Details

    • Type: New Feature
    • Status: Reopened
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.7, 1.8, 1.9, 2.0, 2.5, 2.8.1, 2.9.4, 3.0.2
    • Fix Version/s: None
    • Component/s: Forum
    • Environment:
      All
    • Testing Instructions:
      Hide
      Pre-requisites
      1. create a new course
      2. set some profile pictures on your test users
      Testing instructions
      1. As editing teacher
        1. Add the recent activity block to the course
        2. create a forum
        3. at the bottom of the forum settings, enable a simple disguise
        4. post in the forum
          1. Confirm that you are posted as Anonymous
        5. navigate to the course front page
          1. Confirm that the disguise name are shown correctly in the recent activity block
        6. create a new forum using the predefined disguise type
          1. Confirm that you are redirect to the configuration page
      2. As a student
        1. Attempt to view the forum
          1. Confirm that you get an error (this needs to be improved)
      3. As editing teacher
        1. Create a copy of the animal set (sorry this page is not yet complete)
        2. Navigate back to the forum
          1. Confirm that you were assigned a role
        3. Post in the forum
          1. Confirm that you are posted as your role
        4. Navigate to the course front page
          1. Confirm that the disguise name are shown correctly in the recent activity block
      4. As a student
        1. View the forum
          1. Confirm that the forum post is listed under the same disguise as the teacher had a moment ago
          2. Confirm that you have been assigned a random identity in the user menu
        2. Post in the forum
          1. Confirm that the forum post is listed under your disguise
      5. As editing teacher
        1. View the forum
          1. Confirm that the forum post is listed under the same disguise as the student had a moment ago
          2. Confirm that the settings menu has a 'Configure disguise' section, but no disguise menu and no 'Reveal user disguise' item
        2. Edit the forum and change the "Show user's real identity alongside their disguise" setting to "Identity restricted to certain users"
        3. View the forum
          1. Confirm that the settings menu has a 'Disguise' sub-menu containing links for 'Configure disguise' section, and 'Reveal user disguise'
        4. Try the "Reveal user disguise" link
          1. Confirm that you are now able to see the user's original identity next to their disguise name, and their own user profile picture.
        5. Try the "Hide user identity" link
          1. Confirm that you are no longer able to see the user's original identity next to their disguise name, and their own user profile picture.
        6. Edit the settings again and set:
          1. "Show user's real identity alongside their disguise" setting to "Identity hidden"
          2. "Stop disguising user from" setting to a value in the future
          3. Confirm that you are not able to see the user's original identity next to their disguise name, and their own user profile picture.
      6. As a student
        1. Confirm that you are not able to see the user's original identity next to their disguise name, and their own user profile picture.
      7. As editing teacher
        1. Edit the settings again and set:
          1. "Stop disguising user from" setting to a value in the past
        2. Confirm that you are now able to see the user's original identity next to their disguise name, and their own user profile picture.
      8. As a student
        1. Confirm that you are also now able to see the user's original identity next to their disguise name, and their own user profile picture.
      9. As editing teacher
        1. View the course log for each of your forums
          1. Confirm that there are no long entries listed
        2. Edit the settings again and set:
          1. "Stop disguising user from" setting to disabled
          2. "Log anonymously" to disabled
          3. "Prevent changes to this disguise" to true
        3. Edit the settings again
          1. Confirm that you are unable to make any change to the disguise settings
        4. Post again in the forum
        5. View the forum index and discussion
        6. Click on the 'Disguise configuration' link
          1. Confirm that you can still make changes to items (it should be possible to make changes to this part of the disguise even when the disguise settings are locked)
      10. As a student
        1. Reply to some posts etc. Generate activity
      11. As editing teacher
        1. View the course log for the forum you enabled logging on
          1. Confirm that there are log entries for the period since you enabled logging
      12. As Administrator
        1. Edit the forum settings
          1. Confirm that you are able to untick the disguise lock
        2. Save changes and edit the forum settings again
        3. Confirm that the settings are now editable again
        4. View the forum
          1. Confirm that the settings menu has a 'Disguise' sub-menu containing links for 'Configure disguise' section, and 'Reveal user disguise'
        5. Toggle the 'Reveal user disguise'
          1. Confirm that you can see the real identity
      Show
      Pre-requisites create a new course set some profile pictures on your test users Testing instructions As editing teacher Add the recent activity block to the course create a forum at the bottom of the forum settings, enable a simple disguise post in the forum Confirm that you are posted as Anonymous navigate to the course front page Confirm that the disguise name are shown correctly in the recent activity block create a new forum using the predefined disguise type Confirm that you are redirect to the configuration page As a student Attempt to view the forum Confirm that you get an error (this needs to be improved) As editing teacher Create a copy of the animal set (sorry this page is not yet complete) Navigate back to the forum Confirm that you were assigned a role Post in the forum Confirm that you are posted as your role Navigate to the course front page Confirm that the disguise name are shown correctly in the recent activity block As a student View the forum Confirm that the forum post is listed under the same disguise as the teacher had a moment ago Confirm that you have been assigned a random identity in the user menu Post in the forum Confirm that the forum post is listed under your disguise As editing teacher View the forum Confirm that the forum post is listed under the same disguise as the student had a moment ago Confirm that the settings menu has a 'Configure disguise' section, but no disguise menu and no 'Reveal user disguise' item Edit the forum and change the "Show user's real identity alongside their disguise" setting to "Identity restricted to certain users" View the forum Confirm that the settings menu has a 'Disguise' sub-menu containing links for 'Configure disguise' section, and 'Reveal user disguise' Try the "Reveal user disguise" link Confirm that you are now able to see the user's original identity next to their disguise name, and their own user profile picture. Try the "Hide user identity" link Confirm that you are no longer able to see the user's original identity next to their disguise name, and their own user profile picture. Edit the settings again and set: "Show user's real identity alongside their disguise" setting to "Identity hidden" "Stop disguising user from" setting to a value in the future Confirm that you are not able to see the user's original identity next to their disguise name, and their own user profile picture. As a student Confirm that you are not able to see the user's original identity next to their disguise name, and their own user profile picture. As editing teacher Edit the settings again and set: "Stop disguising user from" setting to a value in the past Confirm that you are now able to see the user's original identity next to their disguise name, and their own user profile picture. As a student Confirm that you are also now able to see the user's original identity next to their disguise name, and their own user profile picture. As editing teacher View the course log for each of your forums Confirm that there are no long entries listed Edit the settings again and set: "Stop disguising user from" setting to disabled "Log anonymously" to disabled "Prevent changes to this disguise" to true Edit the settings again Confirm that you are unable to make any change to the disguise settings Post again in the forum View the forum index and discussion Click on the 'Disguise configuration' link Confirm that you can still make changes to items (it should be possible to make changes to this part of the disguise even when the disguise settings are locked) As a student Reply to some posts etc. Generate activity As editing teacher View the course log for the forum you enabled logging on Confirm that there are log entries for the period since you enabled logging As Administrator Edit the forum settings Confirm that you are able to untick the disguise lock Save changes and edit the forum settings again Confirm that the settings are now editable again View the forum Confirm that the settings menu has a 'Disguise' sub-menu containing links for 'Configure disguise' section, and 'Reveal user disguise' Toggle the 'Reveal user disguise' Confirm that you can see the real identity
    • Affected Branches:
      MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_25_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • Pull Master Branch:
      MDL-1071-master

      Description

      Please add this as option for special forums, maybe when creating a forum, an option is checked, anonymus allowed

      Thanks Peter

        Gliffy Diagrams

        1. anonymous_forums_197.patch
          32 kB
          Jason Meinzer
        2. anonymous_forums_203.patch
          33 kB
          Chris Wharton
        3. anonymous_forums_203.patch
          5 kB
          Chris Wharton
        4. anonymous_forums_rev1.patch
          17 kB
          Jason Meinzer
        5. anonymous_forums_rev2.patch
          16 kB
          Jason Meinzer
        6. anonymous_forums_rev2p1.patch
          14 kB
          Hubert Chathi
        7. anonymous_forums_rev2p2.patch
          15 kB
          Hubert Chathi
        8. anonymous_forums_rev2p2.patch
          15 kB
          Hubert Chathi
        9. anonymous_forums_rev2p3.patch
          23 kB
          Hubert Chathi
        10. anonymous_forums.patch
          16 kB
          Jason Meinzer
        11. MDL-1071_restoreable.patch
          2 kB
          Chris Wharton
        12. MDL-1071.patch
          40 kB
          Chris Wharton
        13. uow-rss.patch
          0.7 kB
          Dean Stringer
        1. anonymous.png
          3 kB
        2. disguise_basic_config.png
          264 kB
        3. disguise_basic_forum_discussion.png
          138 kB
        4. disguise_basic_forum_index.png
          107 kB
        5. disguise_config_predefined_forced.png
          61 kB
        6. disguise_predefined_config_locked.png
          58 kB
        7. disguise_predefined_config.png
          312 kB
        8. disguise_predefined_forum_discussion.png
          119 kB
        9. disguise_predefined_forum_index.png
          101 kB
        10. disguise_predefined_shown_role_forum_discussion.png
          145 kB
        11. disguise_predefined_shown_role_forum_index.png
          106 kB
        12. disguise_unset.png
          51 kB
        13. recent_activity.png
          61 kB

          Activity

          Hide
          dougiamas Martin Dougiamas added a comment -

          From Robert (rjb at robelko.com) Friday, 13 May 2005, 03:01 AM:

          A more generic solution would be to add a parameter specifying the type for each forum:

          a. normal forum

          b. anonymous forum

          c. normal forum with anonymous posts allowed

          In case c, users should be presented an extra button to post either under their name or anonymously. In case b, the submit button should probably be renamed to sth like post anonymously to forum.

          Moodle would store posts as it does now but in case b (for all posts) and c (for posts requested to be anonymous) set a flag in the database (an extra field) that marks a given post as anonymous.

          The code that displays posts would check this flag and use a different branch to display them, giving user name as anonymous and using the generic user image.

          The mail sending code would also have to have a branch to specify sender as anonymous <noreply@xxx.yyy>.

          This would eliminate extensive changes in other library functions as suggested in Timothy's hack (cf http://moodle.org/mod/forum/discuss.php?d=22530).

          This would also eliminate a need for signing up under dummy names, thus allowing otherwise normal use of other course activities, and in extreme cases it would allow admins to track down users making inappropriate posts.

          Show
          dougiamas Martin Dougiamas added a comment - From Robert (rjb at robelko.com) Friday, 13 May 2005, 03:01 AM: A more generic solution would be to add a parameter specifying the type for each forum: a. normal forum b. anonymous forum c. normal forum with anonymous posts allowed In case c, users should be presented an extra button to post either under their name or anonymously. In case b, the submit button should probably be renamed to sth like post anonymously to forum. Moodle would store posts as it does now but in case b (for all posts) and c (for posts requested to be anonymous) set a flag in the database (an extra field) that marks a given post as anonymous. The code that displays posts would check this flag and use a different branch to display them, giving user name as anonymous and using the generic user image. The mail sending code would also have to have a branch to specify sender as anonymous <noreply@xxx.yyy>. This would eliminate extensive changes in other library functions as suggested in Timothy's hack (cf http://moodle.org/mod/forum/discuss.php?d=22530 ). This would also eliminate a need for signing up under dummy names, thus allowing otherwise normal use of other course activities, and in extreme cases it would allow admins to track down users making inappropriate posts.
          Hide
          dougiamas Martin Dougiamas added a comment -

          Assigning to me temporarily because Vy-Shane no longer works for Moodle HQ.

          Show
          dougiamas Martin Dougiamas added a comment - Assigning to me temporarily because Vy-Shane no longer works for Moodle HQ.
          Hide
          jimmyp James Phillips added a comment - - edited

          This would be a massively useful feature in Japan and I am very keen to see this.

          I am slightly depressed to see this marked as "trivial". This is a very, very important feature in Japan, where forums basically don't work if they are not anonymous.

          Show
          jimmyp James Phillips added a comment - - edited This would be a massively useful feature in Japan and I am very keen to see this. I am slightly depressed to see this marked as "trivial". This is a very, very important feature in Japan, where forums basically don't work if they are not anonymous.
          Hide
          stuartmanderson Stuart Anderson added a comment -

          I think this would be useful in many contexts all over the world. In my University we use the forums for trying to get feedback from students for our Staff-Student committee. Without an anonymous forum, students are reluctant to express opinions which may be deemed "controversial". Also, we have a high number of Asian (particularly Chinese) students whom are less comfortable speaking out.

          I vote whole heartedly for this feature to be added to moodle.

          Thanks,

          Stuart Anderson,
          University of Manchester.

          Show
          stuartmanderson Stuart Anderson added a comment - I think this would be useful in many contexts all over the world. In my University we use the forums for trying to get feedback from students for our Staff-Student committee. Without an anonymous forum, students are reluctant to express opinions which may be deemed "controversial". Also, we have a high number of Asian (particularly Chinese) students whom are less comfortable speaking out. I vote whole heartedly for this feature to be added to moodle. Thanks, Stuart Anderson, University of Manchester.
          Hide
          lafayettenuke Kenneth Newquist added a comment -

          Our faculty are also interested in seeing such a feature added to forums.

          Ken Newquist
          Lafayette College

          Show
          lafayettenuke Kenneth Newquist added a comment - Our faculty are also interested in seeing such a feature added to forums. Ken Newquist Lafayette College
          Hide
          hansdezwart Hans de Zwart added a comment -

          We also have a client who will be interested in having this option.

          Show
          hansdezwart Hans de Zwart added a comment - We also have a client who will be interested in having this option.
          Hide
          brownj@aa.edu Jill R Brown, PhD added a comment -

          We have school counselors who are interested in this option. What is the status?

          Jill Brown, Director of Educational Technology

          Show
          brownj@aa.edu Jill R Brown, PhD added a comment - We have school counselors who are interested in this option. What is the status? Jill Brown, Director of Educational Technology
          Hide
          meinzerj Jason Meinzer added a comment -

          Attached is a patch against 1.9 that implements anonymous forums as described in the first comment. The patch is incomplete in that it lacks database migration hooks, but these should be simple for a more experienced Moodle developer to add The new columns to support this feature are:

          forum:
          anonymous int2 DEFAULT 0, – 0, 1, 2 = no, yes, optional

          forum_posts:
          anonymous int2 DEFAULT 0

          When creating a forum, you can now specify if posts should be anonymous, not anonymous, or optionally anonymous. In the latter case, users are presented with a checkbox that they can tick if they want their post to be anonymous.

          Anonymous posts get hidden from the post history on the user's profile, as well as the recent activity block and recent activity full report. When displayed and emailed, the anonymous posts are attributed to the name specified in $CFG->anonymous_name (e.g. 'Anonymous Student'), with current_theme()/pix/anonymous.png used as their picture.

          If anyone discovers or knows of other areas where anonymous forum posts would be displayed improperly please let me know.

          Show
          meinzerj Jason Meinzer added a comment - Attached is a patch against 1.9 that implements anonymous forums as described in the first comment. The patch is incomplete in that it lacks database migration hooks, but these should be simple for a more experienced Moodle developer to add The new columns to support this feature are: forum: anonymous int2 DEFAULT 0, – 0, 1, 2 = no, yes, optional forum_posts: anonymous int2 DEFAULT 0 When creating a forum, you can now specify if posts should be anonymous, not anonymous, or optionally anonymous. In the latter case, users are presented with a checkbox that they can tick if they want their post to be anonymous. Anonymous posts get hidden from the post history on the user's profile, as well as the recent activity block and recent activity full report. When displayed and emailed, the anonymous posts are attributed to the name specified in $CFG->anonymous_name (e.g. 'Anonymous Student'), with current_theme()/pix/anonymous.png used as their picture. If anyone discovers or knows of other areas where anonymous forum posts would be displayed improperly please let me know.
          Hide
          stuartmanderson Stuart Anderson added a comment -

          Well done Jason. I think this would be a highly valuable addition to the forum behaviour and strongly feel it should be patched into the moodle 2.0 development code early on. It will provide a means for our shy international students to contribute their opinions without being identified.

          Thanks again for all your work.

          Show
          stuartmanderson Stuart Anderson added a comment - Well done Jason. I think this would be a highly valuable addition to the forum behaviour and strongly feel it should be patched into the moodle 2.0 development code early on. It will provide a means for our shy international students to contribute their opinions without being identified. Thanks again for all your work.
          Hide
          meinzerj Jason Meinzer added a comment -

          Revised my first patch to fix the following issues:

          • "Last post" column was still displaying user's real name
          • Anonymous posts were hidden in recent activity, they now appear attributed to $CFG->anonymous_name
          • Anonymous posts were hidden in the recent activity full report, they now appear attributed to $CFG->anonymous_name
          Show
          meinzerj Jason Meinzer added a comment - Revised my first patch to fix the following issues: "Last post" column was still displaying user's real name Anonymous posts were hidden in recent activity, they now appear attributed to $CFG->anonymous_name Anonymous posts were hidden in the recent activity full report, they now appear attributed to $CFG->anonymous_name
          Hide
          nadavkav Nadav Kavalerchik added a comment -

          does this patch allow guest users to post ?

          Show
          nadavkav Nadav Kavalerchik added a comment - does this patch allow guest users to post ?
          Hide
          meinzerj Jason Meinzer added a comment -

          No this patch allows authenticated users to make posts which are flagged as "anonymous" if the forum settings allow it. These posts are all displayed as belonging to a fake anonymous user, but they still belong to real users. The patch implements all the behaviors described in Martin's post.

          Show
          meinzerj Jason Meinzer added a comment - No this patch allows authenticated users to make posts which are flagged as "anonymous" if the forum settings allow it. These posts are all displayed as belonging to a fake anonymous user, but they still belong to real users. The patch implements all the behaviors described in Martin's post.
          Hide
          pser2000 Peter Sereinigg added a comment -

          The problem will be, that we have to change the core code and updates will be more difficulty, therefore a solution would be fine, where this feature is part of the core
          Peter

          Show
          pser2000 Peter Sereinigg added a comment - The problem will be, that we have to change the core code and updates will be more difficulty, therefore a solution would be fine, where this feature is part of the core Peter
          Hide
          meinzerj Jason Meinzer added a comment -

          I too would like to see this patch applied to core.

          Show
          meinzerj Jason Meinzer added a comment - I too would like to see this patch applied to core.
          Hide
          hchathi Hubert Chathi added a comment -

          I'm attaching a patch (anonymous_forums_rev2p1.patch) that:

          • add database migration hooks (only for Moodle 1.9 – won't work with Moodle 2.0 since 2.0 has a higher module version)
          • if you do a forum search on a user, all their anonymous posts would show up- renames $CFG->anonymous_name to $CFG->forum_anonymousname (to conform to the other forum configuration variables) and adds a configuration element to the Forum configuration
          • fixes two issues:
          • if a user starts a forum with an anonymous post, and nobody has replied yet, then their name was still revealed in the "last post" column
          • if someone does a forum search for a user, then all the user's anonymous posts would still show up

          The patch applies on top of Jason's anonymous_forums_rev2.patch.

          Show
          hchathi Hubert Chathi added a comment - I'm attaching a patch (anonymous_forums_rev2p1.patch) that: add database migration hooks (only for Moodle 1.9 – won't work with Moodle 2.0 since 2.0 has a higher module version) if you do a forum search on a user, all their anonymous posts would show up- renames $CFG->anonymous_name to $CFG->forum_anonymousname (to conform to the other forum configuration variables) and adds a configuration element to the Forum configuration fixes two issues: if a user starts a forum with an anonymous post, and nobody has replied yet, then their name was still revealed in the "last post" column if someone does a forum search for a user, then all the user's anonymous posts would still show up The patch applies on top of Jason's anonymous_forums_rev2.patch.
          Hide
          hchathi Hubert Chathi added a comment -
          • add database migration hooks (only for Moodle 1.9 – won't work with Moodle 2.0 since 2.0 has a higher module version)
          • if you do a forum search on a user, all their anonymous posts would show up- renames $CFG->anonymous_name to $CFG->forum_anonymousname (to conform to the other forum configuration variables) and adds a configuration element to the Forum configuration
          • fixes two issues:
          • if a user starts a forum with an anonymous post, and nobody has replied yet, then their name was still revealed in the "last post" column
          • if someone does a forum search for a user, then all the user's anonymous posts would still show up

          patch applies on top of anonymous_forums_rev2.patch

          Show
          hchathi Hubert Chathi added a comment - add database migration hooks (only for Moodle 1.9 – won't work with Moodle 2.0 since 2.0 has a higher module version) if you do a forum search on a user, all their anonymous posts would show up- renames $CFG->anonymous_name to $CFG->forum_anonymousname (to conform to the other forum configuration variables) and adds a configuration element to the Forum configuration fixes two issues: if a user starts a forum with an anonymous post, and nobody has replied yet, then their name was still revealed in the "last post" column if someone does a forum search for a user, then all the user's anonymous posts would still show up patch applies on top of anonymous_forums_rev2.patch
          Hide
          hchathi Hubert Chathi added a comment -

          New patch (anonymous_forums_rev2p2.patch) that also masks user names for anonymous posts in the global search. Again, it applies on top of anonymous_forums_rev2.patch (but includes my previous patch).

