Moodle
  1. Moodle
  2. MDL-7939

Courses hidden to students does not allow editing teacher to see and edit it

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7, 1.7.1
    • Fix Version/s: 1.7.2, 1.8, 1.9
    • Component/s: Roles / Access
    • Labels:
      None
    • Affected Branches:
      MOODLE_17_STABLE
    • Fixed Branches:
      MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
    • Rank:
      27628

      Description

      To reproduce the bug:

      0. login as admin
      1. create a new course, select a user and give it a Role->Teacher permissions
      2. set the course as "unavailbale to students"
      3. now logoff and login as the editing teacher user defined at point 1
      4. editing teacher cannot see nor edit the course

      If you login as an Admin and uses the "Login as" function from whithin editing teacher user's profile, trying to access the course produce teh message "This course is not available to students".

        Issue Links

          Activity

          Hide
          Jeff Wood added a comment -

          I have verified this behaviour with my install.

          Admins can see hidden course and teachers cannot.

          Jeff

          Show
          Jeff Wood added a comment - I have verified this behaviour with my install. Admins can see hidden course and teachers cannot. Jeff
          Hide
          Jenny Toller added a comment -

          Jeff Wood found the solution to this:

          Site Administration > Users > Permissions > Define roles

          Teacher Role - Edit - Course area

          Change moodle/course:viewhiddencourses from inherit to allow

          Jenny

          Show
          Jenny Toller added a comment - Jeff Wood found the solution to this: Site Administration > Users > Permissions > Define roles Teacher Role - Edit - Course area Change moodle/course:viewhiddencourses from inherit to allow Jenny
          Hide
          Dan Poltawski added a comment -

          What I can't understand is that from my read of the capabilites system the teacher role should allow this by default:

          'moodle/user:viewhiddendetails' => array(

          'riskbitmask' => RISK_PERSONAL,

          'captype' => 'read',
          'contextlevel' => CONTEXT_SYSTEM,
          'legacy' => array(
          'teacher' => CAP_ALLOW,
          'editingteacher' => CAP_ALLOW,
          'coursecreator' => CAP_ALLOW,
          'admin' => CAP_ALLOW
          )
          ),

          Show
          Dan Poltawski added a comment - What I can't understand is that from my read of the capabilites system the teacher role should allow this by default: 'moodle/user:viewhiddendetails' => array( 'riskbitmask' => RISK_PERSONAL, 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, 'admin' => CAP_ALLOW ) ),
          Hide
          Jon Papaioannou added a comment -

          Dan, you did the wrong copy/paste... Correct is around line 515:

          'moodle/course:viewhiddencourses' => array(

          'captype' => 'read',
          'contextlevel' => CONTEXT_COURSE,
          'legacy' => array(
          'admin' => CAP_ALLOW
          )
          ),

          Show
          Jon Papaioannou added a comment - Dan, you did the wrong copy/paste... Correct is around line 515: 'moodle/course:viewhiddencourses' => array( 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'admin' => CAP_ALLOW ) ),
          Hide
          Jon Papaioannou added a comment -

          BUGFIX:

          If you execute this SQL query:

          INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` )
          VALUES (
          NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0'
          );

          The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'.

          I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.

          Show
          Jon Papaioannou added a comment - BUGFIX: If you execute this SQL query: INSERT INTO `mdl_role_capabilities` ( `id` , `contextid` , `roleid` , `capability` , `permission` , `timemodified` , `modifierid` ) VALUES ( NULL , '1', '3', 'moodle/course:viewhiddencourses', '1', '1172197664', '0' ); The problem seems to be solved (at least on my install). If you want to show the course to editing teachers only, then substitute '2' for the '3'. I have a problem making a proper patch out of this though. If some kind soul answered the questions at http://moodle.org/mod/forum/discuss.php?d=65584 I could do it though.
          Hide
          André Martins added a comment -

          I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010).
          I made several attempts to test, reproduce and overcome this issue:

          • setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller)
          • creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level
          • creating several combinations of depth in categories and courses (0 to 3)
            even then invisible categories and courses remained only visible to the administrator.

          Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution.

          Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug.

          I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk

          Proposed patch
          \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
          File: lib/datalib.php
          Line: 782

          PATCH:
          /**

          • Returns a sorted list of categories
            *
          • @param string $parent The parent category if any
          • @param string $sort the sortorder
          • @return array of categories
            */
            /// Patched by andre.martins [29/Feb/2007]
            function get_categories($parent='none', $sort='sortorder ASC') {

          if ($parent === 'none')

          { $categories = get_records('course_categories', '', '', $sort); }

          else

          { $categories = get_records('course_categories', 'parent', $parent, $sort); }

          if ($categories) { /// Remove unavailable categories from the list
          $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
          // ----- Patch : New -> Testing if a user can see hidden categories
          $hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
          // *****
          foreach ($categories as $key => $category) {
          if (!$category->visible) {
          // ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user
          // is not a creator nor can see hidden categories
          if (!$creator and !$hidden_category_allowed)

          { // ***** unset($categories[$key]); }

          }
          }
          }
          return $categories;
          }
          \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

          \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
          File: course/lib.php
          Line: 1340

          function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) {
          /// Recursive function to print out all the categories in a nice format
          /// with or without courses included
          /// Patched by andre.martins [29/Feb/2007]

          ...... (Line: 1351)
          if ($category) {
          // ----- Patch: New -> Can the user view hidden categories?
          $can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID));
          // *****
          // ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or
          // can view hidden categories
          if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))
          or $can_view_hidden_categories)

          { // ***** print_category_info($category, $depth, $files); }

          else

          { return; // Don't bother printing children of invisible categories }

          } else

          { $category->id = "0"; }

          \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

          Show
          André Martins added a comment - I have also confirmed this behaviour in my install - Moodle 1.7.1+ (2006101010). I made several attempts to test, reproduce and overcome this issue: setting both the moodle/category:visibility and moodle/course:viewhiddencourses permissions to teachers (as in the proposed bugfix and the comment from Jenny Toller) creating a role with only those permissions and assigning teachers from the hidden categories and courses to it at the site level creating several combinations of depth in categories and courses (0 to 3) even then invisible categories and courses remained only visible to the administrator. Since I manage a Moodle site with this version and it's already being used by students at my university the matter became rather urgent. Giving administration privileges to all teachers that had courses to prepare was clearly not an option. I decided to look in the code and try my best to find a potential solution. Notice: I do not claim this to be a good solution. I'm NOT a Moodle expert, far from it . However, I have tested this code thoroughly and I believe it to be a possible bugfix and perhaps close this bug. I commented all insertions and modifications in the code. I left all previous functionality untouched. Forgive me if I do not follow Moodle coding conventions. Feel free to try this patch at your own risk Proposed patch \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ File: lib/datalib.php Line: 782 PATCH: /** Returns a sorted list of categories * @param string $parent The parent category if any @param string $sort the sortorder @return array of categories */ /// Patched by andre.martins [29/Feb/2007] function get_categories($parent='none', $sort='sortorder ASC') { if ($parent === 'none') { $categories = get_records('course_categories', '', '', $sort); } else { $categories = get_records('course_categories', 'parent', $parent, $sort); } if ($categories) { /// Remove unavailable categories from the list $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ----- Patch : New -> Testing if a user can see hidden categories $hidden_category_allowed = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ***** foreach ($categories as $key => $category) { if (!$category->visible) { // ----- Patch: Modified -> checking for both conditions - a category is only removed from the listing if a user // is not a creator nor can see hidden categories if (!$creator and !$hidden_category_allowed) { // ***** unset($categories[$key]); } } } } return $categories; } \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ File: course/lib.php Line: 1340 function print_whole_category_list($category=NULL, $displaylist=NULL, $parentslist=NULL, $depth=-1, $files = true) { /// Recursive function to print out all the categories in a nice format /// with or without courses included /// Patched by andre.martins [29/Feb/2007] ...... (Line: 1351) if ($category) { // ----- Patch: New -> Can the user view hidden categories? $can_view_hidden_categories = has_capability('moodle/category:visibility', get_context_instance(CONTEXT_SYSTEM, SITEID)); // ***** // ----- Patch: Modified -> the category will be shown wether it's visible, the user can update course settings or // can view hidden categories if ($category->visible or has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) or $can_view_hidden_categories) { // ***** print_category_info($category, $depth, $files); } else { return; // Don't bother printing children of invisible categories } } else { $category->id = "0"; } \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
          Hide
          André Martins added a comment -

          Proposed Patch usage instructions:
          For the patch that I described in my previous post to work I suggest that you:
          1) create or modify a role that has the permissions:

          • View hidden courses (moodle/course:viewhiddencourses)
          • See hidden categories (moodle/category:visibility)
            by setting them both to Allow.

          2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them.

          Example:
          A site with 2 categories and 3 courses:
          CategoryA [visible]

          • Course1 [visible]
          • Course2 [invisible]
            CategoryB [invisible]
          • Course3 [invisible]

          Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are:
          a) you want to let the user se ALL hidden courses and categories
          -> Assign the role SeeHidden site wide
          Result: User will see Course2, CategoryB and Course3

          b) you want the user to see onlu Course2
          -> Assign the role SeeHidden to CategoryA
          Result: as expected...

          c) you want the user to see Course3
          -> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him.
          Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before)

          I hope this helps.

          André

          Show
          André Martins added a comment - Proposed Patch usage instructions: For the patch that I described in my previous post to work I suggest that you: 1) create or modify a role that has the permissions: View hidden courses (moodle/course:viewhiddencourses) See hidden categories (moodle/category:visibility) by setting them both to Allow. 2) Assign that Role to the users that should see hidden categories and courses IN THE LEVEL from which they should see them. Example: A site with 2 categories and 3 courses: CategoryA [visible] Course1 [visible] Course2 [invisible] CategoryB [invisible] Course3 [invisible] Considering that you created a role called SeeHidden with the above permissions set to allow the possible scenarios are: a) you want to let the user se ALL hidden courses and categories -> Assign the role SeeHidden site wide Result: User will see Course2, CategoryB and Course3 b) you want the user to see onlu Course2 -> Assign the role SeeHidden to CategoryA Result: as expected... c) you want the user to see Course3 -> Assign the role SeeHidden to CategoryB... BUT this alone will not solve your problem. The user must see the hidden category also. One possible way to address this issue would be to create a role that allows the user to see hidden categories only and make it site wide for him. Result: User will see CategoryB and Course3 as well as all other hidden courses and categories below this one (to avoid the categories part you can choose to prohibit the site wide role mentioned before) I hope this helps. André
          Hide
          Yu Zhang added a comment -

          Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.

          Show
          Yu Zhang added a comment - Hi, this is fixed in 1.7, 1.8 and 1.9. All new installs and upgrades will enable teachers, non-editting teachers and course creators to see respective hidden courses by default. However we can not change that for any existing installations. To fix this you just need to log in as admin, go to users->permission->define role and set viewhiddencourses to allow for all these roles. Cheers.
          Hide
          Jessica Gramp added a comment -

          Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way.

          Thanks in advance.

          Show
          Jessica Gramp added a comment - Any clues as to what files/folders I should upgrade to fix this in my 1.7 install? When I go to users->permission->define roles I do not have a viewhiddencourses option, so it seems I can not fix it this way. Thanks in advance.
          Hide
          Yu Zhang added a comment -

          Hi Jessica,

          Look for

          View hidden courses
          moodle/course:viewhiddencourses

          on the page. Just do a search for either of these and you should fine it!

          Yu

          Show
          Yu Zhang added a comment - Hi Jessica, Look for View hidden courses moodle/course:viewhiddencourses on the page. Just do a search for either of these and you should fine it! Yu
          Hide
          Jessica Gramp added a comment -

          Hi Yu,

          Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing.

          Thanks for your help

          Jess

          Show
          Jessica Gramp added a comment - Hi Yu, Thanks for the fast response, however I don't have any moodle/course permissions in my mdl_capabilities db table, so they are not appearing on the page. Strangely, my auto-increment keys in mdl_capabilities start from 78, so it looks like I am missing a whole bunch of permissions in this table. I think I have found what they are meant to be (documented in lib/db/access.php), but I'm not sure how to load them in to the table quickly. I'll look in to it. I might need to do a fresh install of 1.7 and see what data I'm missing. Thanks for your help Jess
          Hide
          Jessica Gramp added a comment -

          Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief!

          Thanks for your help Yu.

          Jess

          Show
          Jessica Gramp added a comment - Yes, I was missing a lot of permissions in my mdl_capabilities table. Not sure what happened in the upgrade process from 1.5>1.7, but I was missing all the fields from rows 1-77. To fix this, I did a fresh install of the latest 1.7 STABLE release on my development server, backed up the data in the mdl_capabilities table and restored the table on my live server. I now have access to a whole lot of other permissions when I go to users->permission->define roles. It appears to have fixed many of the permission errors the teachers were experiencing. What a relief! Thanks for your help Yu. Jess
          Hide
          Frances Thomson added a comment -

          I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

          Show
          Frances Thomson added a comment - I've got version 1.7.3. I've changed the roles so that viewhiddencourses is Allowed (and viewhiddencategories since the hidden courses are in a hidden category). However teachers still cannot view the coruse in question. Any ideas what else I can do to fix this?

            People

            • Votes:
              5 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: