Why network capability is checked at CONTEXT_SYSTEM level ?

Why network capability is checked at CONTEXT_SYSTEM level ?

Valery Fremaux - દ્વારા
Number of replies: 2

Hi, this is a suggestion I was thinking about as I start designing a Moodle Network base Moodle farm.

Having many difficulties to get a role being allowed to see the Network Server block in a course (capability : mnetlogintoremote at CONTEXT_SERVER level ), I downgraded the context to CONTEXT_COURSE in block_mnet_hosts block, with the nice effect to be able to make a course enrolment based selection of users using a cross-site portal (Hey !! I'm master of the keys !! ). Course based cross-platform transfers need also changing the auth/mnet/auth.php start_jump_session() function to downgrade the context either.

It there a problem doing this ?

Thanks for comments.

Average of ratings: -
In reply to Valery Fremaux

Re: Why network capability is checked at CONTEXT_SYSTEM level ?

Martín Langhoff - દ્વારા
Yes. You will break stuff with that change.

That capability amounts to the moodle instance ("MoodleA") granting you the ability to hop to another moodle saying that you are userX@MoodleA. It is not about a course, it is about user account.

Create a system-wide role called 'roamers' or just grant that ability to all registered users if that is what you want.
Average of ratings: -
In reply to Martín Langhoff

Re: Why network capability is checked at CONTEXT_SYSTEM level ?

Valery Fremaux - દ્વારા

Well, this is not really what I need. I'm seting up a real "network" of interconnected Moodles that have organized topology. We must control very easily who and through where a user would be able to roam. A user may not be allowed to roam to all servers and we would like a only sees the servers he is allowed to roam to and not all list.

I have accomplished this cloning the mnet_hosts block to a mnet_course_door block that allows an administrative configuration of the server jump tracks you may see in this course. the course is so used as a "moodlegate", only giving a mnet_course_door block with some litterature for passing the door, a physical space where enrolled users can find a way up to another server. I like very much this solution (works fairly well with the above patch), so we can design real browsing circuits through our Moodles that are very easily tailored for each user/role.  

We tested the "course aware hop gate" wich works fine.

We should add a mechanism I did'nt found yet, to relocalize a user account so he could directly login on a sub-platform. I tried to login with a remotely transfered account, all SSO services enabled, and I could not login directly to the target platform with this account. Maybe I missed something.

Attachment EISTI_network_project.jpg
Average of ratings: -