          Show
          hchathi Hubert Chathi added a comment - New patch (anonymous_forums_rev2p2.patch) that also masks user names for anonymous posts in the global search. Again, it applies on top of anonymous_forums_rev2.patch (but includes my previous patch).
          Hide
          dougiamas Martin Dougiamas added a comment -

          Shane Elliott was working on something like this, but we'd planned it to work for everywhere in Moodle. Shane, this could be useful to look at.

          Show
          dougiamas Martin Dougiamas added a comment - Shane Elliott was working on something like this, but we'd planned it to work for everywhere in Moodle. Shane, this could be useful to look at.
          Hide
          hchathi Hubert Chathi added a comment -

          Anonymity support that would apply everywhere in Moodle would be good. Some things are very hard to do just in a single module.

          Here is my patch #3 (anonymous_forums_rev2p3.patch, which applies on top of anonymous_forums_rev2.patch), which fixes the following issues:

          • anonymize RSS feeds
          • don't count anonymous posts in user's post count (can give clues about who wrote an anonymous post)
          • don't show anonymous posts in user's full report
          • don't show anonymous posts in user's recent activity
          • update anonymous post status when post is updated (in case forum setting was changed)
          • post author was still revealed in digest emails

          Remaining issues that I'm aware of:

          • if you set the anonymity setting of the forum, and later change it (e.g. from always anonymous to never anonymous), then that setting is not honoured in all places (e.g. in searches)
          • when an anonymous post is mailed, the custom mail headers are not set. This is due to $userfrom being assigned to a string, which discards $userfrom->customheaders. Without making changes to email_to_user, the only way to fix this is to, instead of assigning $userfrom to a string, do something like assign $userfrom->firstname to $CFG->forum_anonymousname, $userfrom->lastname to '', and $userfrom->email to $CFG->noreplyaddress.
          • some forum types probably don't make sense with some anonymity types. e.g. "Q and A forum" and "Each person posts one discussion" e.g.:
            • should anonymous posts count as the "one discussion topic" that each person is allowed to post? Right now, it does. It probably doesn't make sense to allow anonymous posts to start topics in these forum types, even if you want to allow other posts to be anonymous.

          Moral of the story: anonymity is very hard to do.

          Show
          hchathi Hubert Chathi added a comment - Anonymity support that would apply everywhere in Moodle would be good. Some things are very hard to do just in a single module. Here is my patch #3 (anonymous_forums_rev2p3.patch, which applies on top of anonymous_forums_rev2.patch), which fixes the following issues: anonymize RSS feeds don't count anonymous posts in user's post count (can give clues about who wrote an anonymous post) don't show anonymous posts in user's full report don't show anonymous posts in user's recent activity update anonymous post status when post is updated (in case forum setting was changed) post author was still revealed in digest emails Remaining issues that I'm aware of: if you set the anonymity setting of the forum, and later change it (e.g. from always anonymous to never anonymous), then that setting is not honoured in all places (e.g. in searches) when an anonymous post is mailed, the custom mail headers are not set. This is due to $userfrom being assigned to a string, which discards $userfrom->customheaders. Without making changes to email_to_user, the only way to fix this is to, instead of assigning $userfrom to a string, do something like assign $userfrom->firstname to $CFG->forum_anonymousname, $userfrom->lastname to '', and $userfrom->email to $CFG->noreplyaddress. some forum types probably don't make sense with some anonymity types. e.g. "Q and A forum" and "Each person posts one discussion" e.g.: should anonymous posts count as the "one discussion topic" that each person is allowed to post? Right now, it does. It probably doesn't make sense to allow anonymous posts to start topics in these forum types, even if you want to allow other posts to be anonymous. Moral of the story: anonymity is very hard to do.
          Hide
          ikawhero Shane Elliott added a comment -

          Hi, finally catching up on some of my dev plans/work. Martin and I had discussed an anonymous mode in moodle that would work for all the activities. The basic idea being that "teachers" could switch an activity (forum, chat, etc) into anonymous mode. There would also be capabilities that would determine who could view the real name of users. Users could either add an anonymous name in their profile or moodle would revert to a language string eg "Anonymous"

          Many thanks for the patches and comments. At a quick glance I think there is some important work and ideas done here. I'll start some documention at the docs site as soon as I can and then post the link back here and hopefully we can get the ball rolling on this.

          Show
          ikawhero Shane Elliott added a comment - Hi, finally catching up on some of my dev plans/work. Martin and I had discussed an anonymous mode in moodle that would work for all the activities. The basic idea being that "teachers" could switch an activity (forum, chat, etc) into anonymous mode. There would also be capabilities that would determine who could view the real name of users. Users could either add an anonymous name in their profile or moodle would revert to a language string eg "Anonymous" Many thanks for the patches and comments. At a quick glance I think there is some important work and ideas done here. I'll start some documention at the docs site as soon as I can and then post the link back here and hopefully we can get the ball rolling on this.
          Hide
          paul.fynn Paul Fynn added a comment -

          Important to my students, who don't want to appear foolish by asking the wrong questions. As a quick suggestion, would a line of least resistance be to make 'anonymous' an actual user id and replace the users id with the new anonymous ID? Just a thought.

          Show
          paul.fynn Paul Fynn added a comment - Important to my students, who don't want to appear foolish by asking the wrong questions. As a quick suggestion, would a line of least resistance be to make 'anonymous' an actual user id and replace the users id with the new anonymous ID? Just a thought.
          Hide
          hchathi Hubert Chathi added a comment -

          It all depends on what level of anonymity you want. If you want it to be impossible to recover the true identity, then yes, you would replace the user's ID with the anonymous user's ID in the database. However, it seems like the way Moodle wants to do things is to keep the user's ID in the database, so that the identity can be recovered, which means that a lot of obfuscation needs to be done.

          Show
          hchathi Hubert Chathi added a comment - It all depends on what level of anonymity you want. If you want it to be impossible to recover the true identity, then yes, you would replace the user's ID with the anonymous user's ID in the database. However, it seems like the way Moodle wants to do things is to keep the user's ID in the database, so that the identity can be recovered, which means that a lot of obfuscation needs to be done.
          Hide
          chuang Wen Hao Chuang added a comment -

          I don't think this should be trivial, so I'm bumping up the priority level (if I may) to reflect the # of votes and so on. thanks!

          Show
          chuang Wen Hao Chuang added a comment - I don't think this should be trivial, so I'm bumping up the priority level (if I may) to reflect the # of votes and so on. thanks!
          Hide
          nadavkav Nadav Kavalerchik added a comment -

          teachers asked my about anonimity in the Questionnaire activity module
          (it is in the contrib section and it does not come default with fresh moodle install)
          http://cvs.moodle.org/contrib/plugins/mod/questionnaire/

          it is a great module for getting student's feedback and most of them would like to
          give that feedback anonymously (so say the teachers)

          so please consider that module in your future patches (if you can)

          Show
          nadavkav Nadav Kavalerchik added a comment - teachers asked my about anonimity in the Questionnaire activity module (it is in the contrib section and it does not come default with fresh moodle install) http://cvs.moodle.org/contrib/plugins/mod/questionnaire/ it is a great module for getting student's feedback and most of them would like to give that feedback anonymously (so say the teachers) so please consider that module in your future patches (if you can)
          Hide
          deeknow Dean Stringer added a comment -

          minor patch to fix the RSS anonymous checking, need to check the forum property not the record one in the second conditional check

          Show
          deeknow Dean Stringer added a comment - minor patch to fix the RSS anonymous checking, need to check the forum property not the record one in the second conditional check
          Hide
          aborrow Anthony Borrow added a comment -

          I had a personal friend recently ask about this functionality and stumbled across this link that includes some code at Reed (http://blogs.reed.edu/moodle/2008/04/anonymous-forums.html). I did not realize this was a top 10 in popularity issue. Hopefully I will get a chance to review and play with the code. I would have no problem adding it as a forum_anonymous patch for Moodle 1.9 and advocating for it as a new feature in Moodle 2.0. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - I had a personal friend recently ask about this functionality and stumbled across this link that includes some code at Reed ( http://blogs.reed.edu/moodle/2008/04/anonymous-forums.html ). I did not realize this was a top 10 in popularity issue. Hopefully I will get a chance to review and play with the code. I would have no problem adding it as a forum_anonymous patch for Moodle 1.9 and advocating for it as a new feature in Moodle 2.0. Peace - Anthony
          Hide
          paul.fynn Paul Fynn added a comment -

          Just to note that in order for the current anonymous questionnaire to be truly anonymous, the time of completion needs to be removed from the report (allows response to be linked to login time of teh respondent)

          Show
          paul.fynn Paul Fynn added a comment - Just to note that in order for the current anonymous questionnaire to be truly anonymous, the time of completion needs to be removed from the report (allows response to be linked to login time of teh respondent)
          Hide
          meinzerj Jason Meinzer added a comment -

          This is a new patch that applies cleanly against 1.9.7. It contains all previous patches posted to this thread (thanks y'all!). It also adds a help entry and some explanatory text on the forum editing page explaining the limitations to the "anonymity".

          Show
          meinzerj Jason Meinzer added a comment - This is a new patch that applies cleanly against 1.9.7. It contains all previous patches posted to this thread (thanks y'all!). It also adds a help entry and some explanatory text on the forum editing page explaining the limitations to the "anonymity".
          Hide
          tsala Helen Foster added a comment -

          Just adding a link to Shane's documentation: http://docs.moodle.org/en/Development:Anonymous_Users

          Show
          tsala Helen Foster added a comment - Just adding a link to Shane's documentation: http://docs.moodle.org/en/Development:Anonymous_Users
          Hide
          aborrow Anthony Borrow added a comment -

          Along the lines of Paul Flynn's comment, there is sometimes a competing interest here between anonymous activities and logging of activity. Generally speaking, I think it is good practice to log all activity. In fact, I would want an admin to specifically turn logging off for anonymous activities. I realize that what Shane proposes is to allow non-privileged users; however, I remember in working on the anonymization of feedbacks that teachers wanted to be able to see if a student had in fact completed an activity and this is important especially as we move toward Moodle 2.0 with conditional activities. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - Along the lines of Paul Flynn's comment, there is sometimes a competing interest here between anonymous activities and logging of activity. Generally speaking, I think it is good practice to log all activity. In fact, I would want an admin to specifically turn logging off for anonymous activities. I realize that what Shane proposes is to allow non-privileged users; however, I remember in working on the anonymization of feedbacks that teachers wanted to be able to see if a student had in fact completed an activity and this is important especially as we move toward Moodle 2.0 with conditional activities. Peace - Anthony
          Hide
          pilpi Olli Savolainen added a comment -

          When there is an option to post with one's own name or anonymously, I have an educated hunch there should be a checkbox "post anonymously" instead of an extra button, for clarity - if it is an option, make it look like an option and not a command - this way, users can ignore the option that is, after all, optional - instead of being slowed down to figure out which of the buttons they should press.

          I did not take a look at the patch to see how it does it at the moment, though so this may be an useless comment. (My environment is sort of slow to fire up things just to check things like this out, should probably get that fixed.)

          Show
          pilpi Olli Savolainen added a comment - When there is an option to post with one's own name or anonymously, I have an educated hunch there should be a checkbox "post anonymously" instead of an extra button, for clarity - if it is an option, make it look like an option and not a command - this way, users can ignore the option that is, after all, optional - instead of being slowed down to figure out which of the buttons they should press. I did not take a look at the patch to see how it does it at the moment, though so this may be an useless comment. (My environment is sort of slow to fire up things just to check things like this out, should probably get that fixed.)
          Hide
          mbrown Mark Brown added a comment -

          This is a really valuable option to support online role-plays where people take on a different name and role. Strong support in the pedagogical literature for this approach and a limitation of Moodle over what WebCT and BB offer.

          Show
          mbrown Mark Brown added a comment - This is a really valuable option to support online role-plays where people take on a different name and role. Strong support in the pedagogical literature for this approach and a limitation of Moodle over what WebCT and BB offer.
          Hide
          aborrow Anthony Borrow added a comment -

          Mark - I'm just curious why a teacher could not create generic user accounts for the different role plays (for example, Superman, Spiderman, Wonder Woman, etc.) and let the students log in with those usernames and passwords? Along similar lines, you could create a user and give the students the ability to login as the role (i.e. Superman). The issue is verifying that it is in fact your students that are role playing. If I want folks to role play, at least as I conceptualize role playing from my counselor training days, I could create a forum and ask particular students to take on a particular role. Personally, I would still want to know the real identity of those students so that I can give them credit for their work. Could you provide a link to some of the relevant pedagogical literature so that I can get a better understanding of how this might really work? Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - Mark - I'm just curious why a teacher could not create generic user accounts for the different role plays (for example, Superman, Spiderman, Wonder Woman, etc.) and let the students log in with those usernames and passwords? Along similar lines, you could create a user and give the students the ability to login as the role (i.e. Superman). The issue is verifying that it is in fact your students that are role playing. If I want folks to role play, at least as I conceptualize role playing from my counselor training days, I could create a forum and ask particular students to take on a particular role. Personally, I would still want to know the real identity of those students so that I can give them credit for their work. Could you provide a link to some of the relevant pedagogical literature so that I can get a better understanding of how this might really work? Peace - Anthony
          Hide
          meinzerj Jason Meinzer added a comment -

          Olli - This patch adds a checkbox as you suggest. When creating the forum, you get the option of allowing anonymity or forcing it. If anonymity is allowed but optional, the checkbox will appear when posting. If it is forced or not allowed, the checkbox does not appear. This is actually presented as three options when creating the forum: "Yes, always" "Yes, optional", and "No, never".

          Anthony - Installations which use external authentication sources such as LDAP and/or Kerberos typically do not allow end users (even teachers) to create user accounts as it complicates things for the sysadmins. I don't see creating extra usernames and passwords as a sustainable solution to this issue; as it stands now this patch preserves the identity of the users since the normal Moodle auditing trail is preserved, just hidden to most users.

          Show
          meinzerj Jason Meinzer added a comment - Olli - This patch adds a checkbox as you suggest. When creating the forum, you get the option of allowing anonymity or forcing it. If anonymity is allowed but optional, the checkbox will appear when posting. If it is forced or not allowed, the checkbox does not appear. This is actually presented as three options when creating the forum: "Yes, always" "Yes, optional", and "No, never". Anthony - Installations which use external authentication sources such as LDAP and/or Kerberos typically do not allow end users (even teachers) to create user accounts as it complicates things for the sysadmins. I don't see creating extra usernames and passwords as a sustainable solution to this issue; as it stands now this patch preserves the identity of the users since the normal Moodle auditing trail is preserved, just hidden to most users.
          Hide
          abautu Andrei Bautu added a comment -

          Maybe the anonymous user name should be a translatable string (instead of $CFG property).

          Also, the text "Anonymous posts are not truly anonymous – the instructor can reveal the authors' names at any time. Click on the "?" icon above for further details." should be translatable.

          I'm using the patch for 1.9.7. It's really nice. Thank you!

          Show
          abautu Andrei Bautu added a comment - Maybe the anonymous user name should be a translatable string (instead of $CFG property). Also, the text "Anonymous posts are not truly anonymous – the instructor can reveal the authors' names at any time. Click on the "?" icon above for further details." should be translatable. I'm using the patch for 1.9.7. It's really nice. Thank you!
          Hide
          dustin.chew Dustin Chew added a comment -

          Has anyone got this patch to work on Moodle 1.9.9+ I have the option but it does not work.

          Show
          dustin.chew Dustin Chew added a comment - Has anyone got this patch to work on Moodle 1.9.9+ I have the option but it does not work.
          Hide
          bayne Bayne McLaughlin added a comment -

          I have applied this to 1.9.7 and can not get it to work. The option is present in the forum settings but doesn't work. If I set it to anything other than "no, never" nothing changes and if I re-check the settings it still says "no, never" next to "Anonymize posts?"

          Show
          bayne Bayne McLaughlin added a comment - I have applied this to 1.9.7 and can not get it to work. The option is present in the forum settings but doesn't work. If I set it to anything other than "no, never" nothing changes and if I re-check the settings it still says "no, never" next to "Anonymize posts?"
          Hide
          meinzerj Jason Meinzer added a comment -

          Bayne, you need to add two columns to your database schema since the patch does not create these for you:

          The mdl_forum table needs an integer column called "anonymous"
          The mdl_forum_posts table needs an integer column called "anonymous"

          Anyone who is having problems should double-check that they have done this.

          Show
          meinzerj Jason Meinzer added a comment - Bayne, you need to add two columns to your database schema since the patch does not create these for you: The mdl_forum table needs an integer column called "anonymous" The mdl_forum_posts table needs an integer column called "anonymous" Anyone who is having problems should double-check that they have done this.
          Hide
          bayne Bayne McLaughlin added a comment -

          Works! Thank you Jason.

          Show
          bayne Bayne McLaughlin added a comment - Works! Thank you Jason.
          Hide
          bayne Bayne McLaughlin added a comment -

          I've got this working but when someone selects to not post anonymously this appears for a couple seconds and then the post goes through...
          Notice: Undefined property: stdClass::$anonymous in C:\wamp\www\moodle\mod\forum\lib.php on line 4053

          Show
          bayne Bayne McLaughlin added a comment - I've got this working but when someone selects to not post anonymously this appears for a couple seconds and then the post goes through... Notice: Undefined property: stdClass::$anonymous in C:\wamp\www\moodle\mod\forum\lib.php on line 4053
          Hide
          estar Ewgenij Starostin added a comment -

          I’m going to do some work on this topic. I am interested in related current development or future plans, so I’ve started a forum thread (link) and I would appreciate some comments there.

          Show
          estar Ewgenij Starostin added a comment - I’m going to do some work on this topic. I am interested in related current development or future plans, so I’ve started a forum thread ( link ) and I would appreciate some comments there.
          Hide
          apaterson11 Andrew Paterson added a comment -

          Did you make any progress on this Ewgenij?

          Show
          apaterson11 Andrew Paterson added a comment - Did you make any progress on this Ewgenij?
          Hide
          cttxg Teresa Gibbison added a comment -

          The University of Waikato used this in 1.9 and contracted Catalyst IT to upgrade to 2.0. I'll talk with them to get a patch posted
          Cheers
          Teresa

          Show
          cttxg Teresa Gibbison added a comment - The University of Waikato used this in 1.9 and contracted Catalyst IT to upgrade to 2.0. I'll talk with them to get a patch posted Cheers Teresa
          Hide
          jcharaoui Jerome Charaoui added a comment -

          I just wanted to leave a note to indicate that the patch for 1.9.7 also works fine for 1.9.14. Remember to add the columns to mdl_forum and mdl_forum_posts, as detailed un Jason Meinzer's comment.

          Show
          jcharaoui Jerome Charaoui added a comment - I just wanted to leave a note to indicate that the patch for 1.9.7 also works fine for 1.9.14. Remember to add the columns to mdl_forum and mdl_forum_posts, as detailed un Jason Meinzer's comment.
          Hide
          apaterson11 Andrew Paterson added a comment -

          Was the patch from the Catalyst IT upgrade to 2.0 every posted anywhere?

          Show
          apaterson11 Andrew Paterson added a comment - Was the patch from the Catalyst IT upgrade to 2.0 every posted anywhere?
          Hide
          cttxg Teresa Gibbison added a comment -

          Hi Andrew
          I've asked Catalyst to share the patch and added one of them as a watcher to this tracker item so hopefully they'll share I could take a look but don't want to create a patch if it doesn't contain everything!
          Cheers
          Teresa

          Show
          cttxg Teresa Gibbison added a comment - Hi Andrew I've asked Catalyst to share the patch and added one of them as a watcher to this tracker item so hopefully they'll share I could take a look but don't want to create a patch if it doesn't contain everything! Cheers Teresa
          Hide
          estar Ewgenij Starostin added a comment -

          Andrew,

          yes, and sorry about being very late to reply. The result is at http://moodle.org/plugins/view.php?plugin=mod_forumanon and it works with Moodle 2.1. (It might work with 2.0 if you tweak it a little, but no promises.) This is different from the patch posted here, in terms of where user identities are saved and who can see them (I think), the details are in the README.

