How to manage system_context level capabilities for course level assigned users?

How to manage system_context level capabilities for course level assigned users?

by anna ko -
Number of replies: 7

Hello all,

i hope you could clarify this issue for me...

As far, as i understood the Roles arch, there is a set of capabilites (about 30) that only exists at the SYSTEM_CONTEXT level. If a user assigned to his role at a course level, he gets those capabilities from Authenticated User.

That means that users with different roles, assigned at the course level, will always have the same values for the capabilities which exists at the SYSTEM_CONTEXT level.

!?

..it doesn't make any sense or i guess i miss something here..?

Average of ratings: -
In reply to anna ko

Re: How to manage SYSTEM_CONTEXT level capabilities for course level assigned users?

by anna ko -

Capabilities guru? Martin Dougiamas?? Anyone???

plz help..

Average of ratings: -
In reply to anna ko

Re: How to manage system_context level capabilities for course level assigned users?

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

What you have described is accurate, and it does make sense.

Average of ratings: -
In reply to Tim Hunt

Re: How to manage system_context level capabilities for course level assigned users?

by anna ko -

Oh, Tim, first thanks a lot for answering, i've been so lonely with my wondering : ))

OK.. then i'll try to explain why it doesn't make sense to me..

let's look at the moodle/blog:create capability

it's set to "NOT SET" for the Authenticated User

now i have 2 different roles assigned at the COURSE level: student & viewer

in this situation, how can deffine users with student role to be able to create blog enteries and viewer - not to??

Average of ratings: -
In reply to anna ko

Re: How to manage system_context level capabilities for course level assigned users?

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

You can't. What do you do about a user who is a student in one course, and a viewer in another?

What you can do is create a new role 'Blogger' that sets moodle/blog:create to Allow, and then assign that role at system level to users who you want to be able to blog.

You could then try to automate that with a script that searches for all users who have the Student role in any course, and automatically assigns them the Blogger roles, but that would take a small amount of PHP coding.

Average of ratings: -
In reply to Tim Hunt

Re: How to manage system_context level capabilities for course level assigned users?

by anna ko -

hm.. in other words:

to allow a flexebility (possibility for different deffinitions) regarding list (about 30) capabilities for users that assigned at the course level, those users have to be also assigned at the system level to a special, defined for this only purpose role.

..that's what i ment regarding the sense

Average of ratings: -
In reply to anna ko

Re: How to manage system_context level capabilities for course level assigned users?

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

I would not put it like that.

You mean that the system does not work the way you were expecting before you knew anything about it. I am saying that the way the system works is entirely logical. It cannot do what you want for very good reasons (basically performance). This diagram may help explain the logic of how it works.

Diagram showing how roles flow down the contexts

It is like the fact that if you have HTML like

<div class="system">
  <div class="category1">
    <div class="course1">
    </div>
  </div>
  <div class="user-fred">
    Blog
  </div>
</div>

Then there is no way to affect the background-colour of the Blog using a style rule where the selector is .course1 using CSS. It would be possible using XSLT or JavaScript, but that would by much, much slower.

Average of ratings: -
In reply to Tim Hunt

Re: How to manage system_context level capabilities for course level assigned users?

by anna ko -

Tim,

thank you for the diagram, it's great!!

 

..ok., then

if by my system's design - all users defined for some course, will have it's own capabilities regarding all other parts of the system,

at the implementation level - those users should be assigned at the system_level?

(i've got your point with the  performance issue, but guess on the other hand is security issues..? ..or not)

..i think the only thing i might expect regarding the system is to understand it smile

 

Regards,

and thanks again

Average of ratings: -