Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Enrolment usage overview

From MoodleDocs

Moodle 2.0


Goals

There is a lot of confusion related to guest access, enrolment of users, unenrolment, expiration, etc. This page is trying to sum up the usage of enrolments and guest access in various parts of Moodle.

Definitions

enrolment
All enrolled users enrolled in a course have record in user_enrolments table. The original moodle/course:view is reset during 2.0 upgrade and all data is migrated to this new enrolment table.
guest user
Local user account with username guest, for performance reasons guest id is cached in $CFG, guest is never returned from get_users_by_capability() or get_enrolled_users(), all write and dangerous capabilities are blocked in has_capability().
viewing/inspection
Users with moodle/course:view at course or higher level may access course without enrolment or guest access. These users are not visible inside course unless they post or do other visible action.
course guest access
Those are users that are not enrolled or just viewing, but still somehow get through the require_login($course). The enrolment plugins are supposed to grant this temporary guest access, usually at the same time the user is temporarily given some guest role.
administrators
Administrators do not have any role assigned any more, instead list of administrators is stored in CFG variable. Administrators are not returned from any accesslib queries, the only function explicitly dealing with administrators is the has_capability(), it always returns true for administrators. This is the reason why all activities that are not combined with enrolment status must have positive meaning.
manager access
Users with redefined moodle/course:view capability may access course they are not enrolled in. These users may have any capability, but they can not truely participate in courses, be members of groups, be graded, etc. This is partially equivalent to previous hidden role assignments.

Core API

get_enrolled_users()
returns list of userids that are already enrolled (everybody on frontpage) optionally with some capability
get_enrolled_sql()
return the sql select used in get_enrolled_users()
isguest()
returns true for guest user account and users with temporary guest access
isguestuser()
return true only for the real guest account (username==guest)
is_siteadmin()
returns true for all site admins
has_capability()
returns true if user has capability, if $doanything==true used returns true for all admins
get_users_by_capability()
the same as in 1.9
is_enrolled()
returns true if user enrolled, on frontpage true for everybody
is_viewing()
returns true if user administrator or has moodle/course:view capability

Core usage

Group membership

Only enrolled users may be members of groups. In 1.9 and earlier we only guess by looking at roles that have moodle/course:view which is not hidden, this may actually return incorrect results if overrides are used. All group membership is removed when un-enrolling from course.

Gradebook

We keep only grades of enrolled users. Gradebook shows only enrolled users that have the gradebook role. In future it could be controlled by a special capability instead, this was not possible in 1.9 for performance reasons.

Anybody with capability may grade or manage gradebook.

Logs and reports

In some cases we want to see only enrolled users, in others we want to see really all users. This should be decided by a new capability.

User profiles

Only enrolled user have course profile page that can be accessed by other users. Users that have one of $CFG->coursemanager roles have profile on site level because we want them to be clickable on course description page. (This was originally controlled by isteacherinanycourse() which was both deprecated and incorrect.)

Profile displays also user roles in course, the list of roles is the same as on the profile page.

Participation page

Participants page displays only enrolled users (with moodle/course:participate capability). It shows only limited number of roles specified in the $CFG->profileroles setting.

Messaging

There is an ongoing discussion about limiting of communication to Teacher-Student only, I do not think we should restrict this - they may use modules like Consultation or Dialog instead. In any case the current messaging needs a lot more work both on performance and usability.

Comments

Comments can be controlled by capability.

Ratings

Ratings can be controlled by capability.

Modules

Assignment

Only enrolled user with submit capability may submit.

Users with capability may grade.

Chat

Users with capability may chat.

Choice

Enrolled users with capability may make a choice. In theory there could be a setting to require capability only.

The enrolment is important especially when there is a limited number of slots or when we want to display list of users that did not make a choice yet.

Feedback

Options:

  • Enrolled users with capability only
  • Users with capability
  • All users including guest (non standard feature disabled by default for security reasons)

Forum

Anybody with capability may post. Enrolled users may get notifications via email or track new posts.

Glossary

Anybody with capability may post.

Lesson

Anybody with capability may try it, grades are recorded only for enrolled.

Quiz

Anybody with capability could try it. Only enrolled with capability are displayed as those that did not pass grade yet. Only grades of enrolled are passed to gradebook.

SCORM

Anybody with capability may try it.

Survey

Only enrolled with capability may answer it.

Wiki

Anybody with capability may edit.

Workshop

Only enrolled with capabilities may participate.

Blocks

Online users

We need separate capability to see all or enrolled users.

See also