[Xerte-dev] Re: Moving the moodle restriction code?

Tom Reijnders reijnders at tor.nl
Tue Nov 24 11:29:52 GMT 2015


Agree. That should work nicely. Also it solves another issue: What to do 
with that code if I merge in the code that Len did to be able to set 
authentication during setup and in the management page.

Op 24-11-2015 om 12:29 schreef Ron Mitchell:
>
> Hi all
>
> I was made aware of a slight issue with the Moodle authentication 
> recently and have investigated further and confirmed that in certain 
> scenarios there is an issue but I think an easy enough fix…
>
> In auth_config.php we have some uncommented and commented code 
> specific to moodle authentication. First we have an uncommented/active 
> section of code where it checks if the authentication method set is 
> Moodle and if so then checks if the logged in username is guest and if 
> it is displays a you don't have permissions message to prevent guest 
> users from authoring with xerte. We've had this for a long time and it 
> mostly works ok but if the moodle allows guest login to courses that 
> contain links to public xerte LO's this code also prevents access to 
> those LO's not just to the workspace. If someone visits the public 
> links without first logging in to Moodle as guest then it works fine. 
> I think this has been the case for quite a while now but isn't often 
> picked up as an issue because it's only an issue in this specific 
> scenario. I also think it only became an issue when the authentication 
> code was moved in a much earlier version.
>
> I've tested the following but wanted to check your thoughts before 
> making the changes and committing….
>
> 1. Move the uncommented //restrict moodle guest access code and the 
> commented //restrict moodle access via custom moodle profile field 
> named xot code to a new file names moodle_restrictions.php
>
> 2. add a require to that file around  line 46 of index.php just under 
> login_processing2();
>
> 3. Update moodle_integration_readme.txt accordingly
>
> This change means that the code still works and prevents access to the 
> authoring workspace but doesn't prevent access to public LO's even if 
> logged in to moodle as guest.
>
> Ok for me to make and commit these changes?
>
> Or is there a different/better way to achieve this?
>
> Ron
>
>
> This message and any attachment are intended solely for the addressee
> and may contain confidential information. If you have received this
> message in error, please send it back to me, and immediately delete it.
>
> Please do not use, copy or disclose the information contained in this
> message or in any attachment.  Any views or opinions expressed by the
> author of this email do not necessarily reflect the views of the
> University of Nottingham.
>
> This message has been checked for viruses but the contents of an
> attachment may still contain software viruses which could damage your
> computer system, you are advised to perform your own checks. Email
> communications with the University of Nottingham may be monitored as
> permitted by UK legislation.
>
>
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

-- 
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20151124/80438c45/attachment.html>


More information about the Xerte-dev mailing list