Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-14937

Please add Tim Hunt's "User's Roles" report into core

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.1
    • Fix Version/s: 2.0
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      This is the most useful diagnostic feature I have seen in a long time. It would be fantastic to see it in core.

      The only slight issue, is that looking for users by username is a bit cumbersome but I can live with it.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            howardsmiller Howard Miller added a comment -

            Here's the place in the plugins database:

            http://moodle.org/mod/data/view.php?rid=1005&page=16

            Show
            howardsmiller Howard Miller added a comment - Here's the place in the plugins database: http://moodle.org/mod/data/view.php?rid=1005&page=16
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Assigning this to Martin... ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Assigning this to Martin... ciao
            Hide
            jisner John Isner added a comment -

            Not so fast.

            Do we want (1) a tool for debugging actual roles-related problems or (2) a tool allowing administrators to run academic what-if scenarios? Both are valid use cases, but for me (1) is far more important.

            Tim and I discussed this in: http://moodle.org/mod/forum/discuss.php?d=91993

            If we want a tool for (2), we should consider incorporating the functionality of the Role debugger into core.

            http://moodle.org/mod/data/view.php?d=13&rid=1204

            The Role Debugger can be used by any user, not just the administrator, and it gives the user a complete analysis of his own permissions, not just his role assignments. I gave an extended use case for it in MDL-13228 ("Improve the transparency of Roles...").

            Please do not misunderstand me: I have been using the User's roles report since March, and I find it very handy for getting a quick snapshot of a user's global role assignments.

            I have helped dozens of users debug complex roles-related problems using the Roles debugger (see the use case "A roles expert helping a roles novice debug a roles-related problem"), usually in a single iteration. These were problems of the most difficult kind – self inflicted problems created by administrators who had fiddled with roles without understanding what they were doing. In some cases the administrators could not access the site administration block.

            Anyway, this issue should be linked to MDL-13228.

            Show
            jisner John Isner added a comment - Not so fast. Do we want (1) a tool for debugging actual roles-related problems or (2) a tool allowing administrators to run academic what-if scenarios? Both are valid use cases, but for me (1) is far more important. Tim and I discussed this in: http://moodle.org/mod/forum/discuss.php?d=91993 If we want a tool for (2), we should consider incorporating the functionality of the Role debugger into core. http://moodle.org/mod/data/view.php?d=13&rid=1204 The Role Debugger can be used by any user, not just the administrator, and it gives the user a complete analysis of his own permissions, not just his role assignments. I gave an extended use case for it in MDL-13228 ("Improve the transparency of Roles..."). Please do not misunderstand me: I have been using the User's roles report since March, and I find it very handy for getting a quick snapshot of a user's global role assignments. I have helped dozens of users debug complex roles-related problems using the Roles debugger (see the use case "A roles expert helping a roles novice debug a roles-related problem"), usually in a single iteration. These were problems of the most difficult kind – self inflicted problems created by administrators who had fiddled with roles without understanding what they were doing. In some cases the administrators could not access the site administration block. Anyway, this issue should be linked to MDL-13228 .
            Hide
            howardsmiller Howard Miller added a comment -

            I must admit that I only quickly looked at the roles debugger and couldn't figure out what it did, but that's my impatience.

            I like Tim's report, because it hit the nail on the head for functionality that I have been missing. If I am sorting out a roles problem, the number one problem is that there is, by default, no way at all to tell what roles a user has throughout the site. Of course, this is 99% the root of roles problems - you didn't know about a role assigned somewhere else. In a complex Moodle site, even if you do know about the assignment, it can be very hard to find. I always considered this a surprising omission.

            Tim's addon is very simple and, I suspect, solves a huge percentage of roles problems. However, I'm not partisan about it - but, we need to get something in to handle this function.

            Show
            howardsmiller Howard Miller added a comment - I must admit that I only quickly looked at the roles debugger and couldn't figure out what it did, but that's my impatience. I like Tim's report, because it hit the nail on the head for functionality that I have been missing. If I am sorting out a roles problem, the number one problem is that there is, by default, no way at all to tell what roles a user has throughout the site. Of course, this is 99% the root of roles problems - you didn't know about a role assigned somewhere else. In a complex Moodle site, even if you do know about the assignment, it can be very hard to find. I always considered this a surprising omission. Tim's addon is very simple and, I suspect, solves a huge percentage of roles problems. However, I'm not partisan about it - but, we need to get something in to handle this function.
            Hide
            howardsmiller Howard Miller added a comment -

            And, of course, I've just realised that the search is not only by username it is (for the record) a fuzzy match on firstname, lastname, username, and idnumber.

