Open marxjohnson opened 12 years ago
As a huge fan of this block, I would love to see this functionality implemented. I have been able to get this working for teachers with the use of a system role but am having to give them permission to view profiles of all users on the site to get it to work. Within the course, it works as intended but I would like them to be able to search across all of their courses from the front page and only be provided with results from their courses (not sure how complicated that would be to put together).
If anyone authors the capability, I'll integrate it.
I discovered that if you change the .js file to reference a ? instead of & in the url and then specify the profile page in the settings, this works great. I can now get to any user regardless of whether I am on a course page or not.
As reported by Alan Woerner
The issue Alan describes occurs as the has_capability call in get_content uses the system context, not the current instance context. This is partly due to laziness, but also partly down to security as the block potentially searches all users in the system. Extra permissions checking may need to be implemented to ensure that a user only sees results for users that they are allowed to know about.