one of my co-administrators was locked out after todays upgrade to 1.8 Beta (2007021401), I have done something stupid then: I reset the administrator role and have lost now all permissions and the admin block as well.
I have access to my database via phpMyAdmin.
Where can I change my permissions there?
Any help would be very appreciated...
How exactly did you manage to remove the permissions? Did the admin role have legacy:admin capability? The reset code works fine for me.
You can use following script to get back admin rights for user 'admin', just upload a file that contains the commands bellow (into the same dir as config.php) and execute it + logout/login as admin:
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
$adminroleid = create_role('new admin6', 'admin6', 'delete me later', 'moodle/legacy:admin');
$user = get_record('user', 'username', 'admin');
role_assign($adminroleid, $user->id, 0, $systemcontext->id);
BTW I am adding some improved warnings to prevent similar accidents in future.
your script has solved my problem thanks!
"How exactly did you manage to remove the permissions? Did the admin role have legacy:admin capability?"
In /moodle/admin/roles/manage.php?roleid=1 I hit the reset button and all permissions went to "inherit" as far as I can remember.
I am not certain about legacy:admin capability - I believe it was "permitted"
until I hit reset...
Really quick question. How do you execute it?
For me it worked fine like Skodak wrote: "You can use following script to get back admin rights for user 'admin', just upload a file that contains the commands bellow (into the same dir as config.php) and execute it + logout/login as admin:"
I simply put this script in wordpad, saved it as lost.php; put it via ftp on the server in my moodle directory. I run this script by calling www.mywebsite/lost.php, logged out and logged in as admin. If you use a different name for admin in your config.php I think you would have to adjust that name in this script.
I've been stuck for days now. Read all the forums, still have 'limited' admin privileges [ $release = '1.9'; // Human-friendly version name ]
First thing that happened is I changed the default role for new users to 'authenticated user'. I did this because no one other than admins could edit their profile. This was based upon some forum advice,
What happened was all my admins now have limited capability (as if at a lower level, but not 'just' authenticated user, as some admin capability shows up. e.g.:
Update - I also did run the 'admin6' php user fix described in this thread. It seemed fine (resulting in "done"). However, I wasn't sure what to do next; to log in AS admin6 -- since as there is no password, I entered on my own admin account, and was able to add new user, 'admin6' -- but of course this is stupid, because admin6 is now simply a new user account.
I am so stuck. Can someone please direct me as to how to reload all default role settings, so I have something workable?
thanks a lot. Don't know what I'd do without this forum ...
divine intervention hasn't been working (yet).
Two more clues --
#1 here in my database I have warnings:
"PRIMARY and INDEX keys should not both be set for column `id`"
and looks like I have two of them?
(see screenshot .)
and, er ...
#2: I believe(!) I should have a file called -- mdl_user_admins
? I do not. (If I need one, how do I get me one? I do have an earlier version, 1.8, on another site. Can I grab the file from there? Would it be compatible with 1.9?)
In the host server webpanel, I have received this on a few occasions when visiting the database:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, firstname.lastname@example.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 301 Moved Permanently error was encountered while trying to use an ErrorDocument to handle the request.
Could it be that I moved some file? Or, could the host have managed something? I have dreamhost.com, and think they're great, but there was an early 'bug' that they had on the initial install, and they then fixed that. (Funny enough, the server is called bugsy! -- bad call.)
Now that was 1.8 when I loaded it. While I realize upgrades don't happen automatically, (and I didn't do it) -- I do now have 1.9.
Should I talk to dreamhost folks about this? -- or am I into conspiracy theories?
Good thing i did it now, as this problem has been going on for 5 days, and that's all the longer my server is set to store backups. Everything is back to how it was.
I still am not sure how to make sure I get the settings correct, on this default user being authenticated user or guest, but at least I am back with admin rights, how I was nearly a week ago. Whew!
So -- suggestion to anyone has lost their admin files or roles get really screwed up, just go into myphpadmin and find your backup/restore function for the tables, and 'restore'
-- and viola, back to how your were.
Problem of losing 'certain' admin settings, seems to come in with changing the default user, the options are 'none', 'authenticated user', and 'guest', or 'student'. I've seen suggestions for using any and all of these, depending on need.
Obviously I haven't figured this out yet, what is basic configuration. the reason why I've gone back in and changed this, and some of the define roles of these lesser settings and functions (calendar, blog, etc.) is because I want (whatever it is best to set it to, i.e., 'none', authenticated user, guest, ...) to not be able to 'change' calendar entries, as one example. However, if they see it, a guest user can go all the way in to change and export the calendar. That doesn't seem right, so I want to limit (either, and here's another question: which one is it?: of 'prohibit', 'not set', or 'prevent'.
This was the latest problem, when I set the authenticated user to 'prevent' access to all these blocks and courses, in define roles, I then -- as ADMIN -- was unable to get back in.
I have my admin account set with the doanything, etc.
As well, with the blog settings, they seem to be able to go into and edit my blog entries.
So, I'm still trying to set basic role permissions. Before I fiddle again (I'll just live with what seem to be security or privacy breaches, as I can at this set up time).
At least if I can get the db restore process wired, I can undo each problem I create. This is perhaps the idea for a testing server? (sorry, this is now a vicktorya blog thread, as I am responsive to my own posts.)
I’m using moodle 1.9 and I’m having the same issues. I’ve read all of the posts on these Forum related to this issue and no matter what I’ve tried I can’t get my admin tree back. Here is what I’ve tried.
Tried to go to http://myserver/moodle/admin
Added the line $CFG->defaultuserroleid = 1; to my config.php restarted Apache and MYSQL
Ran both versions I found of the createadmin.php script
Ran the rolesdebug.php it didn’t help either.
Used MySQL Admin to check permissions related to my default admin ID (2) in the mdl_role_assignments is has a value of 1 in the roleid field.
Checked that roleid 1 has permission 1 in the mdl_role_capabilities table
Checked that the doanything property in the mdl_config table was set to 1
Checked the mdl_block table and I can see that visible field is set to 1 for admin_tree
I even set up a new server and exported the default mdl_config table and compared it the one I’m using.
I’ve done everything I can think of and I can’t seem to get my admin tree back. Can anyone help me?
I finally figured it out!!!!.
I tried exporting various tables from my new installation and after I imported the mdl_block table I was able to see the admin tree again. As of now I’m not sure as to the which setting was causing it since I already checked it and the visible property was set to yes, but its back up and working.
thanks very much
according to Ralf Hilgenstock there are two different reasons for losing the admin permissions.
1. the administrators permissions have been taken away
2. the admin role has been deleted.
Ralf mentioned, if the role has been deleted the script will help.
Otherwise you will get your permissions back by modifying mdl_user_admins in your database.
Please check in your database mdl_user_admins.
id should be 1.
userid your personal id number (you can see it with mouse over your name = URL + id= ).
If mdl_user_admins does not exist you can make a new entry but it is a clear sign that the role has been deleted and the script should work.
i have lost admin permissions and need to create a new entry in my database for mdl_user_admins (it does not exist in my database). i'm using moodle 1.8.2+
could someone please explain how to do this, my SQL knowledge is quite limited although i can find my way around the database.
will appreciate any help, thanks!
Thanks for your reply. I've checked the role id, user id & context id of 'admin' in my database and they are correct but when i log in as 'admin' i don't see any of my administrative panels...
Any ideas? Thanks in advance
Sorry about this!
the user_admins table's functionality is now in the role_assignments table. Also see the role table to see the id numbers of the actual roles
Pierre Pichet gives some hints for the handling of the database upgrading to 1.7b
for how to change your database you may have a look
see the script attached
maybe you have to change in your database the mdl_role_allow_assign.
Make sure that the roleid for your id is 1. e.g. for this (via script created) admin6 the values should be:
In the role table `mdl_role` (mark "id" and show) you can see the id numbers of the actual roles. For admin it is '1' in my database; if it is different in your database please adapt the roleid in mdl_role_allow_assign as mentioned above.
BTW: you could try to repair your database with phpMyAdmin.
It appears that admin rights have somehow got disabled throught the moodle installation.
The tables seem to be right.
I hope that the screen dump helps in finding the cause.
I will appreciate to know a quick way to get full admin rights for either existing user or through a new account (we tried this but falied)
we created new admin account with admin rights, still it got only guest rights.
we examined various tables (roles, capabilities etc.) they were in order.
