Show data only to selected user in Quiz activity

Question

I am using Moodle 2.7 and in the Quiz activity there is the overview page for all attempts of the learners. The table is under mymoodle/mod/quiz/report.php?id=50&mode=overview

Right now only admin users or users with the capability 'mod/quiz:viewreports' can see the table. How to add users, without using any capability, who will be able to see this report?

Right now every user, without the capability gets the error from report.php:

$reportlist = quiz_report_list($context);
if (empty($reportlist) !totara_is_manager($userid)) {
    print_error('erroraccessingreport', 'quiz');
}

// Validate the requested report name.
if ($mode == '') {
    // Default to first accessible report and redirect.
    $url->param('mode', reset($reportlist));
    redirect($url);
} else if (!in_array($mode, $reportlist)) {
    print_error('erroraccessingreport', 'quiz');
}
if (!is_readable("report/$mode/report.php")) {
    print_error('reportnotfound', 'quiz', '', $mode);
}

The table function is under reportlib.php:

function quiz_report_list($context) {
    global $DB;
    static $reportlist = null;
    if (!is_null($reportlist)) {
        return $reportlist;
    }

    $reports = $DB->get_records('quiz_reports', null, 'displayorder DESC', 'name, capability');
    $reportdirs = core_component::get_plugin_list('quiz');
    // Order the reports tab in descending order of displayorder.
    $reportcaps = array();
    foreach ($reports as $key => $report) {
        if (array_key_exists($report->name, $reportdirs)) {
            $reportcaps[$report->name] = $report->capability;
        }
    }

    // Add any other reports, which are on disc but not in the DB, on the end.
    foreach ($reportdirs as $reportname => $notused) {
        if (!isset($reportcaps[$reportname])) {
            $reportcaps[$reportname] = null;
        }
    }
    $reportlist = array();
    foreach ($reportcaps as $name => $capability) {
        if (empty($capability)) {
            $capability = 'mod/quiz:viewreports';
        }
        if (has_capability($capability, $context)) {
            $reportlist[] = $name;
        }
    }
    return $reportlist;
}

I want to add designated people by their id, who will act as managers.

score 1 · Accepted Answer · answered Jul 01 '16 at 12:38

If you want to completely bypass the capabilities' mechanism for viewing reports, then you could always comment the array values in access.php corresponding to the key 'mod/quiz:viewreports'. In other words, you can go to /mod/quiz/db/access.php and substitute

// View the quiz reports.
'mod/quiz:viewreports' => array(
    'riskbitmask' => RISK_PERSONAL,
    'captype' => 'read',
    'contextlevel' => CONTEXT_MODULE,
    'archetypes' => array(
        'teacher' => CAP_ALLOW,
        'editingteacher' => CAP_ALLOW,
        'manager' => CAP_ALLOW
    )
),

with

// View the quiz reports.
'mod/quiz:viewreports' => array(
   // 'riskbitmask' => RISK_PERSONAL,
   // 'captype' => 'read',
   // 'contextlevel' => CONTEXT_MODULE,
   // 'archetypes' => array(
   //     'teacher' => CAP_ALLOW,
   //     'editingteacher' => CAP_ALLOW,
   //     'manager' => CAP_ALLOW
    )
),

or, alternatively, you can tune or turn on the entries according to your necessities. For more information see: https://docs.moodle.org/dev/Access_API

Then you can

check the ID of the current user ($USER->id) and
write some custom function to decide if this user can or cannot see the report.

Note: I would not bypass the capabilities mechanism, though, because it is reliable and safe. You could however tune it in order to allow only user groups defined by you.

Thank you Aldo for the suggestion. I would test and compare the results and give you feedback here. — StartVader, Jul 01 '16 at 13:49

Show data only to selected user in Quiz activity

1 Answers1