Roles and permissions

And here's the screenshot.

Hi Tim,
Thanks for your work on this! After you posted your screenshot, I messaged you with some feedback, and you suggested that we have the conversation in public. Good idea.

I don't have time to install explain.zip today, but will definitely do it tomorrow. I don't want to make any premature judgements based on a screenshot!

I hope that our conversation will focus on use cases. Do we want (1) a tool for debugging actual roles-related problems or (2) a tool for running academic what-if scenarios. Both are valid use cases, but for me, (1) is much more important (it is the one I had in mind while developing the prototype).

I am very happy to read that "the explain interface defaults to your current roles assignments when you first go there," because that means I can still use it for (1). And if I can also use it for (2), it's a nice bonus.

Let's resume the discussion tomorrow.

Tim,
I installed explain.zip this morning. There's an undefined function role_fix_names() called at line 121 of explain.php.

Thanks, it's working now. Here's feedback:

The interface seems a bit complicated, but I got used to it pretty quickly. My main issue is that if I'm using it for debugging, rather than for what-if scenarios, I care about only one of the inputs (the capability) and I'm going to ignore everything else. Maybe there should be two interfaces, one for each use case. Or a "show advanced" for the scenario use case.

For the debugging use case, the default role assignments are those of the current user (that's good), but the current user must be someone who can access the explain roles tab, i.e., someone who can manage permissions. If a student is having problems, the teacher or admin must first research the student's role assignments in order to set up a scenario. This is tedious and error-prone. Possible solutions: (1) as you suggested, allow a user to be specified in the user in the interface (2) make this a user-level interface (i.e., one that anyone can use) (3) make a "debugging" version of explain.php a standalone script like texdebug.php. I see no risks in allowing any user to use such a script to get info about their own permissions.

Even though explain.php can simulate role assignments without storing them, it can not simulate overrides. The actual overrides are used. So these simulations are only partial simulations, making them somewhat harder to interpret and explain.

I don't like the capabilities menu. IMO a 200-item menu is actually less convenient than a text box. On the other hand, if you know the name of the capability, you can start typing and get the menu to complete for you, which is nice. Can you get text boxes to do that? I'm not an html programmer.

I don't like having the menu tell me what capabilities are and are not relevant! That's not the way the roles model works. In the model, you have permissions in a context whether they're relvant or not, and I may want to see them. For example, suppose I'm doing some "explaining" in a quiz context, I suddenly get the urge to investigate a permission that's relevant in a course context (e.g., moodle/course:view). Explain.php makes me go to the course context (click, click, click) to get the answer.

Most likely a bug: In a module context (e.g., quiz), I always get a pink box with an error message "The capability to explain is not relevant to this context" regardless of what capability I choose (e.g., mod/quiz:preview). This happens even after I attempted the Preview, in order to force loading of access data.