Make Moodle site read only

Make Moodle site read only

Comments 0 Comment

One of the most difficult things for me in the past has been preventing changes to the archived Moodle site which is deposited on a separate server each year.

I have been using chatGPT to create a safe MySql query which removes editing rights from Lecturers and students while still allowing logins to the site. I should note that there’s no running cron either, since this would do pointless work on an otherwise “frozen” site.

The first part of the query executed on the Moodle database is as follows:

-- Disable all write capabilities for authenticated users, students, and other roles
UPDATE mdl_role_capabilities
SET permission = -1
WHERE capability IN (
    'moodle/course:manageactivities', 
    'moodle/course:activityvisibility', 
    'moodle/course:bulkmessaging',
    'moodle/course:managefiles',
    'moodle/course:managegrades',
    'moodle/course:managemetacourse',
    'moodle/course:managequestions',
    'moodle/course:managegroups',
    'moodle/course:managepermissions',
    'moodle/course:modifystartdate',
    'moodle/course:sectionvisibility',
    'moodle/course:visibility',
    'moodle/grade:edit',
    'moodle/grade:hide',
    'moodle/grade:manage',
    'moodle/grade:manageletters',
    'moodle/grade:manageoutcomes',
    'moodle/grade:override',
    'moodle/grade:viewall',
    'moodle/question:add',
    'moodle/question:editall',
    'moodle/question:moveall',
    'moodle/question:removeall',
    'moodle/question:viewall',
    'moodle/question:useall',
    'moodle/question:viewmycategory',
    'moodle/role:assign',
    'moodle/role:manage',
    'moodle/role:override',
    'moodle/role:safeoverride',
    'moodle/role:unassignself',
    'moodle/user:editprofile',
    'moodle/user:delete',
    'moodle/user:update',
    'moodle/user:changeownpassword',
    'moodle/user:create',
    'moodle/user:deleteownmessage',
    'moodle/user:editownmessageprofile',
    'moodle/user:editownprofile'
);

Once this is done it’s necessary to alter role capabilities to prevent them from altering “mod” activities, while setting the capability login to allow that to continue:

-- Disable capabilities for creating/modifying activities and resources
UPDATE mdl_role_capabilities
SET permission = -1
WHERE capability LIKE 'mod/%:addinstance';

UPDATE mdl_role_capabilities
SET permission = -1
WHERE capability LIKE 'mod/%:delete';

UPDATE mdl_role_capabilities
SET permission = -1
WHERE capability LIKE 'mod/%:update';

-- Allow users to log in
UPDATE mdl_role_capabilities
SET permission = 1
WHERE capability = 'moodle/user:login';

One thing that isn’t working is that the user can still edit section headings, although this is less important than preventing mod updates. I am working on finding the capability which prevents this.

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.