Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-45849

enrol/self:enrolself capability

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Create a test course

      • Visit Site Administration -> Courses -> Add a new course.
      • Enable the default Self enrolment (Student) enrolment method.

      Create a test user

      • In another session, create a test user account, then login to it.
      • Visit the test course generated above, and confirm you are redirected to the enrolment page.

      Test the self enrolment capability

      • Confirm that by default, you are able to enrol into the course as the test user using the self enrolment method.
      • As the admin user, visit the course permission settings at Users->Permissions in the course admin menu.
      • Select the authenticated user from the dropdown menu, then filter for enrolself.
      • Set the enrol/self:enrolself capability to 'Prevent'.
      • As the test user, reload the enrolment page.
      • Confirm you are no longer able to enrol as the test user using the self enrolment method.
      • Confirm the message returned is 'Enrolment is disabled or inactive '

      Test the default permissions

      • As the admin user, visit Site Administration->Users->Permissions->Capability Overview admin/tool/capability/index.php
      • Filter by enrolself, then select the enrol/self:enrolself then click 'Get the overview'
      • Confirm that the authenticated user role is set to Allow in the system context.
      Show
      Create a test course Visit Site Administration -> Courses -> Add a new course. Enable the default Self enrolment (Student) enrolment method. Create a test user In another session, create a test user account, then login to it. Visit the test course generated above, and confirm you are redirected to the enrolment page. Test the self enrolment capability Confirm that by default, you are able to enrol into the course as the test user using the self enrolment method. As the admin user, visit the course permission settings at Users->Permissions in the course admin menu. Select the authenticated user from the dropdown menu, then filter for enrolself. Set the enrol/self:enrolself capability to 'Prevent'. As the test user, reload the enrolment page. Confirm you are no longer able to enrol as the test user using the self enrolment method. Confirm the message returned is 'Enrolment is disabled or inactive ' Test the default permissions As the admin user, visit Site Administration->Users->Permissions->Capability Overview admin/tool/capability/index.php Filter by enrolself, then select the enrol/self:enrolself then click 'Get the overview' Confirm that the authenticated user role is set to Allow in the system context.
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_40_STABLE
    • Pull Master Branch:
      MDL-45849-selfenrol

      Description

      A new "enrol/self:enrolself" capability would be really useful for controlling access to courses via role assignments.

      Gory details

      From the Security and privacy forum discussion...

      I have a Moodle 2.6 site we're using in my company with a hundred or so courses and maybe a dozen categories. Users (employees) authenticate via LDAP and single sign-on (NTLM SSO/Kerberos) against our Active Directory server. There are currently about a thousand users. Once logged in, they're free to self-enroll in any course they like.

      Now I'm trying to grant access to the site to a few non-employees (contractors). They will log in manually (they're not defined in our Active Directory system-I will configure logins for them). But I want to restrict their access to only one or two courses (or maybe only the courses in a single category). I want to prevent them from enrolling in any of the other courses on the site. (It would be even better if I could prevent them from even seeing those other course titles.)

      I can't use enrollment keys because it imposes unfair friction to employees, who comprise the vast majority of users.

      The conditional user fields feature looked promising, but it's too low-level (activity/resource/section). The I'd like to restrict access at the course/category level.

      I'd like to avoid using anonymous "guest" access, because I'd like to offer forums/quizzes etc. to the contractors for the courses to which they have access.

        Attachments

          Activity

            People

            Assignee:
            peterburnett Peter Burnett
            Reporter:
            tedo Ted Osborne
            Peer reviewer:
            Brendan Heywood
            Integrator:
            Jake Dallimore
            Tester:
            Anna Carissa Sadia
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            7 Vote for this issue
            Watchers:
            15 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h