Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Roles administration improvements for Moodle 2.0

From MoodleDocs

Moodle 2.0


Improving the usability of Moodle's Roles system is one of the main targets for Moodle 2.0.

This evolving page summarises a number of proposed changes to these administration interfaces, derived from community suggestions since Moodle 1.7.

We would really like your feedback on:

  1. the changes already proposed here
  2. any issues that you feel are not yet addressed

Please join the discussions and post your suggestions in the Roles and Capabilities forum.

Any item below that has a screen shot is already done. You can try it out by downloading a copy of Moodle 2.0 dev.

Views to help you understand your roles set-up

The roles system is designed to give administrators lots of flexibility in controlling who can do what where. That is, to let administrators control how Moodle answers questions like "Can user Fred reply to posts in the 'Give an example of poor usability' forum?" To understand that question and its answer, you need some key concepts:

Contexts
like the "'Give an example of poor usability' forum". These are areas within Moodle, and they are contained within each other, so that forum might be in the Usability course, which is in the Computing category of a Moodle system. You can think of this like folders on your hard disc contained within each other. Things that happen in one context have an effect on all the contexts inside.
Users
like Fred.
Capabilities
like "reply to posts". These are particular things that users should, or should not, be allowed to do.
Roles
Do not appear in the question above, but are important in working out the answer. Users are not given capabilities directly. Instead users are assigned roles, and the Roles give or take away capabilities.
Role assignments
A role assignment says a certain user has a certain role in a certain context. This role assignment will have an effect on which capabilities the user has in that context, and every context inside it.
Role definition and Permissions
The definition of a role assigns a permission (Not set, Allow, Prevent or Prohibit) to each capability.
Role overrides
change the definition of a particular role within a particular context and its sub-contexts by changing the permission associated with some capabilities.

The changes in this section are all about making these concepts more visible, and helping you see how things are set up in your system. Several of them involve taking a cross-section through the settings by fixing one thing and showing how the other things vary. For example for a fixed user and showing all their role assignments, or for a fixed capability, showing all the role definitions and overrides.


Map of where you are in the contexts

On any page to do with roles that relates to a particular context, there should be a "block" on the right of the screen which shows you the current context is within the Moodle system. It would show you the chain of parent contexts, all the way up to the System context, and also what child contexts there are.


User's roles report

This report, available to administrators, lists all the roles assigned to a particular user anywhere in the system and also allows you to remove any of them. This was available as a stand-alone report plugin for Moodle 1.9. In Moodle 2.0, it should be integrated as a tab in the user profile.


Capability report

This report, available to administrators, shows you the permissions for one particular capability throughout the system. It shows you the permission set for that capability in the definition of each role, and then everywhere in the system where those permissions are overridden.

Capabilityreport.png


Explain permissions page

This could appear as an 'Explain permissions' tab next to 'Assign roles' and 'Override permissions' to anyone who is allowed to do either of those things. That tab would let you select a user, and then will show you the permissions they have in this context. In addition, there will be a link from each capability to a detailed explanation of how the user's role assignments combine with the role definitions and overrides to give the answer yes/no to whether the user has that capability.

File:Explainpermissions.png


New 'Enrolment details' mode in the participants list

A new mode when looking at the participants list, available to people with the assign roles capability. It includes information about each users roles and group memberships in the table.

Participantslistwithenrolments.png


Changes to how roles are defined and assigned

Improved widget for selecting users

On pages like assign role and add group members, where you need to select users from one list, and add them to another, the interface for searching for and selecting users has been improved. In particular you will be able to search both the lists of potential users, and the list of people who already have the role or are in the group. The search can now consider any combination of email address, user id number and username, and the search happens automatically when you stop typing, there is no need to click the search button and wait for the page to reload.


Restrictions on which roles can be assigned in which contexts

Normally, it only makes sense to assign a user the role of administrator in the System context; or to assign the Student role in the course context. Therefore, we will add new information to the definition of each role, restricting which sorts of contexts it can be assigned in. This will reduce the irrelevant choices on the assign roles screens.


Search box on the define/override roles pages

The define roles screen lists over 200 capabilities. We can add a search box so that you can type something like 'forum' and just see just the matching capabilities. You can see this in action now in HEAD.

Capabilitysearch.png

Simplified define/override role page, with show advanced

When defining roles, you normally only need to use the Not set and Allow permissions. We can simplify the interface for defining roles to a single check-box next to each capability instead of the four radio buttons. A 'Show advanced' button would reveal the full four permissions when required. Similarly, on the override roles page, we can hide the Prohibit permission behind a show advanced button, leaving just Inherit, Allow and Prevent.


Prevent changes to the 'do everything' capability

By default, the Administrator role has a special capability 'moodle/site:doanything' that is important for the correct functioning of Moodle. People sometimes get into trouble when they change this setting. Similarly, it not sensible to give this capability to any other role. Therefore, we should make it impossible to change the permission for this capability in the definition of any role.


Don't let administrators unassign the administrator role from themselves

Moodle 1.6 had this feature, and it makes it much harder for people to lock themselves out of their Moodle site. We will reinstate this.

A way to easily assign one user roles in several contexts?

The Users' roles report (see above) already lets you remove any of a user's current role assignments. We might enhance it to allow you to add new role assignments for a user (however, we really need some suggestions on how this should work).


Other ideas that are not currently scheduled

There are some other ideas that have been suggested in the past, but are not currently scheduled to be included in the 2.0 release, unless we suddenly get extra time. I list them here for reference.

  • Roles override presets: MDL-9466
  • Easy way to assign mentors/parents to a lot of users: MDL-17068

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Roles_administration_improvements_for_Moodle_2.0&oldid=11426"
Powered by MediaWiki