Bug #7448
Coaches submit responses to attempts while response is forbidden.
Description
While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.
Bug: The coaches should be presented with working functionality only, that is no text areas nor any grade or submit button when allow_coach_to_edit_course_session if false.
We managed to debug the issue, and after setting "Allow coaches to edit inside course sessions" back 'Yes', almost everybody was happy again. This has unwanted side effects as it allows the coaches much more than just to grade the activity, which was their actual request.
Support: I wonder if something like "Allow coaches to grade and comment attempts inside course sessions" is availiable somehow ?
Regards Torkil on Chamilo-1.9.8.2, CentOS-7.0.1406, httpd-2.4.6, php-5.4.16, mariadb-5.5.40
Files
Related issues
Associated revisions
Not allow edit feedback to coach on exercise result - refs #7448
Update database version - refs #7448
Minor - Update language files - refs #7448
History
Updated by Julio Montoya about 6 years ago
- Status changed from New to Needs more info
- Target version set to 1.10.0
Torkil Zachariassen wrote:
While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.
When "Allow coaches to edit inside course sessions" is set to "No" course coaches can't access to the exercise results or edit user results.
Check course:
l/p: coach/coach
Updated by Torkil Zachariassen about 6 years ago
Pardon for being unclear in the bug report
While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.
should have been
While the setting "Allow coaches to edit inside course sessions" is set to "No" coaches can still comment and grade the attempts their student made, just to find that the submit button fails with a comment that they were not authorized to use this function - which is correct, but difficult to debug.
This frustrated my 110 teachers, which actually were able to access (view) the exercise results of their respective students, while the "No" setting was in effect. (This is was the actual bug.)
As we can not reproduce this effect now, given the global setting "Allow coaches to edit inside course sessions" has been
changed to "Yes" in our production environment, I suppose this report should be closed with a "Will not fix" or similar statement.
Our environment (a central authority and 50 independent schools) might be odd, but sometimes we will allow teachers to view and evaluate exercise results (the "teaching system"), and sometimes not (the "evaluation" system), in which case an independent (central) group will evaluate the exercises, and school directors will be able to access the results through a HR role. It seems we will have to implement Chamilo twice for these two different sets of rules. This is ok for me.
Updated by Yannick Warnier about 6 years ago
- Category set to Exercises
- Status changed from Needs more info to Assigned
- Assignee set to Julio Montoya
- Target version changed from 1.10.0 to 1.9.10
Updated by Yannick Warnier about 6 years ago
- Status changed from Assigned to Needs more info
- Assignee deleted (
Julio Montoya) - Target version changed from 1.9.10 to 1.10.0
I'll maintain it open for a while, just in case we have time to reproduce it, but postpone it to a later version (again)
Updated by Yannick Warnier almost 6 years ago
- Status changed from Needs more info to Rejected - Abandoned
Closing now, as this doesn't seem to have generated further issues.
Updated by Torkil Zachariassen almost 6 years ago
- File CorrectTestFails.ogv CorrectTestFails.ogv added
After upgrading to 1.9.10 we were able to reproduce the original error, and made a little film to illustrate the problem at hand.
In 1.9.8 we managed to resolve the issue by using a $is_ok variable defined like this
$is_ok=api_is_course_session_coach(api_get_user_id(), api_get_course_id(), api_get_session_id());
and by adding the $is_ok variable at various places in exercise_report.php.
Currently we are working on a resolution of this in 1.9.10.
To be continued ...
Updated by Torkil Zachariassen almost 6 years ago
- Tracker changed from Support to Bug
- Status changed from Rejected - Abandoned to Assigned
- Assignee set to Torkil Zachariassen
- % Done changed from 0 to 50
- Estimated time set to 3.00 h
Updated by Yannick Warnier over 5 years ago
Will be postponed to next version if no update within 5 days.
Updated by Julio Montoya over 5 years ago
- Status changed from Assigned to Needs more info
- Assignee deleted (
Torkil Zachariassen)
This should be fixed already in 1.10
Problem was in the URL no api_get_cidreq
I applied a fix:
https://github.com/chamilo/chamilo-lms/commit/947883b970fc5556f19c2a4997531adba9ecf0fb
Updated by Yannick Warnier over 5 years ago
- Status changed from Needs more info to Needs testing
- Assignee set to Angel Quiroz
Updated by Angel Quiroz over 5 years ago
When allow_coach_to_edit_course_session is false then should not be able to comment; should not appear the feedback form.
I disabled the option to comment on the review exercise for tutors. But I added a settings_current (allow_coach_feedback_exercises) to enable it, no matter what allow_coach_to_edit_course_session is false
Updated by Yannick Warnier over 5 years ago
- Status changed from Needs testing to Assigned
- Assignee set to Julio Montoya
Updated by Julio Montoya over 5 years ago
- Assignee changed from Julio Montoya to Yannick Warnier
Why the allow_coach_feedback_exercises was created? A request for a client?
A settings that undoes another setting is not a very good idea ...
Updated by Yannick Warnier over 5 years ago
- Status changed from Assigned to Needs testing
- Assignee changed from Yannick Warnier to Julio Montoya
Because the other option (allow coaches to edit) is very generical. The allow_coach_feedback_exercises option is more specific, so you can remove the permissions in general but let the coach edit the exercises only, if you want.
I know... it's a bit far-fetched and I don't think many people will use it, but it fixes the issue reported, together with adding a reasonnable flexibility.
Julio, is there a need to update unstable.chamilo.org manually or is there an automated doctrine command that goes with the cron update?
Torkil, you're in charge to review this on https://unstable.chamilo.org/
Otherwise it will be considered closed in 5 days.
Updated by Julio Montoya over 5 years ago
- Status changed from Needs testing to Needs more info
- Assignee changed from Julio Montoya to Yannick Warnier
Yannick Warnier wrote:
Because the other option (allow coaches to edit) is very generical. The allow_coach_feedback_exercises option is more specific, so you can remove the permissions in general but let the coach edit the exercises only, if you want.
I know... it's a bit far-fetched and I don't think many people will use it, but it fixes the issue reported, together with adding a reasonnable flexibility.Julio, is there a need to update unstable.chamilo.org manually or is there an automated doctrine command that goes with the cron update?
This command will update the DB based in the entities.
php bin/doctrine.php orm:schema-tool:update --force
This command will run pending migrations based in the migration status here.
Be careful, by default the version status is "0" in fresh install.
php bin/doctrine.php migrations:migrate --configuration=app/config/migrations.yml
To see the current status:
php bin/doctrine.php migrations:status --configuration=app/config/migrations.yml
Updated by Yannick Warnier over 5 years ago
- Status changed from Needs more info to Bug resolved
- Assignee changed from Yannick Warnier to Angel Quiroz
- % Done changed from 80 to 100
Closed (no feedback and reasonable solution provided for 1.10.0)
Add setting to allow feedback from coaches on exercise results - refs #7448