Roles
- Neill Magill
Rogō supports the following basic types of users:
| Student | Students |
| Staff | Rights to add/edit personal and team papers, questions, etc. |
| Admin | Staff who have rights to any data with a School(s) |
| SysAdmin | IT administrators who have rights to any data in entire system. |
| Standards Setter | Limited staff role for Standards Setting only |
| External Examiner | Staff from external institutions used to review summative exam papers for mistakes/quality. |
| Invigilator | Users involved in invigilating summative exams. |
| Inactive Staff | Staff who no longer work at the institution can be deactivated. |
| Internal Reviewer | Staff from your institutions used to review summative exam papers for mistakes/quality. |
| left | User has left the institution - no facilities provided in Rogō. |
| graduate | User has successfully graduated - no facilities provided in Rogō. |
| SysCron | User used when running scripts from system cron. |
| Suspended | User suspended - cannot log in. |
| Locked | Same as suspended but role can only be changed via Rogo UI |
Role definitions are stored in the roles table, the roles users have assigned to them are stored in the user_roles table.
Before Rogo 7.2.0
The user type is held in the 'roles' field of 'users' table but can be altered through the user screens of Rogō. In the database users with 'Admin' and 'SysAdmin' roles must have a role of 'Staff' as well (i.e. 'Staff,Admin'). The roles field is comma separated.
Note
Staff and student roles in many ways are quite opposite. Staff can set questions whereas students answer questions. In certain circumstances the same user can be both staff and student. For example, a member of staff may enrol on a particular postgraduate module. Rogo will normally cope with uses of 'Staff,Student' role but the user should be on different modules as a member of staff from that as student.
There are several roles that will not work correctly unless they also have the Staff role these are:
- SysAdmin
- Admin
- Standards Setter
Guest Accounts
Guest accounts are special accounts that can be used when students forget their normal authentication details at the beginning of a summative exam. One hundred guest accounts are created at install time named 'user1' to 'user100'. In the 'users' table they have role of 'student' but the system will recognise them as special and alter it's security model. For example, students accessing a paper on a guest account will not have a check that they are on the correct module. Rogō does not know which modules the guest accounts should be on so this security check is relaxed.
For further details about the mechanics of how the guest accounts actually work see: Guest Accounts
Modifying a user's roles
In code a user's roles should only be modified via the Role class:
Role::updateRoles($userid, ['Staff']);
Roles can only be added in certain combinations, you can validate them using:
// Passing examples. Role::validateCombination(['Student']); Role::validateCombination(['Student', 'Staff']); Role::validateCombination(['Admin', 'Staff']); // These examples will fail and throw a InvalidRole exception. Role::validateCombination([]); // A user must have one role. Role::validateCombination(['Staff', 'Invigilator']);
Checking Roles
A common activity in any system is to check the permissions of the current user. The userobject.class.php object can be used to do this with the has_role() function. So, for example, if we need to check if a member of staff was logged in we could do:
if ($userObject->has_role('Staff')) {
}
Alternatively a number of roles can be checked by passing an array:
if ($userObject->has_role(array('SysAdmin', 'Admin', 'Staff'))) {
}
To secure the entire page for a certain role of user please read: Securing Pages
Finding all roles in Rogo
You can get a list of all roles in Rogo by:
// Get an array of Role objects. $roles = Role::list();
You can get a localised name of the role by calling the localName() method on a Role object.