Entries view without manageentries capability

Entries view without manageentries capability

by Paul K -
Number of replies: 9

Dear Itamar,


I'm trying to configure couple of views with filtered records in which I'm using the entry states fields. The records are filtered based on the entry access and entry views criteria. My problem is that I need to deactivate the manageentries capability on the course level to get the filters and entry access rules to work. Furthermore I need to use the entry states field whose transition rules will work only when the manageentries will be deactivated on the course level. However at the time when I will deactivate the manageentries capability on the course level I'm not able to see the records anymore. Do you have any suggestions?

Average of ratings: -
In reply to Paul K

Re: Entries view without manageentries capability

by Itamar Tzadok -

Can you describe the requirement use case (which actors and what they should be/not be able to see and do)?

Your current implementation approach may not be the most effective and so better start from the requirement to allow consideration of other approaches.

smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Entries view without manageentries capability

by Paul K -

This case is quite complex but I will try to describe it very shortly:

Actors:

Students - are able to submit the data using one type of view (only this view should be visible to them), everything else should be hidden

Professors - are able to see only selected records (based on filtered criteria). Each professor should be able to see only one view with filtered records. They should be able to change the entry state field with the following states (Submitted -> Approved -> Declined).

Manager - is able to see all records and change the data and entry states on all of them

I have created entry access rules and view access rules to control the visibility of each view. The rules are working fine, but only at the time when I give the manageentries capability on the course level to the authenticated users. However the manageentries capability impacts the transition rules of the entry state field. In other words the professors are able to change between all states.


What I want to achieve is to have active transition rules for the professors and managers together with working rules for views and entry access rules.



Average of ratings: -
In reply to Paul K

Re: Entries view without manageentries capability

by Itamar Tzadok -

How many professor views do you have? One view should be sufficient.

How did you set the permissions in the access rules? The key permission is "update others' entries".  For professors this permission should be unset in the system level and allowed in their access rule.

smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Entries view without manageentries capability

by Paul K -

Hi Itamar,


you mean the mod/dataform:entryanyupdate should be enabled in the entry access rule and view access rule? Well it was already enabled but it still doesn't work at all without enabling the manageentries capability. I have of course deactivated the capability on the system level and activated for the professor role. The fact is that I'm not able to see the records without enabling the manageentries capability for a certain role.

Average of ratings: -
In reply to Paul K

Re: Entries view without manageentries capability

by Itamar Tzadok -

Can you attach screenshots of the dataform permissions for the professor role in the system, activity and access rule levels? smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Entries view without manageentries capability

by Paul K -

Sure, please find enclosed the screenschots made for the professor role on the system, activity and entry access and view access level.

I will save it in two posts due to restriction to attach only two files to one post.

Attachment 2014-06-26_08_System and course_level_rules1.png
Attachment 2014-06-26_08_System_and course_level_rules2.png
Average of ratings: -
In reply to Paul K

Re: Entries view without manageentries capability

by Paul K -

and here is the Professor view access rule and Professor view entry rule.

Attachment 2014-06-26_08_Professor_View_entry_access_rule.png
Attachment 2014-06-26_08h10_Professor_View_view_access_rule.png
Average of ratings: -
In reply to Paul K

Re: Entries view without manageentries capability

by Itamar Tzadok -

I presume you are using the 'Separate participants' setting of the activity. If that's the case, then indeed the supervisor is not likely to see anything because this setting can be overridden only by the manageentries capability. Fortunately, the Dataform is flexible enough to allow separate participants be means of permissions rather than this setting.

Here is a working test-case of individualized activity with supervisors. It uses a designated role for the supervisor, but the effect could be achieved with standard roles although this may require more permission adjustments.

The test-case starts with Course 1, Test Dataform activity in Course 1, a teacher and 3 students enrolled in the course. It creates a simple activity with 1 view and 1 field and adds 3 entries, one for each student.

See if this clarifies the set up. smile



        Given I start afresh with dataform "Test Dataform"

        And the following dataform "fields" exist:
            | type  | dataform  | name        |
            | text  | dataform1 | Field Text  |

        And the following dataform "views" exist:
            | type      | dataform  | name    | default |
            | aligned   | dataform1 | View 01 | 1        |

        And the following dataform "entries" exist:
            | dataform  | user          | group | timecreated   | timemodified  | Field Text                |
            | dataform1 | student1      |       |               |               | 1 Entry by Student 01     |
            | dataform1 | student2      |       |               |               | 2 Entry by Student 02     |
            | dataform1 | student3      |       |               |               | 3 Entry by Student 03     |


        # Make the activity separate participants
        # by denying students the view any entry permission
        # in the activity level
        
        And the following "permission overrides" exist:
            | capability                    | permission    | role           | contextlevel    | reference |
            | mod/dataform:entryanyview        | Prohibit       | student        | Activity module | dataform1 |
            | mod/dataform:entryanyexport   | Prohibit       | student        | Activity module | dataform1 |

        # Add Supervisor user

        And the following "users" exist:
            | username        | firstname        | lastname  | email                    |
            | supervisor1    | Supervisor    | 1         | supervisor1@asd.com    |


        # Add a Supervisor role based on the guest role

        And the following "roles" exist:
            | shortname     | name          | description | archetype   |
            | supervisor    | Supervisor    |             | guest        |


        # Adjust the Supervisor role

        Then I log in as "admin"
        And I navigate to "Define roles" node in "Site administration > Users > Permissions"
        And I follow "Supervisor"
        And I press "Edit"

        # Make the supervisor role assignable in course, activity and block.

        And I set the field "contextlevel50" to "1"
        And I set the field "contextlevel70" to "1"
        And I set the field "contextlevel80" to "1"

        # Deny viewing others' entries in the Dataform

        And I set the field "mod/dataform:entryanyview" to "0"

        And I press "Save changes"

        # Enrol Supervisor 1 in the course as supervisor

        And the following "course enrolments" exist:
            | user            | course | role            |
            | supervisor1    | C1     | supervisor   |


        # Now we add supervision.

        Then I follow "Home"
        And I follow "Course 1"
        And I follow "Test Dataform"

        # Add entry access rule with filter to match entries of student 1
        #------------------------------------
        Then I follow "Manage"
        And I follow "Access"
        And I follow "id_add_entry_access_rule"
        And I follow "id_editaccessentry1"
        And I set the field "Name" to "Supervisor 1 supervisees"
        And I set the field "Enabled" to "No"
        And I set search criterion "1" to "AND" "User username" "" "Equal" "student1"
        And I press "Save changes"

        # Grant permissions on others' entries in the access rule block context.
        #------------------------------------
        Then I follow "id_editpermaccessentry1"
        And I set the field "Advanced role override" to "Supervisor (0)"
        And I click on "Allow" "radio" in the "mod/dataform:entryanyview" "table_row"
        And I click on "Allow" "radio" in the "mod/dataform:entryanyupdate" "table_row"
        And I press "Save changes"

        # Assign Supervisor 1 to the access rule.
        #------------------------------------
        And I navigate to "Assign roles" node in "Block: Dataform access-entry"
        And I follow "Supervisor"
        And I set the field "Potential users" to "Supervisor 1 (supervisor1@asd.com)"
        And I press "Add"

        And I log out

        # Activity browsing
        #================

        # At this point each student can see only his/her entries
        # and supervisors cannot see any student entry

        # Student 1 can see only own entries
        #------------------------------------
        When I log in as "student1"
        And I follow "Course 1"
        And I follow "Test Dataform"
        Then I see "1 Entry by Student 01"
        And I do not see "2 Entry by Student 02"
        And I do not see "3 Entry by Student 03"

        And I log out

        # Supervisor 1 can not see any student entries
        #------------------------------------
        When I log in as "supervisor1"
        And I follow "Course 1"
        And I follow "Test Dataform"
        Then I do not see "1 Entry by Student 01"
        And I do not see "2 Entry by Student 02"
        And I do not see "3 Entry by Student 03"

        And I log out

        # Activity setup
        #================
        Then I log in as "teacher1"
        And I follow "Course 1"
        And I follow "Test Dataform"

        # Enable the access rule
        #------------------------------------
        Then I follow "Manage"
        And I follow "Access"
        And I follow "id_showhideaccessentry1"

        And I log out

        # Activity browsing
        #================

        # Supervisor 1 can now see all and only entries by student 1.

        When I log in as "supervisor1"
        And I follow "Course 1"
        And I follow "Test Dataform"
        Then I see "1 Entry by Student 01"
        And I do not see "2 Entry by Student 02"
        And I do not see "3 Entry by Student 03"

        And I log out
Average of ratings: -
In reply to Itamar Tzadok

Re: Entries view without manageentries capability

by Paul K -

Hi Itamar,

first of all thank you for this extraordinary support. It clarifies a lot about the configuration. Indeed I had enabled the "Separate participants" option in the configuration of my dataform activity. After disabling it, it was possible to configure the permissions in such a way, that the records can be updated without giving the manageentries capability. Once again thanks for your help. By the way.

When you expect to release the next dataform plugin version?

Warm regards

Pawel

Average of ratings: -