Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16549

Should not be able to remove moodle/site:doanything from the Administrator Role, or add it to other roles

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.9.2, 2.0
    • Fix Version/s: 2.0
    • Component/s: Roles / Access, Usability
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      It's crazy that you can edit the Administrator role. It's extremely dangerous and can lead the primary administrator to being locked out of their site. I can't think of a situation where (if you wanted a different administrator-like role) that you wouldn't create a new role or a copy of the administrator role. Additionally it should not be possible to unenrol the "primary" administrator from the administrator role.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              howardsmiller Howard Miller created issue -
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              My + 100 for this.

              Addressing for Moodle 2.0, assigning to Martin, for his consideration and adding some watchers.

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - My + 100 for this. Addressing for Moodle 2.0, assigning to Martin, for his consideration and adding some watchers.
              stronk7 Eloy Lafuente (stronk7) made changes -
              Field Original Value New Value
              Fix Version/s 2.0 [ 10122 ]
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              missed to assign it to Martin, doing it now.

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - missed to assign it to Martin, doing it now.
              stronk7 Eloy Lafuente (stronk7) made changes -
              Assignee Eloy Lafuente (stronk7) [ stronk7 ] Martin Dougiamas [ dougiamas ]
              Hide
              howardsmiller Howard Miller added a comment -

              If I was going to be even more outspoken about this, I think a little work is called for to establish what the options are for these "I locked myself out as administrator" and then some logic should be applied to the admin settings to actively stop you doing it. There are way too many reports in the forums along these lines.

              I actually don't think that any of the "standard" roles should have been editable, but I guess it's too late for that now.

              Show
              howardsmiller Howard Miller added a comment - If I was going to be even more outspoken about this, I think a little work is called for to establish what the options are for these "I locked myself out as administrator" and then some logic should be applied to the admin settings to actively stop you doing it. There are way too many reports in the forums along these lines. I actually don't think that any of the "standard" roles should have been editable, but I guess it's too late for that now.
              Hide
              martinlanghoff Martín Langhoff added a comment -

              Maybe a fixup cli script could help?

              > I actually don't think that any of the "standard" roles should have been editable

              that'd be extreme - but admin's "doanything" should be untouchable.

              Show
              martinlanghoff Martín Langhoff added a comment - Maybe a fixup cli script could help? > I actually don't think that any of the "standard" roles should have been editable that'd be extreme - but admin's "doanything" should be untouchable.
              Hide
              skodak Petr Skoda added a comment -

              standard roles should be editable imo

              Show
              skodak Petr Skoda added a comment - standard roles should be editable imo
              Hide
              howardsmiller Howard Miller added a comment -

              I'd concede the other roles, but no way should the Admin role be editable. If you want a variation create a copy and edit that. It's just too dangerous.

              I've been working on a script that seems to be helping people - http://cvs.moodle.org/contrib/tools/adminfix/

              Adding to this (see http://moodle.org/mod/forum/discuss.php?d=107139), the admin should not be able to change their own assignment rights either.

              There used to be a rule that you could play around with Moodle and always be able to undo what you did without any damage. I'd really like to see no more admin lock-outs reported in 2.0!

              Show
              howardsmiller Howard Miller added a comment - I'd concede the other roles, but no way should the Admin role be editable. If you want a variation create a copy and edit that. It's just too dangerous. I've been working on a script that seems to be helping people - http://cvs.moodle.org/contrib/tools/adminfix/ Adding to this (see http://moodle.org/mod/forum/discuss.php?d=107139 ), the admin should not be able to change their own assignment rights either. There used to be a rule that you could play around with Moodle and always be able to undo what you did without any damage. I'd really like to see no more admin lock-outs reported in 2.0!
              Hide
              rmeske Ron Meske added a comment -

              It would be much appreciated if a patch for previous versions was also made. Is that in the works?

              Show
              rmeske Ron Meske added a comment - It would be much appreciated if a patch for previous versions was also made. Is that in the works?
              Hide
              howardsmiller Howard Miller added a comment -

              Ron,

              I think it's still in the works what this might look like.

              I think some of the role configuration settings may also contribute to locking you out, so I need to do some further experimenting to get a definite proposal.

              Show
              howardsmiller Howard Miller added a comment - Ron, I think it's still in the works what this might look like. I think some of the role configuration settings may also contribute to locking you out, so I need to do some further experimenting to get a definite proposal.
              ray Ray Lawrence made changes -
              Link This issue will help resolve MDL-9879 [ MDL-9879 ]
              Hide
              timhunt Tim Hunt added a comment -

              Actually, perhaps a good solution would be to make it so that it is not possible to edit the permission associated with moodle/site:doanything. That way, admins would always have it, and you would not be able to give it to other roles.

              That seems like a sufficient solution to this issues, and a good idea in general. If people think that is a good idea, feel free to assign this bug to me.

              Show
              timhunt Tim Hunt added a comment - Actually, perhaps a good solution would be to make it so that it is not possible to edit the permission associated with moodle/site:doanything. That way, admins would always have it, and you would not be able to give it to other roles. That seems like a sufficient solution to this issues, and a good idea in general. If people think that is a good idea, feel free to assign this bug to me.
              timhunt Tim Hunt made changes -
              Assignee Martin Dougiamas [ dougiamas ] Tim Hunt [ timhunt ]
              timhunt Tim Hunt made changes -
              Summary Should not be able to edit the Administrator Role Should not be able to remove moodle/site:doanything from the Administrator Role, or add it to other roles
              howardsmiller Howard Miller made changes -
              Link This issue has a non-specific relationship to MDL-17061 [ MDL-17061 ]
              timhunt Tim Hunt made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Hide
              timhunt Tim Hunt added a comment -

              Actually, before this can be considered finished, we need a database upgrade that:

              1. Deleted any overrides relating to doanything
              2. Ensures that in the role definitions, we have doanything if and only if the role has legacy/admin.

              Show
              timhunt Tim Hunt added a comment - Actually, before this can be considered finished, we need a database upgrade that: 1. Deleted any overrides relating to doanything 2. Ensures that in the role definitions, we have doanything if and only if the role has legacy/admin.
              timhunt Tim Hunt made changes -
              Resolution Fixed [ 1 ]
              Status Resolved [ 5 ] Reopened [ 4 ]
              Hide
              skodak Petr Skoda added a comment -

              1/ doanything was not overridable in 1.8.x, it was always tested first before any other cap test - I suppose it was not overridable - my +1 for removing override support for doanything from 2.0 if there
              2/ I do not like this idea - legacy admin should mean nothing, I always thought that the real admin should only have doanything and nothing else which eliminates the legacy admin completely

              Show
              skodak Petr Skoda added a comment - 1/ doanything was not overridable in 1.8.x, it was always tested first before any other cap test - I suppose it was not overridable - my +1 for removing override support for doanything from 2.0 if there 2/ I do not like this idea - legacy admin should mean nothing, I always thought that the real admin should only have doanything and nothing else which eliminates the legacy admin completely
              Hide
              skodak Petr Skoda added a comment -

              I suppose the main reason why people are so "creative" with doanything capability is that they try to workaround the problems with course:view - there is no easy way to let ppl enter and/or administer course in stealth mode (not being members of that course, visible by students) - so again, long standing entrolment trouble

              Show
              skodak Petr Skoda added a comment - I suppose the main reason why people are so "creative" with doanything capability is that they try to workaround the problems with course:view - there is no easy way to let ppl enter and/or administer course in stealth mode (not being members of that course, visible by students) - so again, long standing entrolment trouble
              Hide
              timhunt Tim Hunt added a comment -

              Well, I agree that the whole legacy role type thing, as currently presented in the UI, does not make any sense. However, if you think of it just as a mechanism for initialising roles to sensible defaults, then it is not so bad. I guess that is how I think about it, which is why I think 2. is the best thing to do.

              Show
              timhunt Tim Hunt added a comment - Well, I agree that the whole legacy role type thing, as currently presented in the UI, does not make any sense. However, if you think of it just as a mechanism for initialising roles to sensible defaults, then it is not so bad. I guess that is how I think about it, which is why I think 2. is the best thing to do.
              timhunt Tim Hunt made changes -
              Status Reopened [ 4 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              dougiamas Martin Dougiamas made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              dougiamas Martin Dougiamas made changes -
              Workflow jira [ 28502 ] MDL Workflow [ 60912 ]
              dougiamas Martin Dougiamas made changes -
              Workflow MDL Workflow [ 60912 ] MDL Full Workflow [ 90092 ]

                People

                • Votes:
                  6 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    24/Nov/10