search

xAPI-vle / moodle-logstore_xapi

A Moodle plugin to send xAPI statements to an LRS using events in the Moodle logstore.
GNU General Public License v3.0
75 stars 85 forks source link

Lms 2490 set capability for historical log #735

Closed lzabo closed 4 years ago

lzabo commented 4 years ago

Description

PR Type

gordonmacqueen-lp commented 4 years ago

This improves the permission checking. A user may have the logstore/xapi:managehistoric permission which really means view + manage. There are explicit logstore/xapi:viewerrorlog and logstore/xapi:manageerrors permissions. Would a user be assigned a role where the logstore/xapi:managehistoric permission is set without logstore/xapi:viewerrorlog?

This improves the permission checking. A user may have the logstore/xapi:managehistoric permission which really means view + manage. There are explicit logstore/xapi:viewerrorlog and logstore/xapi:manageerrors permissions. Would a user be assigned a role where the logstore/xapi:managehistoric permission is set without logstore/xapi:viewerrorlog?

Yes, going by the requirements this is entirely possible