[Xerte-dev] Re: Moving the moodle restriction code?
Ron Mitchell
ronm at mitchellmedia.co.uk
Tue Nov 24 11:43:05 GMT 2015
Ok I'll make those changes.
What about the last block of code e.g.
if($xerte_toolkits_site->authentication_method == "Moodle") {
// skip session_start() as we'll probably stomp on Moodle's session if
we do.
}
else {
session_start();
}
Does that need to remain in auth_config.php and can that move to
moodle_restrictions.php too? I'll test that but have a hunch that needs to
remain where it is?
We need to be careful about those upgrading so I'm not sure auth_config.php
should be removed in case an admin updates the code but doesn't run
upgrade.php - does the new code account for that scenario?
Need to update various bits of the documentation once that code is merged?
Ron
From: xerte-dev-bounces at lists.nottingham.ac.uk
[mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Tom Reijnders
Sent: 24 November 2015 11:30
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Moving the moodle restriction code?
Agree. That should work nicely. Also it solves another issue: What to do
with that code if I merge in the code that Len did to be able to set
authentication during setup and in the management page.
Op 24-11-2015 om 12:29 schreef Ron Mitchell:
Hi all
I was made aware of a slight issue with the Moodle authentication recently
and have investigated further and confirmed that in certain scenarios there
is an issue but I think an easy enough fix.
In auth_config.php we have some uncommented and commented code specific to
moodle authentication. First we have an uncommented/active section of code
where it checks if the authentication method set is Moodle and if so then
checks if the logged in username is guest and if it is displays a you don't
have permissions message to prevent guest users from authoring with xerte.
We've had this for a long time and it mostly works ok but if the moodle
allows guest login to courses that contain links to public xerte LO's this
code also prevents access to those LO's not just to the workspace. If
someone visits the public links without first logging in to Moodle as guest
then it works fine. I think this has been the case for quite a while now but
isn't often picked up as an issue because it's only an issue in this
specific scenario. I also think it only became an issue when the
authentication code was moved in a much earlier version.
I've tested the following but wanted to check your thoughts before making
the changes and committing..
1. Move the uncommented //restrict moodle guest access code and the
commented //restrict moodle access via custom moodle profile field named xot
code to a new file names moodle_restrictions.php
2. add a require to that file around line 46 of index.php just under
login_processing2();
3. Update moodle_integration_readme.txt accordingly
This change means that the code still works and prevents access to the
authoring workspace but doesn't prevent access to public LO's even if logged
in to moodle as guest.
Ok for me to make and commit these changes?
Or is there a different/better way to achieve this?
Ron
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
--
--
Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20151124/25cdb865/attachment-0001.html>
More information about the Xerte-dev
mailing list