Group modes

There are three group modes:

• no groups (NOGROUPS) - groups should not be used in course or activity
• visible groups (VISIBLEGROUPS) - users or also teachers are divided into groups, all users have access to all groups
• separate groups (SEPARATEGROUPS) - students or/and teachers are separated into groups, access to non-member group is usually prevented

These group modes do not have any strictly defined meaning, activities have to define the exact meaning and have to enforce the access control manually. There is no automatic implementation of group mode in core infrastructure.

The SEPARATEGROUPS mode means that users and non-editing teachers should not be able to find out the names of users in other groups, unfortunately the group mode support may be completely missing in some activities or there might be bugs that result in information leaks across groups. It is strongly recommended to use separate course if maximum privacy is required.

Groups at course level

Groups at course level are defined relatively vaguely, each area my use different logic. groups_print_course_menu() and groups_get_course_group() is used to obtain/change current group. Developers have to pay extra attention to 0 returned from groups_get_course_group() in SEPARATEGROUPS mode. Pages/code that does not use current user group from groups_get_course_group() (i.e.. accept group parameter from url) must verify the group parameter is valid (i.e.. in SEPARATEGROUPS mode user is member of that group or has access to all groups).

Groups should not be used to mark users with special needs or disabilities because the group membership is not treated as private information and may be accidentally displayed to other users in course or even guests.

Gradebook

In VISIBLEGROUPS mode all groups from default course grouping may be used for filtering, teacher group membership is used for selection of initial filtering only.

In SEPARATEGROUPS mode teachers with moodle/site:accessallgroups capability can access grades of all users, teachers without this capability may access only users from their group. Teachers without any group membership and access to all groups can not view or display grades of any other user.

Teacher here is user with moodle/grade:viewall capability. Please note some reports such as overview or user may use slightly different access control.

List of participants

The VISIBLE groups mode can be show users membership to one or more groups. Everybody may see what is member of other groups.

In SEPARATE mode users see only members of their own groups, users with access moodle/site:accessallgroups may see members of all groups.

Course user profile

The logic is similar to the list of participants.

Groups at activity level

Group support can be implemented only in activities where users actively participate, technically there is nothing to group/separate if there is read only access such as in resources (i.e. no posts, no ratings, no comments)

mod_forum

mod_data

mod_wiki

mod_assignment

mod_quiz

Common problems

1. group mode is not implemented at all in some activities (glossary)
2. developers forget to verify group access completely - ajax scripts, action scripts, graph images, etc.
3. developers forget to handle case when current group is 0 in SEPARATEGROUPS mode
4. users believe that forced separate groups can not leak any information
5. tags may not be group aware
6. notes may not be group aware
7. experimental groupmembersonly feature is not related to groupings at all!