|
[
Permalink
| « Hide
]
Matt Gibson added a comment - 11/Dec/06 08:48 PM
This is also creating the problem that the news forums where everyone is subscribed are sending out messages to all teachers. Moodle has become the most effective spam engine the school has yet encountered.
Just change your definition of a "course creator" ... you have that control now by editing roles.
Admin >> User >> Permissions >> Define roles You probably want to remove moodle/course:view from the role, and maybe others. Thanks Martin - I've stripped down the course creator role to nothing but moodle/course:create and it's fixed the access and editing issue. I have set it so that normal teachers can update course settings, so now the only issue is that creators cannot delete courses they have made. Could we have a 'delete own courses' capability to fix this?
The problem still remains that my course participants list still has loads of people in it who don't want to be there. I think Yu said that this can be fixed using the hidden assignments thing in 1.8, but will this still leave the problem of bulk messaging from the news forum when it's set to 'everyone is subscribed'? Maybe if the moodle/course:create capability didn't cascade down past the course catagory level like all the others do, then this would not happen. It wouldn't matter too much as it has no functionality beyond that level anyway. What do you think?
The quick fix is to alter the course creator role (Admin > Users > Permissions > Define Roles and remove all the permissions relating to course editing (change them from ALLOW to INHERIT).
Especially these: moodle/course:manageactivities but many others too. The reason is that if you assign this role as it is to someone at SYSTEM level then they will have these permissions for ALL contexts below it (ie all courses). The fact that the default permissions are set like this is a mistake that we need to fix in Moodle. Vy, can you revisit lib/db/accesslib.php in 1.7 and 1.8 and fix the default permissions? (Sorry Matt, I just realised I'd commented on this before and missed the subsequent comments, I was cruising in "version control" mode)
I'm not sure of the best way to allow deletion only of one's own courses, we'll look that that. I've checked in fixes for 1.7, 1.8 and HEAD branches.
Changed most course creator permissions from allow to inherit, made changes to course deletion to allow course creators to delete the courses in which they can manage activities. Where can I get this fix for 1.7 please?
Thanks Alick Hi Alick,
You can get the fixes from the latest code in the 1.7 or 1.8 stable branches from CVS. Unless you are doing a brand new installation of Moodle, you should also change most of the Course Creator permissions from "allow" to "inherit". Except of course for moodle/course:create Hi,
I have all permissions for "Course Creators" set to "Inherit." Except for moodle/course:create and moodle/course:delete. (Set to 'Allow') As always, thank you for your fine efforts! Rich T Closing, as this is fixed.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bug
Closed
Major
Default permissions for Course Creators are too permissive
and a few others as you see fit. |
|
