Moodle
  1. Moodle
  2. MDL-17107 Preventing spam in user profile descriptions
  3. MDL-17143

Don't display the user description at all when user isn't enrolled in any courses

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.3
    • Fix Version/s: 1.6.9, 1.7.7, 1.8.8, 1.9.4
    • Component/s: Administration
    • Labels:
      None
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
    • Rank:
      36734

      Description

      1. Add a new config variable profilesforenrolledusersonly = true (by default)

      2. When showing the profile page, if a courseid isn't defined (this is the public view) AND the user is not enrolled in any courses AND profilesforenrolledusersonly = true then replace the profile description with something like "This profile description will not be shown until this person is enrolled in at least one course".

      3. When editing the profile page, if the description is blank AND the user is not enrolled in any courses AND profilesforenrolledusersonly = true then completely hide the description field from the editing page.

        Issue Links

          Activity

          Hide
          Dongsheng Cai added a comment -

          a patch against 1.9

          Show
          Dongsheng Cai added a comment - a patch against 1.9
          Hide
          Dongsheng Cai added a comment -

          The new patch allows administrators editing description anytime

          Show
          Dongsheng Cai added a comment - The new patch allows administrators editing description anytime
          Hide
          Dongsheng Cai added a comment -

          Committed to 1.9 and HEAD, please review.

          Show
          Dongsheng Cai added a comment - Committed to 1.9 and HEAD, please review.
          Hide
          Dongsheng Cai added a comment -

          Please review.

          Show
          Dongsheng Cai added a comment - Please review.
          Hide
          Petr Škoda added a comment -

          you can not use get_record('role_assignments', 'userid', $userid) if there are multiple role assignments - it should some debugging error

          instead please use record_exists()

          Show
          Petr Škoda added a comment - you can not use get_record('role_assignments', 'userid', $userid) if there are multiple role assignments - it should some debugging error instead please use record_exists()
          Hide
          Petr Škoda added a comment -

          also please reorder the if condition so that the record_exists() is executed only when really needed

          Show
          Petr Škoda added a comment - also please reorder the if condition so that the record_exists() is executed only when really needed
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Oki, I've:

          • Added some empty() checks to avoid some notices about the $CFG->profilesforenrolledusersonly not defined.
          • Changed get_record() to record_exists() and moved it to last condition.
          • Bump 19_STABLE and HEAD versions to force the setting to be displayed/defined.

          TODO:

          1) I'd fix the setting help text a bit, indicating it's an anti-spam measure in some way. Right now the justification of the setting isn't clear IMO.
          2) Add it to the anti SPAM Moodle Docs.
          3) Backport from 19_STABLE to 1.8, 1.7 and 1.6

          Helen can you take a look to 1 & 2, plz...
          Dongsheng can backport it to be ready next weekly?

          Thanks everybody!
          Thanks and ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Oki, I've: Added some empty() checks to avoid some notices about the $CFG->profilesforenrolledusersonly not defined. Changed get_record() to record_exists() and moved it to last condition. Bump 19_STABLE and HEAD versions to force the setting to be displayed/defined. TODO: 1) I'd fix the setting help text a bit, indicating it's an anti-spam measure in some way. Right now the justification of the setting isn't clear IMO. 2) Add it to the anti SPAM Moodle Docs. 3) Backport from 19_STABLE to 1.8, 1.7 and 1.6 Helen can you take a look to 1 & 2, plz... Dongsheng can backport it to be ready next weekly? Thanks everybody! Thanks and ciao
          Hide
          Helen Foster added a comment -

          1) How about:

          $string['configprofilesforenrolledusersonly'] = 'To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.';

          Show
          Helen Foster added a comment - 1) How about: $string ['configprofilesforenrolledusersonly'] = 'To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.';
          Hide
          Helen Foster added a comment -
          Show
          Helen Foster added a comment - 2) Information about this setting added to Moodle Docs: http://docs.moodle.org/en/Site_policies http://docs.moodle.org/en/Reducing_spam_in_Moodle
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Looks perfect for me, Helen. +1

          Thanks!

          Show
          Eloy Lafuente (stronk7) added a comment - Looks perfect for me, Helen. +1 Thanks!
          Hide
          Helen Foster added a comment -

          Thanks Eloy, reworded lang string added to HEAD, 1.9 and 1.8.

          Show
          Helen Foster added a comment - Thanks Eloy, reworded lang string added to HEAD, 1.9 and 1.8.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Great! BTW... looking commits... I thin the setting has been backported to 1.7 too.

          Ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Great! BTW... looking commits... I thin the setting has been backported to 1.7 too. Ciao
          Hide
          Helen Foster added a comment -

          Thanks Eloy, I've added the reworded lang string to 1.7 too and have updated the documentation.

          Show
          Helen Foster added a comment - Thanks Eloy, I've added the reworded lang string to 1.7 too and have updated the documentation.
          Hide
          Dongsheng Cai added a comment -

          Hi, everyone, 1.6 is quite different from the other versions. Where should I place the profilesforenrolledusersonly setting in "Administration Page"?

          Show
          Dongsheng Cai added a comment - Hi, everyone, 1.6 is quite different from the other versions. Where should I place the profilesforenrolledusersonly setting in "Administration Page"?
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Good question... hehe.

          I think it used to be a "security" section under "config variables" or something like that. That was the place where things like $CFG->secureforms or $CFG->loginhttps were defined... hope it helps.

          Show
          Eloy Lafuente (stronk7) added a comment - Good question... hehe. I think it used to be a "security" section under "config variables" or something like that. That was the place where things like $CFG->secureforms or $CFG->loginhttps were defined... hope it helps.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          I've performed some changes in the 16_STABLE version committed some hours ago:

          • Set new setting default to true (securer).
          • clean some debug code that was left there.
          • fixed use of undefined $userid
          • fixed logic so description field continues being mandatory for normal (enrolled) users. Was broked in prev commit.

          Seems to be working fine now. Resolving as fixed. Someone else, please, review this. Ciao

          PS: And please, try to perform some test when committing things to stable branches. This was simply broken in too many places to be acceptable IMO. TIA!

          Show
          Eloy Lafuente (stronk7) added a comment - I've performed some changes in the 16_STABLE version committed some hours ago: Set new setting default to true (securer). clean some debug code that was left there. fixed use of undefined $userid fixed logic so description field continues being mandatory for normal (enrolled) users. Was broked in prev commit. Seems to be working fine now. Resolving as fixed. Someone else, please, review this. Ciao PS: And please, try to perform some test when committing things to stable branches. This was simply broken in too many places to be acceptable IMO. TIA!
          Hide
          Petr Škoda added a comment -

          hmm,

          1/ I am not sure this should be on by default - when adding new user the description field "disappears" ??

          2/ I can see this in 1.6.x when I view my own profile and description already there, but not enrolled: "This profile description will not be shown until this person is enrolled in at least one course." and not enrolled yet. This does not seem like correct English.

          Anyway, reopening and going to fix more coding problems there...

          Petr

          Show
          Petr Škoda added a comment - hmm, 1/ I am not sure this should be on by default - when adding new user the description field "disappears" ?? 2/ I can see this in 1.6.x when I view my own profile and description already there, but not enrolled: "This profile description will not be shown until this person is enrolled in at least one course." and not enrolled yet. This does not seem like correct English. Anyway, reopening and going to fix more coding problems there... Petr
          Hide
          Petr Škoda added a comment -

          1/ fixed undefined 2x $userid in 1.6.x

          2/ fixe 1x undefined $userid in 1.7.x, BUT the use of non-existent capability moodle/user:editprofile will not probably work in all cases - this was a know problem fixed in 1.8.x only - maybe it is the right time to close 1.7.x branch and not commit anything there at all

          3/ in 1.8.x the new code in definition_after_data() MUST verify that $userid is valid (changed in 1.9.x) - it was removing the description field always - this was totally untested, right?

          4/ the restriction does not belong into advanced user edit form - it was removing the description if user had only create user cap

          Show
          Petr Škoda added a comment - 1/ fixed undefined 2x $userid in 1.6.x 2/ fixe 1x undefined $userid in 1.7.x, BUT the use of non-existent capability moodle/user:editprofile will not probably work in all cases - this was a know problem fixed in 1.8.x only - maybe it is the right time to close 1.7.x branch and not commit anything there at all 3/ in 1.8.x the new code in definition_after_data() MUST verify that $userid is valid (changed in 1.9.x) - it was removing the description field always - this was totally untested, right? 4/ the restriction does not belong into advanced user edit form - it was removing the description if user had only create user cap
          Hide
          Jérôme Mouneyrac added a comment -

          Tested on 1.9. It works fine, thanks everybody.

          Show
          Jérôme Mouneyrac added a comment - Tested on 1.9. It works fine, thanks everybody.

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: