Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19125

New addinstance capabilities for activity modules to replace the old complicated course restricted modules

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.3
    • 2.0, 2.2
    • Course
    • MOODLE_20_STABLE, MOODLE_22_STABLE
    • MOODLE_23_STABLE
    • MDL-19125_module_security
    • Hide

      We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2.

      1. With default settings, go to any course and ensure you can add any type of activity.

      2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher.

      3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature)

      4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

      5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

      6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

      7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)

      8. Test a fresh install just to be sure

      Show
      We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2. 1. With default settings, go to any course and ensure you can add any type of activity. 2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher. 3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature) 4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form. 5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules. 6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site. 7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.) 8. Test a fresh install just to be sure

      Currently the way this works is:

      • Enforce settings (as defaults) for newly created courses.
      • Per course, use a whitelist to determine which modules can be added.

      This is kind of useless, as an empty whitelist is ambiguous. It could either mean "use the site default", or it could mean "i don't want to allow anything at all".

      One way to get around this is a new setting (maybe course.restrictedmodules) which indicates that the course has overridden the site default.

      Another way is to add a capability to each module 'canaddtocourse' or similar, and override it for a role at a course context. I think the latter is probably more correct in a 'moodle sense' but has the following drawbacks:

      1. Third party module authors must implement this capability, for their module to implement this setting (stupid)
      2. Eh, roles are complicated enough as it is, and Howard will kill me if we must override things further.

      The former is probably simpler (and easier to implement) but means adding yet another field to course. Do courses have extra settings? Maybe we could have a course_preferences table or something.

        1. Alter roles by capability.bmml
          2 kB
          Tim Hunt
        2. Alter roles by capability.png
          15 kB
          Tim Hunt
        3. Alter roles by capability 2.bmml
          7 kB
          Tim Hunt
        4. Alter roles by capability 2.bmml
          7 kB
          Tim Hunt
        5. Alter roles by capability 2.bmml
          2 kB
          Tim Hunt
        6. Alter roles by capability 2.png
          36 kB
          Tim Hunt
        7. Possible admin interface.bmml
          9 kB
          Tim Hunt
        8. Possible admin interface.bmml
          5 kB
          Tim Hunt
        9. Possible admin interface.png
          57 kB
          Tim Hunt
        10. Possible course settings UI.bmml
          3 kB
          Tim Hunt
        11. Possible course settings UI.bmml
          5 kB
          Tim Hunt
        12. Possible course settings UI.bmml
          5 kB
          Tim Hunt
        13. Possible course settings UI.png
          16 kB
          Tim Hunt
        14. sam proposed - course settings UI.bmml
          3 kB
          Sam Marshall
        15. sam proposed - course settings UI.png
          23 kB
          Sam Marshall

            timhunt Tim Hunt
            mjollnir Penny Leach (Inactive)
            Dan Poltawski Dan Poltawski
            Sam Hemelryk Sam Hemelryk
            Rossiani Wijaya Rossiani Wijaya
            Votes:
            6 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.