Moodle
  1. Moodle
  2. MDL-4561

Metacourses won't allow guest access with an enrolment key

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.3, 1.9, 1.9.1, 1.9.2, 1.9.3, 1.9.4
    • Fix Version/s: 1.9.14
    • Component/s: Enrolments
    • Labels:
      None
    • Environment:
      Linux
    • Database:
      MySQL
    • Testing Instructions:
      Hide

      make sure your site allows guests to login
      create a course and set as a meta course
      set a key and allow guests with the key
      Logout.
      Login as guest.
      attempt to enter the course.

      Show
      make sure your site allows guests to login create a course and set as a meta course set a key and allow guests with the key Logout. Login as guest. attempt to enter the course.
    • Affected Branches:
      MOODLE_15_STABLE, MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE
    • Rank:
      1368

      Description

      Since the metacourses allow normal users to manually enrol bug was fixed in Moodle 1.5.3, any guest user trying to access a metacourse which has been set to allow guest access with an enrolment key now get the error message This course does not allow public access, i.e. the same message a logged in user trying to manually enrol on the course would get.

      As a bit of an aside I think this error message is slightly confusing for the user anyway, and would be much friendlier if it could read something along the lines of This course only allows access to students already enrolled on: (list of this metacourse's child courses).

        Activity

        Hide
        Like2Travel added a comment -

        This is still an issue in 1.8.4

        Show
        Like2Travel added a comment - This is still an issue in 1.8.4
        Hide
        Joseph Rézeau added a comment -

        I am amazed to find out that this issue has still not been resolved in moodle 1.9.4.
        For my daily use of Moodle it is a critical issue, because I do need "guests with a key" to be able to access a metacourse.
        OR, if this is absolutely impossible, then at least the "allow guests with the key" parameter should be removed from the metacourse courses settings, since it is not fucntional and leads to confusion...
        Hope a fix will be found soon,
        Joseph

        Show
        Joseph Rézeau added a comment - I am amazed to find out that this issue has still not been resolved in moodle 1.9.4. For my daily use of Moodle it is a critical issue, because I do need "guests with a key" to be able to access a metacourse. OR, if this is absolutely impossible, then at least the "allow guests with the key" parameter should be removed from the metacourse courses settings, since it is not fucntional and leads to confusion... Hope a fix will be found soon, Joseph
        Hide
        Fred Quay added a comment -

        Hi !

        I'ts been 4 years I've been happily working with Moodle, I know no other sensitive problem which has been so persistent : all my learning pathes are meta-courses crowded with class-portal courses.

        We are aware that Moodle 2.0 development is a hard and of high value task, but we'll be many to need Moodle 1.9.x for some time...

        Thanks.

        Show
        Fred Quay added a comment - Hi ! I'ts been 4 years I've been happily working with Moodle, I know no other sensitive problem which has been so persistent : all my learning pathes are meta-courses crowded with class-portal courses. We are aware that Moodle 2.0 development is a hard and of high value task, but we'll be many to need Moodle 1.9.x for some time... Thanks.
        Hide
        Alex Rhinelander added a comment -

        Hi-

        One year along from the last posting, I have to echo it to try to keep this alive. I keep wanting to use meta courses to manage enrolment, but with no guest access with enrolment key possibility I can't.

        ~Alex

        Show
        Alex Rhinelander added a comment - Hi- One year along from the last posting, I have to echo it to try to keep this alive. I keep wanting to use meta courses to manage enrolment, but with no guest access with enrolment key possibility I can't. ~Alex
        Hide
        Andreas Wagner added a comment -

        Hi- working with Moodle 1.9.11:

        I changed the lines:
        if ($course->metacourse)

        { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); }

        into

        if (($course->metacourse) and !isguestuser()) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); }

        in course/enrol.php, so this would allow guests to view the course.

        Do you see any security risks or other sideeffects by this?

        Andi

        Show
        Andreas Wagner added a comment - Hi- working with Moodle 1.9.11: I changed the lines: if ($course->metacourse) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); } into if (($course->metacourse) and !isguestuser()) { print_header_simple(); notice(get_string('coursenotaccessible'), "$CFG->wwwroot/index.php"); } in course/enrol.php, so this would allow guests to view the course. Do you see any security risks or other sideeffects by this? Andi
        Hide
        Dan Marsden added a comment -

        just found this bug in the tracker, saw the number of votes and thought it can't be that hard to resolve.... so here it is!

        This isn't required for 2.0 as metacourse enrolment has been improved (I checked it and it works)

        Show
        Dan Marsden added a comment - just found this bug in the tracker, saw the number of votes and thought it can't be that hard to resolve.... so here it is! This isn't required for 2.0 as metacourse enrolment has been improved (I checked it and it works)
        Hide
        Nicolas Martignoni added a comment -

        Thanks Dan for the fix. Will do much good for 1.9.x users :-D

        Show
        Nicolas Martignoni added a comment - Thanks Dan for the fix. Will do much good for 1.9.x users :-D
        Hide
        Joseph Rézeau added a comment -

        Thanks, Dan, "better late than never"!

        Show
        Joseph Rézeau added a comment - Thanks, Dan, "better late than never"!
        Hide
        Dan Marsden added a comment -

        note to integrator - have rebased against todays stable release

        Show
        Dan Marsden added a comment - note to integrator - have rebased against todays stable release
        Hide
        Eloy Lafuente (stronk7) added a comment -

        Uhm.. it seems a good approximation... just guessing if other variables should be also checked, like $course->enrollable, $course->enrolstartdate and $course->enrolenddate , as they are checked for real users (IMO guest "enrol" should observe that too.

        So perhaps it's better to modify the:

        if ($course->metacourse) {
        

        condition instead, to allow the process to continue if "isguest() and $course->guest == 2" and allow the rest of the script to perform the usual extra checks?

        Also, perhaps we should be using isguestuser() instead of isguest() if I'm not wrong. check_entry/print_entry see to do exactly that.

        My 2 cents.

        Show
        Eloy Lafuente (stronk7) added a comment - Uhm.. it seems a good approximation... just guessing if other variables should be also checked, like $course->enrollable, $course->enrolstartdate and $course->enrolenddate , as they are checked for real users (IMO guest "enrol" should observe that too. So perhaps it's better to modify the: if ($course->metacourse) { condition instead, to allow the process to continue if "isguest() and $course->guest == 2" and allow the rest of the script to perform the usual extra checks? Also, perhaps we should be using isguestuser() instead of isguest() if I'm not wrong. check_entry/print_entry see to do exactly that. My 2 cents.
        Hide
        Dan Marsden added a comment -

        Thanks Eloy - I vote to reject for this week and let the reporters on this bug decide...

        IMO - isguest should be used rather than isguestuser - as I presume anyone with the key that isn't enrolled using meta should be able to gain access.

        Show
        Dan Marsden added a comment - Thanks Eloy - I vote to reject for this week and let the reporters on this bug decide... IMO - isguest should be used rather than isguestuser - as I presume anyone with the key that isn't enrolled using meta should be able to gain access.
        Hide
        Eloy Lafuente (stronk7) added a comment -

        Rejecting as requested. Thanks!

        Note that I've commented about isguestuser() because check_entry() looks exactly for that so, any isguest() will be rejected. Only real 'guest' user will be accepted and session access to the metacourse granted.

        Ciao

        Show
        Eloy Lafuente (stronk7) added a comment - Rejecting as requested. Thanks! Note that I've commented about isguestuser() because check_entry() looks exactly for that so, any isguest() will be rejected. Only real 'guest' user will be accepted and session access to the metacourse granted. Ciao
        Hide
        Dan Marsden added a comment -

        thanks Eloy - have now pushed much simpler patch!

        Show
        Dan Marsden added a comment - thanks Eloy - have now pushed much simpler patch!
        Hide
        Eloy Lafuente (stronk7) added a comment -

        Integrated, thanks! Yay simple solutions!

        Show
        Eloy Lafuente (stronk7) added a comment - Integrated, thanks! Yay simple solutions!
        Hide
        Eloy Lafuente (stronk7) added a comment -

        I've followed the test instructions and guests are able to access.

        Also tried other combinations of visible / guest access and enrollment key and all them worked as expected.

        Passed!

        Show
        Eloy Lafuente (stronk7) added a comment - I've followed the test instructions and guests are able to access. Also tried other combinations of visible / guest access and enrollment key and all them worked as expected. Passed!
        Hide
        Dan Marsden added a comment -

        can't believe how simple that patch was and how long it's been sitting here... hopefully the new triage/development process will make this a lot better for new bugs!

        Show
        Dan Marsden added a comment - can't believe how simple that patch was and how long it's been sitting here... hopefully the new triage/development process will make this a lot better for new bugs!
        Hide
        Eloy Lafuente (stronk7) added a comment -

        Many thanks for the hard work, this has been sent upstream and is available in all the git and cvs repositories.

        Show
        Eloy Lafuente (stronk7) added a comment - Many thanks for the hard work, this has been sent upstream and is available in all the git and cvs repositories.

          People

          • Votes:
            19 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: