Forum

 
 
moi!!! it is what is is...
Re: Enrolment, guest vs authenticated user, and forum permissions
Group Documentation writersGroup Particularly helpful Moodlers

Joe, the Roles that are assigned to people are where security comes into the front. As I just learned the other day, you can create a different Role tht allows Users to a particular capability without compromising other Roles. You can assign that Role to any number of Users to complement their existing Role.

The issue I think I am seeing with your code hack might mean that as general applied code it compromises the security of all forums, not just the ones you want anyone to access. So be careful with that hack - check it to make sure it is not having an unexpected impact. 

 
Average of ratings: -
Picture of Joe Amatrucola
Re: Enrolment, guest vs authenticated user, and forum permissions
 

Hi Colin

Thanks for the thoughtful reply.  I'm witih you all the way.  I think, instead of saying that the code change "compromises the security of all forums," it might be better described as "affecting the security of all forums."  I believe that this code is probably "left over" from the days when Moodle did not have such an elegant, granular permissions system - at which point there probably were hard and fast rules dictating that only course enrolees could participate in forum discussions.

One other reason why I'd propose this as a bug is that, without *any* code changes, I can successfully assign all of the following forum permissions to a non-enrolee:

  • View Discussions
  • Start New Discussions
  • Edit any post
  • Delete any posts

It's just replying, it seems, that is explicitly prohibited in the code.  Seems a bit odd.  I think I'll post this as a bug.

Thanks
Joe

 
Average of ratings: -
Picture of Joe Amatrucola
Re: Enrolment, guest vs authenticated user, and forum permissions
 

This bug has been logged as MDL-37743

 
Average of ratings:Useful (3)
Daniel Phillips
Re: Enrolment, guest vs authenticated user, and forum permissions
 

Hi all,

we too are working through a similar issue as described by Gregor and Joe.  We wanted to create a general course that would act as a Student Intranet.

We found the Autoenrol plugin that will solve this issue for us without the need to adjust permissions see: https://moodle.org/plugins/view.php?plugin=enrol_autoenrol

What it does is add another enrolment plugin to the course(s) so that the user is automatically enrolled onto the course with a specified role (in our case Student role).  You can set the plugin to either enrol user when user logs onto Moodle, or when user accesses the course for the first time.

This does mean that the course is added to the users course lists (which we wanted to avoid having unecessary clutter), but it does mean users can participate in the activities within the course and to avoid messing with permissions and custom hacks.

Hope that helps.  It's a shame Moodle's permissions and capability settings can not already provide this functionality.

 

 
Average of ratings: -
Picture of Joe Amatrucola
Re: Enrolment, guest vs authenticated user, and forum permissions
 

Thanks for the update, Dan.  I recognize and understand the workaround you've outlined.  I'm still hoping that we can get a little more support behind this issue, so that it gets recognized as a bug that requires fixing.  To all future readers, if you've found yourself here following the same trail as the rest of us who've posted, please vote for MDL-37743 in the bug tracker.

 
Average of ratings: -
Also me
Re: Enrolment, guest vs authenticated user, and forum permissions
 

Voted for.

 
Average of ratings: -
Picture of Bec Adamson
Re: Enrolment, guest vs authenticated user, and forum permissions
 

+1 voted

thank you for logging this on tracker

 
Average of ratings: -