Moodle

Courses hidden to students does not allow editing teacher to see and edit it

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 1.7, 1.7.1
  • Fix Version/s: 1.7.2, 1.8, 1.9
  • Component/s: Roles / Access
  • Labels:
    None
  • Affected Branches:
    MOODLE_17_STABLE
  • Fixed Branches:
    MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

Description

To reproduce the bug:

0. login as admin
1. create a new course, select a user and give it a Role->Teacher permissions
2. set the course as "unavailbale to students"
3. now logoff and login as the editing teacher user defined at point 1
4. editing teacher cannot see nor edit the course

If you login as an Admin and uses the "Login as" function from whithin editing teacher user's profile, trying to access the course produce teh message "This course is not available to students".

Issue Links

This issue is duplicated by:
MDL-8632 Inconsistency in Teacher legacy role: view hidden courses Major Closed
MDL-9412 Teachers are able to change a setting that makes it so they can't access their own course. Minor Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jeff Wood added a comment -

I have verified this behaviour with my install.

Admins can see hidden course and teachers cannot.

Jeff

Show
Jeff Wood added a comment - I have verified this behaviour with my install. Admins can see hidden course and teachers cannot. Jeff
Hide
Permalink
Jenny Toller added a comment -

Jeff Wood found the solution to this:

Site Administration > Users > Permissions > Define roles

Teacher Role - Edit - Course area

Change moodle/course:viewhiddencourses from inherit to allow

Jenny

Show
Jenny Toller added a comment - Jeff Wood found the solution to this: Site Administration > Users > Permissions > Define roles Teacher Role - Edit - Course area Change moodle/course:viewhiddencourses from inherit to allow Jenny
Hide
Permalink
Dan Poltawski added a comment -

What I can't understand is that from my read of the capabilites system the teacher role should allow this by default:

'moodle/user:viewhiddendetails' => array(

'riskbitmask' => RISK_PERSONAL,

'captype' => 'read',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
'teacher' => CAP_ALLOW,
'editingteacher' => CAP_ALLOW,
'coursecreator' => CAP_ALLOW,
'admin' => CAP_ALLOW
)
),

Show
Dan Poltawski added a comment - What I can't understand is that from my read of the capabilites system the teacher role should allow this by default: 'moodle/user:viewhiddendetails' => array( 'riskbitmask' => RISK_PERSONAL, 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ),
Hide
Permalink
Jon Papaioannou added a comment -

Dan, you did the wrong copy/paste... Correct is around line 515:

'moodle/course:viewhiddencourses' => array(

'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
'admin' => CAP_ALLOW
)
),

Show
Jon Papaioannou added a comment - Dan, you did the wrong copy/paste... Correct is around line 515: 'moodle/course:viewhiddencourses' => array( 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'admin' => CAP_ALLOW ) ),
Hide
Permalink
Jon Papaioannou added a comment -

BUGFIX:

If you execute this SQL query:

INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` )
VALUES (
NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0'
);

The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'.

I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.

Show
Jon Papaioannou added a comment - BUGFIX: If you execute this SQL query: INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` ) VALUES ( NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0' ); The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'. I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.
Hide
Permalink
André Martins added a comment -

I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010).
I made several attempts to test, reproduce and overcome this issue:

  • setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller)
  • creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level
  • creating several combinations of depth in categories and courses (0 to 3)
    even then invisible categories and courses remained only visible to the administrator.

Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution.

Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug.

I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk

Proposed patch
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
File: lib/datalib.php
Line: 782

PATCH:
/**

  • Returns a sorted list of categories
    *
  • @param string $parent The parent category if any
  • @param string $sort the sortorder
  • @return array of categories
    */
    /// Patched by andre.martins [29/Feb/2007]
    function get_categories($parent='none', $sort='sortorder ASC') {

if ($parent === 'none') { $categories = get_records('course_categories', '', '', $sort); } else { $categories = get_records('course_categories', 'parent', $parent, $sort); }
if ($categories) { /// Remove unavailable categories from the list
$creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
// ----- Patch : New -> Testing if a user can see hidden categories
$hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
// *****
foreach ($categories as $key => $category) {
if (!$category->visible) {
// ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user
// is not a creator nor can see hidden categories
if (!$creator and !$hidden_category_allowed) { // ***** unset($categories[$key]); }
}
}
}
return $categories;
}
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
File: course/lib.php
Line: 1340

function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) {
/// Recursive function to print out all the categories in a nice format
/// with or without courses included
/// Patched by andre.martins [29/Feb/2007]