          Show
          estar Ewgenij Starostin added a comment - Andrew, yes, and sorry about being very late to reply. The result is at http://moodle.org/plugins/view.php?plugin=mod_forumanon and it works with Moodle 2.1. (It might work with 2.0 if you tweak it a little, but no promises.) This is different from the patch posted here, in terms of where user identities are saved and who can see them (I think), the details are in the README .
          Hide
          chrisw Chris Wharton added a comment - - edited

          Hi Teresa, I have attached the patch for Moodle 2 from Catalyst IT

          Show
          chrisw Chris Wharton added a comment - - edited Hi Teresa, I have attached the patch for Moodle 2 from Catalyst IT
          Hide
          chrisw Chris Wharton added a comment -

          Apologies, this is the correct patch

          Show
          chrisw Chris Wharton added a comment - Apologies, this is the correct patch
          Hide
          mwebster Mark van Hoek added a comment -

          Just a suggestion for release testing based on errors I've seen for a different implementation in 1.9:

          -Do a backup/restore with error reporting on - are there any errors?
          -Restore into a new course - are the posts still anonymous?

          Show
          mwebster Mark van Hoek added a comment - Just a suggestion for release testing based on errors I've seen for a different implementation in 1.9: -Do a backup/restore with error reporting on - are there any errors? -Restore into a new course - are the posts still anonymous?
          Hide
          jleyva Juan Leyva added a comment - - edited

          So I just uploaded one of the plugins I developed during my Christmas vacation

          It's a local plugin for allowing anonymous postings in Moodle 2 forums

          Please note that this plugin:

          • Is a standar plugin (do not change core code)
          • It's not a replacement or fork of the current forum
          • It works over the current forum
          • It is a "little bit hacky". Uses some DOM manipulation and some Moodle code tricks for not changing core code
          • A new user Anonymous user is created in your Moodle installation, uses are "logged" with this user when posting
          • Supports backup and restore

          Here you have the download link and initial documentation:
          This plugin have been tested only by me so far, I'll really appreciate your feedback before adding in the contrib database

          https://github.com/jleyva/moodle-local_anonymousposting/zipball/master

          http://docs.moodle.org/22/en/Anonymous_posting_plugin

          Show
          jleyva Juan Leyva added a comment - - edited So I just uploaded one of the plugins I developed during my Christmas vacation It's a local plugin for allowing anonymous postings in Moodle 2 forums Please note that this plugin: Is a standar plugin (do not change core code) It's not a replacement or fork of the current forum It works over the current forum It is a "little bit hacky". Uses some DOM manipulation and some Moodle code tricks for not changing core code A new user Anonymous user is created in your Moodle installation, uses are "logged" with this user when posting Supports backup and restore Here you have the download link and initial documentation: This plugin have been tested only by me so far, I'll really appreciate your feedback before adding in the contrib database https://github.com/jleyva/moodle-local_anonymousposting/zipball/master http://docs.moodle.org/22/en/Anonymous_posting_plugin
          Hide
          hchathi Hubert Chathi added a comment -

          Juan, as I understand it, your plugin will make all anonymous posts to be owned by the same anonymous user, so it is not possible at all to retrieve the original user who posted the comments. Is that correct?

          Show
          hchathi Hubert Chathi added a comment - Juan, as I understand it, your plugin will make all anonymous posts to be owned by the same anonymous user, so it is not possible at all to retrieve the original user who posted the comments. Is that correct?
          Hide
          jleyva Juan Leyva added a comment -

          Hi Hubert,

          yes, it's correct. There is no way to retrieve the original user who posted a message.

          But, since Moodle stores a lot of information in the activity log, if a user with privileges checks the course activity logs he will be able to "intuitively guess" the original user by checking the user IP or by tracking him activity.

          Regards

          Show
          jleyva Juan Leyva added a comment - Hi Hubert, yes, it's correct. There is no way to retrieve the original user who posted a message. But, since Moodle stores a lot of information in the activity log, if a user with privileges checks the course activity logs he will be able to "intuitively guess" the original user by checking the user IP or by tracking him activity. Regards
          Hide
          chrisw Chris Wharton added a comment -

          Hi, I have added a patch containing just the changes to make restore work, and a complete patch with all the changes.

          Show
          chrisw Chris Wharton added a comment - Hi, I have added a patch containing just the changes to make restore work, and a complete patch with all the changes.
          Hide
          wullie William Mair added a comment -

          I have been asked by my lecturers to see if I can setup a forum that allows students to post anonymously and I'm surprised that 7 years after first posted that this is not included as standard.

          As far as I can see from Juan's plugin, all users use the same anonymous account rather than being able to select to post anonymously, which my lecturer would like to be able to see who posted what, but not the students. Is there any other options out there?

          I'm using Moodle 2.3, if that helps.

          Show
          wullie William Mair added a comment - I have been asked by my lecturers to see if I can setup a forum that allows students to post anonymously and I'm surprised that 7 years after first posted that this is not included as standard. As far as I can see from Juan's plugin, all users use the same anonymous account rather than being able to select to post anonymously, which my lecturer would like to be able to see who posted what, but not the students. Is there any other options out there? I'm using Moodle 2.3, if that helps.
          Hide
          aborrow Anthony Borrow added a comment -

          William - The other option would be to make all users on the site essentially anonymous by not revealing their names but that is really not giving them an option to be anonymous or not. From a somewhat theoretical perspective, I wonder why anonymity would be helpful and if there is something about social constructionism that discourages anonymity. If there is a preference within social constructionism to use one's true identity then that may explain why Moodle which is based on a social constructionist pedagogy would not be all that interested in adding this feature. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - William - The other option would be to make all users on the site essentially anonymous by not revealing their names but that is really not giving them an option to be anonymous or not. From a somewhat theoretical perspective, I wonder why anonymity would be helpful and if there is something about social constructionism that discourages anonymity. If there is a preference within social constructionism to use one's true identity then that may explain why Moodle which is based on a social constructionist pedagogy would not be all that interested in adding this feature. Peace - Anthony
          Hide
          aborrow Anthony Borrow added a comment -

          My other thought is that as a teacher, it is really hard to give credit to a student for work done anonymously. That said, it would not seem that hard to code an anonymous forum activity module based off of the current forums activity module and just have it not display the names of the students or provide a link to their profile. Overall though I think that not providing the name hinders both teacher and fellow students from responding to a real person with a real history and identity. In any case, those are my thoughts for what they are worth. Peace - Anthony

          p.s. - Thinking back to when I was helping to write some code to anonymize feedback submissions, you may have to make other code changes to ensure that the identity of the poster is in fact hidden.

          Show
          aborrow Anthony Borrow added a comment - My other thought is that as a teacher, it is really hard to give credit to a student for work done anonymously. That said, it would not seem that hard to code an anonymous forum activity module based off of the current forums activity module and just have it not display the names of the students or provide a link to their profile. Overall though I think that not providing the name hinders both teacher and fellow students from responding to a real person with a real history and identity. In any case, those are my thoughts for what they are worth. Peace - Anthony p.s. - Thinking back to when I was helping to write some code to anonymize feedback submissions, you may have to make other code changes to ensure that the identity of the poster is in fact hidden.
          Hide
          minhtam Minh-Tam Nguyen added a comment -

          What about if each user still owned the post, but instead of not showing names at all, replace the name displayed by a random number (eg. "User 252")
          This way it will still be possible to identify whether two posts in a conversation were written by the same anonymous person, or by two different people.

          And from an administrator's point of view, this method would allow a privileged users to track down the original author of posts, which may be important if inappropriate content were posted "anonymously".

          Show
          minhtam Minh-Tam Nguyen added a comment - What about if each user still owned the post, but instead of not showing names at all, replace the name displayed by a random number (eg. "User 252") This way it will still be possible to identify whether two posts in a conversation were written by the same anonymous person, or by two different people. And from an administrator's point of view, this method would allow a privileged users to track down the original author of posts, which may be important if inappropriate content were posted "anonymously".
          Hide
          cttxg Teresa Gibbison added a comment -

          Have you tried the latest patch in your dev site? This is the patch we use and each post DOES belong to the individual user.

          They do select a box when posting (if enabled) to post anonymously. Choosing to post anonymously changes the post to appear from the 'Anonymous User', as well as the recent activity etc.

          The posts is anonymous from other students however the teacher can still view the forum logs and match the post time with the student. Also IF the teacher changes the forum back to NOT allow anonymous the original user's name is displayed (as they 'own' the post).

          Cheers
          Teresa

          Show
          cttxg Teresa Gibbison added a comment - Have you tried the latest patch in your dev site? This is the patch we use and each post DOES belong to the individual user. They do select a box when posting (if enabled) to post anonymously. Choosing to post anonymously changes the post to appear from the 'Anonymous User', as well as the recent activity etc. The posts is anonymous from other students however the teacher can still view the forum logs and match the post time with the student. Also IF the teacher changes the forum back to NOT allow anonymous the original user's name is displayed (as they 'own' the post). Cheers Teresa
          Hide
          minhtam Minh-Tam Nguyen added a comment -

          I hadn't actually, thanks Teresa. I made an (obviously incorrect) assumption based on William's comment.

          Show
          minhtam Minh-Tam Nguyen added a comment - I hadn't actually, thanks Teresa. I made an (obviously incorrect) assumption based on William's comment.
          Hide
          apaterson11 Andrew Paterson added a comment -

          Most of the forums we use are not anonymous, however we want to have a particular forum in which users can choose to be anonymous or not, so that they can ask "silly" questions of the teacher without embarrassment in front of their peers. Students know under their terms of use that the identity of anonymous posts can be retrieved by an authorised person if necessary as a safeguard, however in day to day practice we want teacher and student interaction on this "questions" forum to be anonymous.

          I am very keen to see this feature integrated into the Moodle core as it is a key advantage online interaction can have over classroom interaction for drawing out quiet or sensitive students in a high school environment. It has been long and widely requested with a clear benefit to the Moodle community, yet it has been deferred year after year.

          Show
          apaterson11 Andrew Paterson added a comment - Most of the forums we use are not anonymous, however we want to have a particular forum in which users can choose to be anonymous or not, so that they can ask "silly" questions of the teacher without embarrassment in front of their peers. Students know under their terms of use that the identity of anonymous posts can be retrieved by an authorised person if necessary as a safeguard, however in day to day practice we want teacher and student interaction on this "questions" forum to be anonymous. I am very keen to see this feature integrated into the Moodle core as it is a key advantage online interaction can have over classroom interaction for drawing out quiet or sensitive students in a high school environment. It has been long and widely requested with a clear benefit to the Moodle community, yet it has been deferred year after year.
          Hide
          aborrow Anthony Borrow added a comment -

          Andrew - I think your situation might be handled - although perhaps not as ideally or efficiently as you would like - by having students message anonymous questions to the teacher who could then post them as a question received from an anonymous student. I think in ideally students would feel free to share whatever questions they might have but I recognize we do not live in an ideal world. There is just something about it that seems to go against the grain of the types of transparent interactions desired in a social constructionist setting. I'm not expert, I'm simply trying to provide a possible reason why it may not have been prioritized. I worked on a patch that required teacher approval before being seen publicly by others precisely because it was not a feature I saw ever getting into core but because I could see where in a business sector it made sense. Best of luck continuing to advocate for the issue. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - Andrew - I think your situation might be handled - although perhaps not as ideally or efficiently as you would like - by having students message anonymous questions to the teacher who could then post them as a question received from an anonymous student. I think in ideally students would feel free to share whatever questions they might have but I recognize we do not live in an ideal world. There is just something about it that seems to go against the grain of the types of transparent interactions desired in a social constructionist setting. I'm not expert, I'm simply trying to provide a possible reason why it may not have been prioritized. I worked on a patch that required teacher approval before being seen publicly by others precisely because it was not a feature I saw ever getting into core but because I could see where in a business sector it made sense. Best of luck continuing to advocate for the issue. Peace - Anthony
          Hide
          stuart Peter Ruthven-Stuart added a comment -

          Hello, I was initially against the idea of anonymous postings for the 'social constructionist' reasons mentioned by Anthony B above. I thought that people should have to own (i.e. take responsibility for) their comments and ideas. However, here in Japan (see also James P's comment way back in May 2007) such a feature would be extremely welcome. Not all the time, but in certain situations, e.g. a "silly" questions forum (see Andrew P's comments). Also, some Moodling educators in the UK have told me that an anon feature would be really helpful in certain online courses and situations.

          I have not had a chance to try the patch developed by Teresa G, but the way she describes it sounds like it fits the bill. I like the idea that the user still owns the post and that teachers can see who has posted what. Perhaps, if students are given the option to post anonymously, and they take the option an automatic warning should appear reminding them that although their post will be anonymous to peers, their teacher (or admin?) can see who has posted what should circumstances require.

          Show
          stuart Peter Ruthven-Stuart added a comment - Hello, I was initially against the idea of anonymous postings for the 'social constructionist' reasons mentioned by Anthony B above. I thought that people should have to own (i.e. take responsibility for) their comments and ideas. However, here in Japan (see also James P's comment way back in May 2007) such a feature would be extremely welcome. Not all the time, but in certain situations, e.g. a "silly" questions forum (see Andrew P's comments). Also, some Moodling educators in the UK have told me that an anon feature would be really helpful in certain online courses and situations. I have not had a chance to try the patch developed by Teresa G, but the way she describes it sounds like it fits the bill. I like the idea that the user still owns the post and that teachers can see who has posted what. Perhaps, if students are given the option to post anonymously, and they take the option an automatic warning should appear reminding them that although their post will be anonymous to peers, their teacher (or admin?) can see who has posted what should circumstances require.
          Hide
          ikawhero Shane Elliott added a comment - - edited

          It's been a while since I've commented on this issue ....

          I still think a more generic solution would be better in moodle. I had started a spec but never fully finished it, but essentially it incorporated the following:

          1. Allow users in their profile to specify an alternate display name;

          2. Using the context levels (specifically course and activity) allow teachers (based on a capability) to set an anonymous mode. One of the following:

          • a. Off - runs exactly as it does now;
          • b. Anonymous - No names are displayed or displayed as "Anonymous User" (language string)
          • c. Roles - Use the alternate name that users specify in their profile;
          • d. Optional - Allow users to choose one of the above.

          3. Everywhere the user id is stored in the db (for display purposes) there would need to be an additional flag to specify the anonymous mode;

          4. An additional capability to allow viewing of a users real name

          The fullname() function in moodle would need an overhaul and some serious testing done to ensure it worked efficiently given it's wide usage.

          Aside from the practical implementation, I think there are a wide range of possible uses for such a development:
          1. Anonymous forum posting as outlined here. Especially in circumstances where there are sensitive questions being asked;
          2. Anonymous assignment and grading - while this is part of the spec for the assignment in 2.4 I think a generic anonymous solution is preferable;
          3. Role playing - students take on roles for a particular activity or course;
          4. Games - eg playing "who am i"/"21 questions" in a chat;

          Show
          ikawhero Shane Elliott added a comment - - edited It's been a while since I've commented on this issue .... I still think a more generic solution would be better in moodle. I had started a spec but never fully finished it, but essentially it incorporated the following: 1. Allow users in their profile to specify an alternate display name; 2. Using the context levels (specifically course and activity) allow teachers (based on a capability) to set an anonymous mode. One of the following: a. Off - runs exactly as it does now; b. Anonymous - No names are displayed or displayed as "Anonymous User" (language string) c. Roles - Use the alternate name that users specify in their profile; d. Optional - Allow users to choose one of the above. 3. Everywhere the user id is stored in the db (for display purposes) there would need to be an additional flag to specify the anonymous mode; 4. An additional capability to allow viewing of a users real name The fullname() function in moodle would need an overhaul and some serious testing done to ensure it worked efficiently given it's wide usage. Aside from the practical implementation, I think there are a wide range of possible uses for such a development: 1. Anonymous forum posting as outlined here. Especially in circumstances where there are sensitive questions being asked; 2. Anonymous assignment and grading - while this is part of the spec for the assignment in 2.4 I think a generic anonymous solution is preferable; 3. Role playing - students take on roles for a particular activity or course; 4. Games - eg playing "who am i"/"21 questions" in a chat;
          Hide
          aborrow Anthony Borrow added a comment -

          Thanks Peter and Shane! Having some use scenarios and detailed specs always helps to move things along. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - Thanks Peter and Shane! Having some use scenarios and detailed specs always helps to move things along. Peace - Anthony
          Hide
          apaterson11 Andrew Paterson added a comment -

          Firstly, the idea of the student messaging the teacher who then posts on the student's behalf is messy and is likely to delay feedback and slow down group interaction because we allow feedback on posted questions to come from any online teacher or student. Also, the student may not want the teacher to know who is asking the question, both because of embarrassment but also possibly because of a fear that an impression created by the question may affect future grading.

          Secondly, I think the idea of a more generic solution as proposed by Shane is a good idea given the variety of situations in which this facility could be used.

          Finally, I think we need to be careful about defining social constructivist approaches too narrowly. Constructivism is a broad approach to pedagogy that in my view supports approaches to encouraging student-initiated interaction with teachers and other students, which will play a part in constructing the knowledge of all. In some situations, allowing anonymous interaction allows better, more detailed, less inhibited interaction which increases the rate of knowledge growth. We need to recognise that many things may discourage interaction when no anonymity is permitted. Consider those interacting in a second or third language, gender or ethnic minorities, complex social relationships within a class, students with special needs - all of whom many benefit in their learning by allowing anonymity at times. This is very true in a high school setting but is also true in many other settings where the status quo social power balance may need addressing in the interests of equity.

          Show
          apaterson11 Andrew Paterson added a comment - Firstly, the idea of the student messaging the teacher who then posts on the student's behalf is messy and is likely to delay feedback and slow down group interaction because we allow feedback on posted questions to come from any online teacher or student. Also, the student may not want the teacher to know who is asking the question, both because of embarrassment but also possibly because of a fear that an impression created by the question may affect future grading. Secondly, I think the idea of a more generic solution as proposed by Shane is a good idea given the variety of situations in which this facility could be used. Finally, I think we need to be careful about defining social constructivist approaches too narrowly. Constructivism is a broad approach to pedagogy that in my view supports approaches to encouraging student-initiated interaction with teachers and other students, which will play a part in constructing the knowledge of all. In some situations, allowing anonymous interaction allows better, more detailed, less inhibited interaction which increases the rate of knowledge growth. We need to recognise that many things may discourage interaction when no anonymity is permitted. Consider those interacting in a second or third language, gender or ethnic minorities, complex social relationships within a class, students with special needs - all of whom many benefit in their learning by allowing anonymity at times. This is very true in a high school setting but is also true in many other settings where the status quo social power balance may need addressing in the interests of equity.
          Hide
          wullie William Mair added a comment -

          Thanks all for your feedback.

          Teresa, can you confirm which patch you mean, there are several there including 2 on the last date of 8th Feb? Also, any instructions on how to apply said patch would be helpful too (hence the reason this would be better in core).

          The reason that my lecturers want it, is because we have secondary school children who come to our college once a week and they have 2 hours to discuss course issues/homework and the lecturers want them to be able to be able and willing to post their answers on a forum without fear of ridicule/embarrassment, so that the material can be discussed properly.

          Also, as Andrew alluded to above, we also have courses setup instructing our students about equality, diversity and other sensitive topics like homophobia. Anonymity for students in those circumstances may allow for good discussions regarding these topics between students.

          Show
          wullie William Mair added a comment - Thanks all for your feedback. Teresa, can you confirm which patch you mean, there are several there including 2 on the last date of 8th Feb? Also, any instructions on how to apply said patch would be helpful too (hence the reason this would be better in core). The reason that my lecturers want it, is because we have secondary school children who come to our college once a week and they have 2 hours to discuss course issues/homework and the lecturers want them to be able to be able and willing to post their answers on a forum without fear of ridicule/embarrassment, so that the material can be discussed properly. Also, as Andrew alluded to above, we also have courses setup instructing our students about equality, diversity and other sensitive topics like homophobia. Anonymity for students in those circumstances may allow for good discussions regarding these topics between students.
          Hide
          cttxg Teresa Gibbison added a comment -

          Hi all

          I'd first like to clarify that I didn't develop this patch Our University have used it since 2009 and worked on it a little to fix some rss display and recent activity etc so I'm just very familiar with it!

