Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74643

Contact site support - More granular control over access

    XMLWordPrintable

Details

    • MOODLE_400_STABLE
    • MOODLE_401_STABLE
    • MDL-74643-master
    • Hide

      New site admin setting

      Functionality of the setting itself is covered by behat.

      Upgrades

      Prerequisites:

      1. A newly created master site (where it was installed with the patch applied).
      2. An existing site on 4.0.0 without the improvement patch applied.
      3. An existing site on 3.11.x (any 3.11 version) without the improvement patch applied.

      Test 1: Upgrading 4.0 (where contact form is already available and will remain unchanged)

      1. On an unauthenticated session (ie while logged out), open the footer popover ("?" icon) and CONFIRM you see the Contact site support option.
      2. Update your branch so this improvement is applied and then perform the upgrade.
      3. On an unauthenticated session (ie while logged out), open the footer popover and CONFIRM you still see the Contact site support option.
      4. Click Contact site support and CONFIRM you are taken to the contact form.
      5. As admin, navigate to Site administration > Server > Support contact.
      6. CONFIRM "Support availability" has been automatically set to "Available to anyone visiting the site".

      Test 2: Upgrading pre-4.0 (where the feature will be available for the first time)

      1. Update your branch so this improvement is applied and then perform the upgrade.
      2. On an unauthenticated session (ie while logged out), open the footer popover ("?" icon) and CONFIRM you DO NOT see the Contact site support option.
      3. Log in as admin.
      4. Open the footer popover and CONFIRM you DO see the Contact site support option.
      5. Click Contact site support and CONFIRM you are taken to the contact form.
      6. Navigate to Site administration > Server > Support contact.
      7. CONFIRM "Support availability" has been automatically set to "Limited to authenticated users".

      New site (master)

      1. On an unauthenticated session (ie while logged out), open the footer popover ("?" icon) and CONFIRM you DO NOT see the Contact site support option.
      2. Log in as admin.
      3. Open the footer popover and CONFIRM you DO see the Contact site support option.
      4. Click Contact site support and CONFIRM you are taken to the contact form.
      5. Navigate to Site administration > Server > Support contact.
      6. CONFIRM "Support availability" has been automatically set to "Limited to authenticated users".
      Show
      New site admin setting Functionality of the setting itself is covered by behat. Upgrades Prerequisites: A newly created master site (where it was installed with the patch applied). An existing site on 4.0.0 without the improvement patch applied. An existing site on 3.11.x (any 3.11 version) without the improvement patch applied. Test 1: Upgrading 4.0 ( where contact form is already available and will remain unchanged) On an unauthenticated session (ie while logged out), open the footer popover ("?" icon) and CONFIRM you see the Contact site support option. Update your branch so this improvement is applied and then perform the upgrade. On an unauthenticated session (ie while logged out), open the footer popover and CONFIRM you still see the Contact site support option. Click Contact site support and CONFIRM you are taken to the contact form. As admin, navigate to Site administration > Server > Support contact. CONFIRM "Support availability" has been automatically set to "Available to anyone visiting the site". Test 2: Upgrading pre-4.0 (where the feature will be available for the first time) Update your branch so this improvement is applied and then perform the upgrade. On an unauthenticated session (ie while logged out), open the footer popover ("?" icon) and CONFIRM you DO NOT see the Contact site support option. Log in as admin. Open the footer popover and CONFIRM you DO see the Contact site support option. Click Contact site support and CONFIRM you are taken to the contact form. Navigate to Site administration > Server > Support contact. CONFIRM "Support availability" has been automatically set to "Limited to authenticated users". New site (master) On an unauthenticated session (ie while logged out), open the footer popover ("?" icon) and CONFIRM you DO NOT see the Contact site support option. Log in as admin. Open the footer popover and CONFIRM you DO see the Contact site support option. Click Contact site support and CONFIRM you are taken to the contact form. Navigate to Site administration > Server > Support contact. CONFIRM "Support availability" has been automatically set to "Limited to authenticated users".
    • 3
    • Team Hedgehog 4.1 sprint 0 rev, Team Hedgehog 4.1 pre 1.1

    Description

      Updated issue description / requirements (by michaelh):

      There are some valid use cases where site support may wish for anyone visiting the site to have access to contact site support (such as students/teachers who are having difficulty accessing their account, so need assistance without logging in). To help mitigate any misuse of that form, the original implementation of the feature therefore included a warning message at the top of the email where it was sent by an unauthenticated user, and the contact form will use ReCaptcha if implemented on the site. There is also the option to use a custom support URL (which in turn may include its own verification methods).

      However, based on feedback received on the original version of this issue and other information from the community, we need some more granular controls in place, for cases where those methods are unavailable/insufficient (for example, if ReCaptcha is not an option due to privacy/GDPR implications).

      Combining the information at hand for a single, simple solution, I am proposing the following requirements:

      1. A new admin setting to control the availability of "contact site support" in the footer, and access to the contact form itself.
      2. There should be 3 levels of access available: available to authenticated user only (default), available to anyone visiting the site (which will be the same as the current 4.0 behaviour), and disabled.
      3. Since sites on 4.0 or above already have this available to all, to maintain consistency, they will retain the current behaviour when upgrading (but can obviously change the setting if they wish). New sites and those upgrade from 3.11 or earlier will use the new default of authenticated users only.
      4. This should be covered by behat tests.

      ================================

      Original issue description by dag:

      if you can't or aren't allowed to use ReCaptcha for privacy reasons, open the Moodle system for automatic SPAMs via /user/contactsitesupport.php

      Solution idea: a new capability which can then be taken away from e.g. guests

      Edit: this right should also suppress the display via question mark

      Attachments

        Issue Links

          Activity

            People

              michaelh Michael Hawkins
              dag Dag Klimas
              Huong Nguyen Huong Nguyen
              Ilya Tregubov Ilya Tregubov
              Meirza Meirza
              Votes:
              9 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 1 day, 3 hours, 45 minutes Original Estimate - 1 day, 3 hours, 45 minutes
                  1d 3h 45m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 36 minutes
                  2d 36m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.