Mike: I suggest that we add an $effectivePermissionLevel that corresponds to the permission level of the effective user.
I agree and this is easy enough to do. Unless there are objections I will also change the decision which prints file path names once the permission is high enough to depend on the permission of the effectiveUser rather than the permission of the user. Raghu has asked for this features so that an instructor can print hardcopies for students without the file path names.
Providing access hasPermission(user,action)
is probably the way to handle all of this in the long run, but it's a bigger project. There are already hasPermission()
like routines on the webwork2 side and these, or some portion of them could be shared with the PG side of the code. It will be a mid-sized project to work out how much sharing one should allow to obtain all the functionality one wants but also to continue to minimize interdependence between the two code bases and to maintain reasonable security.
For special purposes one can continue to use the mechanism used to pass PRINT_FILE_NAMES_PERMISSION_LEVEL
in which the constant is set in global.conf
and can be overridden in course.conf
.