Enrolment, guest vs authenticated user, and forum permissions

Re: Enrolment, guest vs authenticated user, and forum permissions

by Colin Fraser -
Number of replies: 6
Picture of Documentation writers Picture of Testers

Joe, the Roles that are assigned to people are where security comes into the front. As I just learned the other day, you can create a different Role tht allows Users to a particular capability without compromising other Roles. You can assign that Role to any number of Users to complement their existing Role.

The issue I think I am seeing with your code hack might mean that as general applied code it compromises the security of all forums, not just the ones you want anyone to access. So be careful with that hack - check it to make sure it is not having an unexpected impact. 

Average of ratings: -
In reply to Colin Fraser

Re: Enrolment, guest vs authenticated user, and forum permissions

by Joe Amatrucola -

Hi Colin

Thanks for the thoughtful reply.  I'm witih you all the way.  I think, instead of saying that the code change "compromises the security of all forums," it might be better described as "affecting the security of all forums."  I believe that this code is probably "left over" from the days when Moodle did not have such an elegant, granular permissions system - at which point there probably were hard and fast rules dictating that only course enrolees could participate in forum discussions.

One other reason why I'd propose this as a bug is that, without *any* code changes, I can successfully assign all of the following forum permissions to a non-enrolee:

  • View Discussions
  • Start New Discussions
  • Edit any post
  • Delete any posts

It's just replying, it seems, that is explicitly prohibited in the code.  Seems a bit odd.  I think I'll post this as a bug.

Thanks
Joe

Average of ratings: -
In reply to Joe Amatrucola

Re: Enrolment, guest vs authenticated user, and forum permissions

by Joe Amatrucola -

This bug has been logged as MDL-37743

Average of ratings: Useful (4)
In reply to Joe Amatrucola

Re: Enrolment, guest vs authenticated user, and forum permissions

by Daniel Phillips -

Hi all,

we too are working through a similar issue as described by Gregor and Joe.  We wanted to create a general course that would act as a Student Intranet.

We found the Autoenrol plugin that will solve this issue for us without the need to adjust permissions see: https://moodle.org/plugins/view.php?plugin=enrol_autoenrol

What it does is add another enrolment plugin to the course(s) so that the user is automatically enrolled onto the course with a specified role (in our case Student role).  You can set the plugin to either enrol user when user logs onto Moodle, or when user accesses the course for the first time.

This does mean that the course is added to the users course lists (which we wanted to avoid having unecessary clutter), but it does mean users can participate in the activities within the course and to avoid messing with permissions and custom hacks.

Hope that helps.  It's a shame Moodle's permissions and capability settings can not already provide this functionality.

 

Average of ratings: -
In reply to Daniel Phillips

Re: Enrolment, guest vs authenticated user, and forum permissions

by Joe Amatrucola -

Thanks for the update, Dan.  I recognize and understand the workaround you've outlined.  I'm still hoping that we can get a little more support behind this issue, so that it gets recognized as a bug that requires fixing.  To all future readers, if you've found yourself here following the same trail as the rest of us who've posted, please vote for MDL-37743 in the bug tracker.

Average of ratings: -
In reply to Joe Amatrucola

Re: Enrolment, guest vs authenticated user, and forum permissions

by Sam Thing -

Voted for.

Average of ratings: -
In reply to Joe Amatrucola

Re: Enrolment, guest vs authenticated user, and forum permissions

by Bec Adamson -

+1 voted

thank you for logging this on tracker

Average of ratings: -