          We contracted Catalyst NZ (a Moodle partner) to help us update it recently this year for Moodle 2.x and than again to ensure the backup/restores works as per comments earlier this year.

          William : use the latest two files dated 8/Feb/12 for a 2.x Moodle site. These are the two files generated and submitted by Catalyst for us.

          Cheers
          Teresa

          Show
          cttxg Teresa Gibbison added a comment - Hi all I'd first like to clarify that I didn't develop this patch Our University have used it since 2009 and worked on it a little to fix some rss display and recent activity etc so I'm just very familiar with it! We contracted Catalyst NZ (a Moodle partner) to help us update it recently this year for Moodle 2.x and than again to ensure the backup/restores works as per comments earlier this year. William : use the latest two files dated 8/Feb/12 for a 2.x Moodle site. These are the two files generated and submitted by Catalyst for us. Cheers Teresa
          Hide
          aborrow Anthony Borrow added a comment -

          Great points Andrew! I can see where we do want to keep things moving quickly so students can participate right away. I also agree with you that we need to be careful not to have too limited of an understanding about what constitutes constructionism. Many folks working together - even if anonymous - are still constructing something. I like how you emphasize that the goal is to encourage communications where there might be other social barriers that could inhibit it. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - Great points Andrew! I can see where we do want to keep things moving quickly so students can participate right away. I also agree with you that we need to be careful not to have too limited of an understanding about what constitutes constructionism. Many folks working together - even if anonymous - are still constructing something. I like how you emphasize that the goal is to encourage communications where there might be other social barriers that could inhibit it. Peace - Anthony
          Hide
          mrclay Steve Clay added a comment -

          In case anyone is wondering, the 2.x patches do not apply cleanly to 2.3.1. (see errors below). I'm trying a manual apply.

          $ git apply --check MDL-1071.patch 
          error: patch failed: mod/forum/db/install.xml:25
          error: mod/forum/db/install.xml: patch does not apply
          error: patch failed: mod/forum/db/upgrade.php:55
          error: mod/forum/db/upgrade.php: patch does not apply
          warning: mod/forum/lang/en/forum.php has type 100644, expected 100755
          error: patch failed: mod/forum/lang/en/forum.php:28
          error: mod/forum/lang/en/forum.php: patch does not apply
          warning: mod/forum/lib.php has type 100644, expected 100755
          error: patch failed: mod/forum/lib.php:609
          error: mod/forum/lib.php: patch does not apply
          error: patch failed: mod/forum/rsslib.php:291
          error: mod/forum/rsslib.php: patch does not apply
          error: patch failed: mod/forum/user.php:95
          error: mod/forum/user.php: patch does not apply
          error: search/documents/forum_document.php: No such file or directory

          Show
          mrclay Steve Clay added a comment - In case anyone is wondering, the 2.x patches do not apply cleanly to 2.3.1. (see errors below). I'm trying a manual apply. $ git apply --check MDL-1071.patch error: patch failed: mod/forum/db/install.xml:25 error: mod/forum/db/install.xml: patch does not apply error: patch failed: mod/forum/db/upgrade.php:55 error: mod/forum/db/upgrade.php: patch does not apply warning: mod/forum/lang/en/forum.php has type 100644, expected 100755 error: patch failed: mod/forum/lang/en/forum.php:28 error: mod/forum/lang/en/forum.php: patch does not apply warning: mod/forum/lib.php has type 100644, expected 100755 error: patch failed: mod/forum/lib.php:609 error: mod/forum/lib.php: patch does not apply error: patch failed: mod/forum/rsslib.php:291 error: mod/forum/rsslib.php: patch does not apply error: patch failed: mod/forum/user.php:95 error: mod/forum/user.php: patch does not apply error: search/documents/forum_document.php: No such file or directory
          Hide
          dougiamas Martin Dougiamas added a comment -

          Note that the work in MDL-31776 will somewhat cover this use case as part of a larger feature.

          Show
          dougiamas Martin Dougiamas added a comment - Note that the work in MDL-31776 will somewhat cover this use case as part of a larger feature.
          Hide
          apaterson11 Andrew Paterson added a comment -

          Hi Martin - yes I think that the plan for MDL-31776 would be a sufficient solution to an anonymous posting capability in my case. We don't need or want a solution in which the true user cannot ever be discovered by the administrators. Students know that nothing posted is ever completely private. The use of an alias which hides the user's name from other students and teachers within forums is sufficient. The ability for the student to choose their own alias is valuable. Anonymous posting of questions, discussion comments or feedback, as well as role playing games are the key for us.

          Show
          apaterson11 Andrew Paterson added a comment - Hi Martin - yes I think that the plan for MDL-31776 would be a sufficient solution to an anonymous posting capability in my case. We don't need or want a solution in which the true user cannot ever be discovered by the administrators. Students know that nothing posted is ever completely private. The use of an alias which hides the user's name from other students and teachers within forums is sufficient. The ability for the student to choose their own alias is valuable. Anonymous posting of questions, discussion comments or feedback, as well as role playing games are the key for us.
          Hide
          sponce Sebastián Ponce added a comment - - edited

          Hi Everyone, is this patch available for moodle 1.9.15+? I've trying to apply patch "MDL-1071.patch" and i get always the same error:

          xxxx@xxxxx:/var/www/vtr/xxx/moodle$ patch -p1 < MDL-1071.patch
          can't find file to patch at input line 28
          Perhaps you used the wrong -p or --strip option?
          The text leading up to this was:
          --------------------------

          From 8ecaa09289773256564afc4c780f8ffe6946bf05 Mon Sep 17 00:00:00 2001
          From: Matt Clarkson <mattc@catalyst.net.nz>
          Date: Mon, 13 Jun 2011 11:17:19 +1200
          Subject: [PATCH 1/2] mod/forum: Port anonymous forum posts from MDL-1071
          lib/messagelib.php 1 +
          mod/forum/db/install.xml 10 ++--
          mod/forum/db/upgrade.php 18 +++++++
          mod/forum/lang/en/forum.php 25 +++++++++
          mod/forum/lib.php 97 +++++++++++++++++++++++++++++------
          mod/forum/mod_form.php 11 ++++
          mod/forum/post.php 8 +++
          mod/forum/post_form.php 6 ++
          mod/forum/rsslib.php 12 ++++-
          mod/forum/search.php 3 +-
          mod/forum/settings.php 4 +-
          mod/forum/user.php 4 +-
          pix/u/anonymous.png Bin 0 -> 1007 bytes
          search/documents/forum_document.php 11 ++--
          14 files changed, 179 insertions, 31 deletions
          create mode 100644 pix/u/anonymous.png
          diff --git a/lib/messagelib.php b/lib/messagelib.php
          index 2749c18..af66f22 100644
          — a/lib/messagelib.php
          +++ b/lib/messagelib.php
          --------------------------
          File to patch:
          Show
          sponce Sebastián Ponce added a comment - - edited Hi Everyone, is this patch available for moodle 1.9.15+? I've trying to apply patch " MDL-1071 .patch" and i get always the same error: xxxx@xxxxx:/var/www/vtr/xxx/moodle$ patch -p1 < MDL-1071 .patch can't find file to patch at input line 28 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- From 8ecaa09289773256564afc4c780f8ffe6946bf05 Mon Sep 17 00:00:00 2001 From: Matt Clarkson <mattc@catalyst.net.nz> Date: Mon, 13 Jun 2011 11:17:19 +1200 Subject: [PATCH 1/2] mod/forum: Port anonymous forum posts from MDL-1071 — lib/messagelib.php 1 + mod/forum/db/install.xml 10 ++-- mod/forum/db/upgrade.php 18 +++++++ mod/forum/lang/en/forum.php 25 +++++++++ mod/forum/lib.php 97 +++++++++++++++++++++++++++++------ mod/forum/mod_form.php 11 ++++ mod/forum/post.php 8 +++ mod/forum/post_form.php 6 ++ mod/forum/rsslib.php 12 ++++- mod/forum/search.php 3 +- mod/forum/settings.php 4 +- mod/forum/user.php 4 +- pix/u/anonymous.png Bin 0 -> 1007 bytes search/documents/forum_document.php 11 ++-- 14 files changed, 179 insertions , 31 deletions create mode 100644 pix/u/anonymous.png diff --git a/lib/messagelib.php b/lib/messagelib.php index 2749c18..af66f22 100644 — a/lib/messagelib.php +++ b/lib/messagelib.php -------------------------- File to patch:
          Hide
          matt.clarkson Matt Clarkson added a comment -

          Note: Anonymous posting appears to have been dropped from MDL-31776

          Show
          matt.clarkson Matt Clarkson added a comment - Note: Anonymous posting appears to have been dropped from MDL-31776
          Hide
          cttxg Teresa Gibbison added a comment -

          I've removed MDL-31776 as helping resolve this as alternative names to cover anonymous requirements has been dropped.

          I must say I completely agree as after having a closer look at that tracker item (after Martin suggested to me at MootAu it could be a potential solution this one).
          IMO allowing students to set an alternative name is good but doesn't suit this requirement. An alternative name (which I basically relate to a nickname, display name or preferred name) will not provide anonymity as the student has set that as a name that identifies them!

          It also provides only one alternative name per user per site so once someone figures out a student's alternative name it's not anonymous! Also this would conflict with the actual purpose of MDL-31776 which is to allow Asian users to specify a phonetic or Romanised name to identify them - that's not anonymous!

          Show
          cttxg Teresa Gibbison added a comment - I've removed MDL-31776 as helping resolve this as alternative names to cover anonymous requirements has been dropped. I must say I completely agree as after having a closer look at that tracker item (after Martin suggested to me at MootAu it could be a potential solution this one). IMO allowing students to set an alternative name is good but doesn't suit this requirement. An alternative name (which I basically relate to a nickname, display name or preferred name) will not provide anonymity as the student has set that as a name that identifies them! It also provides only one alternative name per user per site so once someone figures out a student's alternative name it's not anonymous! Also this would conflict with the actual purpose of MDL-31776 which is to allow Asian users to specify a phonetic or Romanised name to identify them - that's not anonymous!
          Hide
          jamatrucola Joe Amatrucola added a comment -

          I found my way here in search of the same functionality that has been documented in this issue. One example of how our teachers would like to use an anonymous forum is in an online, peer tutoring environment. The teacher would like to have students in need of help post math problems with which they need help, and enable the peer tutors (quasi-teachers from a Moodle point of view) answer the questions. The teacher feels that students will be more inclined to post freely and frequently without having to identify themselves as students who need (sometimes substantial amounts of) extra help. In our scenario, I think it'd be best if the teacher could create a forum that permits but does not force anonymous posting, and when the student posts he has the opportunity to check a checkbox to make his individual post anonymous. Or, taking it one step further, maybe the teacher can choose whether or not to force anonymous posting in this forum, in the event that the teacher wants all posts to be anonymous.

          Show
          jamatrucola Joe Amatrucola added a comment - I found my way here in search of the same functionality that has been documented in this issue. One example of how our teachers would like to use an anonymous forum is in an online, peer tutoring environment. The teacher would like to have students in need of help post math problems with which they need help, and enable the peer tutors (quasi-teachers from a Moodle point of view) answer the questions. The teacher feels that students will be more inclined to post freely and frequently without having to identify themselves as students who need (sometimes substantial amounts of) extra help. In our scenario, I think it'd be best if the teacher could create a forum that permits but does not force anonymous posting, and when the student posts he has the opportunity to check a checkbox to make his individual post anonymous. Or, taking it one step further, maybe the teacher can choose whether or not to force anonymous posting in this forum, in the event that the teacher wants all posts to be anonymous.
          Hide
          joseph.baxter Joseph Baxter added a comment -

          Hi,

          Has there been any progress in getting this change merged into core?

          It looks like it will cover the requirements with have here at the University of Nottingham, but of course we would rather not have to repeatedly patch mod_forum every time we upgrade.

          ...
          Joseph Baxter
          University of Nottingham

          Show
          joseph.baxter Joseph Baxter added a comment - Hi, Has there been any progress in getting this change merged into core? It looks like it will cover the requirements with have here at the University of Nottingham, but of course we would rather not have to repeatedly patch mod_forum every time we upgrade. ... Joseph Baxter University of Nottingham
          Hide
          nickmccullen Nick McCullen added a comment -

          An extremely important feature that would allow students to participate with Q&A forums without feeling they might embarrass themselves. Would greatly enhance peer support.

          Show
          nickmccullen Nick McCullen added a comment - An extremely important feature that would allow students to participate with Q&A forums without feeling they might embarrass themselves. Would greatly enhance peer support.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          I've been working on this issue recently, and have tried to summarise all of the use-cases (plus a few extras I've come across) in https://docs.google.com/document/d/1z6LSKlNj0OD-1V6xL-CmRvQ6weG-6MwPXmszaU5vO14/edit#heading=h.9ig7urrc6s04. I'm also trying to write up an implementation spec in there too.

          This is still a work in progress so please bear with me.

          Show
          dobedobedoh Andrew Nicols added a comment - I've been working on this issue recently, and have tried to summarise all of the use-cases (plus a few extras I've come across) in https://docs.google.com/document/d/1z6LSKlNj0OD-1V6xL-CmRvQ6weG-6MwPXmszaU5vO14/edit#heading=h.9ig7urrc6s04 . I'm also trying to write up an implementation spec in there too. This is still a work in progress so please bear with me.
          Hide
          lkelly20 Louise Kelly (UNE) added a comment -

          The ability to set a forum so the student may choose to post anonymously would be incredibly useful, but not so useful if the post is also anonymous to teaching staff. Would like this sort of feature to have a forum setting to 'allow student choice to post anonymously' and 'show author of anonymous post to teachers'.

          Show
          lkelly20 Louise Kelly (UNE) added a comment - The ability to set a forum so the student may choose to post anonymously would be incredibly useful, but not so useful if the post is also anonymous to teaching staff. Would like this sort of feature to have a forum setting to 'allow student choice to post anonymously' and 'show author of anonymous post to teachers'.
          Hide
          danmarsden Dan Marsden added a comment -

          Hi Lousie, if you take a look at the summary Andrew posted above it should answer some of your questions. Particularly the use-cases he has listed.

          Show
          danmarsden Dan Marsden added a comment - Hi Lousie, if you take a look at the summary Andrew posted above it should answer some of your questions. Particularly the use-cases he has listed.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          I have just pushed a prototype of my prototype-in-progress. Please note that this is not complete.

          Currently outstanding items to solve:

          1. The usegradebook setting is not yet respected. I need to determine how best to solve this with minimal code intrusion
          2. The UI for selecting a disguise has not yet been written
          3. The UI for managing settings within a disguise has not yet been written
          4. I need to write some of more common plugins (e.g. role-play) in order to check some of the other UI
          5. Application of a disguise at the course level and having it take effect at all contexts below the course

          This is very-much a work-in-progress.

          Show
          dobedobedoh Andrew Nicols added a comment - I have just pushed a prototype of my prototype-in-progress. Please note that this is not complete. Currently outstanding items to solve: The usegradebook setting is not yet respected. I need to determine how best to solve this with minimal code intrusion The UI for selecting a disguise has not yet been written The UI for managing settings within a disguise has not yet been written I need to write some of more common plugins (e.g. role-play) in order to check some of the other UI Application of a disguise at the course level and having it take effect at all contexts below the course This is very-much a work-in-progress.
          Hide
          senikuro Nils Kurowsky added a comment -

          Hi Andrew,

          I appreciate your solution to implement a new disguise feature but I wonder whether there might be an extension to provide "strong" anonymity (i.e. obfuscating the posting user at DB level). In Germany (and also in some other countries) there is quite much concern about privacy and we experienced that students are much more willing to express their opinion freely if they can be sure that the posting is published totally anonymously.

          At University of Duisburg-Essen we have created a modified version of the forum activity that provides an anonymity option. If this option is active, postings created by students are not posted by the student's name but by an anonymous pseudo-user account (similar to Juan Leyva's solution), whereas postings created by teachers are still posted by the teacher's name. As there is no possibility to find out which user exactly created a posting, this solution provides strong anonymity and thus can also be used in situations where strong privacy is required by law.

          @all: we might also publish the code if you are interested.

          Kind regards,
          Nils

          Show
          senikuro Nils Kurowsky added a comment - Hi Andrew, I appreciate your solution to implement a new disguise feature but I wonder whether there might be an extension to provide "strong" anonymity (i.e. obfuscating the posting user at DB level). In Germany (and also in some other countries) there is quite much concern about privacy and we experienced that students are much more willing to express their opinion freely if they can be sure that the posting is published totally anonymously. At University of Duisburg-Essen we have created a modified version of the forum activity that provides an anonymity option. If this option is active, postings created by students are not posted by the student's name but by an anonymous pseudo-user account (similar to Juan Leyva's solution), whereas postings created by teachers are still posted by the teacher's name. As there is no possibility to find out which user exactly created a posting, this solution provides strong anonymity and thus can also be used in situations where strong privacy is required by law. @all: we might also publish the code if you are interested. Kind regards, Nils
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi Nils Kurowsky,

          Thank you for your comments.

          My personal feeling is that we cannot, and should not attempt to support a true anonymity type feature. Suggesting that Moodle is truly capable of this is a dangerous statement as Moodle is not able to influence things like server logging as I've discussed before.

          Although it is possible to obfuscate the user when they post by associating the post with a false user record, it cannot be described as having been `totally anonymously` posted. If nothing else, it is possible for a teacher to view the course logs of when a student starts to access the course as a whole and then to associate a real user with a fake user.

          I would be interested in the pedagogical reasons for this, and why the proposed disguises solution does not suit. One of the features of the user disguises was the ability for the disguise settings to be locked in such a way that only the administrator can unlock the disguise and/or make changes. Combined with anonymous logging, and disabling the gradebook, it would be extremely difficult for a tutor to view the identity of a user without administrator assistance. Unless I'm very much mistaken, this places you in the same place that you are in now - course logs are enabled, an administrator can determine the true identity, but a standard teacher cannot.

          If you are trying to support the `strong privacy is required by law` requirement you mention, I would strongly advise that you do not claim this unless you have disabled all user logging, including at the network, and the web server levels. Even then, I would be hesitant as it would still be feasible for identities to be divulged.

          Best wishes,

          Andrew

          Show
          dobedobedoh Andrew Nicols added a comment - Hi Nils Kurowsky , Thank you for your comments. My personal feeling is that we cannot , and should not attempt to support a true anonymity type feature. Suggesting that Moodle is truly capable of this is a dangerous statement as Moodle is not able to influence things like server logging as I've discussed before. Although it is possible to obfuscate the user when they post by associating the post with a false user record, it cannot be described as having been ` totally anonymously ` posted. If nothing else, it is possible for a teacher to view the course logs of when a student starts to access the course as a whole and then to associate a real user with a fake user. I would be interested in the pedagogical reasons for this, and why the proposed disguises solution does not suit. One of the features of the user disguises was the ability for the disguise settings to be locked in such a way that only the administrator can unlock the disguise and/or make changes. Combined with anonymous logging, and disabling the gradebook, it would be extremely difficult for a tutor to view the identity of a user without administrator assistance. Unless I'm very much mistaken, this places you in the same place that you are in now - course logs are enabled, an administrator can determine the true identity, but a standard teacher cannot. If you are trying to support the ` strong privacy is required by law ` requirement you mention, I would strongly advise that you do not claim this unless you have disabled all user logging, including at the network, and the web server levels. Even then, I would be hesitant as it would still be feasible for identities to be divulged. Best wishes, Andrew
          Hide
          abias Alexander Bias added a comment -

          Hi Andrew Nicols: May I ask you if you are still working on this feature and if we can expect something testable sometime soon? Otherwise, would it make sense in your point of view to put some developer's time of ours into this feature to push it forward?

          Thanks,
          Alex

          Show
          abias Alexander Bias added a comment - Hi Andrew Nicols : May I ask you if you are still working on this feature and if we can expect something testable sometime soon? Otherwise, would it make sense in your point of view to put some developer's time of ours into this feature to push it forward? Thanks, Alex
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi Alex,

          It's something I'm hoping to find some time soon to look at again.
          I got a working proof-of-concept together (see the branch in this issue), but after discussion with Damyon Wiese, decided that we needed to alter the methodology slightly.

          My current implementation is adding a new disguiseid field to the context table. Although this approach works, the limitation is that it is very difficult to determine inheritance from other contexts without giving some values special meaning, or simply ignoring them.

          Our proposed alternate solution was to instead use a new table (context_disguises or similar) and create a manager class (core_disguise in lib/classes/disguise.php I propose) to handle fetching of the disguises. This way we disjoint the disguises from the contexts, which makes future management easier (because changing the context table is hard, and potentially dangerous).

          I can't quite recall what we decided about how a disguise would, or would not, apply within an inheritance. I think the idea was:

          1. if a disguise is applied at a parent context, a new disguise cannot be applied to any child context;
          2. where a child context already has a disguise, that item can be modified, but not enabled/disabled (because the user identities would change).

          There is still a lot of work to be done here, namely:

          1. changing the work I've done already to fit this new data structure;
          2. update all calls to fullname() and friends (starting with the forum);
          3. add a plugin_supports() constant for disgusies
          4. update unit tests;
          5. write some templates.
          Show
          dobedobedoh Andrew Nicols added a comment - Hi Alex, It's something I'm hoping to find some time soon to look at again. I got a working proof-of-concept together (see the branch in this issue), but after discussion with Damyon Wiese , decided that we needed to alter the methodology slightly. My current implementation is adding a new disguiseid field to the context table. Although this approach works, the limitation is that it is very difficult to determine inheritance from other contexts without giving some values special meaning, or simply ignoring them. Our proposed alternate solution was to instead use a new table (context_disguises or similar) and create a manager class (core_disguise in lib/classes/disguise.php I propose) to handle fetching of the disguises. This way we disjoint the disguises from the contexts, which makes future management easier (because changing the context table is hard, and potentially dangerous). I can't quite recall what we decided about how a disguise would, or would not, apply within an inheritance. I think the idea was: if a disguise is applied at a parent context, a new disguise cannot be applied to any child context; where a child context already has a disguise, that item can be modified, but not enabled/disabled (because the user identities would change). There is still a lot of work to be done here, namely: changing the work I've done already to fit this new data structure; update all calls to fullname() and friends (starting with the forum); add a plugin_supports() constant for disgusies update unit tests; write some templates.
          Hide
          steve Steve 2.7 added a comment -

          I had no idea that the solution for something that sounds easy, can be so complex....

          Show
          steve Steve 2.7 added a comment - I had no idea that the solution for something that sounds easy, can be so complex....
          Hide
          gb2048 Gareth J Barnard added a comment -

          Hi Andrew Nicols,

          Instead of a disguise,how about a real 'fake' user. Just sort of like 'guest' but a 'real' user called anonymous that exists as a default on install (added on upgrade) as in effect a 'manual' account. Then when posting a forum post then there is one tick box, which when ticked the 'anonymous' user details are used instead of the existing user. No table changes etc. Then if the anonymous account was disabled then that tick box would not appear. Same user management and reporting etc.

          Cheers,

          Gareth

          Show
          gb2048 Gareth J Barnard added a comment - Hi Andrew Nicols , Instead of a disguise,how about a real 'fake' user. Just sort of like 'guest' but a 'real' user called anonymous that exists as a default on install (added on upgrade) as in effect a 'manual' account. Then when posting a forum post then there is one tick box, which when ticked the 'anonymous' user details are used instead of the existing user. No table changes etc. Then if the anonymous account was disabled then that tick box would not appear. Same user management and reporting etc. Cheers, Gareth
          Hide
          steve Steve 2.7 added a comment -

          Will I, as the instructor, still be able to know who posted the message if it is shown as Anonymous?
          Will I be able to see the message before it is posted?

          Show
          steve Steve 2.7 added a comment - Will I, as the instructor, still be able to know who posted the message if it is shown as Anonymous? Will I be able to see the message before it is posted?
          Hide
          gb2048 Gareth J Barnard added a comment -

          Hi Steve 2.7,

          My thoughts, re:

          Will I, as the instructor, still be able to know who posted the message if it is shown as Anonymous?
          – What is the point and validity of Anonymous posting if somebody can find out who actually posted it? Its like saying you have privacy but actually a group of people can still know. It the user finds out that their anonymous post was not actually anonymous after all, then that does not exactly build trust with the system or people who run it.
          Will I be able to see the message before it is posted?
          --Because? What would you like to do? Are you going to want to vet it in a 'big brother' way?

          If you are concerned about anonymous posting and are worried about what people might freely do then don't use it!

          Cheers,

          Gareth

          Show
          gb2048 Gareth J Barnard added a comment - Hi Steve 2.7 , My thoughts, re: Will I, as the instructor, still be able to know who posted the message if it is shown as Anonymous? – What is the point and validity of Anonymous posting if somebody can find out who actually posted it? Its like saying you have privacy but actually a group of people can still know. It the user finds out that their anonymous post was not actually anonymous after all, then that does not exactly build trust with the system or people who run it. Will I be able to see the message before it is posted? --Because? What would you like to do? Are you going to want to vet it in a 'big brother' way? If you are concerned about anonymous posting and are worried about what people might freely do then don't use it! Cheers, Gareth
          Hide
          steve Steve 2.7 added a comment -

          I think the world is not as pretty as you seem to believe.

          My theory is that students don't ask questions in class for fear of being criticized personally. I want to allow them to post anonymously relative to each other. If students won't post unless no one will know their IDs then there is a bigger problem and this forum modification will not address it anyhow.

          I would like to prevent unacceptable posts. At least when students post in the present forum, their names are attached and traceable. All it would take is one strongly objectionable post and the University will step in and all will be lost.

          Would you be willing to take that risk?

          >>--Because? What would you like to do? Are you going to want to vet it in a 'big brother' way?
          >If you are concerned about anonymous posting and are worried about what people might freely do then don't use it!

          There is nothing that isn't "Big Brother" about the public, private, or state, school systems.
          Otherwise, why should students even need ID at all or log in names/passwords? If a student posted an offensive comment if your forum, will you not remove it?

          Are you suggesting that the Guest sign in for Moodle should not have any limits? After all, what are you hiding?
          Maybe if I had tenure, then I might ready for that level of anarchy.

          Show
          steve Steve 2.7 added a comment - I think the world is not as pretty as you seem to believe. My theory is that students don't ask questions in class for fear of being criticized personally. I want to allow them to post anonymously relative to each other. If students won't post unless no one will know their IDs then there is a bigger problem and this forum modification will not address it anyhow. I would like to prevent unacceptable posts. At least when students post in the present forum, their names are attached and traceable. All it would take is one strongly objectionable post and the University will step in and all will be lost. Would you be willing to take that risk? >>--Because? What would you like to do? Are you going to want to vet it in a 'big brother' way? >If you are concerned about anonymous posting and are worried about what people might freely do then don't use it! There is nothing that isn't "Big Brother" about the public, private, or state, school systems. Otherwise, why should students even need ID at all or log in names/passwords? If a student posted an offensive comment if your forum, will you not remove it? Are you suggesting that the Guest sign in for Moodle should not have any limits? After all, what are you hiding? Maybe if I had tenure, then I might ready for that level of anarchy.
          Hide
          jamatrucola Joe Amatrucola added a comment -

          We are very interested in this feature for the educational, pedagogical reasons that have been discussed in previous discussion, and which Steve summarized above. Our interest in anonymous posting is so that the students remain anonymous from each other, and have the freedom to ask questions without fearing ridicule. We are considering using it for peer-help forums. At the secondary education level, we would not be able to implement this feature, however, if there were 100% anonymity: meaning that the user's identity were not being logged in the back-end tables, so that at the very least a system administrator could query the tables and determine he identity of a potentially offensive poster, even if the teacher or a Moodle Site Administrator could never determine the identity through the front end. Please note that this is how an "anonymous" feedback activity presently works: (respondents' userids) are logged to a back-end table, even if the activity is set to anonymous.

          Joe

          Show
          jamatrucola Joe Amatrucola added a comment - We are very interested in this feature for the educational, pedagogical reasons that have been discussed in previous discussion, and which Steve summarized above. Our interest in anonymous posting is so that the students remain anonymous from each other, and have the freedom to ask questions without fearing ridicule. We are considering using it for peer-help forums. At the secondary education level, we would not be able to implement this feature, however, if there were 100% anonymity: meaning that the user's identity were not being logged in the back-end tables, so that at the very least a system administrator could query the tables and determine he identity of a potentially offensive poster, even if the teacher or a Moodle Site Administrator could never determine the identity through the front end. Please note that this is how an "anonymous" feedback activity presently works: (respondents' userids) are logged to a back-end table, even if the activity is set to anonymous. Joe
          Hide
          derekcx Derek Chirnside added a comment -

          Steve and Joe:

          You are wanting a functionality that was not intended in the original specification. In terms of most of the discussion, anonymous was supposed to be just that.

          As I understand it, you want students to be able to ask questions online, to have no-one know who they are (except the administrator/tutor) and for there to be pre-moderation. The reasons you need this may be very sad, and possibly counter a good environment for learning - but there is is.

          You guys and Gareth probably are at the moment posting at cross purposes with different presuppositions and assumptions.

          I'd suggest setting up an email within the policy guidelines of the institution (ie gmail or @yourplace.edu), and have an "email a question" link to it in Moodle. Spell out the reasons for it in an inviting and positive way. Don't hint at the negative environment you may feel. Then the questions arrive, the tutor sanitises, bowdlerises or tidies them up and posts them with an answer in the forums.

          Problem solved.

          -Derek

          Show
          derekcx Derek Chirnside added a comment - Steve and Joe: You are wanting a functionality that was not intended in the original specification. In terms of most of the discussion, anonymous was supposed to be just that. As I understand it, you want students to be able to ask questions online, to have no-one know who they are (except the administrator/tutor) and for there to be pre-moderation. The reasons you need this may be very sad, and possibly counter a good environment for learning - but there is is. You guys and Gareth probably are at the moment posting at cross purposes with different presuppositions and assumptions. I'd suggest setting up an email within the policy guidelines of the institution (ie gmail or @yourplace.edu), and have an "email a question" link to it in Moodle. Spell out the reasons for it in an inviting and positive way. Don't hint at the negative environment you may feel. Then the questions arrive, the tutor sanitises, bowdlerises or tidies them up and posts them with an answer in the forums. Problem solved. -Derek
          Hide
          jamatrucola Joe Amatrucola added a comment - - edited

          Derek,

          Respectfully, I think that if you re-read the comments above, there are other users requesting precisely what we are describing. We need to remember that Moodle has a wide variety of audiences, and one size doesn't always fit all. As noted by several others above, Moodle already does quite a bit of back-end identity logging that's only visible to sysadmins (I pointed out just one example: anonymous feedback activities)

          Joe

          Show
          jamatrucola Joe Amatrucola added a comment - - edited Derek, Respectfully, I think that if you re-read the comments above, there are other users requesting precisely what we are describing. We need to remember that Moodle has a wide variety of audiences, and one size doesn't always fit all. As noted by several others above, Moodle already does quite a bit of back-end identity logging that's only visible to sysadmins (I pointed out just one example: anonymous feedback activities) Joe
          Hide
          steve Steve 2.7 added a comment -



          Easy fix, although maybe not easy in coding, set up for both and let the user decide.

          Show
          steve Steve 2.7 added a comment - Easy fix, although maybe not easy in coding, set up for both and let the user decide.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi Derek,

          Actually, the specification that I've proposed does allow this. It also allows this to be applied to any part of Moodle, so you could have all quizzes, workshop activities, and forums disguised in this fashion.

          Note: the specification that I've written also suggests renaming this feature to disguises as there is no way in which Moodle can actually implement true anonymity. There is always some form of log, even if it isn't within Moodles control.

          Andrew

          Show
          dobedobedoh Andrew Nicols added a comment - Hi Derek, Actually, the specification that I've proposed does allow this. It also allows this to be applied to any part of Moodle, so you could have all quizzes, workshop activities, and forums disguised in this fashion. Note: the specification that I've written also suggests renaming this feature to disguises as there is no way in which Moodle can actually implement true anonymity. There is always some form of log, even if it isn't within Moodles control. Andrew
          Hide
          derekcx Derek Chirnside added a comment -

          What did you think of my suggestion Joe and Steve?
          It seems to me it is very clean and respects the integrity of the system and the relationships involved.
          I have done this in the past with very super sensitive topics, with some success. I had students pass questions on paper and verbally.

          -Derek

          Show
          derekcx Derek Chirnside added a comment - What did you think of my suggestion Joe and Steve? It seems to me it is very clean and respects the integrity of the system and the relationships involved. I have done this in the past with very super sensitive topics, with some success. I had students pass questions on paper and verbally. -Derek
          Hide
          jamatrucola Joe Amatrucola added a comment -

          Derek,

          I see what you're suggesting, and thank you for looking to come up with alternatives. For our purposes, we're not looking to moderate (get in the middle of) the anonymous questions posted by students. We would not want to have to receive them by e-mail, then review each one and post them ourselves. This would severely hinder the type of open, fast communication we'd want between our students. Again, it's likely different for adult learners, but for teenagers we will always need a way to identify who's doing what on our systems. At the secondary education level, at least in the US, academic freedom does not trump the need for the institution to monitor and guide student behavior, intervening when necessary.

          I fear this may be a moot point. If the feature gets implemented as broadly as Andrew is describing wherein "disguising" could be applied to any number of Moodle activities (which I think would be nice), given the way the various activities store their data on the back-end, they will likely store the userid. I don't see that as a problem. As Andrew pointed out there's little, if anything, on the Internet that's truly anonymous. We as systems administrators know that oftentimes the back-end of the system will tell us more than what even an administrative user will see in the front-end.

          Thanks for engaging this topic. I'm glad to see we have some more conversation taking place.

          Joe

          Show
          jamatrucola Joe Amatrucola added a comment - Derek, I see what you're suggesting, and thank you for looking to come up with alternatives. For our purposes, we're not looking to moderate (get in the middle of) the anonymous questions posted by students. We would not want to have to receive them by e-mail, then review each one and post them ourselves. This would severely hinder the type of open, fast communication we'd want between our students. Again, it's likely different for adult learners, but for teenagers we will always need a way to identify who's doing what on our systems. At the secondary education level, at least in the US, academic freedom does not trump the need for the institution to monitor and guide student behavior, intervening when necessary. I fear this may be a moot point. If the feature gets implemented as broadly as Andrew is describing wherein "disguising" could be applied to any number of Moodle activities (which I think would be nice), given the way the various activities store their data on the back-end, they will likely store the userid. I don't see that as a problem. As Andrew pointed out there's little, if anything, on the Internet that's truly anonymous. We as systems administrators know that oftentimes the back-end of the system will tell us more than what even an administrative user will see in the front-end. Thanks for engaging this topic. I'm glad to see we have some more conversation taking place. Joe
          Hide
          derekcx Derek Chirnside added a comment -

          Joe, great.
          In part I was responding to Joe's comment "Will I be able to see the message before it is posted?"
          'Disguising' maybe. I agree it is not a problem - as long as students know that the tutors can know who is posting. With crystal clarity.

          Regards
          -Derek

          Show
          derekcx Derek Chirnside added a comment - Joe, great. In part I was responding to Joe's comment "Will I be able to see the message before it is posted?" 'Disguising' maybe. I agree it is not a problem - as long as students know that the tutors can know who is posting. With crystal clarity. Regards -Derek
          Hide
          steve Steve 2.7 added a comment -

          << What did you think of my suggestion Joe and Steve?
          << It seems to me it is very clean and respects the integrity of the system and the relationships involved.
          << I have done this in the past with very super sensitive topics, with some success. I had students
          >> pass questions on paper and verbally.

          >> -Derek

          It looks as if it would achieve the same result and sounds as if it would be more work having to copy/paste.each message rather than click to accept.

          OTOH, is there really a drive to have totally anonymous posting? Reading about the amount of coding needed, I wonder of its merit. Sounds like very dangerous territory to me and I, for one, would not take the risk in using it..

          .

          Show
          steve Steve 2.7 added a comment - << What did you think of my suggestion Joe and Steve? << It seems to me it is very clean and respects the integrity of the system and the relationships involved. << I have done this in the past with very super sensitive topics, with some success. I had students >> pass questions on paper and verbally. >> -Derek It looks as if it would achieve the same result and sounds as if it would be more work having to copy/paste.each message rather than click to accept. OTOH, is there really a drive to have totally anonymous posting? Reading about the amount of coding needed, I wonder of its merit. Sounds like very dangerous territory to me and I, for one, would not take the risk in using it.. .
          Hide
          easegill Nigel Robertson added a comment -

          As noted by many people, Moodle is used in a wide variety of situations. A number have also seen that total anonymity is very difficult to achieve if someone has access to Moodle logs and / or server logs. There are however, a number of situations where the ability to post anonymously is desirable, for example, discussing personal life experiences. I think that for many people, their expectations of being anonymous will be that the other people in their course (with whatever role) will not be able to identify who made a post. They may be less aware that at some stage a system admin could identify who made a post. Joe also mentioned anonymity between class members but not from the teacher. This is a different level of anonymity which is useful in some situations. Having graded levels of anonymity or privacy may be the best solution, however I would be loathe to see the ideal of a workable complete anonymity in forums compromised if the solution had to be one or the other (complete or partial).

          Some further comments: I think that for 'complete' anonymity it should not be easy for a sysadmin to identify people who posted and it should be impossible for a teacher to do so. If people are uncomfortable with that level of trust in their classes then they don't need to enable the feature.

          Show
          easegill Nigel Robertson added a comment - As noted by many people, Moodle is used in a wide variety of situations. A number have also seen that total anonymity is very difficult to achieve if someone has access to Moodle logs and / or server logs. There are however, a number of situations where the ability to post anonymously is desirable, for example, discussing personal life experiences. I think that for many people, their expectations of being anonymous will be that the other people in their course (with whatever role) will not be able to identify who made a post. They may be less aware that at some stage a system admin could identify who made a post. Joe also mentioned anonymity between class members but not from the teacher. This is a different level of anonymity which is useful in some situations. Having graded levels of anonymity or privacy may be the best solution, however I would be loathe to see the ideal of a workable complete anonymity in forums compromised if the solution had to be one or the other (complete or partial). Some further comments: I think that for 'complete' anonymity it should not be easy for a sysadmin to identify people who posted and it should be impossible for a teacher to do so. If people are uncomfortable with that level of trust in their classes then they don't need to enable the feature.
          Hide
          steve Steve 2.7 added a comment - - edited

          So, it is not totally anonymous posting that is being proposed. As long as someone in the system can determine who wrote a message then I would not have any problem.

          I still wonder why a few levels of anonymization don't seem to be being considered.
          Are they? Did I miss that?

          "I think that for 'complete' anonymity it should not be easy for a sysadmin to identify people who posted"
          Are you suggesting that maybe a court order should be required?

          I wonder if school administrators would put the kibosh on all this preventing any level of the option..

          Show
          steve Steve 2.7 added a comment - - edited So, it is not totally anonymous posting that is being proposed. As long as someone in the system can determine who wrote a message then I would not have any problem. I still wonder why a few levels of anonymization don't seem to be being considered. Are they? Did I miss that? "I think that for 'complete' anonymity it should not be easy for a sysadmin to identify people who posted" Are you suggesting that maybe a court order should be required? I wonder if school administrators would put the kibosh on all this preventing any level of the option..
          Hide
          easegill Nigel Robertson added a comment -

          Not a court order. That would be subject to the laws of the relevant country and entirely independent of the software. It may already be the case in some jurisdictions that a court order would be required to legally access such information.

          In a previous version of anonymous posting in forums, a teacher could select to make posters to the forum anonymous. After content had been posted the teacher could then untick the anonymous option and everyone's names became visible for all participants. This is quite a grave infringement of privacy and trust. The proposal that lead to this discussion was that forums should have a properly anonymous option. As was then discussed, there is no true anonymity in the system if users have at some point logged in to access their courses. That is why I am suggesting that we accept that and move to a compromise position where anonymity is effectively in place although sysadmins could track down with reasonable certainty who an individual poster was. I think that allowing sysadmins the ability to query a post and immediately see the real identity of the poster is too easy and may be subject in some instances to abuse, perhaps through peer pressure from teachers, (and also in some small installations some teachers will have sysadmin rights).

          It should be clear that the normal use of a forum will continue as it is at the moment. Making posters anonymous will be the choice of whoever controls the course where the forum exists. If a teacher or facilitator doesn't want their students to post anonymously then they won't enable the option.

