moodle-mod_customcert icon indicating copy to clipboard operation
moodle-mod_customcert copied to clipboard

Published 20 hours ago verified publisher icon mdjnelson

Certificate gets generated for non editing teachers

Open demontech opened this issue 4 years ago • 13 comments

Hi Mark,

I'm using M3.6 with php 7.0 and mysql 5.7 with 3.6.6 (2018120306), and everytime I add or change the role inside the course to someone with the role of non editing teacher a certificate gets generated for that user.

Here are the settings for it:

image

Thank you for this great plugin!

demontech avatar Jun 26 '20 16:06 demontech

When you say it gets generated do you mean they get emailed a certificate? I suspect it's because non-editing teachers are now able to view it regardless of the completion state. If you log in as one of those teachers can you confirm if they can or can not see the certificate?

mdjnelson avatar Jun 28 '20 17:06 mdjnelson

yes it got emailed, and yes those non editing teachers can see their certificates, but this does not happen with teacher or manager role only for non-editing teachers.

If I delete the issued certificate record from the table, it gets generated back again.

Thank you for checking this!

demontech avatar Jun 28 '20 18:06 demontech

I have made some logic changes to when a certificate gets emailed. See https://github.com/mdjnelson/moodle-mod_customcert/blob/MOODLE_36_STABLE/classes/task/email_certificate_task.php#L115.

Any users with the ability to manage the certificate do not get emailed, and any user that does not have the capability 'mod/customcert:receiveissue' do not get it.

However, the above logic is not present in the plugins database as I still have a few more changes I have to do. The current logic is

// Only email those with the capability to receive the certificate.
if (!has_capability('mod/customcert:receiveissue', $context, $enroluser->id)) {
    continue;
}

Does the non-editing teacher have this capability?

mdjnelson avatar Sep 20 '20 14:09 mdjnelson

It seems this bug is not just for managers, but, in my instance, for a custom role with Student archetype BUT system context instead of student context (course and activity), enrolled users with this system custom role always receive the certificate.

calbasi avatar Oct 15 '20 12:10 calbasi

@mdjnelson is the current version in GitHub ok to upgrade to now?

Looking to fix some issues with cron load by the scheduled task and want to test the latest version but not if you're still working on it. The plugins DB still has the older version without the this fix in it.

alex-rowe avatar Nov 01 '20 23:11 alex-rowe

Sorry, I haven't been able to update the plugin DB as I wanted to include more features before I made an official release. I am currently in a bit of a dilemma being in Europe and coming to the end of my lease and whether I should return home (Australia) or not, and if I was to return which flight to take with the COVID situation. The flights are so expensive and people are getting bumped off them so I may have to fly business class and I don't exactly have much money, ugh .. anyways enough ranting.

tl;dr It's fine to work off the github repo. I recommend it actually.

mdjnelson avatar Nov 03 '20 17:11 mdjnelson

this problem as reported, is currently occurring with mod_customcert 3.5.9 2018051710 version installed in moodle with Moodle 3.5.18 (Build: 20210510)

jrojas-garrido avatar Jul 08 '21 12:07 jrojas-garrido

The 3.5 branch is no longer supported.

mdjnelson avatar Jul 12 '21 09:07 mdjnelson

Can anyone confirm whether this has been fixed with the latest code changes?

mdjnelson avatar Jul 12 '21 10:07 mdjnelson

"I have made some logic changes to when a certificate gets emailed. ... Any users with the ability to manage the certificate do not get emailed" Would it be possible to instead award the certificate on the basis of whether the certificate activity is visible and available, rather than whether it's uservisible? I think this would allow teachers to check how the certificate will work for students by enrolling themselves as students.

james-cnz avatar Aug 18 '21 23:08 james-cnz

I can confirm the same issue with Moodle 4.1. Case: User has system-level role of "coursecreator" and on Course-level the role of "student". As soon as this user is enrolled in a course with custom-certificate (with issue of cert conditioned with completion of an activity) a certificate is being issues for this user, without even a prior login of the same user.

peta3000 avatar May 24 '23 13:05 peta3000

That makes sense. It looks like Course creators have the permission moodle/course:ignoreavailabilityrestrictions but don't have the permission mod/customcert:manage .

I just thought, too, it could be possible for someone to have the permission mod/customcert:manage but still want to actually enrol as a student and receive a certificate. I'm a Moodle admin at my organisation, and have to do the Health & Safety course (it happens to use badges, not Custom certificate, but I think it could have been an issue).

I had a look at the function for setting uservisible, to see if anything is missed by checking just visible and available. It looks like it also checks that the activity isn't in the process of being deleted, and would check the permission mod/customcert:view , so I guess it would be best to keep the uservisible check and add visible and available too.

So I think this would work instead of the existing uservisible and mod/customcert:manage checks:

if (!$cm->uservisible || !$cm->visible || !$cm->available) {
    continue;
}

james-cnz avatar May 25 '23 06:05 james-cnz

It looks like there are related issues #367, #385, #508, and #519.

james-cnz avatar May 29 '23 00:05 james-cnz