Yesterday I wanted to start full conversion of modules to new roles, mainly remove isteacher(), isguest(), iseditingteacher() and isstudent(). I stopped sooner than expected. Here is the list of problems we should solve before going ahead with roles conversion.

Guest access

Originally we used require_login() and isguest() combination. require_login() to be discussed later. We are moving to capability checks only and stopping special checks in modules. We can not assign guest user to Guest role manually now - guest user is assigned to Guest role automatically at the site level.

Solution

• allow assignment of guest user to at least Guest role
• fix upgrade to assign guest role if needed
• fix course config GUI

Access without login

Till now we used empty($USER->id) or isloggedin(). If we want to control everything using capabilities we need new notlogged user and Not logged role plus legacy capability site/legacy:loggedin.

We should also eliminate $CFG->forcelogin that was used when we wanted to give access without login to resources at site level.

Solution

• automatically create user notlogged - either in memory only or in database
• load notlogged user in $USER if not logged
• do some automatic assignment or capability overrides in upgrade
• remove empty($USER->id) from core
• rewrite require_login() or obsolete it by has_capability() with parameter to login if needed.
• add special handling of moodle/legacy:guest to has_capability() to keep its negative meaning for legacy code

Enrollments

Backup/Restore