|
Added UI Mockup: <Import-export-roles>
Edited UI Mockup <Import-export-roles>: The first step import/export process. The user is able to select which roles it want export to XML or upload a file to import
Added UI Mockup: <Pre-import-screen>
Daniel Neis made changes - 16/Sep/09 08:14 PM
Hello,
we are working on implemente this feature here at Universidade Federal de Santa Catarina (http://moodle.ufsc.br Here is the code that backup roles (export) : moodle/backup/backuplib.php:
...
615 ///Roles stuff goes in here
616
617 fwrite ($bf, start_tag('ROLES', 1, true));
618 $roles = backup_fetch_roles($preferences);
619
620 $sitecontext = get_context_instance(CONTEXT_SYSTEM);
621 $coursecontext = get_context_instance(CONTEXT_COURSE, $preferences->backup_course);
622
623 foreach ($roles as $role) {
624 fwrite ($bf,start_tag('ROLE',2,true));
625 fwrite ($bf,full_tag('ID', 3, false, $role->id));
626 fwrite ($bf,full_tag('NAME',3,false,$role->name));
627 fwrite ($bf,full_tag('SHORTNAME',3,false,$role->shortname));
628 /// Calculate $role name in course
629 $nameincourse = role_get_name($role, $coursecontext);
630 if ($nameincourse != $role->name) {
631 fwrite ($bf,full_tag('NAMEINCOURSE', 3, false, $nameincourse));
632 }
633 // find and write all default capabilities
634 fwrite ($bf,start_tag('CAPABILITIES',3,true));
635 // pull out all default (site context) capabilities
636 if ($capabilities = role_context_capabilities($role->id, $sitecontext)) {
637 foreach ($capabilities as $capability=>$value) {
638 fwrite ($bf,start_tag('CAPABILITY',4,true));
639 fwrite ($bf,full_tag('NAME', 5, false, $capability));
640 fwrite ($bf,full_tag('PERMISSION', 5, false, $value));
641 // use this to pull out the other info (timemodified and modifierid)
642
643 $cap = get_record_sql("SELECT *
644 FROM {$CFG->prefix}role_capabilities
645 WHERE capability = '$capability'
646 AND contextid = $sitecontext->id
647 AND roleid = $role->id");
648 fwrite ($bf, full_tag("TIMEMODIFIED", 5, false, $cap->timemodified));
649 fwrite ($bf, full_tag("MODIFIERID", 5, false, $cap->modifierid));
650 fwrite ($bf,end_tag('CAPABILITY',4,true));
651 }
652 }
653 fwrite ($bf,end_tag('CAPABILITIES',3,true));
654 fwrite ($bf,end_tag('ROLE',2,true));
655 }
656 fwrite ($bf,end_tag('ROLES', 1, true));
...
And here is the code for restore roles (import): moodle/backup/restorelib.php:
...
8693 /**
8694 * This function restores all the needed roles for this course
8695 * i.e. roles with an assignment in any of the mods or blocks,
8696 * roles assigned on any user (e.g. parent role) and roles
8697 * assigned at course levle
8698 * This function should check for duplicate roles first
8699 * It isn't now, just overwriting
8700 */
8701 function restore_create_roles($restore, $xmlfile) {
...
8810 /**
8811 * this function restores role assignments and role overrides
8812 * in course/user/block/mod level, it passed through
8813 * the xml file again
8814 */
8815 function restore_roles_settings($restore, $xmlfile)
Reading the comments to such code, seems to me that is a good chance to refactor the code to do such checks, like shown in the interface mock up. Edited UI Mockup <Pre-import-screen>: rethink interface to do the import in two steps
Added UI Mockup: <remap-of-roles>
Daniel Neis made changes - 23/Sep/09 01:19 AM
Daniel Neis made changes - 23/Sep/09 01:19 AM
While discussing this issue with co-workers, we have found that the import process must be done in two steps:
this process must be done this way cause we can have assigns/overrides cross-referencing the roles being imported sorry, i have linked it to MDL-16985 but it is wrong, it is just a non-specific relation....
As I recall, there was a previous discussion about importing/exporting roles and the biggest concern was security and being able to have an audit history of the changes that could be undone. The sentiment was that It seemed dangerous to have a file which was uploadable able to modify such key things. I can appreciate both the concern and the need for this especially in larger institutions. Peace - Anthony
I agree that is dangeours too have a file which is uploadable and able to modify role definitions, but i think that like deleting sections (MDL-10405), there will be a confirmation step and may be restricted only to admin.
It would really be good to have log of capabilities redefinition, by now we have can have at least a log entry saying "admin uploaded X roles and substitute Y and Z" (maybe because, here, we rely on our database backups in case something goes wrong). Hello, i have attached a patch (mdl17081.diff) that offers import and export of roles capabilities.
I have discarded the "allow overrides" and "allow assign" parts because it would result in a unnecessary complexity, both in the interface and source code. The patch is so big because i did a copy and paste of the code that does de import/export in moodle/backup/backuplib.php and moodle/backup/restorelib.php . If people really like this functionality we can refact the code and remove the duplicated parts. Thanks and good luck.
Daniel Neis made changes - 16/Nov/09 08:18 PM
Sorry, the first version has some lines with just blank spaces. mdl17081-v2.dif is the full patch, without these unnecessary spaces.
Daniel Neis made changes - 16/Nov/09 08:21 PM
Ah! I almost forgot, in the UI Mockups i have made, there was links to check and uncheck all checkboxes in roles list to export.
I have tried to implement it in an elegant way using YUI, thinking about no-javascript browsers, but i give up after 4 hours fighting with the library. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
New Feature
Open
Major
Implement import/export "Permissions" settings for "Manage roles" tab
 |
|
All content on this web site is made available under the GNU General Public License, unless otherwise stated.
you have mentioned two proposed solutions, but where are they?
I work on a project in a Federal University of Santa Catarina in Brazil (http://moodle.ufsc.br
), and we are really interested in help you develop this feature.