I am doing some work on roles and capabilities and noticed something odd to me. When going to Site Administration> Accounts > Permissions > Define Roles and then picking a role some of the capabilities for the Face-to-Face module appear under a Course heading and others appear under a Face-to-Face heading. In looking at the access.php file it appears that the context level for some of the capabilities is set to CONTEXT_COURSE while others are set to CONTEXT_MODULE. Is this by design or a bug?
I discovered this because no matter how I set the capability to view attendees and attendees lists students can still see the attendees list. This becomes a FERPA issue for us as the attendance lists also contain personal information.
I've just had a look at the roles code and I'm not sure why they're not all the same. It looks like a bug.
They should probably all be defined at CONTEXT_MODULE.
Feel free to change them and test it out. I can fix that once I has got a bit of testing.
I am also very interested to see (and hopefully merge in) the code that you come up with to hide the details of signed up students.
I am actually having some difficulty with this. I have made the change in the access.php file, but the contexts have already be created and are not changing in mdl_context. Changing those to be what they should be has done nothing. I think I am mising something or not understanding the mdl_context table completely.
In looking at the code behind it, if I set that capability to prevent in the role, then it should disallow them from viewing attendees. For a temporary fix, I have just commented out that code. Not very elegant but functional.
If I remove the Face-to_Face module does it remove the records from mdl_context as well?
I don't think mdl_context is relevant here.
Your reply was helpful.
I managed to add capability for modules by changing access.php and then changing the module version in version.php of same module.This worked on checking notification new entries were made to the mdl_capabilities table and mdl_role_capabilities table.
Now I want to add a site wide capability something like 'moodle/site: viewnewreports' . Similar capabilities are defined in lib/db/access.php.
Do we need to similarly change moodle/version.php ?
Most plugin types can have a db/access.php file, so if possible, put the capability definition in an appropriate plugin.
If there is not an appropriate plugin, you can probably use local/db/version.php. Read up on the 'local' folder, which is for miscellaneous custom hacks.
As part of my work I was adding Rating functionality for resources where Teachers/ Students can rate a resource similar to "glossary" rating. I wanted to add a new "capability" that allows this rating functionality for a new role or existing roles.
Since it modifies the course view page by adding a "rate" menu against each resource, I assumed its is similar to capabilities "moodle/course:manageactivity" which are shown under course context and defined at "lib/db/access.php".
All activities have "db/access.php" and "version.php" so adding new capability related to the plugin or existing moodle activities would require changing the db/access.php and tweaking the version number in version.php of respective actvity to make moodle update the Database.
If I am adding a capability like "moodle/course: ......" or "moodle/site: ..." which are defined under "lib/db/access.php" should we change the version number in version.php of moodle for this new capability to be written to Database?
It just felt inappropriate to change moodle version number.
I read discussion http://docs.moodle.org/en/Development:Local_customisation
about /local/plugin folder.
I am using moodle 1.9.9+. Should I create /local folder and define new capability in access.php inside it? Is it included for upgrade at regular times without changing a version number and then going to Notifications?
I have the exact question of Mayank Madhav. Could you please help me about how I can change capabilities defined in "lib/db/access.php"?
My second question is that whether there is a piece of code to use in upgrade.php when trying to change capabilities instead of following notifications. cause unfortunately my notifications often show nothing but a blank page .
I also have the same problem.
The capabilities dont seem to get picked up.
Don't add capabilities to lib/db/access.php. The only way to get Moodle to load them is to edit the main version.php, and that is a really bad idea.
If you need step-by-step instructions for this, I suggest you enrol yourself in the Moodle Development course at http://dev.moodle.org/. That gives you a nice, step-by-step tutorial on creating a Moodle block. Other types of Moodle plugin are similar. The bit about capabilties is http://dev.moodle.org/mod/resource/view.php?id=52, but you may want to start and the beginning of the course and work your way through.