          Show
          easegill Nigel Robertson added a comment - Not a court order. That would be subject to the laws of the relevant country and entirely independent of the software. It may already be the case in some jurisdictions that a court order would be required to legally access such information. In a previous version of anonymous posting in forums, a teacher could select to make posters to the forum anonymous. After content had been posted the teacher could then untick the anonymous option and everyone's names became visible for all participants. This is quite a grave infringement of privacy and trust. The proposal that lead to this discussion was that forums should have a properly anonymous option. As was then discussed, there is no true anonymity in the system if users have at some point logged in to access their courses. That is why I am suggesting that we accept that and move to a compromise position where anonymity is effectively in place although sysadmins could track down with reasonable certainty who an individual poster was. I think that allowing sysadmins the ability to query a post and immediately see the real identity of the poster is too easy and may be subject in some instances to abuse, perhaps through peer pressure from teachers, (and also in some small installations some teachers will have sysadmin rights). It should be clear that the normal use of a forum will continue as it is at the moment. Making posters anonymous will be the choice of whoever controls the course where the forum exists. If a teacher or facilitator doesn't want their students to post anonymously then they won't enable the option.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          I have just pushed a working prototype of the user disguises.
          At the moment this is pretty basic, and I intend to work more on this over the next few days, but it is largely feature complete.

          I have written a disguise_basic plugin exists to set all user display names to be 'Anonymous' where the disguise is applied (currently forums only). It's fits most of the spec with the exceptions of:

          1. it is not currently possible to lock the settings
          2. the gradebook lockout is not yet functional

          Although this is currently applied to most of the forum, I haven't made the changes required for notifications yet.

          The git history is a mess and I'll be improving upon that soon. I'll also start to add some screenshots and unit + functional tests.

          I also hope to write another basic disguise plugin where the user chooses their own name, and if I have time another where the user can select (or be assigned) a name from a list.

          Show
          dobedobedoh Andrew Nicols added a comment - I have just pushed a working prototype of the user disguises. At the moment this is pretty basic, and I intend to work more on this over the next few days, but it is largely feature complete. I have written a disguise_basic plugin exists to set all user display names to be 'Anonymous' where the disguise is applied (currently forums only). It's fits most of the spec with the exceptions of: it is not currently possible to lock the settings the gradebook lockout is not yet functional Although this is currently applied to most of the forum, I haven't made the changes required for notifications yet. The git history is a mess and I'll be improving upon that soon. I'll also start to add some screenshots and unit + functional tests. I also hope to write another basic disguise plugin where the user chooses their own name, and if I have time another where the user can select (or be assigned) a name from a list.
          Hide
          dougiamas Martin Dougiamas added a comment -

          Lovin' it Andrew - keep it up!

          Show
          dougiamas Martin Dougiamas added a comment - Lovin' it Andrew - keep it up!
          Hide
          jtouw Jason Touw added a comment -

          I would also like to see the ratings mad anonymous, so that the person receiving the ratings cannot determine

          • who did or did not rate the post (limits students from campaigning for additional ratings from no raters)
          • who the raters on the post were (limits students complaining or going back to a rater if they felt unjustly rated)

          Would this plugin also apply to ratings?

          Show
          jtouw Jason Touw added a comment - I would also like to see the ratings mad anonymous, so that the person receiving the ratings cannot determine who did or did not rate the post (limits students from campaigning for additional ratings from no raters) who the raters on the post were (limits students complaining or going back to a rater if they felt unjustly rated) Would this plugin also apply to ratings?
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi Jason Touw,

          Thanks for the comment. With the way in which this functionality is written, the ratings show with the display name from the disguise rather than the real name of the user.

          I will be posting a more detailed update to this issue next week,

          Andrew

          Show
          dobedobedoh Andrew Nicols added a comment - Hi Jason Touw , Thanks for the comment. With the way in which this functionality is written, the ratings show with the display name from the disguise rather than the real name of the user. I will be posting a more detailed update to this issue next week, Andrew
          Hide
          poltawski Dan Poltawski added a comment -

          Just a note to remember to examine performance of these changes - it's quite easy to introduce a big regression when dealing with user level things in a list.

          Show
          poltawski Dan Poltawski added a comment - Just a note to remember to examine performance of these changes - it's quite easy to introduce a big regression when dealing with user level things in a list.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Thanks Dan,

          I've tried to bear that in mind as I write this.

          There is no extra query when no disguise is present (the disguise is a feature of the context).
          When there is a disguise there is one query to load it.

          For the predefined plugin there is a single query to fetch all mapping a for all users in the context. This may become more of a memory constraint if anything.

          Show
          dobedobedoh Andrew Nicols added a comment - Thanks Dan, I've tried to bear that in mind as I write this. There is no extra query when no disguise is present (the disguise is a feature of the context). When there is a disguise there is one query to load it. For the predefined plugin there is a single query to fetch all mapping a for all users in the context. This may become more of a memory constraint if anything.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi all,

          I'm going to put this issue up for peer review today to get some feedback on the way in which I have implemented this at a core level.

          This change been implemented as per the specification I posted last year and is close to feature completion.

          As previously discussed I have renamed this feature to 'User disguises' to reflect the true nature of it and the fact that true anonymity is close to impossible.

          State

          Disguises has been architected as a plugin-based design where disguise plugins dictate:

          • how display names are calculated for display;
          • the URL used for the profile page (if one is set at all);
          • the URL used for the user_picture (if one is set at all); and
          • the URL used for user messagign (if one is set at all).

          The original feature request here was for mod_forum to support anonymity, but I felt early on in the design stage that this functionality really should be available to other areas too. Given the pedagogical use-cases for this feature, I feel that it is potentially suited for any interaction between students (e.g. mod_chat, mod_wiki, mod_workshop, block_comments). As a result disguises are implemented directly within the context.

          Features

          The following features have been implemented:

          1. Ability to select from a range of disguise types (new plugin type)
          2. Ability to enable/disable the disguise entirely
          3. Ability to determine which users can see the true identity of disguised users:
            1. Teachers, Editing teachers, and Managers (by default) have a capability which will allow them to reveal identity if the disguise has been configured to reveal identity to some users.
            2. Manager (by default) has a capability to reveal identites at any time.
          4. Ability to reveal true identities from a specific time/date
          5. Support for 'anonymous' logging of the events system
          6. Plugin archtecture with two plugins
          7. Hooked into navigation/settings navigation
          8. Hook into $PAGE to ensure that the current user is configured (and allow redirect to a plugin-specific configuration page).
          9. Works in Moodle Mobile application with minimal change required in the app
          10. Applied to mod_forum
          11. May be applied to any module
          12. Ability for a disguise configuration to be 'locked' so that disguise revelation settings cannot be altered. This can be unlocked by the administrator (capability based).
          Plugins

          I have created two plugins at this time:

          1. disguise_basic: Teacher defines a single value which is used for all users. No profile links, message links, or user pictures are displayed
          2. disguise_predefined: Teacher defines a set of possible names which are allocated randomly on a first-come, first-served basis. No profile links, message links, or user pictures are displayed.

          I would like to create some additional plugins, but these will probably happen after this issue is integrated:

          1. disguise_userdefined: User may choose their own pseudonym. No profile links, or message links. User may choose a custom user picture.
          2. disguise_role: Teacher defines a set of roles, similar to disguise_predefined. Custom profile links (to support role backstories). Teacher may define a custom user picture.
          Performance

          Because they are implemented at \context, and all uses of the context SQL helpers have been updated accordingly, there should be no increase in the number of DB reads when a disguise is disabled.

          Additionally the disguise is loaded into the context so subsequent calls to $context->disguise will not increase operations significantly.

          When a disguise is enabled there will be one additional DB read to fetch the disguise configuration, and then additional reads (and potentially writes) may be required depending on the disguise in question.

          In the plugins I have written:

          • disguise_basic should not cause any additional DB reads or writes as all configuration is held within the disguise itself.
          • disguise_predefined will lead to one additional DB read to fetch the disguise mappings for all defined names, and one write per user as the disguise is first applied.
          Outstanding items

          Although the feature is near completion, there are still a few outstanding issues to resolve:

          1. Improve $OUTPUT->user_picture() to allow specification of custom URLs
            This will allow disguises to have custom pictures for each disguise - potentially very useful for role play situations.
          2. Standardise user picture display in mobile app In some parts of the mobile app the user picture URL is manually calculated using the userid and the userpicture. This happens in the forum and needs to be updated for the previous item to work in the mobile app.
          3. Finish the admin UI for disguise_predefined
          4. Developer documentation
          5. Functional and Unit tests
            I'll be starting on these soon
          6. Backup
            1. The context needs to be extended to include disguise
            2. The disguise needs to be backed up
            3. All disguises need to backup both their configuration, and their data
            4. We need to consider as to whether it should be possible to back up a disguised context if the disguise is locked and the user performing the backup cannot reveal identities.
          7. Extend to other contexts (e.g. block)
          Screenshots
          Disguise section of the module editing form

          With default (no) values:

          Using the disguise_predefined plugin and enabled:

          disguise_predefined configuration locked from user changes (admin is viewing so can unlock)

          disguise_basic configuration

          disguise_predefined configuration

          In use within the forum

          disguise_basic on forum index:

          disguise_basic in forum discussion:

          disguise_predefined with Animal names on forum index:

          disguise_predefined with Animal names in forum discussion:

          disguise_predefined with basic roles and real identity shown on forum index:

          disguise_predefined with basic roles and real identity shown in forum discussion:

          Recent activity in forum showing the correct disguise names:

          Show
          dobedobedoh Andrew Nicols added a comment - Hi all, I'm going to put this issue up for peer review today to get some feedback on the way in which I have implemented this at a core level. This change been implemented as per the specification I posted last year and is close to feature completion. As previously discussed I have renamed this feature to 'User disguises' to reflect the true nature of it and the fact that true anonymity is close to impossible. State Disguises has been architected as a plugin-based design where disguise plugins dictate: how display names are calculated for display; the URL used for the profile page (if one is set at all); the URL used for the user_picture (if one is set at all); and the URL used for user messagign (if one is set at all). The original feature request here was for mod_forum to support anonymity, but I felt early on in the design stage that this functionality really should be available to other areas too. Given the pedagogical use-cases for this feature, I feel that it is potentially suited for any interaction between students (e.g. mod_chat, mod_wiki, mod_workshop, block_comments). As a result disguises are implemented directly within the context. Features The following features have been implemented: Ability to select from a range of disguise types (new plugin type) Ability to enable/disable the disguise entirely Ability to determine which users can see the true identity of disguised users: Teachers, Editing teachers, and Managers (by default) have a capability which will allow them to reveal identity if the disguise has been configured to reveal identity to some users. Manager (by default) has a capability to reveal identites at any time. Ability to reveal true identities from a specific time/date Support for 'anonymous' logging of the events system Plugin archtecture with two plugins Hooked into navigation/settings navigation Hook into $PAGE to ensure that the current user is configured (and allow redirect to a plugin-specific configuration page). Works in Moodle Mobile application with minimal change required in the app Applied to mod_forum May be applied to any module Ability for a disguise configuration to be 'locked' so that disguise revelation settings cannot be altered. This can be unlocked by the administrator (capability based). Plugins I have created two plugins at this time: disguise_basic: Teacher defines a single value which is used for all users. No profile links, message links, or user pictures are displayed disguise_predefined: Teacher defines a set of possible names which are allocated randomly on a first-come, first-served basis. No profile links, message links, or user pictures are displayed. I would like to create some additional plugins, but these will probably happen after this issue is integrated: disguise_userdefined: User may choose their own pseudonym. No profile links, or message links. User may choose a custom user picture. disguise_role: Teacher defines a set of roles, similar to disguise_predefined. Custom profile links (to support role backstories). Teacher may define a custom user picture. Performance Because they are implemented at \context, and all uses of the context SQL helpers have been updated accordingly, there should be no increase in the number of DB reads when a disguise is disabled. Additionally the disguise is loaded into the context so subsequent calls to $context->disguise will not increase operations significantly. When a disguise is enabled there will be one additional DB read to fetch the disguise configuration, and then additional reads (and potentially writes) may be required depending on the disguise in question. In the plugins I have written: disguise_basic should not cause any additional DB reads or writes as all configuration is held within the disguise itself. disguise_predefined will lead to one additional DB read to fetch the disguise mappings for all defined names, and one write per user as the disguise is first applied. Outstanding items Although the feature is near completion, there are still a few outstanding issues to resolve: Improve $OUTPUT->user_picture() to allow specification of custom URLs This will allow disguises to have custom pictures for each disguise - potentially very useful for role play situations. Standardise user picture display in mobile app In some parts of the mobile app the user picture URL is manually calculated using the userid and the userpicture. This happens in the forum and needs to be updated for the previous item to work in the mobile app. Finish the admin UI for disguise_predefined Developer documentation Functional and Unit tests I'll be starting on these soon Backup The context needs to be extended to include disguise The disguise needs to be backed up All disguises need to backup both their configuration, and their data We need to consider as to whether it should be possible to back up a disguised context if the disguise is locked and the user performing the backup cannot reveal identities. Extend to other contexts (e.g. block) Screenshots Disguise section of the module editing form With default (no) values: Using the disguise_predefined plugin and enabled: disguise_predefined configuration locked from user changes (admin is viewing so can unlock) disguise_basic configuration disguise_predefined configuration In use within the forum disguise_basic on forum index: disguise_basic in forum discussion: disguise_predefined with Animal names on forum index: disguise_predefined with Animal names in forum discussion: disguise_predefined with basic roles and real identity shown on forum index: disguise_predefined with basic roles and real identity shown in forum discussion: Recent activity in forum showing the correct disguise names:
          Hide
          cibot CiBoT added a comment -

          Fails against automated checks.

          Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git

          More information about this report

          Show
          cibot CiBoT added a comment - Fails against automated checks. Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git master (123 errors / 14 warnings) [branch: MDL-1071-master | CI Job ] phplint (0/0) , phpcs (41/12) , js (0/0) , css (0/0) , phpdoc (80/1) , commit (2/1) , savepoint (0/0) , thirdparty (0/0) , grunt (0/0) , shifter (0/0) , travis (0/0) , More information about this report
          Hide
          cibot CiBoT added a comment -

          Fails against automated checks.

          Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git

          More information about this report

          Show
          cibot CiBoT added a comment - Fails against automated checks. Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git master (66 errors / 3 warnings) [branch: MDL-1071-master | CI Job ] phplint (0/0) , phpcs (12/2) , js (0/0) , css (0/0) , phpdoc (53/0) , commit (1/1) , savepoint (0/0) , thirdparty (0/0) , grunt (0/0) , shifter (0/0) , travis (0/0) , More information about this report
          Hide
          marina Marina Glancy added a comment -

          Andrew Nicols, can you please rebase your branch? The diff link does not work properly

          Show
          marina Marina Glancy added a comment - Andrew Nicols , can you please rebase your branch? The diff link does not work properly
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Rebased, though the diff link worked perfectly for me before anyway - are you sure you looked at the right link?

          Show
          dobedobedoh Andrew Nicols added a comment - Rebased, though the diff link worked perfectly for me before anyway - are you sure you looked at the right link?
          Hide
          steve Steve 2.7 added a comment -

          How do I get me one of them "Implement user disguises" add-ons that I can check it on my home Moodle?
          I did not see an option to download it.

          Show
          steve Steve 2.7 added a comment - How do I get me one of them "Implement user disguises" add-ons that I can check it on my home Moodle? I did not see an option to download it.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi Steve,

          At the moment there is no add-on to download. This is a major change to core rather than jhust a few files. The 'easiest' way is probably to use the git branch, or download a copy of the zip file generated for the branch by GitHub: https://github.com/andrewnicols/moodle/archive/MDL-1071-master.zip

          Show
          dobedobedoh Andrew Nicols added a comment - Hi Steve, At the moment there is no add-on to download. This is a major change to core rather than jhust a few files. The 'easiest' way is probably to use the git branch, or download a copy of the zip file generated for the branch by GitHub: https://github.com/andrewnicols/moodle/archive/MDL-1071-master.zip
          Hide
          cameron1729 Cameron Ball added a comment -

          Hey Andrew, this is really cool, nice work.

          Firstly, I'm sorry I haven't finished this review yet. It's a lot to get through. I'm going to leave my notes so far for you to look at and continue reviewing this asap.

          1. I got this error when creating the forum in step 1.2

            Argument 1 passed to core\disguise\helper::add_to_form() must be an instance of moodleform, instance of MoodleQuickForm given, called in [dirroot]/course/moodleform_mod.php on line 534

            I "fixed" it by removing the mform type hint on add_to_form but I think it requires more consideration.

          2. Related, why do we pass $mform by reference? I see it all over moodle (maybe in older, pre-PHP 5 parts it makes sense), but here there's no need to pass a reference to the object's identifier (related: #10).
          3. This will give an undefined variable notice. Can we not just do

                final public function can_toggle_real_identity() {
                    if (has_capability('moodle/disguise:revealidentity', $this->context)) {
                        // This user holds the revealidentity capability, therefore they are able to toggle identity display.
                        return true;
                    }
             
                    return $this->showrealidentity === helper::IDENTITY_RESTRICTED && 
                            has_capability('moodle/disguise:showidentity', $this->context);
                }

          4. I notice than when viewing the forum, my username in the top right changes to 'Anonymous' - is that really needed? Could it be confusing? I get that maybe it's supposed to let the user know they're posting anonymously but maybe there's a better way to do that?
          5. In step 2.1.1 I didn't get an error, I simply got a blank white page (related: step 1.6.1 probably needs to say something like "don't add the animals set" - I was stupid and added it which made the forum work just fine).
          6. Step 5.3.1 failed for me because of the $showidentity problem I mentioned earlier (after fixing it, it works fine).
          7. I checked how forum digest emails look, and it seems to work without revealing who posted what, but I noticed the username "Anonymous" is still a link (<a href="" target="_blank">Anonymous</a>) is it possible to make it just text?
          8. Small typo in animal set: "Anonymous Panthers" - should be "Anonymous Panther".
          9. Can we change this to something like

            $notenoughdata = empty($rec->ctxid)
            		|| empty($rec->ctxlevel)
            		|| !isset($rec->ctxinstance)
            		|| empty($rec->ctxpath)
            		|| empty($rec->ctxdepth);
            		|| !isset($rec->ctxdisguiseid);

            Personally I find it easier to look at. We could go as far as adding the whole thing to the if conditional instead of introducing a new variable.