            Show
            howardsmiller Howard Miller added a comment - And, of course, I've just realised that the search is not only by username it is (for the record) a fuzzy match on firstname, lastname, username, and idnumber.
            Hide
            jwhite10 John White added a comment -

            Also, whereas John Isner is right - a complex permissions analysis tool would be a great boon, this User's Roles tool from Tim is very useful, and would I suspect, be very easy to port into the core. But, dare I ask, could it be titled "Assigned roles" which is a little less difficult to say and lays the emphasis on what has been assigned rather than the permissions that will result.

            Show
            jwhite10 John White added a comment - Also, whereas John Isner is right - a complex permissions analysis tool would be a great boon, this User's Roles tool from Tim is very useful, and would I suspect, be very easy to port into the core. But, dare I ask, could it be titled "Assigned roles" which is a little less difficult to say and lays the emphasis on what has been assigned rather than the permissions that will result.
            Hide
            howardsmiller Howard Miller added a comment -

            I agree. I guess it just needs the strings done and it's pretty much there. I'm not sure it should be in Reports though - probably in the user section may make more sense. Mmm... not sure.

            On a site note.... the ajax name lookup is inspired! I find myself wishing things like the roles assign screen did something similar.

            Show
            howardsmiller Howard Miller added a comment - I agree. I guess it just needs the strings done and it's pretty much there. I'm not sure it should be in Reports though - probably in the user section may make more sense. Mmm... not sure. On a site note.... the ajax name lookup is inspired! I find myself wishing things like the roles assign screen did something similar.
            Hide
            jwhite10 John White added a comment -

            ...because it isn't strictly a report, since you can also change the role assignments within it.

            Show
            jwhite10 John White added a comment - ...because it isn't strictly a report, since you can also change the role assignments within it.
            Hide
            timhunt Tim Hunt added a comment -

            This is on my todo list for Moodle 2.0, so taking.

            Show
            timhunt Tim Hunt added a comment - This is on my todo list for Moodle 2.0, so taking.
            Hide
            timhunt Tim Hunt added a comment -

            Done. Now integrated into the roles tab in the users profile.

            We may need to think a bit harder about exactly who should be seeing this information. At the moment, it is shown to anyone who can see the roles tab (the rules for that have not changed).

            Note that the part about bulk removing role assignments has gone. That may come back, but only if I have time to work on MDL-10002.

            Show
            timhunt Tim Hunt added a comment - Done. Now integrated into the roles tab in the users profile. We may need to think a bit harder about exactly who should be seeing this information. At the moment, it is shown to anyone who can see the roles tab (the rules for that have not changed). Note that the part about bulk removing role assignments has gone. That may come back, but only if I have time to work on MDL-10002 .
            Hide
            poltawski Dan Poltawski added a comment -

            Reopening this. One sql query seems to refer to active field in role_assigments which doesn't currently exist:

            Unknown column 'ra.active' in 'where clause'

            SELECT ra.id, ra.userid, ra.contextid, ra.roleid, ra.enrol, c.path, r.name AS rolename, COALESCE(rn.name, r.name) AS localname FROM mdl_role_assignments ra JOIN mdl_context c ON ra.contextid = c.id JOIN mdl_role r ON ra.roleid = r.id LEFT JOIN mdl_role_names rn ON rn.roleid = ra.roleid AND rn.contextid = ra.contextid WHERE ra.userid = ? AND ra.active = 1 ORDER BY contextlevel DESC, contextid ASC, r.sortorder ASC
            [array ( 0 => '2', )]

            • line 292 of lib/dml/moodle_database.php: dml_read_exception thrown
            • line 501 of lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
            • line 78 of admin/roles/usersroles.php: call to mysqli_native_moodle_database->get_records_sql()
            Show
            poltawski Dan Poltawski added a comment - Reopening this. One sql query seems to refer to active field in role_assigments which doesn't currently exist: Unknown column 'ra.active' in 'where clause' SELECT ra.id, ra.userid, ra.contextid, ra.roleid, ra.enrol, c.path, r.name AS rolename, COALESCE(rn.name, r.name) AS localname FROM mdl_role_assignments ra JOIN mdl_context c ON ra.contextid = c.id JOIN mdl_role r ON ra.roleid = r.id LEFT JOIN mdl_role_names rn ON rn.roleid = ra.roleid AND rn.contextid = ra.contextid WHERE ra.userid = ? AND ra.active = 1 ORDER BY contextlevel DESC, contextid ASC, r.sortorder ASC [array ( 0 => '2', )] line 292 of lib/dml/moodle_database.php: dml_read_exception thrown line 501 of lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end() line 78 of admin/roles/usersroles.php: call to mysqli_native_moodle_database->get_records_sql()
            Hide
            timhunt Tim Hunt added a comment -

            Ah, that will be because I was testing the patch on MDL-13240 before. Thanks for reporting this.

            Show
            timhunt Tim Hunt added a comment - Ah, that will be because I was testing the patch on MDL-13240 before. Thanks for reporting this.

              People

              • Votes:
                19 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  24/Nov/10