Moodle

Metacourses won't allow guest access with an enrolment key

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 1.5.3, 1.9, 1.9.1, 1.9.2, 1.9.3, 1.9.4
  • Fix Version/s: 1.9.14
  • Component/s: Enrolments
  • Labels:
    None
  • Environment:
    Linux

Description

Since the metacourses allow normal users to manually enrol bug was fixed in Moodle 1.5.3, any guest user trying to access a metacourse which has been set to allow guest access with an enrolment key now get the error message This course does not allow public access, i.e. the same message a logged in user trying to manually enrol on the course would get.

As a bit of an aside I think this error message is slightly confusing for the user anyway, and would be much friendlier if it could read something along the lines of This course only allows access to students already enrolled on: (list of this metacourse's child courses).

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Like2Travel added a comment -

This is still an issue in 1.8.4

Show
Like2Travel added a comment - This is still an issue in 1.8.4
Hide
Permalink
Joseph Rézeau added a comment -

I am amazed to find out that this issue has still not been resolved in moodle 1.9.4.
For my daily use of Moodle it is a critical issue, because I do need "guests with a key" to be able to access a metacourse.
OR, if this is absolutely impossible, then at least the "allow guests with the key" parameter should be removed from the metacourse courses settings, since it is not fucntional and leads to confusion...
Hope a fix will be found soon,
Joseph

Show
Joseph Rézeau added a comment - I am amazed to find out that this issue has still not been resolved in moodle 1.9.4. For my daily use of Moodle it is a critical issue, because I do need "guests with a key" to be able to access a metacourse. OR, if this is absolutely impossible, then at least the "allow guests with the key" parameter should be removed from the metacourse courses settings, since it is not fucntional and leads to confusion... Hope a fix will be found soon, Joseph
Hide
Permalink
Fred Quay added a comment -

Hi !

I'ts been 4 years I've been happily working with Moodle, I know no other sensitive problem which has been so persistent : all my learning pathes are meta-courses crowded with class-portal courses.

We are aware that Moodle 2.0 development is a hard and of high value task, but we'll be many to need Moodle 1.9.x for some time...

Thanks.

Show
Fred Quay added a comment - Hi ! I'ts been 4 years I've been happily working with Moodle, I know no other sensitive problem which has been so persistent : all my learning pathes are meta-courses crowded with class-portal courses. We are aware that Moodle 2.0 development is a hard and of high value task, but we'll be many to need Moodle 1.9.x for some time... Thanks.
Hide
Permalink
Alex Rhinelander added a comment -

Hi-

One year along from the last posting, I have to echo it to try to keep this alive. I keep wanting to use meta courses to manage enrolment, but with no guest access with enrolment key possibility I can't.

~Alex

Show
Alex Rhinelander added a comment - Hi- One year along from the last posting, I have to echo it to try to keep this alive. I keep wanting to use meta courses to manage enrolment, but with no guest access with enrolment key possibility I can't. ~Alex
Hide
Permalink
Andreas Wagner added a comment -

Hi- working with Moodle 1.9.11:

I changed the lines:
if ($course->metacourse) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); }

into

if (($course->metacourse) and !isguestuser()) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); }
}

in course/enrol.php, so this would allow guests to view the course.

Do you see any security risks or other sideeffects by this?

Andi

Show
Andreas Wagner added a comment - Hi- working with Moodle 1.9.11: I changed the lines: if ($course->metacourse) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); } into if (($course->metacourse) and !isguestuser()) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); } } in course/enrol.php, so this would allow guests to view the course. Do you see any security risks or other sideeffects by this? Andi
Hide
Permalink
Dan Marsden added a comment -

just found this bug in the tracker, saw the number of votes and thought it can't be that hard to resolve.... so here it is!

This isn't required for 2.0 as metacourse enrolment has been improved (I checked it and it works)

Show
Dan Marsden added a comment - just found this bug in the tracker, saw the number of votes and thought it can't be that hard to resolve.... so here it is! This isn't required for 2.0 as metacourse enrolment has been improved (I checked it and it works)
Hide
Permalink
Nicolas Martignoni added a comment -

Thanks Dan for the fix. Will do much good for 1.9.x users :-D

Show
Nicolas Martignoni added a comment - Thanks Dan for the fix. Will do much good for 1.9.x users :-D
Hide
Permalink
Joseph Rézeau added a comment -

Thanks, Dan, "better late than never"!

Show
Joseph Rézeau added a comment - Thanks, Dan, "better late than never"!
Hide
Permalink
Dan Marsden added a comment -

note to integrator - have rebased against todays stable release

Show
Dan Marsden added a comment - note to integrator - have rebased against todays stable release
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Uhm.. it seems a good approximation... just guessing if other variables should be also checked, like $course->enrollable, $course->enrolstartdate and $course->enrolenddate , as they are checked for real users (IMO guest "enrol" should observe that too.

So perhaps it's better to modify the:

if ($course->metacourse) {

condition instead, to allow the process to continue if "isguest() and $course->guest == 2" and allow the rest of the script to perform the usual extra checks?

Also, perhaps we should be using isguestuser() instead of isguest() if I'm not wrong. check_entry/print_entry see to do exactly that.

My 2 cents.

Show
Eloy Lafuente (stronk7) added a comment - Uhm.. it seems a good approximation... just guessing if other variables should be also checked, like $course->enrollable, $course->enrolstartdate and $course->enrolenddate , as they are checked for real users (IMO guest "enrol" should observe that too. So perhaps it's better to modify the: 
if ($course->metacourse) {
condition instead, to allow the process to continue if "isguest() and $course->guest == 2" and allow the rest of the script to perform the usual extra checks? Also, perhaps we should be using isguestuser() instead of isguest() if I'm not wrong. check_entry/print_entry see to do exactly that. My 2 cents.
Hide
Permalink
Dan Marsden added a comment -

Thanks Eloy - I vote to reject for this week and let the reporters on this bug decide...

IMO - isguest should be used rather than isguestuser - as I presume anyone with the key that isn't enrolled using meta should be able to gain access.

Show
Dan Marsden added a comment - Thanks Eloy - I vote to reject for this week and let the reporters on this bug decide... IMO - isguest should be used rather than isguestuser - as I presume anyone with the key that isn't enrolled using meta should be able to gain access.
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Rejecting as requested. Thanks!

Note that I've commented about isguestuser() because check_entry() looks exactly for that so, any isguest() will be rejected. Only real 'guest' user will be accepted and session access to the metacourse granted.

Ciao

Show
Eloy Lafuente (stronk7) added a comment - Rejecting as requested. Thanks! Note that I've commented about isguestuser() because check_entry() looks exactly for that so, any isguest() will be rejected. Only real 'guest' user will be accepted and session access to the metacourse granted. Ciao
Hide
Permalink
Dan Marsden added a comment -

thanks Eloy - have now pushed much simpler patch!

Show
Dan Marsden added a comment - thanks Eloy - have now pushed much simpler patch!
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Integrated, thanks! Yay simple solutions!

Show
Eloy Lafuente (stronk7) added a comment - Integrated, thanks! Yay simple solutions!
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

I've followed the test instructions and guests are able to access.

Also tried other combinations of visible / guest access and enrollment key and all them worked as expected.

Passed!

Show
Eloy Lafuente (stronk7) added a comment - I've followed the test instructions and guests are able to access. Also tried other combinations of visible / guest access and enrollment key and all them worked as expected. Passed!
Hide
Permalink
Dan Marsden added a comment -

can't believe how simple that patch was and how long it's been sitting here... hopefully the new triage/development process will make this a lot better for new bugs!

Show
Dan Marsden added a comment - can't believe how simple that patch was and how long it's been sitting here... hopefully the new triage/development process will make this a lot better for new bugs!
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Many thanks for the hard work, this has been sent upstream and is available in all the git and cvs repositories.

Show
Eloy Lafuente (stronk7) added a comment - Many thanks for the hard work, this has been sent upstream and is available in all the git and cvs repositories.

Dates

  • Created:
    Updated:
    Resolved:
    Integration date:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.