General developer forum

Webservice permission problems

Picture of Janne Suominen
Webservice permission problems
Hey there!

I have two different problems with permisssions.

I'd like to search users with email addresses with my Api-User but the function core_user_get_users_by_field only returns users with "Email display"-setting set to "Allow everyone to see my email address". I've given Api-User the permissions moodle/user:viewdetails, moodle/user:viewhiddendetails, moodle/user:viewalldetails but it doesn't seem to be enough. 

What permissions do I need to search the full user database with an email?

My other problem is with enrolling users to courses. The enrol_manual_enrol_users function returns error "You don't have the permission to assign this role (5) to this user (13) in this course(6)." Role 5 is "Student", user 13 is a fresh user created by Api-User and course 6 is pre-existing course.

What permissions do I need to enrol anyone to any course with role Teacher, Non-editing teacher or Student?

Average of ratings: -
Picture of Janne Suominen
Re: Webservice permission problems

Seems like I finally got the permissions right!

To search all users by email I enabled these permissions for my Api-User:

  • moodle/user:viewdetails
  • moodle/user:viewhiddendetails
  • moodle/user:viewalldetails
  • moodle/site:viewuseridentity

To enrol users to course I enabled the permission moodle/role:assign and set the role-specific assignments through /admin/roles/allow.php?mode=assign

The permission jungle is pretty overwhelming at first sight. Feel free to comment if you have any tips for permission management.

Average of ratings: -