...... (Line: 1351)
if ($category) {
// ----- Patch: New -> Can the user view hidden categories?
$can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
// *****
// ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or
// can view hidden categories
if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))
or $can_view_hidden_categories) { // ***** print_category_info($category, $depth, $files); } else { return; // Don't bother printing children of invisible categories }
} else { $category->id = "0"; }

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Show
André Martins added a comment - I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010). I made several attempts to test, reproduce and overcome this issue:
  • setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller)
  • creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level
  • creating several combinations of depth in categories and courses (0 to 3) even then invisible categories and courses remained only visible to the administrator.
Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution. Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug. I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk Proposed patch \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ File: lib/datalib.php Line: 782 PATCH: /**
  • Returns a sorted list of categories *
  • @param string $parent The parent category if any
  • @param string $sort the sortorder
  • @return array of categories */ /// Patched by andre.martins [29/Feb/2007] function get_categories($parent='none', $sort='sortorder ASC') {
if ($parent === 'none') { $categories = get_records('course_categories', '', '', $sort); } else { $categories = get_records('course_categories', 'parent', $parent, $sort); } if ($categories) { /// Remove unavailable categories from the list $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ----- Patch : New -> Testing if a user can see hidden categories $hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ***** foreach ($categories as $key => $category) { if (!$category->visible) { // ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user // is not a creator nor can see hidden categories if (!$creator and !$hidden_category_allowed) { // ***** unset($categories[$key]); } } } } return $categories; } \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ File: course/lib.php Line: 1340 function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) { /// Recursive function to print out all the categories in a nice format /// with or without courses included /// Patched by andre.martins [29/Feb/2007] ...... (Line: 1351) if ($category) { // ----- Patch: New -> Can the user view hidden categories? $can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ***** // ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or // can view hidden categories if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) or $can_view_hidden_categories) { // ***** print_category_info($category, $depth, $files); } else { return; // Don't bother printing children of invisible categories } } else { $category->id = "0"; } \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Hide
Permalink
André Martins added a comment -

Proposed Patch usage instructions:
For the patch that I described in my previous post to work I suggest that you:
1) create or modify a role that has the permissions:

  • View hidden courses (moodle/course:viewhiddencourses)
  • See hidden categories (moodle/category:visibility)
    by setting them both to Allow.

2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them.

Example:
A site with 2 categories and 3 courses:
CategoryA [visible]

  • Course1 [visible]
  • Course2 [invisible]
    CategoryB [invisible]
  • Course3 [invisible]

Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are:
a) you want to let the user se ALL hidden courses and categories
-> Assign the role SeeHidden site wide
Result: User will see Course2, CategoryB and Course3

b) you want the user to see onlu Course2
-> Assign the role SeeHidden to CategoryA
Result: as expected...

c) you want the user to see Course3
-> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him.
Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before)

I hope this helps.

André

Show
André Martins added a comment - Proposed Patch usage instructions: For the patch that I described in my previous post to work I suggest that you: 1) create or modify a role that has the permissions:
  • View hidden courses (moodle/course:viewhiddencourses)
  • See hidden categories (moodle/category:visibility) by setting them both to Allow.
2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them. Example: A site with 2 categories and 3 courses: CategoryA [visible]
  • Course1 [visible]
  • Course2 [invisible] CategoryB [invisible]
  • Course3 [invisible]
Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are: a) you want to let the user se ALL hidden courses and categories -> Assign the role SeeHidden site wide Result: User will see Course2, CategoryB and Course3 b) you want the user to see onlu Course2 -> Assign the role SeeHidden to CategoryA Result: as expected... c) you want the user to see Course3 -> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him. Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before) I hope this helps. André
Hide
Permalink
Yu Zhang added a comment -

Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.

Show
Yu Zhang added a comment - Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.
Hide
Permalink
Jessica Gramp added a comment -

Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way.

Thanks in advance.

Show
Jessica Gramp added a comment - Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way. Thanks in advance.
Hide
Permalink
Yu Zhang added a comment -

Hi Jessica,

Look for

View hidden courses
moodle/course:viewhiddencourses

on the page. Just do a search for either of these and you should fine it!

Yu

Show
Yu Zhang added a comment - Hi Jessica, Look for View hidden courses moodle/course:viewhiddencourses on the page. Just do a search for either of these and you should fine it! Yu
Hide
Permalink
Jessica Gramp added a comment -

Hi Yu,

Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing.

Thanks for your help

Jess

Show
Jessica Gramp added a comment - Hi Yu, Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing. Thanks for your help Jess
Hide
Permalink
Jessica Gramp added a comment -

Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief!

Thanks for your help Yu.

Jess

Show
Jessica Gramp added a comment - Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief! Thanks for your help Yu. Jess
Hide
Permalink
Frances Thomson added a comment -

I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

Show
Frances Thomson added a comment - I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.