Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17107 Preventing spam in user profile descriptions
  3. MDL-17143

Don't display the user description at all when user isn't enrolled in any courses

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.3
    • Fix Version/s: 1.6.9, 1.7.7, 1.8.8, 1.9.4
    • Component/s: Administration
    • Labels:
      None
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      1. Add a new config variable profilesforenrolledusersonly = true (by default)

      2. When showing the profile page, if a courseid isn't defined (this is the public view) AND the user is not enrolled in any courses AND profilesforenrolledusersonly = true then replace the profile description with something like "This profile description will not be shown until this person is enrolled in at least one course".

      3. When editing the profile page, if the description is blank AND the user is not enrolled in any courses AND profilesforenrolledusersonly = true then completely hide the description field from the editing page.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            dongsheng Dongsheng Cai added a comment -

            a patch against 1.9

            Show
            dongsheng Dongsheng Cai added a comment - a patch against 1.9
            Hide
            dongsheng Dongsheng Cai added a comment -

            The new patch allows administrators editing description anytime

            Show
            dongsheng Dongsheng Cai added a comment - The new patch allows administrators editing description anytime
            Hide
            dongsheng Dongsheng Cai added a comment -

            Committed to 1.9 and HEAD, please review.

            Show
            dongsheng Dongsheng Cai added a comment - Committed to 1.9 and HEAD, please review.
            Hide
            dongsheng Dongsheng Cai added a comment -

            Please review.

            Show
            dongsheng Dongsheng Cai added a comment - Please review.
            Hide
            skodak Petr Skoda added a comment -

            you can not use get_record('role_assignments', 'userid', $userid) if there are multiple role assignments - it should some debugging error

            instead please use record_exists()

            Show
            skodak Petr Skoda added a comment - you can not use get_record('role_assignments', 'userid', $userid) if there are multiple role assignments - it should some debugging error instead please use record_exists()
            Hide
            skodak Petr Skoda added a comment -

            also please reorder the if condition so that the record_exists() is executed only when really needed

            Show
            skodak Petr Skoda added a comment - also please reorder the if condition so that the record_exists() is executed only when really needed
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Oki, I've:

            • Added some empty() checks to avoid some notices about the $CFG->profilesforenrolledusersonly not defined.
            • Changed get_record() to record_exists() and moved it to last condition.
            • Bump 19_STABLE and HEAD versions to force the setting to be displayed/defined.

            TODO:

            1) I'd fix the setting help text a bit, indicating it's an anti-spam measure in some way. Right now the justification of the setting isn't clear IMO.
            2) Add it to the anti SPAM Moodle Docs.
            3) Backport from 19_STABLE to 1.8, 1.7 and 1.6

            Helen can you take a look to 1 & 2, plz...
            Dongsheng can backport it to be ready next weekly?

            Thanks everybody!
            Thanks and ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Oki, I've: Added some empty() checks to avoid some notices about the $CFG->profilesforenrolledusersonly not defined. Changed get_record() to record_exists() and moved it to last condition. Bump 19_STABLE and HEAD versions to force the setting to be displayed/defined. TODO: 1) I'd fix the setting help text a bit, indicating it's an anti-spam measure in some way. Right now the justification of the setting isn't clear IMO. 2) Add it to the anti SPAM Moodle Docs. 3) Backport from 19_STABLE to 1.8, 1.7 and 1.6 Helen can you take a look to 1 & 2, plz... Dongsheng can backport it to be ready next weekly? Thanks everybody! Thanks and ciao
            Hide
            tsala Helen Foster added a comment -

            1) How about:

            $string['configprofilesforenrolledusersonly'] = 'To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.';

            Show
            tsala Helen Foster added a comment - 1) How about: $string ['configprofilesforenrolledusersonly'] = 'To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.';
            Hide
            tsala Helen Foster added a comment -
            Show
            tsala Helen Foster added a comment - 2) Information about this setting added to Moodle Docs: http://docs.moodle.org/en/Site_policies http://docs.moodle.org/en/Reducing_spam_in_Moodle
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Looks perfect for me, Helen. +1

            Thanks!

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Looks perfect for me, Helen. +1 Thanks!
            Hide
            tsala Helen Foster added a comment -

            Thanks Eloy, reworded lang string added to HEAD, 1.9 and 1.8.

            Show
            tsala Helen Foster added a comment - Thanks Eloy, reworded lang string added to HEAD, 1.9 and 1.8.
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Great! BTW... looking commits... I thin the setting has been backported to 1.7 too.

            Ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Great! BTW... looking commits... I thin the setting has been backported to 1.7 too. Ciao
            Hide
            tsala Helen Foster added a comment -

            Thanks Eloy, I've added the reworded lang string to 1.7 too and have updated the documentation.

            Show
            tsala Helen Foster added a comment - Thanks Eloy, I've added the reworded lang string to 1.7 too and have updated the documentation.
            Hide
            dongsheng Dongsheng Cai added a comment -

            Hi, everyone, 1.6 is quite different from the other versions. Where should I place the profilesforenrolledusersonly setting in "Administration Page"?

            Show
            dongsheng Dongsheng Cai added a comment - Hi, everyone, 1.6 is quite different from the other versions. Where should I place the profilesforenrolledusersonly setting in "Administration Page"?
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Good question... hehe.

            I think it used to be a "security" section under "config variables" or something like that. That was the place where things like $CFG->secureforms or $CFG->loginhttps were defined... hope it helps.

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Good question... hehe. I think it used to be a "security" section under "config variables" or something like that. That was the place where things like $CFG->secureforms or $CFG->loginhttps were defined... hope it helps.
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            I've performed some changes in the 16_STABLE version committed some hours ago:

            • Set new setting default to true (securer).
            • clean some debug code that was left there.
            • fixed use of undefined $userid
            • fixed logic so description field continues being mandatory for normal (enrolled) users. Was broked in prev commit.

            Seems to be working fine now. Resolving as fixed. Someone else, please, review this. Ciao

            PS: And please, try to perform some test when committing things to stable branches. This was simply broken in too many places to be acceptable IMO. TIA!

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - I've performed some changes in the 16_STABLE version committed some hours ago: Set new setting default to true (securer). clean some debug code that was left there. fixed use of undefined $userid fixed logic so description field continues being mandatory for normal (enrolled) users. Was broked in prev commit. Seems to be working fine now. Resolving as fixed. Someone else, please, review this. Ciao PS: And please, try to perform some test when committing things to stable branches. This was simply broken in too many places to be acceptable IMO. TIA!
            Hide
            skodak Petr Skoda added a comment -

            hmm,

            1/ I am not sure this should be on by default - when adding new user the description field "disappears" ??

            2/ I can see this in 1.6.x when I view my own profile and description already there, but not enrolled: "This profile description will not be shown until this person is enrolled in at least one course." and not enrolled yet. This does not seem like correct English.

            Anyway, reopening and going to fix more coding problems there...

            Petr

            Show
            skodak Petr Skoda added a comment - hmm, 1/ I am not sure this should be on by default - when adding new user the description field "disappears" ?? 2/ I can see this in 1.6.x when I view my own profile and description already there, but not enrolled: "This profile description will not be shown until this person is enrolled in at least one course." and not enrolled yet. This does not seem like correct English. Anyway, reopening and going to fix more coding problems there... Petr
            Hide
            skodak Petr Skoda added a comment -

            1/ fixed undefined 2x $userid in 1.6.x

            2/ fixe 1x undefined $userid in 1.7.x, BUT the use of non-existent capability moodle/user:editprofile will not probably work in all cases - this was a know problem fixed in 1.8.x only - maybe it is the right time to close 1.7.x branch and not commit anything there at all

            3/ in 1.8.x the new code in definition_after_data() MUST verify that $userid is valid (changed in 1.9.x) - it was removing the description field always - this was totally untested, right?

            4/ the restriction does not belong into advanced user edit form - it was removing the description if user had only create user cap

            Show
            skodak Petr Skoda added a comment - 1/ fixed undefined 2x $userid in 1.6.x 2/ fixe 1x undefined $userid in 1.7.x, BUT the use of non-existent capability moodle/user:editprofile will not probably work in all cases - this was a know problem fixed in 1.8.x only - maybe it is the right time to close 1.7.x branch and not commit anything there at all 3/ in 1.8.x the new code in definition_after_data() MUST verify that $userid is valid (changed in 1.9.x) - it was removing the description field always - this was totally untested, right? 4/ the restriction does not belong into advanced user edit form - it was removing the description if user had only create user cap
            Hide
            jerome Jérôme Mouneyrac added a comment -

            Tested on 1.9. It works fine, thanks everybody.

            Show
            jerome Jérôme Mouneyrac added a comment - Tested on 1.9. It works fine, thanks everybody.

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  28/Jan/09