Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28442

New event when a file was viewed by user (for optional logging)

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Deferred
    • Affects Version/s: 1.9.12, 2.1
    • Fix Version/s: BACKEND
    • Component/s: Files API
    • Labels:
    • Workaround:
      Hide

      add a add_to_log function to /file.php manually (around the end of the file)

      Show
      add a add_to_log function to /file.php manually (around the end of the file)
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_21_STABLE

      Description

      Recently, i tried to get a log report of students viewing some files (they were not supposed to) and i found out that there is no logging of such activity. (In Moodle 1.9.x and Moodle 2.x)

      I suggest adding a log entry function to /file.php for both Moodle versions

      maybe:
      add_to_log($course->id, 'file', 'view', "/file.php/$course->id/$file", "$course->id");
      (not sure if the above syntax is good for both Moodle 1.9 and 2.x)

        Gliffy Diagrams

          Activity

          Hide
          skodak Petr Skoda added a comment -

          Hello,

          logging of individual files would add extra performance costs and would not be reliable because the files might be already cached. Moodle 2.0 was supposed to prevent access to files that were not "supposed" to be accessed. In moodle 1.9 all course files except the backupdata and some moddata parts are public, if you want to prevent access from students you need to put it into separate course.

          If somebody implements this it should be imo optional feature.

          Thanks for the report.

          Show
          skodak Petr Skoda added a comment - Hello, logging of individual files would add extra performance costs and would not be reliable because the files might be already cached. Moodle 2.0 was supposed to prevent access to files that were not "supposed" to be accessed. In moodle 1.9 all course files except the backupdata and some moddata parts are public, if you want to prevent access from students you need to put it into separate course. If somebody implements this it should be imo optional feature. Thanks for the report.
          Hide
          nadavkav Nadav Kavalerchik added a comment -

          Just to make it clear...
          It was a Teacher's mistake to leave the files open. it was not a Moodle bug!

          Actually, I was guessing that it was not implemented in the first place due to performance issues.
          So I am suggesting, if at all possible, to have the entire logging function directed onto
          a different worker thread so it is not holding back the page from rendering.

          Or have a special setting page for the Administrator, in which logging of special important
          but performance degrading activities can be switched On or Off.

          Show
          nadavkav Nadav Kavalerchik added a comment - Just to make it clear... It was a Teacher's mistake to leave the files open. it was not a Moodle bug! Actually, I was guessing that it was not implemented in the first place due to performance issues. So I am suggesting, if at all possible, to have the entire logging function directed onto a different worker thread so it is not holding back the page from rendering. Or have a special setting page for the Administrator, in which logging of special important but performance degrading activities can be switched On or Off.
          Hide
          salvetore Michael de Raadt added a comment -

          Nadav: I've adjusted the title of this sub-task to reflect your latest comment.

          Show
          salvetore Michael de Raadt added a comment - Nadav: I've adjusted the title of this sub-task to reflect your latest comment.
          Hide
          markn Mark Nelson added a comment -

          Closing this issue as 'Deferred'. We have currently implemented a new logging/events API and have replaced existing add_to_log calls in core. We are now looking at additional places to create events and this has already been listed. Thanks!

          Show
          markn Mark Nelson added a comment - Closing this issue as 'Deferred'. We have currently implemented a new logging/events API and have replaced existing add_to_log calls in core. We are now looking at additional places to create events and this has already been listed. Thanks!

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: