Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Roles administration improvements for Moodle 2.0: Difference between revisions

From MoodleDocs
No edit summary
Line 7: Line 7:
==Views to help you understand your roles set-up==
==Views to help you understand your roles set-up==


The roles system is designed to give administrators a lot of flexibility in controlling who can do what where. That is, to control the answer to questions like "Can user Fred reply to posts in the 'Give an example of poor usability' forum?" To understand that question and its answer, you need some key concepts:
The roles system is designed to give administrators lots of flexibility in controlling who can do what where. That is, to let administrators control how Moodle answers questions like "Can user Fred reply to posts in the 'Give an example of poor usability' forum?" To understand that question and its answer, you need some key concepts:
; Contexts : like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside.
; Contexts : like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside.
; Users : like Fred.
; Users : like Fred.
Line 16: Line 16:
; Role overrides : change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities.
; Role overrides : change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities.


The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user, showing all the role assignments, or for a fixed capability, showing all the role definitions and overrides.
The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user and showing all their role assignments, or for a fixed capability, showing all the role definitions and overrides.


===Map of where you are in the contexts===
===Map of where you are in the contexts===

Revision as of 02:11, 29 October 2008

Moodle 2.0

This page summarises a number of different changes to the administration of the roles and capabilities system. The unifying theme here is improving the usability and understandability of these interfaces. The inner workings of the roles system will hardly change at all.

Most of these changes that will mostly be complete by the end of November 2008. Note that most items link ot the relevant tracker issue and more detailed design documents. Screen shots will be added to this page as each bit is finished.

I (Tim Hunt) think this represent a significant step forwards. We have tried to pick up on most of the good suggestions that have been made so far, and to address the main usability concerns that have been raised. If you have further suggestions, or want to comment on what is already here, please do so in the Roles and Capabilities forum. Most important, if you think there is a significant usability problem that we are ignoring, please raise it.

Views to help you understand your roles set-up

The roles system is designed to give administrators lots of flexibility in controlling who can do what where. That is, to let administrators control how Moodle answers questions like "Can user Fred reply to posts in the 'Give an example of poor usability' forum?" To understand that question and its answer, you need some key concepts:

Contexts
like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside.
Users
like Fred.
Capabilities
like "reply to posts". These are particular things that users should, or should not, be allowed to do.
Roles
Do not appear in the question above, but are important in working out the answer. Users are not given capabilities directly. Instead users are assigned roles, and the Roles give or take away capabilities.
Role assignments
A role assignment says a certain user has a certain role in a certain context. This role assignment will have an effect on which capabilities the user has in that context, and every context inside it.
Role definition and Permissions
The definition of a role assigns a permission (Not set, Allow, Prevent or Prohibit) to each capability.
Role overrides
change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities.

The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user and showing all their role assignments, or for a fixed capability, showing all the role definitions and overrides.

Map of where you are in the contexts

On any page to do with roles that relates to a particular context, there will be a block on the right of the screen which shows you where that context is within the Moodle system. That is, it will show you the chain of parent contexts, all the way up to the System context, and also what child contexts there are.

User's roles report

This report, available to administrators, lists all the roles assigned to a particular user anywhere in the system. This was available as a stand-alone report plugin for Moodle 1.9. In Moodle 2.0, it will be integrated as a tab in the user profile. As well as just listing the role assignments, it allows you to remove any of them.

Capability report

This report, available to administrators, shows you the permissions for one particular capability throughout the system. That is, it shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden.

Capabilityreport.png

Explain permissions page

This will appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab will let you select a user, and then will show you, for that user, which capabilities they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability.

File:Explainpermissions.png

New 'Enrolment details' mode in the participants list

A new mode when looking at the participants list, available to people with the assign roles capability. It includes information about each users roles and group memberships in the table.

Participantslistwithenrolments.png

Changes to how roles are defined and assigned

Improved widget for selecting users

On pages like assign role and add group members, where you need to select users from one list, and add them to another, the interface for searching for and selecting users has been improved. In particular you will be able to search both the lists of potential users, and the list of people who already have the role or are in the group. The search can now consider any combination of email address, user id number and username, and the search happens automatically when you stop typing, there is no need to click the search button and wait for the page to reload.

Restrictions on which roles can be assigned in which contexts

Normally, it only makes sense to assign a user the role of administrator in the System context; or to assign the Student role in the course context. Therefore, we will add new information to the definition of each role, restricting which sorts of contexts it can be assigned in. This will reduce the irrelevant choices on the assign roles screens.

Search box on the define/override roles pages

The define roles screen lists over 200 capabilities. It can be quite hard to find the one you want. Therefore, we have added a search box. You can type something like 'forum' to see just the matching capabilities.

Capabilitysearch.png

Simplified define/override role page, with show advanced

When defining roles, you normally only need to use the Not set and Allow permissions. Therefore, we will make a simplified interface for defining roles which just has a check-box next to each capability instead of the four radio buttons. There will be a 'Show advanced' button for those occasions when you need to access all four permissions. Similarly, on the override roles page, we will hide the Prohibit permission behind a show advanced button, leaving just Inherit, Allow and Prevent.

A way to easily assign one user roles in several contexts?

The Users' roles report (see above) already lets you remove any of a user's current role assignments. We might enhance it to allow you to add new role assignments for a user. I am not quite sure how this would work, so I am not promising anything.

See also