I do not want students to update their profiles

I do not want students to update their profiles

by D Licious -
Number of replies: 11

Hello, Moodlers!

I do not want my students to be able to edit their profiles. I thought I knew how to do this, but I guess I don't. sad

I went into define roles and student and denied them the capability to update user profiles and view user profiles. See the attachment.
Attachment roles_manage_php_roleid_5_action_edit.png
Average of ratings: -
In reply to D Licious

Re: I do not want students to update their profiles

by D Licious -
Continued from http://moodle.org/mod/forum/discuss.php?d=93929#p414841

And also to edit user profiles.

But they can still edit their profiles.

What am I doing wrong? I know the answer is probably easy, but I can't seem to figure this out.

Thank you, Moodlers.


Attachment roles_manage_php_roleid_5_action_edit_2.png
Average of ratings: -
In reply to D Licious

Re: I do not want students to update their profiles

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators
Hi,

You can prevent students from updating their profiles by preventing the capability moodle/user:editownprofile (available in Moodle 1.9). Please see the demo teacher role documentation for instructions on how to apply it to selected users.

If you're not using Moodle 1.9 yet, you can lock certain profile fields via Administration > Users > Authentication, though this will apply to all users.
Average of ratings: -
In reply to Helen Foster

Re: I do not want students to update their profiles

by Nicole Marcisz -

Hi,

Thanks! this actually answered my question that I posted just earlier.

Nicole

Average of ratings: -
In reply to Helen Foster

Re: I do not want students to update their profiles

by John Isner -
Interestingly (or should I say confusingly) moodle/user:editownprofile must be prevented in the System context. I would have guessed you could prevent it in the user's personal User context, since (conceptually) that's where the profile information lives. But user/tabs.php explicitly checks for the capability in the Sytstem context before showing the Edit tab.
Average of ratings: Useful (1)
In reply to John Isner

Re: I do not want students to update their profiles

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
That looks like a bug actually.
Average of ratings: -
In reply to Martin Dougiamas

Re: I do not want students to update their profiles

by John Isner -
Bug reports are often the best way to learn about Moodle. MDL-14174 resolved: not a bug. Reason: "User context is used for something that you can do to other users, not yourself." (Skodak) Things that you can do to yourself are always tested in the System context.

Summary:
  • if you want to update your own profile, you need moodle/user:editownprofile in the System context. Normally everyone can update their own profile because it is allowed in Authenticated user
  • if you want to update another user's profile, you need moodle/user:editprofile in the other user's personal User context.
To remove all Students' ability to update their own profiles, you could edit the Student role, setting editownprofile = Prevent. Since Student is (usually) assigned in a course context, it will take priority over the permission in Auth user. To remove the ability from Students in a particular course, you could override Student in the course context. To remove the ability from specific students, I would create a new role "CannotEditOwnProfile" with just the one capability set to prevent, and assign it selectively to those students.
Average of ratings: -
In reply to John Isner

Re: I do not want students to update their profiles

by John Isner -
Hmm, I don't know what I was thinking when I wrote the last paragraph above. Since the permission to edit one's own profile is calculated in the System context, you're going to have to do the preventing there. Nothing you do in a lower context (like course) is going to make a bit of difference.

So my revised advice would be to create a new role CannotEditOwnProfile with moodle/user:editownprofile = Prevent and assign it to selected users in the System context. You could also edit Auth user, but this would affect everyone, not just Students, and I wouldn't do it for that reason.

User context makes my brain hurt.

Average of ratings: -
In reply to John Isner

Re: I do not want students to update their profiles

by John Isner -
FYI everyone, I just summarized my understanding of user context and user capabilities in another forum post. The other discussion was specifically about user context, so it is a bit more appropriate than this one.
Average of ratings: -
In reply to Helen Foster

Re: I do not want students to update their profiles

by D Licious -

Thank you, Helen. I have Moodle version 1.8, so I will lock certain profile fields via Administration > Users > Authentication.

I appreciate everyone's help.
Average of ratings: -
In reply to D Licious

Re: I do not want students to update their profiles

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
The profiles are outside the courses, so changing it for the student role (normally given in a course) won't work.

You need to change it for a system-wide role like the standard Authenticated Users Role.
Average of ratings: Useful (1)