Locking down profile fields

Locking down profile fields

by Melissa Grill -
Number of replies: 8

We recently upgraded from Moodle 2.5 to Moodle 2.7.  In the earlier version, locking the first name, last name and email address prevented students from editing those fields.  However, after upgrading to version 2.7, we found that students and faculty are able to edit those fields, even though the three fields are locked under Manual Accounts > Locked user fields. 

As the Moodle System Administrator, I manually upload users via Users > Accounts > Upload users.  To further clarify, the one file used to upload users simultaneously enrolls them in the appropriate course.  My understanding under these circumstances is that the locked fields should be working, but they aren't.

I have researched this issue for days, and seen suggestions for commenting out lines in the edit.php file, but am unsure which lines, or if this will work in 2.7.  I even checked the mdl_config_plugins table to confirm that the auth/manual values for those three fields state 'locked'.  It does. 

Can anyone please provide further insight into how I can prevent students and faculty from changing their profiles' firstname, lastname, and email address?

Thank you,
Melissa
Average of ratings: -
In reply to Melissa Grill

Re: Locking down profile fields

by Christian Herman -

Have you checked the moodle/user:update capability?  If allowed, users ignore field locks.  The capabilities moodle/user:editprofile and moodle/user:editownprofile still allow for profile editing but obey field locks.

Average of ratings: Useful (2)
In reply to Christian Herman

Re: Locking down profile fields

by Melissa Grill -

Hello Christian,

Currently, 'Authenticated user' permissions are as follows:

moodle/user:update = Not set

moodle/user:editprofile = Not set

moodle/user:editownprofile = Allowed

I tried unlocking the fields under Manual Authentication, purging all caches, and re-locking the first name, last name, and email address.  Still no luck.

Why locking fields in version 2.5 prevented users from editing these three fields, but is not in 2.7, is baffling.  I am open to any other suggestions.

Thanks,
Melissa

Average of ratings: -
In reply to Melissa Grill

Re: Locking down profile fields

by Eulino Netto -

Hello Melissa,

I have the same problem as you. 

I searched for a solution but have not found. 

Have you got any solution?

Best regards

Eulino Netto

Average of ratings: -
In reply to Eulino Netto

Re: Locking down profile fields

by Melissa Grill -

Hello Eulino,

No, I have not found a solution for this problem.  I even reinstalled Moodle 2.5 on a server to confirm those three edit profile fields did lock.  And, yes they did. 

Using Firebug/Inspector on the Edit profile screen, I noticed that the php code in version 2.5 displayed  "Read only" within the firstname, lastname, and email lines.  Version 2.7 did not have the 'Read only' attribute.  Somewhere in the version 2.7 php code it is not recognizing the locked fields.

I sure hope one of the Moodle gurus can help us resolve this soon.

Kind regards,

Melissa

Average of ratings: -
In reply to Melissa Grill

Re: Locking down profile fields

by Doug Moody -

Melissa and others,

I just upgraded to 2.7 and noticed that I also cannot lock specific fields for users in their profiles.

Has anyone found a fix for this? It is a bug in 2.7 and needs urgent fixing - in my opinion. IN the meantime, I would settle for a workaround.

Average of ratings: -