How permissions are calculated?

How permissions are calculated?

by Alberto Berarducci -
Number of replies: 3

Hi all,

I'm a little confused about the issue in the subject.
I've a problem assigning different roles in different context levels to the same user.

I work in a moodle 2.4.5.
In practice, the USER1 has the following role assignments:

Teacher in Course:COURSE1
Manager in System
Authenticated user in System

I apply the following changes to the roles:

Manager
Role1 = allow
Role2 = prevent

Teacher
Role1 = prevent
Role2 = allow

Result, if I check premissions (and in practice too) at the COURSE1 level the USER1 has:
Role1 = allow
Role2 = allow

There aren't any permission overrides.

So I checked the online moodle documentation and I read these pages:
http://docs.moodle.org/24/en/Override_permissions
http://docs.moodle.org/20/en/How_permissions_are_calculated

If I understand correctly the links above, I would expect these result:
Role1 = prevent
Role2 = allow

Why I don't get the same result?
I'd like not using prohibit permission to solve this issue.

Thank you very much
Alberto

Average of ratings: -
In reply to Alberto Berarducci

Re: How permissions are calculated?

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

http://docs.moodle.org/20/en/How_permissions_are_calculated does not apply since Moodle 2.0. That page was only accurate for Moodle up to 1.9.x.

The best up-to-date summary I know of how it works is Section 3.2 of http://www.aosabook.org/en/moodle.html. Note that was written for an audince of developers, but is should be comprehensible.

In the above, where you say "Role1", preasumably you mean "Capability1".

We might be able to advise better if you tell is which capabilities you are interested in.

Average of ratings: Useful (1)
In reply to Tim Hunt

Re: How permissions are calculated?

by Alberto Berarducci -

Thank you very much Tim.

I'm a developer too. Please override ROLE1 and ROLE2 with CAPABILITY1 and CAPABILITY2 in my first post ;)

I had the problem in some capabilities of a my own activity, so at the beginning I thought it was a my mistake in the code, but testing other capabilities of some standard activities, I got the same behaviour.

Comparing it with moodle 1.9, it was strange for me.

But at that moment it was important for me to understand if I have to consider that behaviour a bug or not.

Thank you again

Alberto

 

 

Average of ratings: -
In reply to Alberto Berarducci

Re: How permissions are calculated?

by Robert Brenstein -
What is important to understand is that capabilities are assigned within the definition of a role. However, roles are assigned for a specific context. For example, if a given user has the "manager" role at the system level, that role will stay defined for all contexts that are in the context tree below (in other words system-level roles normally apply anywhere). If a given user is assigned, for example, the "teacher" role in the context of a course, that is defined only within that course. The effective capabilities of doing something are a sort of bitwise sum through all roles active for user in a given context, including inheritance and overwrites at each level (unfortunately, the page describing this is removed from docs How_permissions_are_calculated).
Average of ratings: -