Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-7939

Courses hidden to students does not allow editing teacher to see and edit it

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7, 1.7.1
    • Fix Version/s: 1.7.2, 1.8, 1.9
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      To reproduce the bug:

      0. login as admin
      1. create a new course, select a user and give it a Role->Teacher permissions
      2. set the course as "unavailbale to students"
      3. now logoff and login as the editing teacher user defined at point 1
      4. editing teacher cannot see nor edit the course

      If you login as an Admin and uses the "Login as" function from whithin editing teacher user's profile, trying to access the course produce teh message "This course is not available to students".

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            nccduke Jeff Wood added a comment -

            I have verified this behaviour with my install.

            Admins can see hidden course and teachers cannot.

            Jeff

            Show
            nccduke Jeff Wood added a comment - I have verified this behaviour with my install. Admins can see hidden course and teachers cannot. Jeff
            Hide
            wren Jenny Toller added a comment -

            Jeff Wood found the solution to this:

            Site Administration > Users > Permissions > Define roles

            Teacher Role - Edit - Course area

            Change moodle/course:viewhiddencourses from inherit to allow

            Jenny

            Show
            wren Jenny Toller added a comment - Jeff Wood found the solution to this: Site Administration > Users > Permissions > Define roles Teacher Role - Edit - Course area Change moodle/course:viewhiddencourses from inherit to allow Jenny
            Hide
            poltawski Dan Poltawski added a comment -

            What I can't understand is that from my read of the capabilites system the teacher role should allow this by default:

            'moodle/user:viewhiddendetails' => array(

            'riskbitmask' => RISK_PERSONAL,

            'captype' => 'read',
            'contextlevel' => CONTEXT_SYSTEM,
            'legacy' => array(
            'teacher' => CAP_ALLOW,
            'editingteacher' => CAP_ALLOW,
            'coursecreator' => CAP_ALLOW,
            'admin' => CAP_ALLOW
            )
            ),

            Show
            poltawski Dan Poltawski added a comment - What I can't understand is that from my read of the capabilites system the teacher role should allow this by default: 'moodle/user:viewhiddendetails' => array( 'riskbitmask' => RISK_PERSONAL, 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ),
            Hide
            pj Jon Papaioannou added a comment -

            Dan, you did the wrong copy/paste... Correct is around line 515:

            'moodle/course:viewhiddencourses' => array(

            'captype' => 'read',
            'contextlevel' => CONTEXT_COURSE,
            'legacy' => array(
            'admin' => CAP_ALLOW
            )
            ),

            Show
            pj Jon Papaioannou added a comment - Dan, you did the wrong copy/paste... Correct is around line 515: 'moodle/course:viewhiddencourses' => array( 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'admin' => CAP_ALLOW ) ),
            Hide
            pj Jon Papaioannou added a comment -

            BUGFIX:

            If you execute this SQL query:

            INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` )
            VALUES (
            NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0'
            );

            The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'.

            I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.

            Show
            pj Jon Papaioannou added a comment - BUGFIX: If you execute this SQL query: INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` ) VALUES ( NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0' ); The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'. I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.
            Hide
            apmart André Martins added a comment -

            I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010).
            I made several attempts to test, reproduce and overcome this issue:

            • setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller)
            • creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level
            • creating several combinations of depth in categories and courses (0 to 3)
              even then invisible categories and courses remained only visible to the administrator.

            Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution.

            Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug.

            I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk

            Proposed patch
            \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
            File: lib/datalib.php
            Line: 782

            PATCH:
            /**

            • Returns a sorted list of categories
              *
            • @param string $parent The parent category if any
            • @param string $sort the sortorder
            • @return array of categories
              */
              /// Patched by andre.martins [29/Feb/2007]
              function get_categories($parent='none', $sort='sortorder ASC') {

            if ($parent === 'none')

            { $categories = get_records('course_categories', '', '', $sort); }

            else

            { $categories = get_records('course_categories', 'parent', $parent, $sort); }

            if ($categories) { /// Remove unavailable categories from the list
            $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
            // ----- Patch : New -> Testing if a user can see hidden categories
            $hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
            // *****
            foreach ($categories as $key => $category) {
            if (!$category->visible) {
            // ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user
            // is not a creator nor can see hidden categories
            if (!$creator and !$hidden_category_allowed)

            { // ***** unset($categories[$key]); }

            }
            }
            }
            return $categories;
            }
            \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

            \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
            File: course/lib.php
            Line: 1340

            function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) {
            /// Recursive function to print out all the categories in a nice format
            /// with or without courses included
            /// Patched by andre.martins [29/Feb/2007]

            ...... (Line: 1351)
            if ($category) {
            // ----- Patch: New -> Can the user view hidden categories?
            $can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
            // *****
            // ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or
            // can view hidden categories
            if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))
            or $can_view_hidden_categories)

            { // ***** print_category_info($category, $depth, $files); }

            else

            { return; // Don't bother printing children of invisible categories }

            } else

            { $category->id = "0"; }

            \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

            Show
            apmart André Martins added a comment - I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010). I made several attempts to test, reproduce and overcome this issue: setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller) creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level creating several combinations of depth in categories and courses (0 to 3) even then invisible categories and courses remained only visible to the administrator. Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution. Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug. I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk Proposed patch \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ File: lib/datalib.php Line: 782 PATCH: /** Returns a sorted list of categories * @param string $parent The parent category if any @param string $sort the sortorder @return array of categories */ /// Patched by andre.martins [29/Feb/2007] function get_categories($parent='none', $sort='sortorder ASC') { if ($parent === 'none') { $categories = get_records('course_categories', '', '', $sort); } else { $categories = get_records('course_categories', 'parent', $parent, $sort); } if ($categories) { /// Remove unavailable categories from the list $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ----- Patch : New -> Testing if a user can see hidden categories $hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ***** foreach ($categories as $key => $category) { if (!$category->visible) { // ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user // is not a creator nor can see hidden categories if (!$creator and !$hidden_category_allowed) { // ***** unset($categories[$key]); } } } } return $categories; } \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ File: course/lib.php Line: 1340 function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) { /// Recursive function to print out all the categories in a nice format /// with or without courses included /// Patched by andre.martins [29/Feb/2007] ...... (Line: 1351) if ($category) { // ----- Patch: New -> Can the user view hidden categories? $can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ***** // ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or // can view hidden categories if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) or $can_view_hidden_categories) { // ***** print_category_info($category, $depth, $files); } else { return; // Don't bother printing children of invisible categories } } else { $category->id = "0"; } \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
            Hide
            apmart André Martins added a comment -

            Proposed Patch usage instructions:
            For the patch that I described in my previous post to work I suggest that you:
            1) create or modify a role that has the permissions:

            • View hidden courses (moodle/course:viewhiddencourses)
            • See hidden categories (moodle/category:visibility)
              by setting them both to Allow.

            2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them.

            Example:
            A site with 2 categories and 3 courses:
            CategoryA [visible]

            • Course1 [visible]
            • Course2 [invisible]
              CategoryB [invisible]
            • Course3 [invisible]

            Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are:
            a) you want to let the user se ALL hidden courses and categories
            -> Assign the role SeeHidden site wide
            Result: User will see Course2, CategoryB and Course3

            b) you want the user to see onlu Course2
            -> Assign the role SeeHidden to CategoryA
            Result: as expected...

            c) you want the user to see Course3
            -> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him.
            Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before)

            I hope this helps.

            André

            Show
            apmart André Martins added a comment - Proposed Patch usage instructions: For the patch that I described in my previous post to work I suggest that you: 1) create or modify a role that has the permissions: View hidden courses (moodle/course:viewhiddencourses) See hidden categories (moodle/category:visibility) by setting them both to Allow. 2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them. Example: A site with 2 categories and 3 courses: CategoryA [visible] Course1 [visible] Course2 [invisible] CategoryB [invisible] Course3 [invisible] Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are: a) you want to let the user se ALL hidden courses and categories -> Assign the role SeeHidden site wide Result: User will see Course2, CategoryB and Course3 b) you want the user to see onlu Course2 -> Assign the role SeeHidden to CategoryA Result: as expected... c) you want the user to see Course3 -> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him. Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before) I hope this helps. André
            Hide
            lazyfish Yu Zhang added a comment -

            Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.

            Show
            lazyfish Yu Zhang added a comment - Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.
            Hide
            cdu Jessica Gramp added a comment -

            Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way.

            Thanks in advance.

            Show
            cdu Jessica Gramp added a comment - Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way. Thanks in advance.
            Hide
            lazyfish Yu Zhang added a comment -

            Hi Jessica,

            Look for

            View hidden courses
            moodle/course:viewhiddencourses

            on the page. Just do a search for either of these and you should fine it!

            Yu

            Show
            lazyfish Yu Zhang added a comment - Hi Jessica, Look for View hidden courses moodle/course:viewhiddencourses on the page. Just do a search for either of these and you should fine it! Yu
            Hide
            cdu Jessica Gramp added a comment -

            Hi Yu,

            Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing.

            Thanks for your help

            Jess

            Show
            cdu Jessica Gramp added a comment - Hi Yu, Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing. Thanks for your help Jess
            Hide
            cdu Jessica Gramp added a comment -

            Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief!

            Thanks for your help Yu.

            Jess

            Show
            cdu Jessica Gramp added a comment - Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief! Thanks for your help Yu. Jess
            Hide
            draconid Frances Thomson added a comment -

            I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

            Show
            draconid Frances Thomson added a comment - I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

              People

              • Votes:
                5 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  30/Mar/07