Dataform (plugin)

View access - and the philosophy behind it

 
 
Picture of Paul K
View access - and the philosophy behind it
 

Hello,

I have a huge problem related with the view access functionality. Let me just describe you the scenario which I need to have in my dataform activity. I need to prepare some kind of application form for supervision of the academic papers. The are there major actors - students, professors and course managers. The students needs to have the access only into his/her own form (they should see the status of the application, who will supervise the paper etc). This is not a problem to implement.

Professors should be able to view only the applications which are addressed to them. In other words only applications in which they have been selected as preferred supervisors (there are more option, but let's stay with this one).

and course managers should be able to do everything within the course.

What I have done until now:

1. I have created three views (one for students, the second one for professors and the third one for managers)

2. I have created access rules for the Professors and Students,

The problem is that I'm not able to configure appropriate permissions for professor view and for the professor role. The professor role is a copy of the teacher role. I have tried almost everything to enable only the visibility of the professor view for the professors. It seems that the following capabilities must be activated to have the chance to see the view and be able to edit the records:

- capability: dataform:manageentries and

- capability: dataform: managefields

Nevertheless, then they are able to see also the major template for the course managers. I hope that this is clear enough to follow the problem....any suggestions.....I'm am clueless.

 
Average of ratings: -
Picture of Itamar Tzadok
Re: View access - and the philosophy behind it
Group Core developersGroup Documentation writersGroup Particularly helpful MoodlersGroup Plugin developers

This scenario seems to be more an issue of entry access than view access. Insofar as the professor and supervisee should be able to view the same content of the entry, they can access the same view. The point is to allow professors to view all and only their supervisees' entries.

So we need some sort of association between a supervisor and supervisees and this association can be done by means of an entry access rule for each supervisor. The approach would be to deny supervisors any entry viewing in the activity level and to re-grant it only for entries submitted by their supervisees by the rule filter criteria.

We need to distinguish two roles:

  • The role used for enrolling the supervisors in the course, say assistant (could be a standard role such as non-editing teacher).
    • Unset the default capabilities for any entries (view, add, update, delete etc.) either in the course or the activity level so that by default supervisors will not be able to view any entry (but their own).
  • A role for the supervision, say supervisor.
    • When you create this role tick 'Block' in the 'Context types where this role may be assigned' setting so that the role could be assigned in the rule context.
    • Set the default capabilities for any entries (view, add, update, delete etc.) to Allow.

Now for each supervisor:

  • Add an entry access rule.
  • Add to the rule a filter criterion to match only entries of the professor's supervisees.
    • Entries can be matched by the entry author name, username, id or idnumber. The matching element must be unique, typically, username, id or idnumber.
    • You can either add multiple OR criteria, one for each supervisee with element = value (e.g. username IS Equal johndoh),
    • or one AND criterion with element In value1,value2,value3,... (e.g. username IS In johndoh,janeduh)
  • Edit the rule's permissions, click Assign roles and assign the designated supervisor to the supervisor role.

This should do the trick.

Please allow a couple of days for releasing a certain related adjustment before trying.

hth smile

 

 
Average of ratings: -
Picture of Paul K
Re: View access - and the philosophy behind it
 

Dear Itamar,

thank you so much for this hint. I will try to implement this solution in the meantime. There is another bug connected with filter. I'm not able to delete already created filters. Furthermore if I'm trying to edit the existing filter, I'm getting in the filter namefield "New filter" name. It looks like the plugin tries to create a new filter, instead of updating the currently existing one.

Warm regards

Paul

 
Average of ratings: -
Picture of Itamar Tzadok
Re: View access - and the philosophy behind it
Group Core developersGroup Documentation writersGroup Particularly helpful MoodlersGroup Plugin developers

Yes, thank you! See CONTRIB-5044 and CONTRIB-5046. Should be fixed for the next mini release. smile

 
Average of ratings: -
Picture of Paul K
Re: View access - and the philosophy behind it
 

Great, very good news. Then I'm waiting for this mini release. I have tried to implement the scenario, which you have described, but without any success until know. I'm not able to configure the role in a way that the supervisor will be able to see also records submitted by the others. The permissions are given. I will check everything once again.

Have a nice weekend.

 
Average of ratings: -
Picture of Paul K
Re: View access - and the philosophy behind it
 

Dear Itamar,


I have installed the latest release, until know with some small exception (problems with deleting notification rule) everything works smoothly. Nevertheless I have stil a huge problem to realize the scenario described above. Let me just summarize everything quickly:

I have created two views, each with one filter to select only those records which are relevant for each supervisor. This works fine!

But, I have a problem with the visibility of the created views. Using the "View Access" function I have tried to configure the visibility for each view, so that the supervisor will be able to see only one view which is relevant for him. All other views should be hidden. This doesn't work, I have tried everything, but the views are visible on both profiles.

I have assigned locally certain persons for each rule in the view access section. All permissions either on the course and activity level are in my opinion correct. Are the any requirements to get the view access function to work i.e. the view needs to be hidden, or certain capability must be activated?

 
Average of ratings: -
Picture of Paul K
Re: View access - and the philosophy behind it
 

Hey I made it!! Finally....it works like a charm.

The roles needs to be assigned only locally for each block in which I need to have a certain capability and not in both places - in the course under the Users and in the block. Thanks....until the next questions from my side smile

 
Average of ratings: -
Picture of Itamar Tzadok
Re: View access - and the philosophy behind it
Group Core developersGroup Documentation writersGroup Particularly helpful MoodlersGroup Plugin developers

Glad to hear it works!!! cool

Btw, do you really need a separate view for each supervisor? If the only difference between supervisors is the subset of entries they are allowed to see, you can have one designated view for all supervisors, and Entry access rules, one for each supervisor, that apply to the designated view. Then for each supervisor, the same designated view will display only the entries that the Entry access rule for that supervisor matches.

smile

 
Average of ratings: -