Yesterday I wanted to start full conversion of modules to new roles, mainly remove isteacher(), isguest(), iseditingteacher() and isstudent(). I stopped sooner than expected. Here is the list of problems we should solve before going ahead with roles conversion.

Guest access

Originally we used require_login() and isguest() combination. require_login() to be discussed later. I guess we should move to capability checks only and stop doing special checks in modules. We can not assign guest user to Guest role now. Part of the upgrade should be assignment of guest user to guest role if we had open guest access.

Solution

• allow assignment of guest user to at least Guest role
• fix upgrade to assign guest role if needed
• fix course config GUI

Access without login

moodle/site:doanything capability trouble

moodle/site:doanything was supposed to allow admin to do anything. The problem is that we have also negative capabilities - for example moodle/legacy:guest prevents people from doing something.

Possible solutions

1. remove moodle/site:doanything and set sensible defaults for admin role, this might need other changes in code (big change)
2. make all roles positive - moodle/site:nonguest? (maintenance problems in future)
3. add positive/negative marker to each role and change doanything overriding to check it
4. sprinkle the code with or hascapability('moodle/site:doanything')
5. did I forget anything?