Roles administration improvements for Moodle 2.0: Difference between revisions
No edit summary |
|||
| Line 8: | Line 8: | ||
; Contexts : like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside. | ; Contexts : like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside. | ||
; Users : like Fred. | ; Users : like Fred. | ||
; Capabilities : like "reply to posts". These are particular things that users should, or should not, be allowed to do. | |||
; Roles : Do not appear in the question above, but are important in working out the answer. Users are not given capabilities directly. Instead users are assigned roles, and the Roles give or take away capabilities. | |||
; Role assignments : A role assignment says a certain user has a certain role in a certain context. This role assignment will have an effect on which capabilities the user has in that context, and every context inside it. | |||
; Role definition and Permissions : The definition of a role assigns a permission (Not set, Allow, Prevent or Prohibit) to each capability. | |||
; Role overrides : change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities. | |||
The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user, showing all the role assignments, or for a fixed capability, showing all the role definitions and overrides. | The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user, showing all the role assignments, or for a fixed capability, showing all the role definitions and overrides. | ||
| Line 30: | Line 30: | ||
===Capability report=== | ===Capability report=== | ||
This report, available to administrators, shows you the permissions for one particular capability throughout the system. That is, it shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden. | |||
TODO Screenshot | |||
MDL-16343 | MDL-16343 | ||
| Line 36: | Line 38: | ||
===Explain permissions page=== | ===Explain permissions page=== | ||
This will appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab will let you select a user, and then will show you, for that user, which capabilities they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability. | |||
[[Image:Explainpermissions.png|271px|right]] | |||
MDL-13538 | MDL-13538 | ||
MDL-16965 | MDL-16965 | ||
Revision as of 12:10, 28 October 2008
Moodle 2.0
This page summarises a number of different changes to the administration of the roles and capabilities system. The unifying theme here is improving the usability and understandability of these interfaces. The inner workings of the roles system will hardly change at all.
This is an initial set of changes that will mostly be complete by the end of November 2008. I (Tim Hunt) think they represent a significant and coherent step forwards. Screen shots will be added to this page as each bit is finished. Further changes may be made later, if more good ideas emerge, and if there is time to implement them. Please discuss these changes in the Roles and Capabilities forum.
Views to help you understand your roles set-up
The roles system is designed to give administrators a lot of flexibility in controlling who can do what where. That is, to control the answer to questions like "Can user Fred reply to posts in the 'Give an example of poor usability' forum?" To understand that question and its answer, you need some key concepts:
- Contexts
- like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside.
- Users
- like Fred.
- Capabilities
- like "reply to posts". These are particular things that users should, or should not, be allowed to do.
- Roles
- Do not appear in the question above, but are important in working out the answer. Users are not given capabilities directly. Instead users are assigned roles, and the Roles give or take away capabilities.
- Role assignments
- A role assignment says a certain user has a certain role in a certain context. This role assignment will have an effect on which capabilities the user has in that context, and every context inside it.
- Role definition and Permissions
- The definition of a role assigns a permission (Not set, Allow, Prevent or Prohibit) to each capability.
- Role overrides
- change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities.
The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user, showing all the role assignments, or for a fixed capability, showing all the role definitions and overrides.
Map of where you are in the contexts
On any page to do with roles that relates to a particular context, there will be a block on the right of the screen which shows you where that context is within the Moodle system. That is, it will show you the chain of parent contexts, all the way up to the System context, and also what child contexts there are.
User's roles report
This report, available to administrators, lists all the roles assigned to a particular user anywhere in the system. This was available as a stand-alone report plugin for Moodle 1.9. In Moodle 2.0, it will be integrated as a tab in the user profile. As well as just listing the role assignments, it allows you to remove any of them.
MDL-14937 / http://moodle.org/mod/data/view.php?d=13&rid=1005
Capability report
This report, available to administrators, shows you the permissions for one particular capability throughout the system. That is, it shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden.
TODO Screenshot
Explain permissions page
This will appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab will let you select a user, and then will show you, for that user, which capabilities they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability.
Changes to how roles are defined and assigned
Improved widget for selecting users
On pages like assign role and add group members, where you need to select users from one list, and add them to another, the interface for searching for and selecting users has been improved. In particular you will be able to search both the lists of potential users, and the list of people who already have the role or are in the group. The search can now consider any combination of email address, user id number and username, and the search happens automatically when you stop typing, there is no need to click the search button and wait for the page to reload.
MDL-16966 / Ajax_user_selector
Restrictions on which roles can be assigned in which contexts
Search box on the define/override roles pages
Simplified define/override role page, with show advanced
See also
- MDL-8524 Meta bug tracking a lot of roles improvements.
- Roles and Capabilities forum
- Roadmap
