Cannot prevent capabilities for admins

Cannot prevent capabilities for admins

by Gert Sauerstein -
Number of replies: 2

Hi,

I want to introduce a new capability for a custom block. It is a special capability which only students (student role) should have. All others (teacher, tutors, admins, guest) should NOT have this capability.

So I tried to use the following descriptor:

'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'guest' => CAP_PREVENT,
'student' => CAP_ALLOW,
'teacher' => CAP_PROHIBIT,
'editingteacher' => CAP_PROHIBIT,
'admin' => CAP_PROHIBIT
)

For students, teachers, guests and tutors all works fine. But admins still have the capability in spite it is set to be prohibited. It seems that admins are super-users with all privileges, I cannot prevent them from using my custom capability.

What can I do?

Average of ratings: -
In reply to Gert Sauerstein

Re: Cannot prevent capabilities for admins

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
When you call require_capability, or has_capability, then there are extra parameters you can add to tell it to ignore admins 'doanythig' capability.

Once you do that, you don't need the prevents of prohibits. Just leave those bits out alltogether:
'captype' => 'write', 'contextlevel' => CONTEXT_COURSE,
'legacy' => array(  'student' => CAP_ALLOW, )
Average of ratings: -
In reply to Tim Hunt

Re: Cannot prevent capabilities for admins

by Gert Sauerstein -
Oh, what a dirty trick wink ...

It seems to work when I set the flag to false.
Thanks!
Average of ratings: -