Moodle 3.3: You do not have permission to install content types.

Hi,

We are implementing the H5P plugin into our Moodle installation (running on SLES/PHP7/Postgres). The installation has gone fine and the tool is available in our Moodle, but I am unable to install any content types (as an admin user). The GET button is grayed out and it tells me I do not have permissions to install content types.

I had this on our previous test install but can't remember how I fixed it! Is it a file permissions issue? If so, exactly which folder needs what permissions. I've tried everything up to 777 on /mod/hvp, but am not sure exactly where the content types are cached in /moodledata.

Help much appreciated!

Rich

thomasmars's picture

Hi,
If the "GET" button is greyed out this means that you either do not have the permissions to install the content type or that your H5P Plugin version is not sufficiently up to date to install the new content type.
By clicking into the detailed view of the content type there will be a notice telling you more about which of the two cases that you are experiencing. If your plugin is not up to date, please go ahead and update it from the Moodle page and that should fix your issue.

If you do not have the permissions to install the content type you need to enable the capability for your user group.
If you wish to enable your user to install ALL content types, enable the "mod/hvp:updatelibraries" capability (also called "Update the version of an H5P library").
If you wish to enable your user to install ONLY recommended content types, enable the "mod/hvp:installrecommendedh5plibraries" capability (also called "Install recommended H5P libraries") for your user group.

If you are unsure how to modify permissions please visit the managing roles, permissions and override permissions guides for Moodle.

- Thomas

 

All fixed! It turns out a borked install of the module had caused the privileges to not be installed into the database. Therefore it was not possible for any users (even admin) to install content types as the privileges that were being tested for did not exist. Uninstalled and reinstalled and all working properly.

BV52's picture

Hi Rich,

It's good to hear that everything is working fine. If you encounter any other problems or have any questions feel free to post in the forum.

-BV52

Hello all,

we are facing a similar problem when users (manager and/or teacher role assinged in course context) try to install new content via h5p. Right at the moment it is not possible to install new content because the button is greyed out.
We figured out that only system wide roles (context_system::instance) are used when hasPermission check is made. From my point of view context_course should be used that also locally assinged users can install h5p content.

Is there any reason why context_system is used instead of context_course? Would it be possible to apply changes in this function?

Best regards
- mg

public function hasPermission($permission, $contentid = null) {
        switch ($permission) {
            case \H5PPermission::DOWNLOAD_H5P:
                global $DB;
                $context = \context_course::instance($DB->get_field('hvp', 'course', array('id' => $contentid)));
                return has_capability('mod/hvp:getexport', $context);
            case \H5PPermission::CREATE_RESTRICTED:
                $context = \context_system::instance();
                return has_capability('mod/hvp:userestrictedlibraries', $context);
            case \H5PPermission::UPDATE_LIBRARIES:
                $context = \context_system::instance();
                return has_capability('mod/hvp:updatelibraries', $context);
            case \H5PPermission::INSTALL_RECOMMENDED:
                $context = \context_system::instance();
                return has_capability('mod/hvp:installrecommendedh5plibraries', $context);

        }
icc's picture

The problem is that the content types are essentially code and is therefore installed on a system-wide level to make it easier to maintain. Though, it may be safe to move the 'installrecommendedh5plibraries' capability to the course context there hasn't been a need for that until now.
Changing this will probably require a good amount of testing.

Note that content creators will soon no longer be able to see the greyed out content types. It will be up to a manager to control which content types are available and updated on the site.

we have approx. 13500 courses in one single instance. Thus, we do not assign any roles gobally and therefore we do not have e.g. any global managers. Every participating organisation has at least one manger role assigned on course context level. At the moment only site administrators are able to install new content, which is a major drawback because of missing domain specific knowledge. We do not know, which content is needed but we do not want to install all content available.

Due to the fact that the configuration of the affected roles is available in Moodle role administration we assumed that installation would also work on course context level.

Does no-one else reported this before? Can't imagine...

Without this modification we can't use H5P in our instance (but we of course want to, because it's great!). Maybe you can have a think about the implementation of this idea for improvement.

thomasmars's picture

Hi, thank you for the detailed description of the problem.

We will be looking into permission handling when assigning local roles to courses this release, and will make sure to have a look at your use-case as well when investigating this. You can follow along the issue at https://h5ptechnology.atlassian.net/browse/HFP-1433.

I'm sure this is an issue for others as well, which is why we are addressing the issue. We'll try our best to meet you exceptations for this so it will be convenient for you to use H5P. Thanks again.

As a workaround, could you not create a new role with just the required permissions set  (everything else set to "not set" and assign it to a number of users at site level? This is how we accomplish a number of tasks that require a system capability for users we don't want to make system-wide admin/manager etc.

Thank you for this input but this workaround would not work in our setup. Some roles (only local context!) are assinged automatically via LDAP enrolment. Administrators should not assign any roles manually.

icc's picture

We've gone through the permissions and fixed so that editing teachers and managers can now install and update recommended content types for their courses by default. This will be available in the upcoming version of the plugin.

YAY! Great to hear. Thanks to all of the involed people for the quick response and implementation.