I feel we need to make some redical changes in handling of uploaded files (file.php).
Current problems:
- course data and module data are mixed
- missing access rights - students can guess filenames and access files in data directory
- backup does not relink shared files between courses
- no place to store user data - student portfolios, etc.
I propose to add modfile.php
and userfile.php
. The fuction of the invidual scripts would be:
- file.php
- Proper DMS with access rights (user, group, time, ...). Teachers have administrative access and decide who can read/write. Data location
$CFG->dataroot.'/coursedata/coursenumber/'
. It could be linked by course number or course IDnumber (alternative linking preserved between courses during backup/restore). - modfile.php
- Module data, links generated by module code only. Only admins can browse directories. Access rights defined by modules in function
xxxx_modfile_check()
fromxxx/lib.php
. Data location$CFG->dataroot.'/moddata/moduleinstancenumber/'
. - userfile.php
- Storage area for user portfolios, user shared files. There are already several hacks that could use it. The main benefit would be better integration of third party extensions in the future. It will take some time before DMS is introduced into
file.php
.
I think that the transion would be quite fast & painless and it could solve many future/present problems. I wanted to keep this post short, but I am already working on a longer PDF document, let me know if you like this idea
skodak