[#MDL-7939] Courses hidden to students does not allow editing teacher to see and edit it

Issue Details (XML | Word | Printable)

Key:	MDL-7939
Type:	Bug
Status:	Resolved
Resolution:	Fixed
Priority:	Critical
Assignee:	Yu Zhang
Reporter:	Andrea Bicciolo
Votes:	5
Watchers:	7

Operations

Add/Edit UI Mockup to this issue

If you were logged in you would be able to see more operations.

Moodle

Courses hidden to students does not allow editing teacher to see and edit it

Created: 17/Dec/06 02:23 AM Updated: 04/Dec/07 12:55 AM

Component/s:

Roles

Affects Version/s:

1.7, 1.7.1

Fix Version/s:

1.7.2, 1.8, 1.9

Issue Links:

Duplicate

This issue is duplicated by:

~~MDL-9412~~ Teachers are able to change a setting that makes it so they can't access their own course.

~~MDL-8632~~ Inconsistency in Teacher legacy role: view hidden courses

Participants:	Andrea Bicciolo, André Martins, Dan Poltawski, Frances Thomson, Jeff Wood, Jenny Toller, Jessica Gramp, Jon Papaioannou and Yu Zhang
Security Level:	None
Resolved date:	15/Mar/07
Affected Branches:	MOODLE_17_STABLE
Fixed Branches:	MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

Description

« Hide

To reproduce the bug:

0. login as admin
1. create a new course, select a user and give it a Role->Teacher permissions
2. set the course as "unavailbale to students"
3. now logoff and login as the editing teacher user defined at point 1
4. editing teacher cannot see nor edit the course

If you login as an Admin and uses the "Login as" function from whithin editing teacher user's profile, trying to access the course produce teh message "This course is not available to students".

All

Comments

Change History

Version Control

Sort Order:

[ Permalink | « Hide ]

Jeff Wood added a comment - 19/Dec/06 08:02 AM

I have verified this behaviour with my install.

Admins can see hidden course and teachers cannot.

Jeff

[ Permalink | « Hide ]

Jenny Toller added a comment - 19/Dec/06 10:46 PM

Jeff Wood found the solution to this:

Site Administration > Users > Permissions > Define roles

Teacher Role - Edit - Course area

Change moodle/course:viewhiddencourses from inherit to allow

Jenny

[ Permalink | « Hide ]

Dan Poltawski added a comment - 23/Jan/07 08:05 PM

What I can't understand is that from my read of the capabilites system the teacher role should allow this by default:

'moodle/user:viewhiddendetails' => array(

'riskbitmask' => RISK_PERSONAL,

'captype' => 'read',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),

[ Permalink | « Hide ]

Jon Papaioannou added a comment - 25/Feb/07 01:23 PM

Dan, you did the wrong copy/paste... Correct is around line 515:

'moodle/course:viewhiddencourses' => array(

'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
),

[ Permalink | « Hide ]

Jon Papaioannou added a comment - 25/Feb/07 01:28 PM

BUGFIX:

If you execute this SQL query:

INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` )
VALUES (
NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0'
);

The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'.

I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.

[ Permalink | « Hide ]

André Martins added a comment - 08/Mar/07 07:05 AM

I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010).
I made several attempts to test, reproduce and overcome this issue:

setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller)
creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level
creating several combinations of depth in categories and courses (0 to 3)
even then invisible categories and courses remained only visible to the administrator.

Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution.

Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug.

I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk

Proposed patch
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
File: lib/datalib.php
Line: 782

PATCH:
/**

Returns a sorted list of categories
*
@param string $parent The parent category if any
@param string $sort the sortorder
@return array of categories
*/
/// Patched by andre.martins [29/Feb/2007]
function get_categories($parent='none', $sort='sortorder ASC') {

if ($parent === 'none') { $categories = get_records('course_categories', '', '', $sort); } else { $categories = get_records('course_categories', 'parent', $parent, $sort); }
if ($categories) { /// Remove unavailable categories from the list
$creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
// ----- Patch : New -> Testing if a user can see hidden categories
$hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
// *****
foreach ($categories as $key => $category) {
if (!$category->visible) {
// ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user
// is not a creator nor can see hidden categories
if (!$creator and !$hidden_category_allowed) { // ***** unset($categories[$key]); }
}
}
}
return $categories;
}
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
File: course/lib.php
Line: 1340

function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) {
/// Recursive function to print out all the categories in a nice format
/// with or without courses included
/// Patched by andre.martins [29/Feb/2007]

...... (Line: 1351)
if ($category) {
// ----- Patch: New -> Can the user view hidden categories?
$can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
// *****
// ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or
// can view hidden categories
if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))
or $can_view_hidden_categories) { // ***** print_category_info($category, $depth, $files); } else { return; // Don't bother printing children of invisible categories }
} else { $category->id = "0"; }

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

[ Permalink | « Hide ]

André Martins added a comment - 08/Mar/07 07:57 AM

Proposed Patch usage instructions:
For the patch that I described in my previous post to work I suggest that you:
1) create or modify a role that has the permissions:

View hidden courses (moodle/course:viewhiddencourses)
See hidden categories (moodle/category:visibility)
by setting them both to Allow.

2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them.

Example:
A site with 2 categories and 3 courses:
CategoryA [visible]

Course1 [visible]
Course2 [invisible]
CategoryB [invisible]
Course3 [invisible]

Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are:
a) you want to let the user se ALL hidden courses and categories
-> Assign the role SeeHidden site wide
Result: User will see Course2, CategoryB and Course3

b) you want the user to see onlu Course2
-> Assign the role SeeHidden to CategoryA
Result: as expected...

c) you want the user to see Course3
-> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him.
Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before)

I hope this helps.

André

[ Permalink | « Hide ]

Yu Zhang added a comment - 15/Mar/07 12:27 PM

Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.

[ Permalink | « Hide ]

Jessica Gramp added a comment - 16/Mar/07 08:04 AM

Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way.

Thanks in advance.

[ Permalink | « Hide ]

Yu Zhang added a comment - 16/Mar/07 10:07 AM

Hi Jessica,

Look for

View hidden courses
moodle/course:viewhiddencourses

on the page. Just do a search for either of these and you should fine it!

[ Permalink | « Hide ]

Jessica Gramp added a comment - 16/Mar/07 01:17 PM

Hi Yu,

Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing.

Thanks for your help

Jess

[ Permalink | « Hide ]

Jessica Gramp added a comment - 16/Mar/07 01:51 PM

Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief!

Thanks for your help Yu.

Jess

[ Permalink | « Hide ]

Frances Thomson added a comment - 04/Dec/07 12:55 AM

I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

All content on this web site is made available under the GNU General Public License, unless otherwise stated.