Roles

Rogō supports the following basic types of users:

StudentStudents
StaffRights to add/edit personal and team papers, questions, etc.
AdminStaff who have rights to any data with a School(s)
SysAdminIT administrators who have rights to any data in entire system.
Standards SetterLimited staff role for Standards Setting only
External ExaminerStaff from external institutions used to review summative exam papers for mistakes/quality.
InvigilatorUsers involved in invigilating summative exams.
Inactive StaffStaff who no longer work at the institution can be deactivated.
Internal ReviewerStaff from your institutions used to review summative exam papers for mistakes/quality.
leftUser has left the institution - no facilities provided in Rogō.
graduateUser has successfully graduated - no facilities provided in Rogō.
SysCronUser used when running scripts from system cron.
SuspendedUser suspended - cannot log in.
LockedSame as suspended but role can only be changed via Rogo UI

Role definitions are stored in the roles table, the roles users have assigned to them are stored in the user_roles table.

Before Rogo 7.2.0

The user type is held in the 'roles' field of 'users' table but can be altered through the user screens of Rogō. In the database users with 'Admin' and 'SysAdmin' roles must have a role of 'Staff' as well (i.e. 'Staff,Admin'). The roles field is comma separated.

Note

Staff and student roles in many ways are quite opposite. Staff can set questions whereas students answer questions. In certain circumstances the same user can be both staff and student. For example, a member of staff may enrol on a particular postgraduate module. Rogo will normally cope with uses of 'Staff,Student' role but the user should be on different modules as a member of staff from that as student.

There are several roles that will not work correctly unless they also have the Staff role these are:

  1. SysAdmin
  2. Admin
  3. Standards Setter

Guest Accounts

Guest accounts are special accounts that can be used when students forget their normal authentication details at the beginning of a summative exam. One hundred guest accounts are created at install time named 'user1' to 'user100'. In the 'users' table they have role of 'student' but the system will recognise them as special and alter it's security model. For example, students accessing a paper on a guest account will not have a check that they are on the correct module. Rogō does not know which modules the guest accounts should be on so this security check is relaxed.

For further details about the mechanics of how the guest accounts actually work see: Guest Accounts

Modifying a user's roles

In code a user's roles should only be modified via the Role class:

Role::updateRoles($userid, ['Staff']);

Roles can only be added in certain combinations, you can validate them using:

// Passing examples.

Role::validateCombination(['Student']);
Role::validateCombination(['Student', 'Staff']);
Role::validateCombination(['Admin', 'Staff']);

// These examples will fail and throw a InvalidRole exception.

Role::validateCombination([]); // A user must have one role.
Role::validateCombination(['Staff', 'Invigilator']);

Checking Roles

A common activity in any system is to check the permissions of the current user. The userobject.class.php object can be used to do this with the has_role() function. So, for example, if we need to check if a member of staff was logged in we could do:

if ($userObject->has_role('Staff')) {
}

Alternatively a number of roles can be checked by passing an array:

if ($userObject->has_role(array('SysAdmin', 'Admin', 'Staff'))) {
}

To secure the entire page for a certain role of user please read: Securing Pages

Finding all roles in Rogo

You can get a list of all roles in Rogo by:

// Get an array of Role objects.
$roles = Role::list();

You can get a localised name of the role by calling the localName() method on a Role object.