Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19125

New addinstance capabilities for activity modules to replace the old complicated course restricted modules

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.2
    • Fix Version/s: 2.3
    • Component/s: Course
    • Labels:
    • Testing Instructions:
      Hide

      We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2.

      1. With default settings, go to any course and ensure you can add any type of activity.

      2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher.

      3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature)

      4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

      5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

      6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

      7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)

      8. Test a fresh install just to be sure

      Show
      We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2. 1. With default settings, go to any course and ensure you can add any type of activity. 2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher. 3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature) 4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form. 5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules. 6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site. 7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.) 8. Test a fresh install just to be sure
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-19125_module_security

      Description

      Currently the way this works is:

      • Enforce settings (as defaults) for newly created courses.
      • Per course, use a whitelist to determine which modules can be added.

      This is kind of useless, as an empty whitelist is ambiguous. It could either mean "use the site default", or it could mean "i don't want to allow anything at all".

      One way to get around this is a new setting (maybe course.restrictedmodules) which indicates that the course has overridden the site default.

      Another way is to add a capability to each module 'canaddtocourse' or similar, and override it for a role at a course context. I think the latter is probably more correct in a 'moodle sense' but has the following drawbacks:

      1. Third party module authors must implement this capability, for their module to implement this setting (stupid)
      2. Eh, roles are complicated enough as it is, and Howard will kill me if we must override things further.

      The former is probably simpler (and easier to implement) but means adding yet another field to course. Do courses have extra settings? Maybe we could have a course_preferences table or something.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  6 Vote for this issue
                  Watchers:
                  10 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    25/Jun/12