          10. I know you didn't write it, but this comment is wrong. In PHP what gets passed around is an object identifier, (and you can even have a reference to the identifier). It would be nice to fix the comment.
          11. I don't particularly like this - in a method called get_config I wouldn't expect config to get set. Surely that is better dealt with in the constructor. Is there anything wrong with using $this->config = (object)json_decode($record->configdata); in the constructor? I like that better, given the other casts there, adding defaults can be handled there too.
            • Side note: Maybe there is a good reason, but I don't get why I see objects being used for key-value pairs so much in moodle. Why can't we just use PHP's "arrays"? (actually PHP's arrays are hash tables, as are objects), then the whole thing becomes nicer IMO:

              class myClass {
              	protected $config = array(
              		'disguiseuseras' => 'basic',
              	);
              		
              	public function __construct(array $config = array()) {
              		$this->config = array_merge($this->config, $config); //$config clobbers $this->config
              	}
              }

          12. What is this for? I like fluid interfaces and method chaining a lot, but this class doesn't appear to implement that.
            • Side note: The docblock for this method appears incorrect.
          13. Can we use is_null here
          14. This comment strikes me as strange since we are not checking anything.
          15. This method is a bit strange to me. I think the name is mostly what I find unusual. It's called "handle_user..." yet it doesn't seem to do anything with a user.
          Show
          cameron1729 Cameron Ball added a comment - Hey Andrew, this is really cool, nice work. Firstly, I'm sorry I haven't finished this review yet. It's a lot to get through. I'm going to leave my notes so far for you to look at and continue reviewing this asap. I got this error when creating the forum in step 1.2 Argument 1 passed to core\disguise\helper::add_to_form() must be an instance of moodleform, instance of MoodleQuickForm given, called in [dirroot]/course/moodleform_mod.php on line 534 I "fixed" it by removing the mform type hint on add_to_form but I think it requires more consideration. Related, why do we pass $mform by reference? I see it all over moodle (maybe in older, pre-PHP 5 parts it makes sense), but here there's no need to pass a reference to the object's identifier (related: #10). This will give an undefined variable notice. Can we not just do final public function can_toggle_real_identity() { if (has_capability( 'moodle/disguise:revealidentity' , $this ->context)) { // This user holds the revealidentity capability, therefore they are able to toggle identity display. return true; }   return $this ->showrealidentity === helper::IDENTITY_RESTRICTED && has_capability( 'moodle/disguise:showidentity' , $this ->context); } I notice than when viewing the forum, my username in the top right changes to 'Anonymous' - is that really needed? Could it be confusing? I get that maybe it's supposed to let the user know they're posting anonymously but maybe there's a better way to do that? In step 2.1.1 I didn't get an error, I simply got a blank white page (related: step 1.6.1 probably needs to say something like "don't add the animals set" - I was stupid and added it which made the forum work just fine). Step 5.3.1 failed for me because of the $showidentity problem I mentioned earlier (after fixing it, it works fine). I checked how forum digest emails look, and it seems to work without revealing who posted what, but I noticed the username "Anonymous" is still a link ( <a href="" target="_blank">Anonymous</a> ) is it possible to make it just text? Small typo in animal set: "Anonymous Panthers" - should be "Anonymous Panther". Can we change this to something like $notenoughdata = empty ( $rec ->ctxid) || empty ( $rec ->ctxlevel) || !isset( $rec ->ctxinstance) || empty ( $rec ->ctxpath) || empty ( $rec ->ctxdepth); || !isset( $rec ->ctxdisguiseid); Personally I find it easier to look at. We could go as far as adding the whole thing to the if conditional instead of introducing a new variable. I know you didn't write it, but this comment is wrong . In PHP what gets passed around is an object identifier , (and you can even have a reference to the identifier). It would be nice to fix the comment. I don't particularly like this - in a method called get_config I wouldn't expect config to get set. Surely that is better dealt with in the constructor. Is there anything wrong with using $this->config = (object)json_decode($record->configdata); in the constructor? I like that better, given the other casts there, adding defaults can be handled there too. Side note: Maybe there is a good reason, but I don't get why I see objects being used for key-value pairs so much in moodle. Why can't we just use PHP's "arrays"? (actually PHP's arrays are hash tables, as are objects), then the whole thing becomes nicer IMO: class myClass { protected $config = array ( 'disguiseuseras' => 'basic' , ); public function __construct( array $config = array ()) { $this ->config = array_merge ( $this ->config, $config ); //$config clobbers $this->config } } What is this for? I like fluid interfaces and method chaining a lot, but this class doesn't appear to implement that. Side note: The docblock for this method appears incorrect. Can we use is_null here This comment strikes me as strange since we are not checking anything. This method is a bit strange to me. I think the name is mostly what I find unusual. It's called "handle_user..." yet it doesn't seem to do anything with a user.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Thanks Cameron,

          1) Fixed
          2) I suspect that this is habit. It's a complex object so it will be passed by reference naturally.
          3) Fixed. We could do that, but I find it clearer and easier to read as I've written it. Also, my way complies with coding style whilst yours does not (as I recall).
          4) This is partially because I have not been through the entire site and changed it to use \core\user::fullname() and passing it the context. It's also partially because I feel that it improves the user experience - the user can see that they are currently wearing their disguise and there is less of a question as to whether it will be preserved everywhere.
          5) This isn't written yet.
          6) Fixed in (2)
          7) Remember this is a Proof of concept. The code is not yet finished and some of this is likely to take place in the later stages, possibly after integration. This is a massive feature and there's just no way that every possibility can be caught.
          We may need to consider adjusting several of the templates - this is one, but I'm not going to do them immediately as we need to think about this.
          8) Fixed.
          9) Again, we could... but my way complies with coding style. Also, personally I prefer it and find it easier to read. Horses for courses.
          10) Fixed - but not really relevant to this issue
          11) It doesn't set the config. $this->config is a converted version of the actual config. It isn't the version from the DB - that is configdata.
          We just init the the view of it if $this->config is falsy - this will happen if the configdata field (from the DB) is null:

          var_dump(json_decode(null));
          

          The default value is set in the constructor already.
          12) How does it 'not' implement method chaining? That is precisely what it is for.
          13) Why? There is no benefit, and if anything is_null() has added overheads so is (very marginally) less efficient.
          14) Fixed. this was historical. Now the plugin is expected to override the function (and probably call parent:: on it). Originally this was not the design.
          15) Why? It's handling the user now being configured.
          Unfortunately I don't think that there is an example of this yet, but essentially it's the opposite of handle_unconfigured_for_user().
          handle_unconfigured_for_user() grabs the current URL and stores it in the session, then redirects to the user_configuration_path().
          When the user is now configured, the script at user_configuration_path should call handle_user_now_configured() to redirect the user back to their previous location.

          Pushed with the above updates.

          Show
          dobedobedoh Andrew Nicols added a comment - Thanks Cameron, 1) Fixed 2) I suspect that this is habit. It's a complex object so it will be passed by reference naturally. 3) Fixed. We could do that, but I find it clearer and easier to read as I've written it. Also, my way complies with coding style whilst yours does not (as I recall). 4) This is partially because I have not been through the entire site and changed it to use \core\user::fullname() and passing it the context. It's also partially because I feel that it improves the user experience - the user can see that they are currently wearing their disguise and there is less of a question as to whether it will be preserved everywhere. 5) This isn't written yet. 6) Fixed in (2) 7) Remember this is a Proof of concept. The code is not yet finished and some of this is likely to take place in the later stages, possibly after integration. This is a massive feature and there's just no way that every possibility can be caught. We may need to consider adjusting several of the templates - this is one, but I'm not going to do them immediately as we need to think about this. 8) Fixed. 9) Again, we could... but my way complies with coding style. Also, personally I prefer it and find it easier to read. Horses for courses. 10) Fixed - but not really relevant to this issue 11) It doesn't set the config. $this->config is a converted version of the actual config. It isn't the version from the DB - that is configdata. We just init the the view of it if $this->config is falsy - this will happen if the configdata field (from the DB) is null: var_dump(json_decode(null)); The default value is set in the constructor already. 12) How does it 'not' implement method chaining? That is precisely what it is for. 13) Why? There is no benefit, and if anything is_null() has added overheads so is (very marginally) less efficient. 14) Fixed. this was historical. Now the plugin is expected to override the function (and probably call parent:: on it). Originally this was not the design. 15) Why? It's handling the user now being configured. Unfortunately I don't think that there is an example of this yet, but essentially it's the opposite of handle_unconfigured_for_user(). handle_unconfigured_for_user() grabs the current URL and stores it in the session, then redirects to the user_configuration_path(). When the user is now configured, the script at user_configuration_path should call handle_user_now_configured() to redirect the user back to their previous location. Pushed with the above updates.
          Hide
          marina Marina Glancy added a comment -

          Hi Andrew,
          I started looking at this branch too, here are couple of comments (more will follow tomorrow):
          1. There are quite a few "TODO"s left in code
          2. In inplace-editable you do not always set the context - try pulling MDL-53274 and testing with it.
          3. It caught my eye that the table name is in plural 'disguises' where everything else (component name, plugin type) is singular - 'disguise'. But I don't think we have any strict policy about it and existing db tables are a big mix
          4. mustache file does not have all docs (it will not be accessible from templates library), also there are lots of phpdocs missing
          5. I'm a little confused about argument $override in the fullname() function - I was pretty sure it meant that current user has capability to view fullnames, not the first-then-last format.

          Show
          marina Marina Glancy added a comment - Hi Andrew, I started looking at this branch too, here are couple of comments (more will follow tomorrow): 1. There are quite a few "TODO"s left in code 2. In inplace-editable you do not always set the context - try pulling MDL-53274 and testing with it. 3. It caught my eye that the table name is in plural 'disguises' where everything else (component name, plugin type) is singular - 'disguise'. But I don't think we have any strict policy about it and existing db tables are a big mix 4. mustache file does not have all docs (it will not be accessible from templates library), also there are lots of phpdocs missing 5. I'm a little confused about argument $override in the fullname() function - I was pretty sure it meant that current user has capability to view fullnames, not the first-then-last format.
          Hide
          cameron1729 Cameron Ball added a comment - - edited

          I want to preface the rest of this review by saying that generally I like your approach. Although I don't feel confident I am the most qualified person to pass judgment on what is "good" in moodle. As best I can tell, based on the constraints, your solution is great. I like how generic it is, and the fact that it can be applied to so many parts of moodle is excellent. So in that regard, this patch is awesome and you've done a great job. The way the disguises are implemented within a context is a bit tricky for me to get my head around (more about that bellow), but I quite like the way forms get passed to the helper to have the extra stuff added - that's probably what I would do if I had to make something like this. All in all, it was genuinely quite easy for me to understand the concept and how it worked - I know some people are not sold on the name "disguises" but for me personally, I like it, and it reflects the nature of the feature well.

          I want to reiterate that it's hard for me to say for sure how good of an idea all this stuff is; because my experience with moodle is still very limited, and I can't help but think about solving this problem in a completely different way, in a completely different context (common OOP design patterns frequently spring to mind). This review has been a big learning experience for me.

          I probably don't know enough about it, but something that I found unusual was that the context has an identifier for the disguise, and the disguise also has an identifier for the context. It makes sense to me that one would need to know about the other, but I'm not sure I see them both needing to be aware of each other like that, it makes the whole thing feel really circular and weird, because now we have these two objects messing with each others' state. Things like a manager class start springing to mind but I don't think I have an intimate enough knowledge of the situation to properly comment. In some cases it seems like the disguise is needlessly passing information back to the context, when we could just use the context as an aggregate root to drill down to the disguise (or something like that...). Edit: After looking at it a bit more I think I get what's going on, but my point about it being a bit confusing still stands (although maybe a moodle master wouldn't have the problems I had :])

          Another thing I don't really like that much is that we have to add more stuff to the user class; but I suppose given the way the core_user class is designed, there isn't really another way is there? I would much rather see things like composition or decoration, but it doesn't seem doable :[

          In response to your previous comment, for brevity I'll just comment on your responses that I don't fully agree with.

          3 and 9. There's this from the coding style guide:

          Wrapping lines

          When wrapping a line, indent the follow-on line by 8 spaces rather than 4. For example:

          if (a_long_condition() &&
                  a_nother_long_condition()) {
              do_something();
          }

          which is sort of similar to what I'm saying. However as you say, different strokes. It's your patch and if you want to keep it that way that's fine by me :]

          11. Sure, but it still feels wrong to have that logic in get_config. You say the default value is set in the constructor, but I disagree. To me, the default value is what you get out of get_config when it's called and $record->configdata is falsy (i.e., the default is an object with one member, 'disguiseuseras' which has the value 'disguise_basic'). I really feel like what's happening is not obvious the way it's currently written, and it should be done in the constructor. Is there any reason why we can't do something similar to my example?

          12. What I meant was, why has it only been implemented on that one method? This class doesn't appear to lend itself well to method chaining, so maybe it shouldn't be on that method at all? Also the docblock is still incorrect.

          Continuing with the review. These are all minor things from my POV, as I said before the approach you have taken here is great. However I'd still like to raise these points because I like to talk about the finer details of these sort of things.

          1. Typo? Should it be "Use @link disguise_displayname instead"?
          2. Here (and other places), as best I can tell, we can just do

            $displayoptions['context']->disguise->displayname($user, $displayoptions);

            (In PHP7 call_user_func_array is basically equivalent to a normal function call, so it's desirable to just use a normal function call IMO). In this particular instance the method name and arguments are known; so I don't think there is an advantage to using call_user_func_array.

          3. Why get_called_class? Really that's for late static binding jazz, which isn't applicable here. Can we use get_class($this)? Functionally it should be no different, it just reflects the way the class is intended to be used better imo.

          I think that mostly covers the meat of this patch... The rest of it seems to be going around to all the places in moodle that need to use this new feature.

          Great job, ending my review here.

          Show
          cameron1729 Cameron Ball added a comment - - edited I want to preface the rest of this review by saying that generally I like your approach. Although I don't feel confident I am the most qualified person to pass judgment on what is "good" in moodle. As best I can tell, based on the constraints, your solution is great. I like how generic it is, and the fact that it can be applied to so many parts of moodle is excellent. So in that regard, this patch is awesome and you've done a great job. The way the disguises are implemented within a context is a bit tricky for me to get my head around (more about that bellow), but I quite like the way forms get passed to the helper to have the extra stuff added - that's probably what I would do if I had to make something like this. All in all, it was genuinely quite easy for me to understand the concept and how it worked - I know some people are not sold on the name "disguises" but for me personally, I like it, and it reflects the nature of the feature well. I want to reiterate that it's hard for me to say for sure how good of an idea all this stuff is; because my experience with moodle is still very limited, and I can't help but think about solving this problem in a completely different way, in a completely different context (common OOP design patterns frequently spring to mind). This review has been a big learning experience for me. I probably don't know enough about it, but something that I found unusual was that the context has an identifier for the disguise, and the disguise also has an identifier for the context. It makes sense to me that one would need to know about the other, but I'm not sure I see them both needing to be aware of each other like that, it makes the whole thing feel really circular and weird, because now we have these two objects messing with each others' state. Things like a manager class start springing to mind but I don't think I have an intimate enough knowledge of the situation to properly comment. In some cases it seems like the disguise is needlessly passing information back to the context, when we could just use the context as an aggregate root to drill down to the disguise (or something like that...). Edit: After looking at it a bit more I think I get what's going on, but my point about it being a bit confusing still stands (although maybe a moodle master wouldn't have the problems I had :]) Another thing I don't really like that much is that we have to add more stuff to the user class; but I suppose given the way the core_user class is designed, there isn't really another way is there? I would much rather see things like composition or decoration, but it doesn't seem doable :[ In response to your previous comment, for brevity I'll just comment on your responses that I don't fully agree with. 3 and 9. There's this from the coding style guide: Wrapping lines When wrapping a line, indent the follow-on line by 8 spaces rather than 4. For example: if (a_long_condition() && a_nother_long_condition()) { do_something(); } which is sort of similar to what I'm saying. However as you say, different strokes. It's your patch and if you want to keep it that way that's fine by me :] 11. Sure, but it still feels wrong to have that logic in get_config . You say the default value is set in the constructor, but I disagree. To me, the default value is what you get out of get_config when it's called and $record->configdata is falsy (i.e., the default is an object with one member, 'disguiseuseras' which has the value 'disguise_basic'). I really feel like what's happening is not obvious the way it's currently written, and it should be done in the constructor. Is there any reason why we can't do something similar to my example? 12. What I meant was, why has it only been implemented on that one method? This class doesn't appear to lend itself well to method chaining, so maybe it shouldn't be on that method at all? Also the docblock is still incorrect. Continuing with the review. These are all minor things from my POV, as I said before the approach you have taken here is great. However I'd still like to raise these points because I like to talk about the finer details of these sort of things. Typo ? Should it be "Use @link disguise_displayname instead"? Here (and other places), as best I can tell, we can just do $displayoptions['context']->disguise->displayname($user, $displayoptions); (In PHP7 call_user_func_array is basically equivalent to a normal function call, so it's desirable to just use a normal function call IMO). In this particular instance the method name and arguments are known; so I don't think there is an advantage to using call_user_func_array. Why get_called_class ? Really that's for late static binding jazz, which isn't applicable here. Can we use get_class($this) ? Functionally it should be no different, it just reflects the way the class is intended to be used better imo. I think that mostly covers the meat of this patch... The rest of it seems to be going around to all the places in moodle that need to use this new feature. Great job, ending my review here.
          Hide
          marina Marina Glancy added a comment -

          I pulled the branch and opened website, it failed ungracefully with the whole screen of errors. I modified redirect_if_major_upgrade_required() with your version number, now the web upgrade is possible but still can see a message:

          Disguiseid missing
           
              line 5407 of /lib/accesslib.php: call to debugging()
              line 6319 of /lib/accesslib.php: call to context->__construct()
              line 6467 of /lib/accesslib.php: call to context_system->__construct()
              line 739 of /lib/setup.php: call to context_system::instance()
              line 32 of /config.php: call to require_once()
              line 87 of /admin/index.php: call to require()
           
          Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/marina/repositories/mysql_master/moodle/lib/weblib.php:3010) in /home/marina/repositories/mysql_master/moodle/lib/classes/session/handler.php on line 42
          

          Show
          marina Marina Glancy added a comment - I pulled the branch and opened website, it failed ungracefully with the whole screen of errors. I modified redirect_if_major_upgrade_required() with your version number, now the web upgrade is possible but still can see a message: Disguiseid missing   line 5407 of /lib/accesslib.php: call to debugging() line 6319 of /lib/accesslib.php: call to context->__construct() line 6467 of /lib/accesslib.php: call to context_system->__construct() line 739 of /lib/setup.php: call to context_system::instance() line 32 of /config.php: call to require_once() line 87 of /admin/index.php: call to require()   Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/marina/repositories/mysql_master/moodle/lib/weblib.php:3010) in /home/marina/repositories/mysql_master/moodle/lib/classes/session/handler.php on line 42
          Hide
          marina Marina Glancy added a comment -

          I love what you are doing with the core_user class - we needed these function for a long time! Just to record here what we discussed in jabber - would be great to have $context as a separate argument to all the new functions that you added in core_user class - this way the developers will pay more attention to it and forget less often. This is the problem with current format_string() function.
          Also 'firstthenlast' should be renamed to something like 'viewfullnames' or 'override' and the use of it discouraged - passing context is sufficient to check the capability. However refactoring the whole moodle may be outside of the scope here.

          Another thing that is often forgotten when introducing new plugin type - the string is missing for the "disguise" plugin type (see plugins overview) and also it is not possible to uninstall disguise plugin types.

          I hope we are not abusing the "context" table by adding new field to it. Can we be 100% sure we will never want several disguises applied to one context (having another additional condition)? Can several records in context table have the same disguiseid?

          Show
          marina Marina Glancy added a comment - I love what you are doing with the core_user class - we needed these function for a long time! Just to record here what we discussed in jabber - would be great to have $context as a separate argument to all the new functions that you added in core_user class - this way the developers will pay more attention to it and forget less often. This is the problem with current format_string() function. Also 'firstthenlast' should be renamed to something like 'viewfullnames' or 'override' and the use of it discouraged - passing context is sufficient to check the capability. However refactoring the whole moodle may be outside of the scope here. Another thing that is often forgotten when introducing new plugin type - the string is missing for the "disguise" plugin type (see plugins overview) and also it is not possible to uninstall disguise plugin types. I hope we are not abusing the "context" table by adding new field to it. Can we be 100% sure we will never want several disguises applied to one context (having another additional condition)? Can several records in context table have the same disguiseid?
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Hi Both,

          Thank you for your reviews:

          Marina's comments:

          1) Yes... as mentioned here I was hoping for a review of how this is implemented at the core level. It is incomplete at the moment and there are a number of outstanding items
          I was hoping to get help from HQ to finish off the remaining TODOs and items.
          2) Will check those - any in particular? I don't see a way to specify a contextid to the inplace editable...
          3) They are instances of disguises. Most of our tables are plural (forum_posts, assign_grades, block_instnaces, book_chapters, mdl_events_handlers, mdl_external_services, mdl_grade_grades, mdl_grade_categories, mdl_files, mdl_message_processors, mdl_question_answers, mdl_tool_monitor_rules) Only really old things are singular on the whole, and module tables are enforced singular since the very early days.
          4) See 1 - I haven't finished writing the docs
          5) As discussed in chat, I've adjusted all of these functions to take $context as a first-class argument, and to rename firsthenlast to usefullnamedisplay. $override is very misleading IMO.

          Cameron:

          I wasn't aware that disgusies was contentious Anyway...

          So with the context <--> disguise thing the important part to remember is that one disguise may be implemented in multiple contexts - they're a many-to-one relationship.

          This feature is currently not implemented in the UI, but I can see it being particularly useful in the future for certain things.
          One example I have had in mind:Â we don't have a context for course categories but you may wish to apply the same disguise to a forum, a workshop, and a wiki all at the same time.

          Because of the way in which contexts work, I opted to keep the disguise such that it is generally only aware of a single context - when calling fullname and friends, we can only deal with one context - it isn't possible to consider multiple languages when returning strings.

          Generally speaking the context needs to be aware of the disguise always, so this relationship makes sense. The disguise needs to be aware of the context too, but because of the many-to-one mapping we need to store the current context of note.

          I'm not sure that a manager class would add anything here - I did consider it but rejected it much earlier on.

          I would love to decorate a true user, but we simply don't have one. It's well beyond the scope of this issue to create one and if this issue were to depend on that change it would likely be many years off because the importance of such a change is low and the risk is high.

          With regards points 3/9:
          https://docs.moodle.org/dev/Coding_style#Wrapping_Control_Structures

          I prefer my way and find it much easier to read. It's clearer where the test is, it's easier to add additional components to the test if required, and each can be individually documented more easily.

          11) In your example you are setting a protected value in the class, but it's not possible to make function calls in the class itself, e.g.:

          class myClass {
            protected $config = [
              'disguiseuseras' => get_string('anonymous', 'disguise_basic'),
            ];
          }
          

          That said, the config in particular belongs to the disguise_basic plugin and is just in the wrong place. I've adjusted it now and moved the config initialisation to the constructor as you suggest.

          12) Well, this is the only setter. Every other method in the function is some form of getter, or it does not make sense to do so. I have just added it to set_show_real_identity_state() too.

          13.1) Yup - fixed
          13.2) Okay - Adjusted.
          13.3) Probably because get_class() returns \core\disguise\disguise whilst get_called_class() returns \disguise_basic\disguise - which is what we want.
          Technically we only want the namespace of the late static class, but there is no way of getting this.

          Marina

          Yup - I am aware of redirect_if_major_upgrade_required(). Have now adjusted it, but I'm not aware of a 'good' way of supressing those errors all the time. Unfortunately that function does not do a good enough job yet anyway - if you visit various other pages, they will not force the upgrade.
          We could suppress it during initial install and/or upgrade? (I've just made this change).

          Show
          dobedobedoh Andrew Nicols added a comment - Hi Both, Thank you for your reviews: Marina's comments: 1) Yes... as mentioned here I was hoping for a review of how this is implemented at the core level. It is incomplete at the moment and there are a number of outstanding items I was hoping to get help from HQ to finish off the remaining TODOs and items. 2) Will check those - any in particular? I don't see a way to specify a contextid to the inplace editable... 3) They are instances of disguises. Most of our tables are plural (forum_posts, assign_grades, block_instnaces, book_chapters, mdl_events_handlers, mdl_external_services, mdl_grade_grades, mdl_grade_categories, mdl_files, mdl_message_processors, mdl_question_answers, mdl_tool_monitor_rules) Only really old things are singular on the whole, and module tables are enforced singular since the very early days. 4) See 1 - I haven't finished writing the docs 5) As discussed in chat, I've adjusted all of these functions to take $context as a first-class argument, and to rename firsthenlast to usefullnamedisplay. $override is very misleading IMO. Cameron: I wasn't aware that disgusies was contentious Anyway... So with the context <--> disguise thing the important part to remember is that one disguise may be implemented in multiple contexts - they're a many-to-one relationship. This feature is currently not implemented in the UI, but I can see it being particularly useful in the future for certain things. One example I have had in mind:Â we don't have a context for course categories but you may wish to apply the same disguise to a forum, a workshop, and a wiki all at the same time. Because of the way in which contexts work, I opted to keep the disguise such that it is generally only aware of a single context - when calling fullname and friends, we can only deal with one context - it isn't possible to consider multiple languages when returning strings. Generally speaking the context needs to be aware of the disguise always, so this relationship makes sense. The disguise needs to be aware of the context too, but because of the many-to-one mapping we need to store the current context of note. I'm not sure that a manager class would add anything here - I did consider it but rejected it much earlier on. I would love to decorate a true user, but we simply don't have one. It's well beyond the scope of this issue to create one and if this issue were to depend on that change it would likely be many years off because the importance of such a change is low and the risk is high. With regards points 3/9: https://docs.moodle.org/dev/Coding_style#Wrapping_Control_Structures I prefer my way and find it much easier to read. It's clearer where the test is, it's easier to add additional components to the test if required, and each can be individually documented more easily. 11) In your example you are setting a protected value in the class, but it's not possible to make function calls in the class itself, e.g.: class myClass { protected $config = [ 'disguiseuseras' => get_string('anonymous', 'disguise_basic'), ]; } That said, the config in particular belongs to the disguise_basic plugin and is just in the wrong place. I've adjusted it now and moved the config initialisation to the constructor as you suggest. 12) Well, this is the only setter. Every other method in the function is some form of getter, or it does not make sense to do so. I have just added it to set_show_real_identity_state() too. 13.1) Yup - fixed 13.2) Okay - Adjusted. 13.3) Probably because get_class() returns \core\disguise\disguise whilst get_called_class() returns \disguise_basic\disguise - which is what we want. Technically we only want the namespace of the late static class, but there is no way of getting this. Marina Yup - I am aware of redirect_if_major_upgrade_required(). Have now adjusted it, but I'm not aware of a 'good' way of supressing those errors all the time. Unfortunately that function does not do a good enough job yet anyway - if you visit various other pages, they will not force the upgrade. We could suppress it during initial install and/or upgrade? (I've just made this change).
          Hide
          marina Marina Glancy added a comment -

          to retrieve core_renderer that is needed for template output the context has to be set. Calling $PAGE->set_context(null); is a workaround when you don't know the actual context.
          There is no way to pass the context to inplace editable and it is intentional - itemid must be the only argument to pass. Passing any additional environment arguments (such as context or course) can only introduce security issue when attacker intentionally passes the wrong context or course where they have the required capability

          Show
          marina Marina Glancy added a comment - to retrieve core_renderer that is needed for template output the context has to be set. Calling $PAGE->set_context(null); is a workaround when you don't know the actual context. There is no way to pass the context to inplace editable and it is intentional - itemid must be the only argument to pass. Passing any additional environment arguments (such as context or course) can only introduce security issue when attacker intentionally passes the wrong context or course where they have the required capability
          Hide
          dobedobedoh Andrew Nicols added a comment -

          I'm going to put this up for another peer review.

          I believe that I've addressed all of the issues previously raised.

          The only things outstanding (as far as I'm aware) are to add more behat tests and write QA tests (I may need a little help with some of these).

          Show
          dobedobedoh Andrew Nicols added a comment - I'm going to put this up for another peer review. I believe that I've addressed all of the issues previously raised. The only things outstanding (as far as I'm aware) are to add more behat tests and write QA tests (I may need a little help with some of these).
          Hide
          cibot CiBoT added a comment -

          Fails against automated checks.

          Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git

          More information about this report

          Show
          cibot CiBoT added a comment - Fails against automated checks. Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git master (235 errors / 9 warnings) [branch: MDL-1071-master | CI Job ] phplint (0/0) , phpcs (136/8) , js (0/0) , css (0/0) , phpdoc (99/0) , commit (0/1) , savepoint (0/0) , thirdparty (0/0) , grunt (0/0) , shifter (0/0) , travis (0/0) , More information about this report
          Hide
          cameron1729 Cameron Ball added a comment - - edited

          Hey Andrew, Marina asked me to post what I've written so far for you to see before you leave:

          Starting this again has reminded me about the get_class thing. I wasn't suggesting get_class(), but get_class($this) - i.e., passing $this to it will give you what you want, for the current instance.

          I was happy to see usage of final, it doesn't look like we have embraced it very much in moodle.

          I ran the behat tests and got a failure:

          cameron@mithrandir:~/Web/vhosts/stable_master$ vendor/bin/behat --format="moodle_progress" --out="std" --format="progress" --out="/home/cameron/moodles/stable_master/extra/behat/progress.txt" --format="pretty" --out="/home/cameron/moodles/stable_master/extra/behat/pretty.txt" --config=/home/cameron/moodles/stable_master/moodledata_behat/behat/behat.yml /home/cameron/Web/vhosts/stable_master/user/disguise/predefined/tests/behat/
          Moodle 3.1dev (Build: 20160407), f1af23ce2231af9e6095162ad611d8f4671bd843
          Php: 5.5.9.1.4.14, Mysql: 5.5.44-0ubuntu0.14.04.1, OS: Linux 3.13.0-39-lowlatency x86_64
          Server OS "Linux", Browser: "firefox"
          Started at 15-04-2016, 11:56
          ..........................F.........................
           
          --- Failed steps:
           
              And I should not see "Abracadabra" # /home/cameron/moodles/stable_master/moodle/user/disguise/predefined/tests/behat/forum_disguise.feature:52
                "Abracadabra" text was found in the page (Behat\Mink\Exception\ExpectationException)
           
              And I should not see "Abracadabra" # /home/cameron/moodles/stable_master/moodle/user/disguise/predefined/tests/behat/forum_disguise.feature:52
                "Abracadabra" text was found in the page (Behat\Mink\Exception\ExpectationException)
          

          For the most part, though, it seems the issues raised in previous reviews have been addressed, here are some very minor things I noticed:

          1. Array wrapping here is not correct.
          2. I always wonder about stuff like this:

            $mform->addElement(
                    'date_time_selector',
                    'disguise_disabledisguisefrom',
                    get_string('disguise_disabledisguisefrom', 'moodle'),
                    array('optional' => true)
                );

            The style guide doesn't seem to say anything about wrapping function calls with many arguments (only declarations). I guess it's technically covered by this part, but it looks so weird, especially given the exception for arrays. Not important at all, just wanted to mention it.

          3. Typo "it's" -> "its". Same here
          4. This is an interesting internationalisation challenge and makes me wonder if we need to consider it elsewhere. There are several other brackets used in Japanese writing (and other languages and I wonder if we need to consider those.
          5. I also wonder about the _displayname and displayname functions. I'm guessing it's been done to avoid having silly names like getdisplaynamewithoutdisguise? However, putting underscores at the beginning like that reeks of the PHP4 times.
          Show
          cameron1729 Cameron Ball added a comment - - edited Hey Andrew, Marina asked me to post what I've written so far for you to see before you leave: Starting this again has reminded me about the get_class thing. I wasn't suggesting get_class() , but get_class($this) - i.e., passing $this to it will give you what you want, for the current instance. I was happy to see usage of final , it doesn't look like we have embraced it very much in moodle. I ran the behat tests and got a failure: cameron@mithrandir:~/Web/vhosts/stable_master$ vendor/bin/behat --format="moodle_progress" --out="std" --format="progress" --out="/home/cameron/moodles/stable_master/extra/behat/progress.txt" --format="pretty" --out="/home/cameron/moodles/stable_master/extra/behat/pretty.txt" --config=/home/cameron/moodles/stable_master/moodledata_behat/behat/behat.yml /home/cameron/Web/vhosts/stable_master/user/disguise/predefined/tests/behat/ Moodle 3.1dev (Build: 20160407), f1af23ce2231af9e6095162ad611d8f4671bd843 Php: 5.5.9.1.4.14, Mysql: 5.5.44-0ubuntu0.14.04.1, OS: Linux 3.13.0-39-lowlatency x86_64 Server OS "Linux", Browser: "firefox" Started at 15-04-2016, 11:56 ..........................F.........................   --- Failed steps:   And I should not see "Abracadabra" # /home/cameron/moodles/stable_master/moodle/user/disguise/predefined/tests/behat/forum_disguise.feature:52 "Abracadabra" text was found in the page (Behat\Mink\Exception\ExpectationException)   And I should not see "Abracadabra" # /home/cameron/moodles/stable_master/moodle/user/disguise/predefined/tests/behat/forum_disguise.feature:52 "Abracadabra" text was found in the page (Behat\Mink\Exception\ExpectationException) For the most part, though, it seems the issues raised in previous reviews have been addressed, here are some very minor things I noticed: Array wrapping here is not correct. I always wonder about stuff like this: $mform->addElement( 'date_time_selector', 'disguise_disabledisguisefrom', get_string('disguise_disabledisguisefrom', 'moodle'), array('optional' => true) ); The style guide doesn't seem to say anything about wrapping function calls with many arguments (only declarations). I guess it's technically covered by this part, but it looks so weird, especially given the exception for arrays . Not important at all, just wanted to mention it. Typo "it's" -> "its". Same here This is an interesting internationalisation challenge and makes me wonder if we need to consider it elsewhere. There are several other brackets used in Japanese writing ( and other languages and I wonder if we need to consider those. I also wonder about the _displayname and displayname functions. I'm guessing it's been done to avoid having silly names like getdisplaynamewithoutdisguise ? However, putting underscores at the beginning like that reeks of the PHP4 times.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Thanks Cameron,

          Submitting for integration.
          Regarding your points:
          1) Yes it is - it just depends on how you read the style guide. I have already raised an issue to attempt to clarify the ambiguity
          2) Again, not covered, but it's kinda the same as point 1.
          3) Thanks - fixed
          4) This is a pre-existing thing. Just moved into this file. For more info, speak to Adrian Greeve
          5) Good thought. Renamed to real_displayname.

          Show
          dobedobedoh Andrew Nicols added a comment - Thanks Cameron, Submitting for integration. Regarding your points: 1) Yes it is - it just depends on how you read the style guide. I have already raised an issue to attempt to clarify the ambiguity 2) Again, not covered, but it's kinda the same as point 1. 3) Thanks - fixed 4) This is a pre-existing thing. Just moved into this file. For more info, speak to Adrian Greeve 5) Good thought. Renamed to real_displayname.
          Hide
          dobedobedoh Andrew Nicols added a comment -

          Note:

          1. The behat tests could do with being extended. Sorry, but I've just run out of time with these and could do with some help; and
          2. The backup/restore is also not done. Highly related to MDL-33864.

          I think that the above two items can be moved to separate issues to be completed during freeze.

          Show
          dobedobedoh Andrew Nicols added a comment - Note: The behat tests could do with being extended. Sorry, but I've just run out of time with these and could do with some help; and The backup/restore is also not done. Highly related to MDL-33864 . I think that the above two items can be moved to separate issues to be completed during freeze.
          Hide
          stronk7 Eloy Lafuente (stronk7) added a comment -

          The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

          TIA and ciao

          Show
          stronk7 Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
          Hide
          cibot CiBoT added a comment -

          Moving this issue to current integration cycle, will be reviewed soon. Thanks for the hard work!

          Show
          cibot CiBoT added a comment - Moving this issue to current integration cycle, will be reviewed soon. Thanks for the hard work!
          Hide
          cibot CiBoT added a comment -

          Fails against automated checks.

          Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git

          • master [branch: MDL-1071-master | CI Job]
            • Error: The MDL-1071-master branch at git://github.com/andrewnicols/moodle.git does not apply clean to origin/master

          More information about this report

          Show
          cibot CiBoT added a comment - Fails against automated checks. Checked MDL-1071 using repository: git://github.com/andrewnicols/moodle.git master [branch: MDL-1071-master | CI Job ] Error: The MDL-1071 -master branch at git://github.com/andrewnicols/moodle.git does not apply clean to origin/master More information about this report
          Hide
          marina Marina Glancy added a comment -

          ==CODEFREEZE3.1==
          This is a bulk message to all improvement issues that have have entered the review stage at the moment of 3.1 code freeze.

          Show
          marina Marina Glancy added a comment - ==CODEFREEZE3.1== This is a bulk message to all improvement issues that have have entered the review stage at the moment of 3.1 code freeze.
          Hide
          dmonllao David Monllaó added a comment -

          Agreed with Andrew to delay this issue's review until backup / restore is ready.

          Show
          dmonllao David Monllaó added a comment - Agreed with Andrew to delay this issue's review until backup / restore is ready.
          Hide
          dmonllao David Monllaó added a comment -

          I'm cleaning the in-review list. Reopening this. Please send it again to integration review once backup/restore support is available.

          Show
          dmonllao David Monllaó added a comment - I'm cleaning the in-review list. Reopening this. Please send it again to integration review once backup/restore support is available.
          Hide
          cibot CiBoT added a comment -

          Moving this reopened issue out from current integration. Please, re-submit it for integration once ready.

          Show
          cibot CiBoT added a comment - Moving this reopened issue out from current integration. Please, re-submit it for integration once ready.
          Hide
          damyon Damyon Wiese added a comment -

          Thanks Andrew Nicols,

          We have voted on unholding this issue and agreed that it is NOT ok to break the freeze!

          Rational:
          This code affects a lot of areas in Moodle because it deals with contexts and it is risky to land such a big change so late in the cycle, especially if the code is still being worked on. In addition, the UI could do with more time to polish it.

          Thanks again - I'll post a separate comment with some of my own suggestions about the UI.

          Show
          damyon Damyon Wiese added a comment - Thanks Andrew Nicols , We have voted on unholding this issue and agreed that it is NOT ok to break the freeze! Rational: This code affects a lot of areas in Moodle because it deals with contexts and it is risky to land such a big change so late in the cycle, especially if the code is still being worked on. In addition, the UI could do with more time to polish it. Thanks again - I'll post a separate comment with some of my own suggestions about the UI.
          Hide
          damyon Damyon Wiese added a comment -

          My own UI thoughts are:

          Missing help for a lot of form fields.

          Don't know if the Disable option has a valid use case - (Why would you set up a disabled disguise for a module?)

          I would prefer as few settings in the course module settings form as possible. It's already a massive form. Maybe some of the other settings could be changed on the configure disguises page.

          "Names to add" I tried to add a list of names separated by commas and it didn't work.

          The "Display format of user disguises" setting should be less prominent IMO.

          The page with 2 separate forms needs a redesign.

          I chose Countries from the admin names list to see what it does. It immediately imported 250 countries to my module with no undo.

          I feel it more likely for a teacher to have their own preferred list of names, than for a site administrator to come up with a useful list. It just seems more like something related to personal teaching styles than something that should be dictated centrally.

          I don't really like how this completely replaces the user info in the header. I am not logged in as "Turkmenistan" - I am using disguise for the current module. It should IMO display my real name and could optionally show the disguise name (similar to "You are logged in as"). If I am using the logged in as feature it shows the names of both users disguises in the current module - which is confusing.

          Lets get this feature supported in more places when it's released. Chat seems like another useful place.

          I get no logging with this feature enabled.

          The default list of country names are all in English. "Japan" is not "Japan" in Japanese.

          "Display format of user disguises" seems to be called "Wrapper" in the admin settings. I think this is the same field.

          Do the set names support multilang ?

          Thats all for now - the code in this feature is really good - thanks for your hard work on it. Lets perfect it and release it in an awesome state for 3.2.

          Cheers!

          Show
          damyon Damyon Wiese added a comment - My own UI thoughts are: Missing help for a lot of form fields. Don't know if the Disable option has a valid use case - (Why would you set up a disabled disguise for a module?) I would prefer as few settings in the course module settings form as possible. It's already a massive form. Maybe some of the other settings could be changed on the configure disguises page. "Names to add" I tried to add a list of names separated by commas and it didn't work. The "Display format of user disguises" setting should be less prominent IMO. The page with 2 separate forms needs a redesign. I chose Countries from the admin names list to see what it does. It immediately imported 250 countries to my module with no undo. I feel it more likely for a teacher to have their own preferred list of names, than for a site administrator to come up with a useful list. It just seems more like something related to personal teaching styles than something that should be dictated centrally. I don't really like how this completely replaces the user info in the header. I am not logged in as "Turkmenistan" - I am using disguise for the current module. It should IMO display my real name and could optionally show the disguise name (similar to "You are logged in as"). If I am using the logged in as feature it shows the names of both users disguises in the current module - which is confusing. Lets get this feature supported in more places when it's released. Chat seems like another useful place. I get no logging with this feature enabled. The default list of country names are all in English. "Japan" is not "Japan" in Japanese. "Display format of user disguises" seems to be called "Wrapper" in the admin settings. I think this is the same field. Do the set names support multilang ? Thats all for now - the code in this feature is really good - thanks for your hard work on it. Lets perfect it and release it in an awesome state for 3.2. Cheers!
          Hide
          dougiamas Martin Dougiamas added a comment -

          FWIW I'm a big supporter of this feature but I have to agree that it still needs some polish in the UI that exists, and also that it would be better if it lands with a more completely useful implementation across all core activity modules and also gradebooks, blocks, user reports etc. I hope to see it for 3.2!

          Show
          dougiamas Martin Dougiamas added a comment - FWIW I'm a big supporter of this feature but I have to agree that it still needs some polish in the UI that exists, and also that it would be better if it lands with a more completely useful implementation across all core activity modules and also gradebooks, blocks, user reports etc. I hope to see it for 3.2!
          Hide
          steve Steve 2.7 added a comment -

          Being an instructor who has used Moodle for almost 10 years at the University, I am so looking forward to using this feature but I am not going to pretend to understand any of these comments. (: I have my own server here at home to practice and it presently has 3.1 on it. My tenant maintains the network and is open to helping me to keep this running.

          How do I get a copy of User Disguises?
          I have heard about GitHub but don't know how to work it.

          Show
          steve Steve 2.7 added a comment - Being an instructor who has used Moodle for almost 10 years at the University, I am so looking forward to using this feature but I am not going to pretend to understand any of these comments. (: I have my own server here at home to practice and it presently has 3.1 on it. My tenant maintains the network and is open to helping me to keep this running. How do I get a copy of User Disguises? I have heard about GitHub but don't know how to work it.