I ran a script (attached) and receievd a long output which I shall attach in a separate post.
Hemant (see second post also)
I could get back admin rights to admin logins by changing the table
In the row with name =defaultuserroleid)
changing value from 5 (student) to 1 (admin)
Later after trying out other admin logins I switched back the default role for all logged in users to "student'.
Surprisingly, admin rights remain intact.
But there are more strange things that happen
One student login is still denied access to course with a message "..guest login"
Also one of the adminstartor user is denied access to a course with similar message!
Can someone guide me in sorting out these user rights (capabilities ) issues?
If Mikes suggestion has not fixed your new problem yet, it could be a problem of the account authentication method. "If users are unable to login following an upgrade to 1.8 then most likely their account authentication method requires enabling."
Both the hints did not work. My status and questions are:
Admin rights are back with me and some more accounts I created just in case.
One student who had lost access (except guest level) has got it back after I deleted and recreated his account. I wish to know this happens?
My original admin account has access to admin menu and functions but has no access to the course! This account shows up as administrator in the browse user list and has admin roles. Why this happens? What should I do? (I wish to leave just two admin accounts and delete the dummy accounts)
I will appreciate help in this.
Petr's script worked just fine for me. Just cut and paste the code into the
correct directory and typed (on the Linux command line)
Logged out as admin and logged back in, went to
- ► Users
- ► Permissions
- ► Define roles
removed the "new admin6" role - and, I hope, everything is back to how it was.
[Admittedly I had also tried the change default user role hack mentioned
elsewhere in this forum.]
I ran this and got an error on line 2. I correctly pasted it into wordpad and saved as .php then went to http://mysite/adminfixPetr.php and got the error.
any ideas? I also tried Howard's adminfix without success. Still no admin settings. Thanks, James
I apologize if i'm writing in wrong topic, but i think this is my last chance before compression!! I am working on moodle 1.9+, it was working as i wanted to, and today , i set some authanticated user roles. I saved the changes, and...Boom!!
I haven't administration permissions any more. The admin tree has been reduced only in some functionalities( as u can see in the attachments), and when i turn on the edit process, clicking in the "Assing roles" icon, i can see the error message "Sorry, but you do not currently have permissions to do that (Assign roles to users)".
My question is, should i modify some .php file in the admin directory? Could i restore the initial roles through phpmyadmin? I am glad for your help!! Thank you
I'm having this same problem how do I correct it?
I realise I am replying to a seven year old thread, but no matter how much I Googled and for what, I always arrived back at this page (as Google ranks it highly), and couldn't find anything similar for Moodle 2.
I needed to assign admin capability to a user from outside of Moodle, and this script did the job. I've updated it for Moodle 2.x (tested on 2.6) and added a check for the pre-existence of the newly-created role (which would cause a DB write error if run more than once).
I hope someone out there finds this useful.
Paul, just curious as to why you're creating a role and giving it the 'doanything' capability, instead of adding the user to the list of site admins in $CFG->siteadmins? That's the way that site admins usually work in Moodle 2.x (or does this not work in your particular situation?)
(See admin/roles/admins.php to see how Moodle updates this list).
Hi Davo. Sorry for the delay in replying, I've not logged in for a while.
I followed the same procedure as Petr's original script: create a new role with the required privileges, then assign the user to it. I believe this was done originally (and this is certainly how I perceived it, and wrote this code to match) because the script's job is transient and temporary: it is to 'get access to Moodle by any means necessary', a means to an end, rather than permanently assigning a user as an admin.
One benefit of this is that the newly created role can simply be deleted, which restores user's privileges to whatever they were beforehand (the temporary admin is demoted again). This may not be what's always required (as you say, the user may require admin privileges permanently) but this was the role the script was written to do (in a bit of a hurry, for a colleague who had just been handed a Moodle database SQL dump with the admin users stripped out).
(As an aside, and by no means a criticism: I often find there are multiple ways of achieving the same goals in Moodle, and being a team of one here in terms of Moodle development, I have little to go on except best judgement. Time was a factor here and the code does work, but I'll look into better best practices soon.)
Thanks for the heads-up, I'll investigate further now that the pressure's off to get a result.