Project

General

Profile

Bug #7448

Coaches submit responses to attempts while response is forbidden.

Added by Torkil Zachariassen about 5 years ago. Updated over 4 years ago.

Status:
Bug resolved
Priority:
Normal
Assignee:
Angel Quiroz
Category:
Exercises
Target version:
1.10.0
Start date:
15/12/2014
Due date:
% Done:

100%

Estimated time:
3.00 h
Spent time:
6.35 h
Complexity:
Normal
SCRUM pts - complexity:
?

Description

While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.

Bug: The coaches should be presented with working functionality only, that is no text areas nor any grade or submit button when allow_coach_to_edit_course_session if false.

We managed to debug the issue, and after setting "Allow coaches to edit inside course sessions" back 'Yes', almost everybody was happy again. This has unwanted side effects as it allows the coaches much more than just to grade the activity, which was their actual request.

Support: I wonder if something like "Allow coaches to grade and comment attempts inside course sessions" is availiable somehow ?

Regards Torkil on Chamilo-1.9.8.2, CentOS-7.0.1406, httpd-2.4.6, php-5.4.16, mariadb-5.5.40

Files

CorrectTestFails.ogv (6.01 MB) CorrectTestFails.ogv Correcting a test fails Torkil Zachariassen, 07/04/2015 23:12

Related issues

Related to Chamilo LMS - Bug #7541: Feedback not storedBug resolved23/02/2015

Actions
Related to Chamilo LMS - Bug #7588: Comments for test results don't show up!Bug resolved18/03/2015

Actions

Associated revisions

Revision 9a04803f (diff)
Added by Angel Fernando Quiroz Campos over 4 years ago

Add setting to allow feedback from coaches on exercise results - refs #7448

Revision cd77a3ef (diff)
Added by Angel Fernando Quiroz Campos over 4 years ago

Not allow edit feedback to coach on exercise result - refs #7448

Revision a36131b4 (diff)
Added by Angel Fernando Quiroz Campos over 4 years ago

Update database version - refs #7448

Revision 297089e5 (diff)
Added by Angel Fernando Quiroz Campos over 4 years ago

Minor - Update language files - refs #7448

History

#1

Updated by Julio Montoya about 5 years ago

  • Status changed from New to Needs more info
  • Target version set to 1.10.0

Torkil Zachariassen wrote:

While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.

When "Allow coaches to edit inside course sessions" is set to "No" course coaches can't access to the exercise results or edit user results.

Check course:

https://stable.chamilo.org/main/exercice/exercice.php?gradebook=&cidReq=TEST1&id_session=13&gidReq=0&origin=

l/p: coach/coach

#2

Updated by Torkil Zachariassen about 5 years ago

Pardon for being unclear in the bug report

While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.

should have been

While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the submit button fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.

This frustrated my 110 teachers, which actually were able to access (view) the exercise results of their respective students, while the "No" setting was in effect. (This is was the actual bug.)

As we can not reproduce this effect now, given the global setting "Allow coaches to edit inside course sessions" has been
changed to "Yes" in our production environment, I suppose this report should be closed with a "Will not fix" or similar statement.

Our environment (a central authority and 50 independent schools) might be odd, but sometimes we will allow teachers to view and evaluate exercise results (the "teaching system"), and sometimes not (the "evaluation" system), in which case an independent (central) group will evaluate the exercises, and school directors will be able to access the results through a HR role. It seems we will have to implement Chamilo twice for these two different sets of rules. This is ok for me.

#3

Updated by Yannick Warnier about 5 years ago

  • Category set to Exercises
  • Status changed from Needs more info to Assigned
  • Assignee set to Julio Montoya
  • Target version changed from 1.10.0 to 1.9.10
#4

Updated by Yannick Warnier about 5 years ago

  • Status changed from Assigned to Needs more info
  • Assignee deleted (Julio Montoya)
  • Target version changed from 1.9.10 to 1.10.0

I'll maintain it open for a while, just in case we have time to reproduce it, but postpone it to a later version (again)

#5

Updated by Yannick Warnier almost 5 years ago

  • Status changed from Needs more info to Rejected - Abandoned

Closing now, as this doesn't seem to have generated further issues.

#6

Updated by Torkil Zachariassen almost 5 years ago

After upgrading to 1.9.10 we were able to reproduce the original error, and made a little film to illustrate the problem at hand.

In 1.9.8 we managed to resolve the issue by using a $is_ok variable defined like this

$is_ok=api_is_course_session_coach(api_get_user_id(), api_get_course_id(), api_get_session_id());

and by adding the $is_ok variable at various places in exercise_report.php.

Currently we are working on a resolution of this in 1.9.10.

To be continued ...

#7

Updated by Torkil Zachariassen almost 5 years ago

  • Tracker changed from Support to Bug
  • Status changed from Rejected - Abandoned to Assigned
  • Assignee set to Torkil Zachariassen
  • % Done changed from 0 to 50
  • Estimated time set to 3.00 h
#8

Updated by Yannick Warnier over 4 years ago

Will be postponed to next version if no update within 5 days.

#9

Updated by Julio Montoya over 4 years ago

  • Status changed from Assigned to Needs more info
  • Assignee deleted (Torkil Zachariassen)

This should be fixed already in 1.10

Problem was in the URL no api_get_cidreq

I applied a fix:

https://github.com/chamilo/chamilo-lms/commit/947883b970fc5556f19c2a4997531adba9ecf0fb

#10

Updated by Yannick Warnier over 4 years ago

  • Status changed from Needs more info to Needs testing
  • Assignee set to Angel Quiroz
#11

Updated by Angel Quiroz over 4 years ago

When allow_coach_to_edit_course_session is false then should not be able to comment; should not appear the feedback form.

I disabled the option to comment on the review exercise for tutors. But I added a settings_current (allow_coach_feedback_exercises) to enable it, no matter what allow_coach_to_edit_course_session is false

PR: https://github.com/chamilo/chamilo-lms/pull/798

#12

Updated by Angel Quiroz over 4 years ago

  • Assignee deleted (Angel Quiroz)
#13

Updated by Yannick Warnier over 4 years ago

  • Status changed from Needs testing to Assigned
  • Assignee set to Julio Montoya
#14

Updated by Julio Montoya over 4 years ago

  • Assignee changed from Julio Montoya to Yannick Warnier

Why the allow_coach_feedback_exercises was created? A request for a client?

A settings that undoes another setting is not a very good idea ...

#15

Updated by Yannick Warnier over 4 years ago

  • Status changed from Assigned to Needs testing
  • Assignee changed from Yannick Warnier to Julio Montoya

Because the other option (allow coaches to edit) is very generical. The allow_coach_feedback_exercises option is more specific, so you can remove the permissions in general but let the coach edit the exercises only, if you want.
I know... it's a bit far-fetched and I don't think many people will use it, but it fixes the issue reported, together with adding a reasonnable flexibility.

Julio, is there a need to update unstable.chamilo.org manually or is there an automated doctrine command that goes with the cron update?

Torkil, you're in charge to review this on https://unstable.chamilo.org/
Otherwise it will be considered closed in 5 days.

#16

Updated by Yannick Warnier over 4 years ago

  • % Done changed from 50 to 80
#17

Updated by Julio Montoya over 4 years ago

  • Status changed from Needs testing to Needs more info
  • Assignee changed from Julio Montoya to Yannick Warnier

Yannick Warnier wrote:

Because the other option (allow coaches to edit) is very generical. The allow_coach_feedback_exercises option is more specific, so you can remove the permissions in general but let the coach edit the exercises only, if you want.
I know... it's a bit far-fetched and I don't think many people will use it, but it fixes the issue reported, together with adding a reasonnable flexibility.

Julio, is there a need to update unstable.chamilo.org manually or is there an automated doctrine command that goes with the cron update?

This command will update the DB based in the entities.

php bin/doctrine.php orm:schema-tool:update --force

This command will run pending migrations based in the migration status here.
Be careful, by default the version status is "0" in fresh install.

php bin/doctrine.php migrations:migrate --configuration=app/config/migrations.yml

To see the current status:

php bin/doctrine.php migrations:status --configuration=app/config/migrations.yml
#18

Updated by Yannick Warnier over 4 years ago

  • Status changed from Needs more info to Bug resolved
  • Assignee changed from Yannick Warnier to Angel Quiroz
  • % Done changed from 80 to 100

Closed (no feedback and reasonable solution provided for 1.10.0)

Also available in: Atom PDF