not found” error page.
Sharing files uploaded as artifacts apparently works; the problem happens only with files that are attached to CV items.
The hyperlink which is generated for a file attached to an item in “Certifications, accreditations and awards” looks like this:
The same hyperlink is generated both when looking at the user's own view (in this case the hyperlink works to download the file), and when another user looks at the shared view (in this case the hyperlink does not work and shows a filenotfound error page).
Looking at the code in block_exaport_pluginfile(), apparently the handling of those hyperlinks ends up at this call to $fs->get_file, where the context ID from the hyperlink is replaced with context_user::instance($USER->id)->id, therefore it always refers to the currently logged in user, and accessing a file shared by another user is not possible when that kind of hyperlink is used. But hyperlinks for artifacts are handled by some completely different code (portfoliofile.php), which apparently performs some permission checks and allows access to files shared by other users if those files were actually shared in a view.
Could this problem be fixed somehow, so that files attached to CV items can be shared properly?
Using Moodle 4.0.8 and the latest
block_exaport(a2bfb7df9abf25c1fc68ca50737917e855f17aaf).In “My CV” many categories of information (“Education history”, “Employment history”, “Certifications, accreditations and awards”, “Books and publications”, “Memberships”, “My goals”, “My skills”) can have files attached to items. In the view editor in “My views” the “CV information” block has the “With attachment files” checkbox; when that checkbox is checked, the attached file appears in the view. However, when the view is subsequently shared with some other users, those other users cannot access these attached files — a hyperlink to the file appears, but clicking the hyperlink produces a “file not found” error page.
Sharing files uploaded as artifacts apparently works; the problem happens only with files that are attached to CV items.
The hyperlink which is generated for a file attached to an item in “Certifications, accreditations and awards” looks like this:
The same hyperlink is generated both when looking at the user's own view (in this case the hyperlink works to download the file), and when another user looks at the shared view (in this case the hyperlink does not work and shows a
filenotfounderror page).Looking at the code in
block_exaport_pluginfile(), apparently the handling of those hyperlinks ends up at this call to$fs->get_file, where the context ID from the hyperlink is replaced withcontext_user::instance($USER->id)->id, therefore it always refers to the currently logged in user, and accessing a file shared by another user is not possible when that kind of hyperlink is used. But hyperlinks for artifacts are handled by some completely different code (portfoliofile.php), which apparently performs some permission checks and allows access to files shared by other users if those files were actually shared in a view.Could this problem be fixed somehow, so that files attached to CV items can be shared properly?