Dataform field access

Dataform field access

by Itamar Tzadok -
Number of replies: 11

Dataform 2.8 and 2.7.3 allow us to set role based access rules on field view and update. The capabilities are based on the entry capabilities and so you can have different field access settings for the different types of entries (own, group, any, anonymous, early, late).

The feature requires the block_dataformaccessfield plugin. The plugin is available from git at https://github.com/itamart/moodle-block_dataformaccessfield. It is awaiting approval in the Moodle plugin repo and should be available from there soon.

The field access rule can be assigned to all or some of the fields in the activity. It can also be assigned to particular entries by selecting a filter or specifying search criteria. The filter is effectively a way to assign the rule to a field based on the content of that field or some other fields. For instance, we can prevent further updates of a particular field if the entry state has changed to some state by setting a search criterion which will find all entries with that entry state.

An interesting application of the field access rule is the ability to make some fields available to some users but not to others. For instance, we can create a Dataform assignment activity where students submit some work (online text, file upload etc.) and two (or more) graders evaluate the work and assign marks on several aspects as in a rubric. We can add field access rules to prevent the graders from updating the submission fields, and prevent students from updating the evaluation fields. If we want each grader to see only his/her evaluation so as not to be influenced by the other evaluations, we can add field rules to that effect. We can also allow the students to enter their self-assessment on the evaluated aspects. This could allow students to rethink their work before submission. After submission they would be able to compare their self-assessment with the graders evaluation.

All that works together with the Dataform grading to the effect that multiple evaluations can be aggregated via a formula calculation and sent to the gradebook.

Examples and demonstrations underway. Please give it a try and share your experience. smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Dataform field access

by Noah Freedman -

We are trying to apply role based access rules on field view and update.  We have set up field access rules that claim to select particular fields in particular views, using filters keyed to entry states.  A similar approach restricting access to entire entries seems to be working well.

However, we can't work out how to prevent a specific role or roles from editing or seeing a specific field.  We have looked at, and changed, the permissions list associated with the field access rule, but it seems to have no effect.

Would you please explain how, for instance, to prevent a particular role from editing a particular field?

We are using Dataform 2.8.5.

Thanks!!

Average of ratings: -
In reply to Noah Freedman

Re: Dataform field access

by Itamar Tzadok -

Which permissions have you tried? smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Dataform field access

by Noah Freedman -

"Own entry - update", "own entry - view", "any entry - update", "any entry - view".  We have ignored 'anonymous' and 'group'.

We couldn't find any permission relating to fields rather than entries.

While we are 'talking', we seem to be having trouble allowing teachers (editing or non-editing) to see entries created by their students.  We have set up groups, and set the dataform activity to "separate participants - yes" and "separate groups", but either the teacher sees no entries at all or, if we change the permission of 'manageentries' to "Allow", then the teacher sees all entries from all groups.  This functionality has worked in previous versions.  We use it a lot!

Any help would be welcome.  Thanks.

Average of ratings: -
In reply to Noah Freedman

Re: Dataform field access

by Noah Freedman -

Having reviewed our systems based on earlier versions, I have realised that the ability to restrict access by non-editing teachers to student entries based on group membership or mentor relationship is provided by changes we ourselves made to your code -- it is not provided by Dataform 'out of the box'. We'll have to work out how to reapply that facility to 2.8.5 by ourselves. Sorry to waste your time with such a 'red herring'.

However, we still would very much like to know how to apply role-based restrictions to specific fields -- primarily, but not only, text area fields.


Average of ratings: -
In reply to Noah Freedman

Re: Dataform field access

by Itamar Tzadok -

You can add any useful functionality that is currently out of the Dataform box to the wish list in the Set: Dataform component tracker.

As for the the field access rule, can you offer a clear simple scenario to test? There are currently no tests for the component other than basic rule add, update, delete.

smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Dataform field access

by Noah Freedman -

SImple scenario:

Dataform set to 'separate participants - yes'.  Each entry contains 3 text fields.  The first to be completed by a student, the second by a teacher and the third by a supervisor or manager.

The entry states are 'student', 'teacher', 'manager' and 'done'.  Transitions are set up to allow student<->teacher, teacher<-->manager, manager-->done.

All fields should be readable by all roles.  Student field should be writable only by student, teacher field only by teacher and manager field only by manager.  This is the part that we can't get to work.  We have created field access rules using filters and specifying views and fields, but we can't get any field restriction actually to function.  Everyone can edit any field!

Average of ratings: -
In reply to Noah Freedman

Re: Dataform field access

by Itamar Tzadok -

If you lock the field, any user will require the manageentries capability to be able to edit its content. The trick is to prevent the capability from the role in the activity context, if the role has it, and then allow it to the role in the rule's context, and apply the rule to the desired fields. hth smile

Average of ratings: -
In reply to Itamar Tzadok

Re: Dataform field access

by Noah Freedman -

Ahah -- I should have thought of that!

However, one slight problem remains to implementation.  The capability manageentries does not appear in the list displayed by 'Permissions in block: Dataform access-field'.  How can we get hold of it to allow it in the rule's context?

We thought of using 'Role override', but that seems to work only for named users, not for roles.

Thanks

Attachment Screen Shot 2015-05-14 at 09.54.21.JPG
Average of ratings: -
In reply to Itamar Tzadok

Re: Dataform field access

by Noah Freedman -

OK, so we modified block_dataformaccessfield.php to include the manageentries capability by adding a line into the $capabilities array.  The capability then appeared in Permissions in Block: Dataform access-field.  See attached.

We then allowed that capability for a specific role, associated with a rule for one (locked) field in all views.

However, when a user with that role tries to edit an entry, the field is not editable.

What have we missed?

Attachment Screen Shot 2015-05-15 at 08.54.37.JPG
Average of ratings: -
In reply to Itamar Tzadok

Re: Dataform field access

by Noah Freedman -

Itamar

We seem to have tripped over this again (running with Moodle 2.9 and Dataform 2015051100/2.9.

We can activate Field Access rules, and they do what we need, so long as we don't use a Filter.  The permissions enable or disable field visibility and update.

What we want to do is apply the filter to activate only in certain Entry States.  However, it doesn't trigger.

We have tried setting the filter to the state option name (e.g. "Submitted") and the state value (e.g. "2").  We have tried "equal", "contains", "in".  However, we can't get any response.

Please help!

(By the way, the problem with your previous answer is still that the manageentries capability is not visible within the Access block permissions)

Average of ratings: -