[C2] User with teacher role when assigned as learner to a course have teacher access to the course / and strange registry in the user.roles field #7298
Description
Procedure to reproduce the error :
- Create a user with teacher role
- create a course
- enter the course
- enter the users tool
- subscribe the teacher user as learner to the course
- login with the teacher user
- enter the course where it has been subscribe as a leaner
- the tool visibility can be changed (it should not be the case because it is a learner in the course)
- enter the test tool (a exercise can be created, it should not be the case for a learner in the course)
It seems that all the legacy tool have access a teacher where it should be a learner access.
It can be tester with the user agarcia who is subscribe as a learner in the course https://testing25.beeznest.com/course/19/home
We have also seen a strange situation as an admin on the platform enter the admin user list and we can see that the teacher user subscribe as learner in the course have multiple roles assign :
- Teacher
- Current Course Student
- Current Course Teacher
and this correspond to the registry in the database :
MariaDB [testing25]> select id, username, roles from user where username = "agarcia";
+----+----------+--------------------------------------------------------------------------------------------------------------+
| id | username | roles |
+----+----------+--------------------------------------------------------------------------------------------------------------+
| 8 | agarcia | a:3:{i:0;s:12:"ROLE_TEACHER";i:1;s:27:"ROLE_CURRENT_COURSE_STUDENT";i:2;s:27:"ROLE_CURRENT_COURSE_TEACHER";} |
+----+----------+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
And in the user edition page we can see that he only has the teacher role.
It can be seen with the user beeznest watching the user agarcia here :