[LON-CAPA-admin] Odd User Management

Stuart Peter Raeburn raeburn at msu.edu
Thu Aug 30 16:48:07 EDT 2007 

Stefan, 

The behavior you describe occurred because: 

(a) As DC you had enabled institutional directory searching in domain 
"fhwf", but localenroll::get_userinfo() had not been customized to support 
this functionality. 

(b) Your user search for username "bisitz' was set to search the 
institutional directory in the "fhwf" domain. 

Because of (a) had been enabled, the createuser code permitted your search 
in (b), which  failed to find any matches (because no interface existed to 
search your university's directory service). 

Unfortunately at that point you were presented with a 'Make new user 
"bisitz" button, which, as you say made no sense in this context, since a 
LON-CAPA account already existed for username "bisitz" in domain "fhwf". 

Clicking the button actually took you to a screen, where you could add 
co-author or assistant roles, as needed for the existing user: "bisitz" in 
domain "fhwf", which is what you had wanted to do. (You would have reached 
the same screen directly had your initial search been an "in this domain" 
search,  in domain "fwfh" for username: "bisitz". 

The code which controls when the "Make new user" button is displayed needs 
to be improved from the code shipped with rev 2.5.0; hopefully the necessary 
changes will be included with a future rev 2.5.1.  In addition, the response 
from the code used for institutional directory searches needs, where the DC 
has enabled institutional directory searching, to be able to distinguish 
between: 

(a) no match is found, where localenroll::get_userinfo() has been customized
and ther really is no match. 

and 

(b) no match found, because localenroll::get_userinfo() has yet to be 
customized. 

The release notes for 2.5.1 need to indicate the need to customize 
localenroll::get_userinfo() to make institutional directory searching 
operative. 

>
> This causes many questions: 
>

As regards specific answers to all but one of your numbered questions: 

> 1) Roles screen says: "Author and Co-Author roles are not available on
> servers other than their respective home servers." Does this mean that I
> should not be able to grant the role "Co-Author" to a user which has an
> account an other server? If so, it isn't true anymore. I clearly
> remember that I granted role "Co-Author" for my account on our server to
> Guy's account at msu many months ago. 
> 

To replicate what you were able to do many months ago:
(a) Set "Domain/institution to search" to the domain of the user to whom you 
wish to grant a co-author role.
(b) Set the search to: "Username is bisitz in this domain". 

> 2) The user "bisitz" exisits on fhwf. Why does the search doesn't find it?

Because you searched in an institutional directory, and localenroll.pm had 
not been customized to interface to your university's directory search 
service. 

> 2) User "bisitz" exists on nds and fhwf. I shouldn't be offered to
> CREATE this user as a NEW user. By the way, after clicking on this
> button, I can change the privilegs for the already existing user
> "bisitz" on nds.

I agree this button should not have been displayed.  However, after clicking 
it, you should have seen a screen where you could add co-author and 
assistant author roles for user "bisitz" from the domain you searched in, 
i.e., from "fwfh" not from "nds". 

> 3) Do I really want to create a user on my HOME server if I can't find
> the user on ANOTHER server? -> Why the button "Make new user ..." at all?

You can only create new users in the domain of your current role.  So, as an 
author you can not create a new user in a different domain in order to 
assign him/her a co-author role for your author space.  As the main purpose 
of the user search mechanism is to help you find other users in the system,  
to limit proliferation of multiple accounts for a single user, you probably 
only want to create a new user account if the person really does not have an 
existing LON-CAPA account in any domain. 

As the same createuser script is used by course coordinators to add/modify 
roles in their courses, the thinking is that there is a reason to allow the 
addition of new users when the user can't be found (in this case the domain 
for the new user will be the domain in which the course itself resides). 

Perhaps this same ability should be disabled for authors seeking to add 
co-authors/assistant authors, and instead direct this traffic to the Domain 
Coordinator. 

> 4) Since when and why are authors allowed to create LON-CAPA users?

Using the pre-2.5.0 interface for createuser/modifyuser, the second screen 
displayed, permitted creation of a new account following entry of a 
username:domain on the first screen which did already not exist in the 
LON-CAPA system.  This certainly applied to course coordinators in course 
context, and I assume it applied to authors too in author context. 

> 6) "Users allowed to search (fhwf)": Who is "not all users"? Means:
> Which users are allowed to execute the directory search if option "all
> users" is unchecked?

This setting is in the "Modify domain configuration" screen used by domain 
coordinators.  If "all users" is unchecked then no-one from your domain is 
permitted to execute an institutional directory search in your domain. This 
isn't very helpful, and should be eliminated, for the case where no types of 
user are defined for your institution.  [The "all users" is the default when 
localenroll.pm has not been customized.  In this case the routine to be 
customized is inst_usertypes().] 

The idea is that your institution may only permit institutional directory 
searching to be carried out by particular types of users (e.g., Faculty, 
Academic Staff, Support Staff, bit not Students).  To allow a domain to 
enforce this, inst_usertypes() needs to be customized, and the institutional 
type for LON-CAPA users in your domain is maintained by running 
Autoupdate.pl 

> 7) How is it finally possible to grant "Co-Author" privileges to a user
> on another domain?
See answer to 1. 

Stuart Raeburn
MSU LON-CAPA group 

Stefan Bisitz writes: 

> Hi, 
> 
> The User Management behaves quite odd. 
> 
> Aim:
> User ABC with home server domain "nds" is an author and wants to grant
> the role "Co-Author" to a user on the server with domain "fhwf". 
> 
> 
> I configured the directory search on server "fhwf":
> - Login as DC
> - "Set domain configuration"
> - "Directory search available?" -> Yes
> - "Search latitude" -> "Contains is a match"
> - "Users allowed to search (fhwf)" -> check/uncheck "all users" (no
> different behaviour)
> - "Supported search methods" -> check all ("username", "last name",
> "last name, first name") 
> 
> 
> - Login as user ABC on nds (no other role than Author is granted to this
> user)
> - "Create a user or modify the roles and privileges of a user"
> - "username" "contains" "bisitz" "in institutional directory"
> - "Domain/institution to search:" -> "fhwf"
> - Click "Search" 
> 
> -> Message "No match found for this username (bisitz) in your
> institution's directory."
> and the button 'Make new user "bisitz"' appears 
> 
> Any help appreciated, thanks! 
> 
> Stefan Bisitz 
> 
> 
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin 
>

More information about the LON-CAPA-admin mailing list