Roles administration improvements for Moodle 2.0: Difference between revisions
No edit summary |
|||
| Line 30: | Line 30: | ||
===Capability report=== | ===Capability report=== | ||
This report, available to administrators, shows you the permissions for one particular capability throughout the system. That is, it shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden. | This report, available to administrators, shows you the permissions for one particular capability throughout the system. That is, it shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden. | ||
[[Image:Capabilityreport.png|254px]] | |||
* MDL-16343 | * MDL-16343 | ||
| Line 38: | Line 39: | ||
This will appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab will let you select a user, and then will show you, for that user, which capabilities they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability. | This will appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab will let you select a user, and then will show you, for that user, which capabilities they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability. | ||
[[Image:Explainpermissions.png|271px | |||
[[Image:Explainpermissions.png|271px]] | |||
* MDL-13538 | * MDL-13538 | ||
* MDL-16965 | * MDL-16965 | ||
===New 'Enrolment details' mode in the participants list=== | |||
A new mode when looking at the participants list, available to people with the assign roles capability. It includes information about each users roles and group memberships in the table. | |||
[[Image:Participantslistwithenrolments.png|227px]] | |||
* MDL-12311 | |||
==Changes to how roles are defined and assigned== | ==Changes to how roles are defined and assigned== | ||
| Line 59: | Line 69: | ||
===Search box on the define/override roles pages=== | ===Search box on the define/override roles pages=== | ||
The define roles screen lists over 200 capabilities. It can be quite hard to find the one you want. Therefore, we have added a search box. You can type something like 'forum' to see just the matching capabilities. | The define roles screen lists over 200 capabilities. It can be quite hard to find the one you want. Therefore, we have added a search box. You can type something like 'forum' to see just the matching capabilities. | ||
[[Image:Capabilitysearch.png|262px]] | |||
* MDL-16605 | * MDL-16605 | ||
Revision as of 01:47, 29 October 2008
Moodle 2.0
This page summarises a number of different changes to the administration of the roles and capabilities system. The unifying theme here is improving the usability and understandability of these interfaces. The inner workings of the roles system will hardly change at all.
This is an initial set of changes that will mostly be complete by the end of November 2008. I (Tim Hunt) think they represent a significant and coherent step forwards. Screen shots will be added to this page as each bit is finished. Further changes may be made later, if more good ideas emerge, and if there is time to implement them. Please discuss these changes in the Roles and Capabilities forum.
Views to help you understand your roles set-up
The roles system is designed to give administrators a lot of flexibility in controlling who can do what where. That is, to control the answer to questions like "Can user Fred reply to posts in the 'Give an example of poor usability' forum?" To understand that question and its answer, you need some key concepts:
- Contexts
- like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside.
- Users
- like Fred.
- Capabilities
- like "reply to posts". These are particular things that users should, or should not, be allowed to do.
- Roles
- Do not appear in the question above, but are important in working out the answer. Users are not given capabilities directly. Instead users are assigned roles, and the Roles give or take away capabilities.
- Role assignments
- A role assignment says a certain user has a certain role in a certain context. This role assignment will have an effect on which capabilities the user has in that context, and every context inside it.
- Role definition and Permissions
- The definition of a role assigns a permission (Not set, Allow, Prevent or Prohibit) to each capability.
- Role overrides
- change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities.
The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user, showing all the role assignments, or for a fixed capability, showing all the role definitions and overrides.
Map of where you are in the contexts
On any page to do with roles that relates to a particular context, there will be a block on the right of the screen which shows you where that context is within the Moodle system. That is, it will show you the chain of parent contexts, all the way up to the System context, and also what child contexts there are.
User's roles report
This report, available to administrators, lists all the roles assigned to a particular user anywhere in the system. This was available as a stand-alone report plugin for Moodle 1.9. In Moodle 2.0, it will be integrated as a tab in the user profile. As well as just listing the role assignments, it allows you to remove any of them.
Capability report
This report, available to administrators, shows you the permissions for one particular capability throughout the system. That is, it shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden.
Explain permissions page
This will appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab will let you select a user, and then will show you, for that user, which capabilities they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability.
New 'Enrolment details' mode in the participants list
A new mode when looking at the participants list, available to people with the assign roles capability. It includes information about each users roles and group memberships in the table.
Changes to how roles are defined and assigned
Improved widget for selecting users
On pages like assign role and add group members, where you need to select users from one list, and add them to another, the interface for searching for and selecting users has been improved. In particular you will be able to search both the lists of potential users, and the list of people who already have the role or are in the group. The search can now consider any combination of email address, user id number and username, and the search happens automatically when you stop typing, there is no need to click the search button and wait for the page to reload.
Restrictions on which roles can be assigned in which contexts
Normally, it only makes sense to assign a user the role of administrator in the System context; or to assign the Student role in the course context. Therefore, we will add new information to the definition of each role, restricting which sorts of contexts it can be assigned in. This will reduce the irrelevant choices on the assign roles screens.
Search box on the define/override roles pages
The define roles screen lists over 200 capabilities. It can be quite hard to find the one you want. Therefore, we have added a search box. You can type something like 'forum' to see just the matching capabilities.
Simplified define/override role page, with show advanced
When defining roles, you normally only need to use the Not set and Allow permissions. Therefore, we will make a simplified interface for defining roles which just has a check-box next to each capability instead of the four radio buttons. There will be a 'Show advanced' button for those occasions when you need to access all four permissions. Similarly, on the override roles page, we will hide the Prohibit permission behind a show advanced button, leaving just Inherit, Allow and Prevent.
See also
- MDL-8524 Meta bug tracking a lot of roles improvements.
- Roles and Capabilities forum
- Roadmap
