Moodle
  1. Moodle
  2. MDL-14937

Please add Tim Hunt's "User's Roles" report into core

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.1
    • Fix Version/s: 2.0
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE
    • Rank:
      35102

      Description

      This is the most useful diagnostic feature I have seen in a long time. It would be fantastic to see it in core.

      The only slight issue, is that looking for users by username is a bit cumbersome but I can live with it.

        Issue Links

          Activity

          Hide
          Howard Miller added a comment -

          Here's the place in the plugins database:

          http://moodle.org/mod/data/view.php?rid=1005&page=16

          Show
          Howard Miller added a comment - Here's the place in the plugins database: http://moodle.org/mod/data/view.php?rid=1005&page=16
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Assigning this to Martin... ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Assigning this to Martin... ciao
          Hide
          John Isner added a comment -

          Not so fast.

          Do we want (1) a tool for debugging actual roles-related problems or (2) a tool allowing administrators to run academic what-if scenarios? Both are valid use cases, but for me (1) is far more important.

          Tim and I discussed this in: http://moodle.org/mod/forum/discuss.php?d=91993

          If we want a tool for (2), we should consider incorporating the functionality of the Role debugger into core.

          http://moodle.org/mod/data/view.php?d=13&rid=1204

          The Role Debugger can be used by any user, not just the administrator, and it gives the user a complete analysis of his own permissions, not just his role assignments. I gave an extended use case for it in MDL-13228 ("Improve the transparency of Roles...").

          Please do not misunderstand me: I have been using the User's roles report since March, and I find it very handy for getting a quick snapshot of a user's global role assignments.

          I have helped dozens of users debug complex roles-related problems using the Roles debugger (see the use case "A roles expert helping a roles novice debug a roles-related problem"), usually in a single iteration. These were problems of the most difficult kind – self inflicted problems created by administrators who had fiddled with roles without understanding what they were doing. In some cases the administrators could not access the site administration block.

          Anyway, this issue should be linked to MDL-13228.

          Show
          John Isner added a comment - Not so fast. Do we want (1) a tool for debugging actual roles-related problems or (2) a tool allowing administrators to run academic what-if scenarios? Both are valid use cases, but for me (1) is far more important. Tim and I discussed this in: http://moodle.org/mod/forum/discuss.php?d=91993 If we want a tool for (2), we should consider incorporating the functionality of the Role debugger into core. http://moodle.org/mod/data/view.php?d=13&rid=1204 The Role Debugger can be used by any user, not just the administrator, and it gives the user a complete analysis of his own permissions, not just his role assignments. I gave an extended use case for it in MDL-13228 ("Improve the transparency of Roles..."). Please do not misunderstand me: I have been using the User's roles report since March, and I find it very handy for getting a quick snapshot of a user's global role assignments. I have helped dozens of users debug complex roles-related problems using the Roles debugger (see the use case "A roles expert helping a roles novice debug a roles-related problem"), usually in a single iteration. These were problems of the most difficult kind – self inflicted problems created by administrators who had fiddled with roles without understanding what they were doing. In some cases the administrators could not access the site administration block. Anyway, this issue should be linked to MDL-13228 .
          Hide
          Howard Miller added a comment -

          I must admit that I only quickly looked at the roles debugger and couldn't figure out what it did, but that's my impatience.

          I like Tim's report, because it hit the nail on the head for functionality that I have been missing. If I am sorting out a roles problem, the number one problem is that there is, by default, no way at all to tell what roles a user has throughout the site. Of course, this is 99% the root of roles problems - you didn't know about a role assigned somewhere else. In a complex Moodle site, even if you do know about the assignment, it can be very hard to find. I always considered this a surprising omission.

          Tim's addon is very simple and, I suspect, solves a huge percentage of roles problems. However, I'm not partisan about it - but, we need to get something in to handle this function.

          Show
          Howard Miller added a comment - I must admit that I only quickly looked at the roles debugger and couldn't figure out what it did, but that's my impatience. I like Tim's report, because it hit the nail on the head for functionality that I have been missing. If I am sorting out a roles problem, the number one problem is that there is, by default, no way at all to tell what roles a user has throughout the site. Of course, this is 99% the root of roles problems - you didn't know about a role assigned somewhere else. In a complex Moodle site, even if you do know about the assignment, it can be very hard to find. I always considered this a surprising omission. Tim's addon is very simple and, I suspect, solves a huge percentage of roles problems. However, I'm not partisan about it - but, we need to get something in to handle this function.
          Hide
          Howard Miller added a comment -

          And, of course, I've just realised that the search is not only by username it is (for the record) a fuzzy match on firstname, lastname, username, and idnumber.

