Why network capability is checked at CONTEXT_SYSTEM level ?

Why network capability is checked at CONTEXT_SYSTEM level ?

napisao/la Valery Fremaux -
Broj odgovora: 2

Hi, this is a suggestion I was thinking about as I start designing a Moodle Network base Moodle farm.

Having many difficulties to get a role being allowed to see the Network Server block in a course (capability : mnetlogintoremote at CONTEXT_SERVER level ), I downgraded the context to CONTEXT_COURSE in block_mnet_hosts block, with the nice effect to be able to make a course enrolment based selection of users using a cross-site portal (Hey !! I'm master of the keys !! ). Course based cross-platform transfers need also changing the auth/mnet/auth.php start_jump_session() function to downgrade the context either.

It there a problem doing this ?

Thanks for comments.

Prosjek ocjena: -
Odgovor na Valery Fremaux

Re: Why network capability is checked at CONTEXT_SYSTEM level ?

napisao/la Martín Langhoff -
Yes. You will break stuff with that change.

That capability amounts to the moodle instance ("MoodleA") granting you the ability to hop to another moodle saying that you are userX@MoodleA. It is not about a course, it is about user account.

Create a system-wide role called 'roamers' or just grant that ability to all registered users if that is what you want.
Prosjek ocjena: -
Odgovor na Martín Langhoff

Re: Why network capability is checked at CONTEXT_SYSTEM level ?

napisao/la Valery Fremaux -

Well, this is not really what I need. I'm seting up a real "network" of interconnected Moodles that have organized topology. We must control very easily who and through where a user would be able to roam. A user may not be allowed to roam to all servers and we would like a only sees the servers he is allowed to roam to and not all list.

I have accomplished this cloning the mnet_hosts block to a mnet_course_door block that allows an administrative configuration of the server jump tracks you may see in this course. the course is so used as a "moodlegate", only giving a mnet_course_door block with some litterature for passing the door, a physical space where enrolled users can find a way up to another server. I like very much this solution (works fairly well with the above patch), so we can design real browsing circuits through our Moodles that are very easily tailored for each user/role.  

We tested the "course aware hop gate" wich works fine.

We should add a mechanism I did'nt found yet, to relocalize a user account so he could directly login on a sub-platform. I tried to login with a remotely transfered account, all SSO services enabled, and I could not login directly to the target platform with this account. Maybe I missed something.

Privitak EISTI_network_project.jpg
Prosjek ocjena: -