It looks to me as though the patch is requiring the user to be enrolled
in the current module (which seems to be what it should be doing) but
fails to allow for admin users who do not need to be enrolled to gain
access. I think the method needs an alternative SQL statement for admin
accounts.
Stephen
On 20/11/2015 10:46, Stephen Broadbridge wrote:
> Hi All
>
> At the University of Sheffield, on a new installation of a WebPA server,
> we have had a problem which manifests like this. A user who is an
> Instructor on one or more module(s) which use(s) WebPA can normally
> access the instructor content for each of these modules. However, if the
> user is also a Student on any module which uses WebPA then the user can
> no longer access the instructor content on any course. The instructor
> only gets the Student view of this data. A workaround that resolves
> this issue is to change the enrolments of the Instructor so that (s)he
> is no longer a Student on any module After this has been done,
> instructor content for WebPA can be seen for all modules. This issue is
> reversible. It can be re-instated by making the user into a student
> again on just one module.
>
> This issue was originally identified by a former colleague who obtained
> and installed the following patch on the old server: -
> <patch>
> diff --git a/includes/classes/class_engcis.php
> b/includes/classes/class_engcis.php
> index 02978e8..7e13f01 100755
> --- a/includes/classes/class_engcis.php
> +++ b/includes/classes/class_engcis.php
> @@ -366,7 +366,7 @@ class EngCIS {
> } else { // else, just return one row
> $sql = "SELECT u.*, um.user_type
> FROM " . APP__DB_TABLE_PREFIX . "user u LEFT OUTER JOIN " .
> APP__DB_TABLE_PREFIX . "user_module um ON u.user_id = um.user_id
> - WHERE (u.user_id IN {$user_set})
> + WHERE (u.user_id IN {$user_set}) AND (um.module_id =
> {$_module_id})
> LIMIT 1";
> return $this->_DAO->fetch_row($sql);
> }
> </patch>
>
> This patch does seem to fix the issue with users who are instructors
> losing access to WebPA instructor data if they are or, become a Student,
> on any module. However, after applying this patch, it becomes
> impossible to log in to the WebPA service directly as an Admin user.
> This issue is also reversible. Removing the patch fixes the Admin
> access issue. Reinstating the patch brings back the Admin access issue.
>
> My questions are: -
> 1) Have other users of this product observed the same behaviour?
> 2) Is there a subsequent patch that fixes both the Instructor/Student
> issue and the Admin login issue?
>
> Regards
>
> Stephen
>
|