Moodle
  1. Moodle
  2. MDL-19125

New addinstance capabilities for activity modules to replace the old complicated course restricted modules

    Details

    • Testing Instructions:
      Hide

      We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2.

      1. With default settings, go to any course and ensure you can add any type of activity.

      2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher.

      3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature)

      4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

      5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

      6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

      7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)

      8. Test a fresh install just to be sure

      Show
      We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2. 1. With default settings, go to any course and ensure you can add any type of activity. 2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher. 3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature) 4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form. 5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules. 6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site. 7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.) 8. Test a fresh install just to be sure
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-19125_module_security
    • Rank:
      5260

      Description

      Currently the way this works is:

      • Enforce settings (as defaults) for newly created courses.
      • Per course, use a whitelist to determine which modules can be added.

      This is kind of useless, as an empty whitelist is ambiguous. It could either mean "use the site default", or it could mean "i don't want to allow anything at all".

      One way to get around this is a new setting (maybe course.restrictedmodules) which indicates that the course has overridden the site default.

      Another way is to add a capability to each module 'canaddtocourse' or similar, and override it for a role at a course context. I think the latter is probably more correct in a 'moodle sense' but has the following drawbacks:

      1. Third party module authors must implement this capability, for their module to implement this setting (stupid)
      2. Eh, roles are complicated enough as it is, and Howard will kill me if we must override things further.

      The former is probably simpler (and easier to implement) but means adding yet another field to course. Do courses have extra settings? Maybe we could have a course_preferences table or something.

      1. Alter roles by capability.bmml
        2 kB
        Tim Hunt
      2. Alter roles by capability 2.bmml
        7 kB
        Tim Hunt
      3. Alter roles by capability 2.bmml
        7 kB
        Tim Hunt
      4. Alter roles by capability 2.bmml
        2 kB
        Tim Hunt
      5. Possible admin interface.bmml
        9 kB
        Tim Hunt
      6. Possible admin interface.bmml
        5 kB
        Tim Hunt
      7. Possible course settings UI.bmml
        3 kB
        Tim Hunt
      8. Possible course settings UI.bmml
        5 kB
        Tim Hunt
      9. Possible course settings UI.bmml
        5 kB
        Tim Hunt
      10. sam proposed - course settings UI.bmml
        3 kB
        Sam Marshall
      1. Alter roles by capability.png
        15 kB
      2. Alter roles by capability 2.png
        36 kB
      3. Possible admin interface.png
        57 kB
      4. Possible course settings UI.png
        16 kB
      5. sam proposed - course settings UI.png
        23 kB

        Issue Links

          Activity

          Penny Leach created issue -
          Penny Leach made changes -
          Field Original Value New Value
          Link This issue has a non-specific relationship to MDL-19110 [ MDL-19110 ]
          Martin Dougiamas made changes -
          Workflow jira [ 31869 ] MDL Workflow [ 44885 ]
          Martin Dougiamas made changes -
          Workflow MDL Workflow [ 44885 ] MDL Full Workflow [ 73244 ]
          Tim Hunt made changes -
          Fix Version/s 2.3 [ 10657 ]
          Testing Instructions 1. With default settings, go to any course and ensure you can add any type of activity.

          2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a database in any course when logged in as a Teacher.

          3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restict modules for all courses, with a default list.

          4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

          5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

          6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

          7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)
          Labels triaged
          Assignee moodle.com [ moodle.com ] Tim Hunt [ timhunt ]
          Affects Version/s 2.2 [ 10656 ]
          Tim Hunt made changes -
          Status Open [ 1 ] Waiting for peer review [ 10012 ]
          Pull Master Diff URL https://github.com/timhunt/moodle/compare/master...MDL-19125_module_security
          Pull Master Branch MDL-19125_module_security
          Pull from Repository git://github.com/timhunt/moodle.git
          Tim Hunt made changes -
          Labels triaged docs_required qa_test_required triaged
          Dan Poltawski made changes -
          Original Estimate 0 minutes [ 0 ]
          Remaining Estimate 0 minutes [ 0 ]
          Status Waiting for peer review [ 10012 ] Peer review in progress [ 10013 ]
          Peer reviewer poltawski
          Dan Poltawski made changes -
          Status Peer review in progress [ 10013 ] Development in progress [ 3 ]
          Tim Hunt made changes -
          Status Development in progress [ 3 ] Waiting for integration review [ 10010 ]
          Sam Hemelryk made changes -
          Currently in integration Yes [ 10041 ]
          Eloy Lafuente (stronk7) made changes -
          Labels docs_required qa_test_required triaged docs_required qa_test_required triaged ui_change
          Eloy Lafuente (stronk7) made changes -
          Currently in integration Yes [ 10041 ]
          Sam Hemelryk made changes -
          Currently in integration Yes [ 10041 ]
          Sam Hemelryk made changes -
          Status Waiting for integration review [ 10010 ] Integration review in progress [ 10004 ]
          Integrator samhemelryk
          Sam Hemelryk made changes -
          Status Integration review in progress [ 10004 ] Waiting for testing [ 10005 ]
          Sam Hemelryk made changes -
          Testing Instructions 1. With default settings, go to any course and ensure you can add any type of activity.

