Problem: We used to restrict anyone in a Teacher role from adding someone else as a Teacher. Because there were many requests from Teachers to add other Teachers, we changed to allow them to do it themselves. The problem is that, because we have Moodle course shells for STUDENT teachers (learning to teach in Moodle, but not in our employ), some Teachers were adding their student teachers as Teachers. I recently realized that this leads to some privacy issues (they can see email addresses and student numbers of anyone while doing a search, which is a setting I want to KEEP for real teachers). I've now created a STUDENT TEACHER role, and removed the rights to see private information. However, I would like to be able to prevent Teachers from enrolling students with the Teacher role. Yes, I want to have my cake and eat it too.
I'm wondering if there's any brilliant way of restricting who can be assigned a role. For example, prevent anyone with "student" in their email address from being assigned to a teacher role. (our emails are now in the format: email@example.com or firstname.lastname@example.org.)