Cannot edit courses as course creator

[michzimny]

I have followed the video by Nadav and prepared a course with "Category Auto Enrol" block. It is meant to auto assign role 'course creator' for users enrolled to that course.

Enrol to my course at https://learn-dev.test.up2university.eu/ using code 'v9rmpj'. Please use non-admin user! You should be given course creator role in category "Poland / Teacher training". Now you can create courses and delete courses you create. However, you cannot edit any of such courses. What's wrong?

You can watch my steps here: https://drive.google.com/file/d/1n3cMYY3MYakBfNXuCAzodJgCX3E5MD3n/view

[nadavkav]

A teacher that got a Course creator role in a category, and created a course for him/her self, should also add himself/herself as a teacher to that course, to edit it. (as course creator role is not meant to be able to edit courses) It seems, what was obvious to me was missing from the documentation. sorry.

[michzimny]

How can such a teacher add himself to that course on its creation?

[nadavkav]

Manually, go into course enrollments and add himself as a teacher. I can not do it automatically, since the course is not available until the teacher decide to create it. If we are creating courses automatically (somehow) we can automatically enroll the teacher into the course with role teacher. but this involves more development.

On Wed, Jun 6, 2018 at 1:06 AM Michał Zimniewicz notifications@github.com wrote:

How can such a teacher add himself to that course on its creation?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/up2university/docker-moodle/issues/81#issuecomment-394875906, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOHAMvYaXOSJsNB3E_nDy-otfVHTXnUks5t5wD6gaJpZM4UbBYg .

[michzimny]

go into course enrollments

This must be done by an admin, right? Since we disabled manual enrollments for regular user.

We have designed the procedure to grant course creator role using this block. Is such user with course creator role currently able to enrol himself anyhow to courses he creates?

[nadavkav]

I forgot manual enrollment was disabled. oups. I think you should enable it for course creator role (only) what do you think?

On Wed, Jun 6, 2018 at 9:21 AM Michał Zimniewicz notifications@github.com wrote:

go into course enrollments

This must be done by an admin, right? Since we disabled manual enrollments for regular user.

We have designed the procedure to grant course creator role using this block. Is such user with course creator role currently able to enrol himself anyhow to courses he creates?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/up2university/docker-moodle/issues/81#issuecomment-394953695, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOHANT8NRATyNCh7n6AmjsWeKE4u1esks5t53TbgaJpZM4UbBYg .

[michzimny]

If we enable it for course creators, then they will be see this option only in 'their' course categories, right?

[nadavkav]

Yes

On Wed, Jun 6, 2018 at 12:17 PM Michał Zimniewicz notifications@github.com wrote:

If we enable it for course creators, then they will be see this option only in 'their' course categories, right?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/up2university/docker-moodle/issues/81#issuecomment-395002745, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOHAMcYocrI25EPjO9i1vo9m_HHg0vkks5t554fgaJpZM4UbBYg .

[michzimny]

Then ok, I think we must do it.

@nadavkav, are you able to say how to make the appropriate setting persistent to bring it to all instances?

@athird, could you help with this?

[michzimny]

@nadavkav, instruct me also how could I set it like this manually, please.

[nadavkav]

An administrator should allow course creator to assign role teacher in the following matrix:

[michzimny]

Thanks. Just tested, it works.

However, now any teacher can again list all the users in the system. It's bad. We need somehow solve this one and #52.

[michzimny]

@athird, the setting of "allow role assignments" as above require now to be persistified across instances.

[athird]

@michzimny OK.

@nadavkav It looks like this might be able to be done with moosh, by adding capabilities to roles. Can it? If you know the commands to use (or other ways of doing it programmatically), that would be great. If not, I'll do more digging. :-)

[nadavkav]

There is no specific MOOSH command for this, as far as I can tell. but, you can use MOOSH run-sql command with the following SQL statement: INSERT INTO mdl_role_allow_assign (roleid,allowassign) VALUES('2','3') roleid 2 is manager and allowassign 3 is teacher

[athird]

OK, what was the conclusion of the discussion about this with regard to #52? Just remove the capabilities 'enrol/manual:enrol', 'enrol/manual:manage' and 'enrol/manual:unenrol' from the 'teacher' role?

@nadavkav I have the same question again about automating this, via moosh or SQL. :-D

[nadavkav]

@athird I will get back to you with an answer for this, over the weekend. (I was very very busy the last few weeks, with to much conferences I was organizing, on my plate ;-)

[michzimny]

First, I think we still do not have a solution for the both issues (allow course creators be enrolled to newly-created courses AND prevent all regular users, including course creators and course managers, from listing all users).

I have the following settings in learn-dev as suggested by Nadav here and by mails: and managing the role teacher:

As a result, as a regular user, I'm experiencing what is described in the first message here. I'm course creator but cannot edit my newly-created courses. It's happening in both cases, when "Enrol users" above is enabled, and also when it's not.

May I ask you to configure learn-dev to solve the both issues? Please try the scenario also as non-admin user.

In the next step, we will manage how to persistify the right settings.

[athird]

@nadavkav I think we really need a lot of input from you on this and this together, please! @msbachler is having the same issue that @michzimny reported in his last comment above - course creators aren't getting enrolment rights to their own courses. And what we've tried in terms of changing role capabilities doesn't seem to be making a difference either to creator enrolment or to the (undesired) ability to list all users. Would you be able to have a deep look at these issues in combination, please, and see if you can suggest anything to solve them together?

We're just getting ourselves more confused here. :-)

[nadavkav]

@michzimny @athird Sorry for the delay in response, as the last week+ I was unable to login into Up2U Moodle instances, to experience those issues, hands on. Now, the SSO is fixed. so I logged in and tried to see if I can help...

I read through the comments on both this issue and issue #52 , to refresh my memory, as it has been a while since I was updated about the project. sorry for not being more available.

The "Category auto enrol" plugin is enrolling the teacher with a "course creator" role on a category level, and not on a course level, since there is no course yet. once the teacher creates a course manually, he/she needs to enrol her/himself into the course as an "editing teacher" role. they do not need to enroll themselves as "course creator" roles, as they already enrolled by that role on a category level.

About viewing users details... I am not entirely sure, but you could try to go into the "course creator" role definitions: https://learn.test.up2university.eu/admin/roles/define.php?action=edit&roleid=2 And change view to "advanced" (1) and filter all "user" (2) related capabilities, and set them to "prevent" Which might remove the ability of any user with "course creator" role from viewing sensitive user details.

Hope those answer help, if not... Please send me an email describing the situation, as I feel I am a little bit lost and out of sync with the current state of the project. or we could have a quick online session.

[athird]

@nadavkav I'm a bit lost with this issue too. I thought (from the documentation) that the creatornewroleid setting (set to "editing teacher") would cause course creators to be enrolled automatically as editing teachers in their courses. For some reason, this doesn't work on learn.test, when I try it, and I don't know why not. If it did, I could test what happens when those user-related privileges are removed.

Would you have time to play with it (or delegate to someone else to play with it?), and figure out what combination of settings will allow both 1) course creator auto-enrolment as an editing teacher, and 2) all non-admin user unable to list all users, by any chance? @michzimny, correct me if I haven't stated what we're looking for properly.

[nadavkav]

It seems like a challenging flow. rethinking it... we might want to remove the user (the teacher) from being a "course creator" on the category level after he/she open a course and enrol him/her self into it as an "editingteacher". Another option, is to drop this flow, and maybe activate the "Course request" feature in Moodle, and let a country's coordinator approve the course and move it to its proper category. What do you think?

[Callustian]

Hello, I think it is possible to hide some of the data that are related to a course participant (like email address) from the list of users. Is it acceptable to do this instead of hiding the list of all users? Admittedly I haven't tried this in combination with enabling a course creator to also edit the course. What is you opinion, if I may ask? Thanks.

[Callustian]

@nadavkav, @michzimny @athird, any opinion? Thanks.

[nadavkav]

@Callustian I am not deeply familiar with the EU GDPR regulation regarding what exactly is needed to hide to get the proper privacy about the user's details. Moodle security settings allow an admin to hide the email (and other user properties) from all the UI and pages where a list of users is displayed. It's not only from the enrolment dialog, but from all lists (grading book, assignment grading table, participants, ... ) So just make sure it works for you and the teachers running the course. as they might object to removing the email bit.

[Callustian]

@nadavkav and @athird: My level of experience of moodle is very low, therefore I apologise if this is obviously wrong to you. I learn you can disable the participants page for teachers, users, and so on (Home/Courses/<course name>/Users/Permissions View Participants). You can still list the enrolled people. However, the page contains only the email if I understand properly. If this satisfies:

2. all non-admin user unable to list all users

I would appreciate some suggestion about how to ensure that :

1. course creator auto-enrols as an editing teacher

Thanks.

[michzimny]

I think it is possible to hide some of the data that are related to a course participant (like email address) from the list of users. Is it acceptable to do this instead of hiding the list of all users?

@andreacorleto, who could answer that? I think it depends on what we say in the privacy notice.

[Callustian]

@michzimny : Thank you for your comment. @nadavkav answered to this question saying that it is possible to hide the data for the entire site, and possibly this is not what we want. The latest suggestion I have is: it is possible to hide the list of participants from people according to their role. However I don't have a solution about doing this for the entire site. I know how to do this for every course.

[Callustian]

Sorry. I didn't mean to end the conversation. I think I need to discuss my findings with @athird

[andreacorleto]

I think it is possible to hide some of the data that are related to a course participant (like email address) from the list of users. Is it acceptable to do this instead of hiding the list of all users? @andreacorleto, who could answer that? I think it depends on what we say in the privacy notice.

I agree with @michzimny , it can depend on what we say in the privacy notice. Hide data related to a course participant, except his/her name, could be enough if we state it clearly in the privacy notice.

[michzimny]

The current status is that @Dimitrispant is course creator in a category in the production instance. He created a course, and is not enroled to the course, and cannot do nothing with the course. The expected behvarious is that he becomes a manager of this course.

It is still the same what I described in the first comment here.

This is very critical as we have users, for which we need to enable this flow.

[Callustian]

@michzimny I logged to the

dev https://learn-dev.test.up2university.eu/ teachers https://learn.test.up2university.eu/

machines. The standard role for a course creator is editing teacher. I don't know if a course creator of a production machine is also a teacher since I would need to log as administrator. At the moment I have a student account for the production machine. If the standard role is teacher we could change the standard role to manager. However, I think we should discuss this with @athird that, at the moment, is having family problem. Do you have any suggestion, please? Thanks

[Callustian]

Hi @michzimny . I am able to log to the production machine and I can confirm that the standard role for course creators is editing teacher. Could you ask @Dimitrispant how I could replicate the issue (I would try on the dev machines). Thanks.

[Callustian]

Hi @michzimny .Would a Manager self-enrolment with key solve @Dimitrispant 's problem? I could create a self-enrolment method for user's with a key. This seems a good solution to me. What do you think?

[Dimitrispant]

@Callustian Regarding the issue, I was a course creator on a specific category (Pilot Countries/Demo) on the production instance. So when I created a new course, I was not enrolled on this and I had to be enrolled by an administrator with the enrollment code. When I was finally enrolled with the enrollment code, I was just a student.

[Callustian]

Hi @Dimitrispant, Thank you for your reply. It is possible to create a self enrolment method for course creators.

However I think I understand now the things this ticket asks. A category with a course of course creators doesn't allow a course creator to edit a created course. So it is not possible to enrol anyone. I am puzzled. However I am working to solve this.

[Callustian]

@Dimitrispant If you want to change role on that course I think I can customise this. I could add some keys for other people to enrol with a manager role, if needed. However, I have to solve this problem more generally.

[Callustian]

@michzimny This ( https://moodle.org/mod/forum/discuss.php?d=338370 ) seems to work [last comment].

I enabled the proper enrolment for dev https://learn-dev.test.up2university.eu/ teachers https://learn.test.up2university.eu/

I have not enabled the enrolment for production. Shall you do this, or do you want me to enable the proper enrolment? Thanks.

[michzimny]

@Callustian, please enable the enrolment of course creators also for production.

Next, we would need to persistify this new configuration in the env files not to lose these changes after deployments.

[Callustian]

@michzimny I have enabled the enrolment of course creators for production and I am starting to make the code changes to persist the setting.

[Callustian]

@michzimny I added the code to persist the setting to ( https://github.com/up2university/docker-moodle/tree/Issue_%2381 )