          2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a database in any course when logged in as a Teacher.

          3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restict modules for all courses, with a default list.

          4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

          5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

          6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

          7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)
          1. With default settings, go to any course and ensure you can add any type of activity.

          2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a database in any course when logged in as a Teacher.

          3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restict modules for all courses, with a default list.

          4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

          5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

          6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

          7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)

          8. Test a fresh install just to be sure
          Michael de Raadt made changes -
          Tester rwijaya
          Rossiani Wijaya made changes -
          Status Waiting for testing [ 10005 ] Testing in progress [ 10011 ]
          Tim Hunt made changes -
          Testing Instructions 1. With default settings, go to any course and ensure you can add any type of activity.

          2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a database in any course when logged in as a Teacher.

          3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restict modules for all courses, with a default list.

          4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

          5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

          6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

          7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)

          8. Test a fresh install just to be sure
          We are mostly testing the new functionality in 2.3, but part of that is testing that data is upgraded and restored properly from 2.2.

          1. With default settings, go to any course and ensure you can add any type of activity.

          2. Change the role definition for the Teacher role, to remove mod/chat:addinstance, and make sure you cannot add a Chat in any course when logged in as a Teacher.

          3. Using a Moodle 2.2 site, turn on the Module security feature, and set it to restrict modules for all courses, with a default list. (Using the old http://docs.moodle.org/22/en/Managing_activities#Module_security feature)

          4. Go into a course in this site, go to the course settings, make sure module security is turned on there, and that the list of allowed modules is right, then Save the form.

          5. Backup this course, and restore it into your Moodle 2.3 dev install. Verify that role overrides are created to prevent Teachers from adding the disallowed modules.

          6. As for steps 4. and 5. but set things up on, and backup and restore from, a Moodle 1.9 site.

          7. Upgrade the Moodle 2.2 site that you used in steps 4. and 5. to the latest master. Verify that the correct role overrides are created; and that the old course_allowed_modules table, and course.retrictmodules column and restrictmodulesfor, restrictbydefault and defaultallowedmodules config settings are dropped.)

          8. Test a fresh install just to be sure
          Rossiani Wijaya made changes -
          Status Testing in progress [ 10011 ] Problem during testing [ 10007 ]
          Eloy Lafuente (stronk7) made changes -
          Status Problem during testing [ 10007 ] Integration review in progress [ 10004 ]
          Eloy Lafuente (stronk7) made changes -
          Status Integration review in progress [ 10004 ] Waiting for testing [ 10005 ]
          Rossiani Wijaya made changes -
          Status Waiting for testing [ 10005 ] Testing in progress [ 10011 ]
          Rossiani Wijaya made changes -
          Status Testing in progress [ 10011 ] Tested [ 10006 ]
          Eloy Lafuente (stronk7) made changes -
          Link This issue testing discovered MDL-32158 [ MDL-32158 ]
          Rossiani Wijaya made changes -
          Link This issue has been marked as being related by MDL-32158 [ MDL-32158 ]
          Rossiani Wijaya made changes -
          Link This issue has been marked as being related by MDL-32158 [ MDL-32158 ]
          Sam Hemelryk made changes -
          Status Tested [ 10006 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Currently in integration Yes [ 10041 ]
          Eloy Lafuente (stronk7) made changes -
          Integration date 23/Mar/12
          Tim Barker made changes -
          Link This issue QA test addition/change MDLTEST-179 [ MDLTEST-179 ]
          Mary Cooch made changes -
          Labels docs_required qa_test_required triaged ui_change qa_test_required triaged ui_change
          Mary Cooch made changes -
          Charles Fulton made changes -
          Link This issue caused a regression MDL-34082 [ MDL-34082 ]
          Tim Hunt made changes -
          Summary course restricted modules is kind of complicated and un-useful. could be improved in 2.0 New addinstance capabilities for activity modules to replace the old complicated course restricted modules
          Tim Hunt made changes -
          Link This issue is duplicated by MDL-11894 [ MDL-11894 ]
          Rajesh Taneja made changes -
          Link This issue has a non-specific relationship to MDL-39274 [ MDL-39274 ]

            People

            • Votes:
              6 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: