Wednesday, April 4, 2012

Moodle and capabilities, permissions, roles and context

This is a topic that cannot be overstated. In a nutshell, moodle is all about capabilities, permissions, roles and context. To understand their relationship is to unlock the way moodle thinks, sort of.

Do not think in terms of users, accounts, access rights. Think in terms of what role, what role permission, what context (where).

My specific example that I have been working in is the instructor role, which I have given permission to see a specific block on the front page (context). I have also given the manager role the permission to see the block too.

Remember if you want to limit the roles that can access a context, a block on the front page, then:
  • turn on edit mode
  • select the block
  • Click the Permissions link
  • remove the roles from the context.

I have a check to see which role is viewing the block, if its the manager role, then I am including additional functionality in the block. The manager role has more capability than the instructor role in the context of this block.

if( has_capability('block/instructors:manager_view', $blockcontext )){
echo "You are a manager and have capacity to view instructors.
Choose instructor to view enrolled students";
require_once('frmInstructors.php');
}

The has_capability function is looking in db\ access.php. In the file is this entry:

'block/instructors:manager_view' => array(
'captype' => 'read',
'contextlevel' => CONTEXT_BLOCK,
'archtypes' => array(
'manager' => CAP_ALLOW
)
),

You can see the manager role has the allow capability set. This is the way to provide additional functionality to a specific role.

Note the 'block/' notation. I had 'blocks/' in my statement, since the actual directory is blocks, but the notation is block. I was getting this error, until I corrected that.

It was suggested by a moodle core developer to check in the mdl_capabilities table to see if the rule had been added to the table.

Assuming you have your block set up this way:

  • blocks\blockname\db\access.php - for the capability definition
  • blocks\blockname\index.php - as the default page for the block
  • blocks\blockname\version.php - to indicate to moodle to re-read the db\access.php file if a capability has changed.

This is what is supposed to happen:

  • The version # is incremented in version.php
  • moodle recognizes the incremented #
  • moodle makes you do a plugin upgrade (a block is a type of plugin)
  • moodle while executing the plugin upgrade looks at the access.php file
  • moodle writes new capability rule(s) in the access.php file into the mdl_capabilities table

Thats a mouthful, but important to understand.

Moral of the story?

Take the time to understand moodle capabilities, roles, context and do not include an 's' on blocks in the access.php file.
at

No comments:

Post a Comment