Implementing Visitor

Implementing Visitor

by John Isner -
Number of replies: 4
In the moodle developer documentation, developers brainstormed a list of potential roles. I have implemented several of these as exercises. I'm having trouble implementing Visitor:

Visitor

This would be a role whereby one could allow a visitor to visit one's classroom. This might be a colleague interested in seeing your course, or a journalist who might be writing an article about one's site. They should not be able to see the names of any students anywhere (eg recent activity, forum posts) for privacy reasons. They should be able to try out things like quizzes, and lessons but no grades would be recorded (like in teacher preview mode). They would not be able to participate in choices and forums but could view them. It would be read only in a way like former-student role below but without access to a particular student's records that former student role would grant.

Here is what I did:

As Admin, I created a new role Visitor with the following capabilities allowed:

  • view courses
  • view assignments
  • read responses (choice)
  • view entries (database)
  • view discussions (forum)
  • attempt quizzes
  • view responses (survey)
and these prohibited:
  • view user profiles
  • view participants
  • edit user profile
  • always see full names of users
As teacher, I assigned user X the role of Visitor in course Y.

As user X, I logged in and entered course Y. I was able to do things that were allowed, but surprisingly I was not prohibited from seeing user names and profiles. For example, in a forum, I could see the names of users who posted, and I could click on their names and read their profiles.

What am I missing?

Average of ratings: -
In reply to John Isner

Re: Implementing Visitor

by John Isner -
Searched tracker for related issues. MDL-9727 "Capability typo in forum" was fixed in 1.8.1, 1.9. I don't have access to 1.8.1 yet, but hopefully this fix will prevent Visitors from viewing participants names.
Average of ratings: -
In reply to John Isner

Re: Implementing Visitor

by John Isner -
Hello again, self,
No, that wasn't the problem. It turns out that the display of names is controlled by the capability moodle/site:viewfullnames. But wait, there's more. Setting its value to Prevent or Prohibit will have no effect unless you also define $CFG->forcefirstname and $CFG->forcelastname (optional variables in config.php that you probably ignored when you installed Moodle). So, for example, if you set

$SFG->forcefirstname = 'Bruce';
$CFG->forcelastname = 'Simpson';

then the "Bruce Simpson" will be displayed instead of the poster's real name if moodle/site:viewfullnames is not Allowed. I think the same will be true of the display of names in other contexts besides forum, but I haven't tested it yet.

Incidentally, the documentation (docs.moodle.org/Capabilities/moodle/site:viewfullnames) says that this capability is only applicable if Site Administration -> Security -> Site policies -> Full name format is set to 'First name' or 'Language.' I was unable to detect any effect of the full name format on the display of fullnames.

The difficulty of implementing one of these brainstormed roles (even a simple one like Visitor) makes me think that we should revive the original discussion of premade roles started by Art Lader. Either provide premade roles like Parent and Visitor, or (as one posters suggested), provide a way to export/import role definitions so that users can share them through a moodle.org database or glossary of third-party role definitions.
Average of ratings: -
In reply to John Isner

Re: Implementing Visitor

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators
Hi John,

As you've found, brainstorming in the development area of the documentation doesn't always result in ideas being implemented. wink

I noticed you added a bug to the tracker - MDL-10127 - and added a comment there. I hope the documentation moodle/site:viewfullnames is easier to understand now.
Average of ratings: -
In reply to Helen Foster

Re: Implementing Visitor

by John Isner -
Hi Helen,
As you explained in your comment on MDL-10127, the interaction of this capability with the Site Policy 'Full Name Format' works properly in 1.8.1. I tried it, and it does. Thanks!

Getting back to Visitor, it seems that viewfullnames is not applicable. If we are going to allow Visitors into our courses, we will need a way of preventing them from seeing any part of the real names, while at the same time allowing others (teachers and students) to see whatever their capabilities (and the site policy) allow. The forcefirstname/forcelastname hack in config.php doesn't seem to be a solution either, since it affects users who can normally see names.

MDL-8148 asked for a solution to the "anonymization" problem" back in 1.6, and it got wide support. Petr Skoda commented that roles would be the solution. In a later comment (after 1.7 was released) he commented again

there is no capability yet, that would do exactly this yet sad

Average of ratings: -