Environment:
Moodle 2.9.2 (Build: 20150914)
Server is CentOS 7
PHP 5.6
Background:
I've managed to get a multi-tier user setup working in Moodle. This was not a trivial nor fun task. I have relations of parent/child being added (mentees) via custom authentication plugins. However, these automatic assignments were just recently added. We have loads of accounts that do not have the proper connection of parent/child role, that I would like for our Support department to be able to handle. Currently the only process I can find to create this relation is via Site Administration > Users > (Find user -> Edit) > Preferences > Assign roles relative to this user. From here I can select my Parent role, and add the parent relation.
My testing:
- When logged in as a main site administrator, I can view mysite.com/user/profile.php?id=1444. On this page, on the right-hand side under Administration, there are two options: Preferences and Log in as.
- When logged in as a user with the support role, I can view mysite.com/user/profile.php?id=1444. On this page, on the right-hand side under Administration, there is only one option: Log in as.
- When logged in as a main site administrator, I can view mysite.com/user/preferences.php?userid=1444. On this page, in the middle under Roles, there is an option for Assign roles relative to this user.
- When logged in as a user with the support role, I can NOT view mysite.com/user/preferences.php?userid=1444. When I attempt to browse to this page (via manual URL input, due to no Preferences link on the user Edit page) I receive the error Cannot edit this user's preferences.
So, I assumed this was due to the user not having the roles. I dug through all of the roles, found and enabled the following ones:
- Assign roles to users
- Override permissions for others
- Review permissions for others
- Override safe permissions for others
- Switch to other roles
That had to do it, right? Nope. I can now assign roles via Site Administration > Users > Permissions > Assign system roles, however this does not allow me to browse to ... Edit User > Preferences > Assign roles relative to this user.
Now for the fun part:
- When logged in as a main site administrator, I can view mysite.com/admin/roles/assign.php?contextid=6045&userid=1444&courseid=1. This is the page that allows me to select the relative role to add.
- When logged in as a user with the support role, I can view mysite.com/admin/roles/assign.php?contextid=6045&userid=1444&courseid=1. This is the page that allows me to select the relative role to add. Again, I cannot find a way to browse to this page. I have to input the URL manually.
My findings:
So, after all of the above testing, I've found that my support user DOES have the proper permission to add the relative role assignment. What it doesn't have access to is browsing through the pages that the main administrator has access to. I believe this is due to some form of setting that's hindering the rendering of the Preferences link on the edit user page.
To this effect I have enabled most all permissions relating to users, and everything that seems like it could contribute to this issue. I found one setting I did not have actvated: Manage blocks on user profile of other users. Enabling this did just as I thought, by allowing me to "Customize this page" on the edit profile page, but doesn't enable the Preferences link.
I have identified why I get the error message when manually browsing to mysite.com/user/preferences.php. It is due the the following lines in the user/preferences.php file:
// Only administrators can access another user's preferences.
if (!$currentuser && !is_siteadmin($USER)) {
throw new moodle_exception('cannotedituserpreferences', 'error');
}So, it appears that accessing this page is intentionally limited to only full site administrators.
My questions:
- Is it safe to simply remove this block of code? I believe this should be my last resort.
- I believe I can modify this block to include an || is_supportuser($USER), however that is diving into modifying moodle source, which I'm trying to refrain from doing.
- Doing steps 1 or 2 does not resolve my issue of the Preferences link not showing on the edit user page.
- Is there another path I can take to get to the Assign roles relative to this user, from the Browse all users page?
- If step 4 is no, then I am at a loss. How can I go about getting the Preferences link to show, and allowing the intermediary page of /user/preferences.php to a user with a specific role?
Hopefully someone out there can offer some insight so I don't have to pull any more hair out!
