Controlling access to courses based upon enrolment method

Controlling access to courses based upon enrolment method

by Jason Hollowell -
Number of replies: 6
Picture of Particularly helpful Moodlers

Hello,

I've been wracking my brain with the following issue for several days now with no success so I'm posting a call for help here. smile Ideas, suggestions, etc. will be most appreciated. (Note - I posted a message in the developer's forum (here: https://moodle.org/mod/forum/discuss.php?d=372241#p1500903) with a request for help with what I thought might be a solution (at least a temporary one) but haven't made much progress there.

So, here goes:  I maintain a Moodle site that primarily serves students of a university. Accounts are created automatically via LDAP synchronization. We want to open the email based authentication method for prospective students in order to give them access to a limited set of 'sample' courses. At the same time, we don't want those users to be able to access other courses on the site. This is not a problem for:

a. courses that do not have self-enrollment turned on

b. courses that use self-enrollment in conjunction with a password

However, we do have some courses that allow self-enrollment and do not require the use of a password. Additionally, it is not practical for us to change that setup (i.e. require a password for all self-enrollment courses).

My initial idea was:

1. To have all 'regular' students into a cohort called 'student'

2. To have all email based accounts in a cohort called 'guests'

and then to use the course setting that permits only members of a specific cohort to enroll.

I would like to have this all happen automatically so I thought I would create a trigger in the database (see my developer forum post linked above) that automatically assigned LDAP authenticated users to the 'student' group and 'email' authenticated users to the 'guest' group each time a new record is added to mdl_user. I'm not having much luck and it has been pointed out that this is not the best method. I do understand it is not ideal but, given time restrictions and a limited skill set, it is/what I pursued initially.

I've toyed with the admin tools (profilecohort sync, and cohortrole sync) thinking I could modify one of them...to no avail. 

I'm curious if anyone has any creative ideas that I may have overlooked for accomplishing my goal of limiting access to course sets (one set = general student, another set = guests). Also, guest access is not a practical option as there are quizzes etc. in the so-called 'guest' courses that require permissions above that of guest user).

Thanks in advance for any help or ideas that can be provided.

Regards

Jason

Average of ratings: -
In reply to Jason Hollowell

Re: Controlling access to courses based upon enrolment method

by Dan Marsden -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators
I just replied to your other post too - have you looked at:

https://moodle.org/plugins/auth_mcae

or this one might do it too:

https://moodle.org/plugins/local_profilecohort


The top one definitely allows you to look at the "auth" field and create cohorts based on the value there - I'm not sure about the 2nd one though. Auth_mcae shouldn't really be an "auth" plugin though - eventually I'll probably change it to a "tool" plugin.


Average of ratings: -
In reply to Dan Marsden

Re: Controlling access to courses based upon enrolment method

by Jason Hollowell -
Picture of Particularly helpful Moodlers

Dan,

Thank you very much for the reply. I will give auth_mcae a try. I had looked at it but was a bit confused about how to set it up to accomplish my goal. I'll spend a bit more time with it and see if I can get it to work.

I did try to use the profilecohort tool but wasn't having any success modifying the code to achieve what I wanted. The level of abstractness in that particular one is impressive and, sadly, beyond my skill level. 

Regards

Jason

Average of ratings: -
In reply to Dan Marsden

Re: Controlling access to courses based upon enrolment method

by Jason Hollowell -
Picture of Particularly helpful Moodlers

Dan,

Thanks again...I'm making some progress with the auth_mcae enrollment method but am having difficulty setting it up to function as desired.

The documentation doesn't provide examples that match what I am trying to accomplish so I probably have incorrect syntax...

I have the following in the main template area:

Guest {{auth|email}}

The goal here is to have all users with email based authentication to be added to the "Guest" cohort. 

In the "Ignore users" area I also have:

{{auth|manual}}

{{auth|ldap}}

but these don't seem to be working. For example, when I login as admin, my account gets added to the "Guest" cohort. When I log in with a test account that has the auth field set to 'manual' that user also gets added to the "Guest" cohort...

Right now it is adding everyone to the Guest cohort...I must be missing something. Any advice you can provide will be most appreciated.

Regards

Jason

P.S. I am currently working on a test server (MAMP) and have tried all delimiter options but get the exact same behavior from each.

Average of ratings: -
In reply to Jason Hollowell

Re: Controlling access to courses based upon enrolment method

by Lexy Walker -
Picture of Core developers Picture of Particularly helpful Moodlers

Sometimes, the simplest solution is the best.

Have you thought about just having a separate Moodle site for guest courses? That way you keep your main site LDAP/current students only, and have a separate site people can sign up to for taster courses.

I'm pretty sure we have a separate Moodle somewhere for exactly this reason.

Also, be aware that if you enable email-based self registration, you will be bombarded with automated spam-bot accounts.

Average of ratings: -
In reply to Lexy Walker

Re: Controlling access to courses based upon enrolment method

by Jason Hollowell -
Picture of Particularly helpful Moodlers

Lexy,

Thanks but, unfortunately, in this case creating another Moodle site is not the simplest solution. There is a desire to have the courses that are to be accessed by email-based self registrants on the 'main' site. In theory, the solution I am attempting to make work, is really not all that complicated....but trying to get there is at least partially contradicting that statement. smile

With the mcae enrollment plugin, introduced by Dan here, I'm 90% to where I need to be....and once I work out the syntax I should be there entirely.

Regarding spam-bot accounts, I enabled reCapthca (and also patched my version of Moodle to bring it up to date with v2 of reCaptcha) so I've reduced greatly the number of 'junk' accounts that will be created on the site. There'll no doubt but a few random erroneous accounts created by people who have nothing better to do with their time but they'll find nothing fun and interesting so I'm not too worried. smile

Thanks again 

Jason

Average of ratings: -
In reply to Jason Hollowell

Re: Controlling access to courses based upon enrolment method

by Jason Hollowell -
Picture of Particularly helpful Moodlers

Dan, all,

I am answering my inquiry here to (a.) inform you that I have almost figured out the correct setup and (b.) to document the process here in case others may be having similar difficulties.

The following are my current settings:

In "Main Template" I have:

{{auth}}

In "Replace array" I have:

email|Guest

manual|Student

This creates a unique cohort for each enrollment method and renames the "email" cohort to "Guest" and the "manual" cohort to "Student".

Then in "Ignore users" I have:

admin, manager

All other roles will be added to a cohort.

I was planning to add the following to "Replace array" on my live site:

ldap|Student

and hoped that there would be no problem with renaming two groups with the same name...but...I tried this, for experimental purposes with:

email|Guest

manual|Guest

and, unfortunately, discovered that two cohorts named "Guest" are created. sad I'm looking in the following area (code snippet from auth.php below) to see why the plugin is creating another Cohort when one with the same name already exists but can't quite figure it out...

$cid = array_search($cohortname, $cohortslist);

            if ($cid !== false) {


                if (!$DB->record_exists('cohort_members', array('cohortid' => $cid, 'userid' => $user->id))) {

                    cohort_add_member($cid, $user->id);

                };

            } else {

                // Cohort not exist so create a new one.

                $newcohort = new stdClass();

                $newcohort->name = $cohortname;

                $newcohort->description = "created ".date("d-m-Y");

                $newcohort->contextid = $context->id;

                if ($this->config->enableunenrol == 1) {

                    $newcohort->component = "auth_mcae";

                };

                $cid = cohort_add_cohort($newcohort);

                cohort_add_member($cid, $user->id);


                // Prevent creation new cohorts with same names.

                $cohortslist[$cid] = $cohortname;

            };

Any help available will be appreciated.

Regards

Jason

Average of ratings: -