          Show
          Howard Miller added a comment - And, of course, I've just realised that the search is not only by username it is (for the record) a fuzzy match on firstname, lastname, username, and idnumber.
          Hide
          John White added a comment -

          Also, whereas John Isner is right - a complex permissions analysis tool would be a great boon, this User's Roles tool from Tim is very useful, and would I suspect, be very easy to port into the core. But, dare I ask, could it be titled "Assigned roles" which is a little less difficult to say and lays the emphasis on what has been assigned rather than the permissions that will result.

          Show
          John White added a comment - Also, whereas John Isner is right - a complex permissions analysis tool would be a great boon, this User's Roles tool from Tim is very useful, and would I suspect, be very easy to port into the core. But, dare I ask, could it be titled "Assigned roles" which is a little less difficult to say and lays the emphasis on what has been assigned rather than the permissions that will result.
          Hide
          Howard Miller added a comment -

          I agree. I guess it just needs the strings done and it's pretty much there. I'm not sure it should be in Reports though - probably in the user section may make more sense. Mmm... not sure.

          On a site note.... the ajax name lookup is inspired! I find myself wishing things like the roles assign screen did something similar.

          Show
          Howard Miller added a comment - I agree. I guess it just needs the strings done and it's pretty much there. I'm not sure it should be in Reports though - probably in the user section may make more sense. Mmm... not sure. On a site note.... the ajax name lookup is inspired! I find myself wishing things like the roles assign screen did something similar.
          Hide
          John White added a comment -

          ...because it isn't strictly a report, since you can also change the role assignments within it.

          Show
          John White added a comment - ...because it isn't strictly a report, since you can also change the role assignments within it.
          Hide
          Tim Hunt added a comment -

          This is on my todo list for Moodle 2.0, so taking.

          Show
          Tim Hunt added a comment - This is on my todo list for Moodle 2.0, so taking.
          Hide
          Tim Hunt added a comment -

          Done. Now integrated into the roles tab in the users profile.

          We may need to think a bit harder about exactly who should be seeing this information. At the moment, it is shown to anyone who can see the roles tab (the rules for that have not changed).

          Note that the part about bulk removing role assignments has gone. That may come back, but only if I have time to work on MDL-10002.

          Show
          Tim Hunt added a comment - Done. Now integrated into the roles tab in the users profile. We may need to think a bit harder about exactly who should be seeing this information. At the moment, it is shown to anyone who can see the roles tab (the rules for that have not changed). Note that the part about bulk removing role assignments has gone. That may come back, but only if I have time to work on MDL-10002 .
          Hide
          Dan Poltawski added a comment -

          Reopening this. One sql query seems to refer to active field in role_assigments which doesn't currently exist:

          Unknown column 'ra.active' in 'where clause'

          SELECT ra.id, ra.userid, ra.contextid, ra.roleid, ra.enrol, c.path, r.name AS rolename, COALESCE(rn.name, r.name) AS localname FROM mdl_role_assignments ra JOIN mdl_context c ON ra.contextid = c.id JOIN mdl_role r ON ra.roleid = r.id LEFT JOIN mdl_role_names rn ON rn.roleid = ra.roleid AND rn.contextid = ra.contextid WHERE ra.userid = ? AND ra.active = 1 ORDER BY contextlevel DESC, contextid ASC, r.sortorder ASC
          [array ( 0 => '2', )]

          • line 292 of lib/dml/moodle_database.php: dml_read_exception thrown
          • line 501 of lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
          • line 78 of admin/roles/usersroles.php: call to mysqli_native_moodle_database->get_records_sql()
          Show
          Dan Poltawski added a comment - Reopening this. One sql query seems to refer to active field in role_assigments which doesn't currently exist: Unknown column 'ra.active' in 'where clause' SELECT ra.id, ra.userid, ra.contextid, ra.roleid, ra.enrol, c.path, r.name AS rolename, COALESCE(rn.name, r.name) AS localname FROM mdl_role_assignments ra JOIN mdl_context c ON ra.contextid = c.id JOIN mdl_role r ON ra.roleid = r.id LEFT JOIN mdl_role_names rn ON rn.roleid = ra.roleid AND rn.contextid = ra.contextid WHERE ra.userid = ? AND ra.active = 1 ORDER BY contextlevel DESC, contextid ASC, r.sortorder ASC [array ( 0 => '2', )] line 292 of lib/dml/moodle_database.php: dml_read_exception thrown line 501 of lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end() line 78 of admin/roles/usersroles.php: call to mysqli_native_moodle_database->get_records_sql()
          Hide
          Tim Hunt added a comment -

          Ah, that will be because I was testing the patch on MDL-13240 before. Thanks for reporting this.

          Show
          Tim Hunt added a comment - Ah, that will be because I was testing the patch on MDL-13240 before. Thanks for reporting this.

            People

            • Votes:
              19 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: