/**
* Reset role capabilitites to default according to selected legacy capability.
* If several legacy caps selected, use the first from get_default_capabilities.
* If no legacy selected, removes all capabilities.
*
* @param int @roleid
*/
function reset_role_capabilities($roleid)
{
global $DB;
$sitecontext = get_context_instance(CONTEXT_SYSTEM);
$legacyroles = get_legacy_roles();
$defaultcaps = array();
foreach ($legacyroles as $ltype => $lcap) {
$localoverride = get_local_override($roleid, $sitecontext->id, $lcap);
if (!empty($localoverride->permission) and $localoverride->permission == CAP_ALLOW) {
//choose first selected legacy capability
$defaultcaps = get_default_capabilities($ltype);
break;
}
}
$DB->delete_records('role_capabilities', array('roleid' => $roleid));
if (!empty($defaultcaps)) {
foreach ($defaultcaps as $cap => $permission) {
assign_capability($cap, $permission, $roleid, $sitecontext->id);
}
}
}
public function __construct($context, $roleid)
{
$this->roleid = $roleid;
parent::__construct($context, 'defineroletable', $roleid);
$this->displaypermissions = $this->allpermissions;
$this->strperms[$this->allpermissions[CAP_INHERIT]] = get_string('notset', 'role');
$this->allcontextlevels = array(CONTEXT_SYSTEM => get_string('coresystem'), CONTEXT_USER => get_string('user'), CONTEXT_COURSECAT => get_string('category'), CONTEXT_COURSE => get_string('course'), CONTEXT_MODULE => get_string('activitymodule'), CONTEXT_BLOCK => get_string('block'));
$this->legacyroles = get_legacy_roles();
}
}
// added a role sitewide...
mark_context_dirty($sitecontext->path);
if (empty($errors)) {
$rolename = get_field('role', 'name', 'id', $newroleid);
add_to_log(SITEID, 'role', 'add', 'admin/roles/manage.php?action=add', $rolename, '', $USER->id);
redirect('manage.php');
}
}
break;
case 'edit':
if ($data = data_submitted() and confirm_sesskey()) {
$shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR));
// only lowercase safe ASCII characters
$legacytype = required_param('legacytype', PARAM_RAW);
$legacyroles = get_legacy_roles();
if (!array_key_exists($legacytype, $legacyroles)) {
$legacytype = '';
}
if (empty($name)) {
$errors['name'] = get_string('errorbadrolename', 'role');
} else {
if ($rs = get_records('role', 'name', $name)) {
unset($rs[$roleid]);
if (!empty($rs)) {
$errors['name'] = get_string('errorexistsrolename', 'role');
}
}
}
if (empty($shortname)) {
$errors['shortname'] = get_string('errorbadroleshortname', 'role');
/**
* When called resets all custom roles as per definition set down in /local/roles.php
*
* Note that this uses the non-core role.custom field to isolate roles to remove.
*
* Utilise the $path parameter to allow for localisation (i.e. different roles defintion than core).
*
* Sort order is reset based on the order listed in the defintion.
*
* WARNING: as long as you retain the same shortname existing user role assigments will
* be retained. if you change the shortname they will be lost.
*
* KNOWN ISSUE: we rely on shortname being unique, but this is not enforced by the db.
* this is more a problem with moodle.
*
* @param text $path
*
*/
function tao_reset_custom_roles($path = 'local')
{
global $CFG;
if (!get_site()) {
// not finished installing, skip
return true;
}
// get latest role definition from roles file
$rolespath = $CFG->dirroot . '/' . $path . '/roles.php';
if (!file_exists($rolespath)) {
debugging("Local caps reassignment called with invalid path {$path}");
return false;
}
require_once $rolespath;
if (!isset($customroles)) {
return true;
// nothing to do.
}
$undeletableroles = array();
$undeletableroles[$CFG->notloggedinroleid] = 1;
$undeletableroles[$CFG->guestroleid] = 1;
$undeletableroles[$CFG->defaultuserroleid] = 1;
$undeletableroles[$CFG->defaultcourseroleid] = 1;
// If there is only one admin role, add that to $undeletableroles too.
$adminroles = get_admin_roles();
if (count($adminroles) == 1) {
$undeletableroles[reset($adminroles)->id] = 1;
}
// get recordset of existing custom roles
$sql = "SELECT id, name, shortname, description, sortorder, custom\n FROM {$CFG->prefix}role\n WHERE custom IS NOT NULL";
$roles = get_records_sql($sql);
// remove custom roles that are not in the latest definition
foreach ($roles as $role) {
// check whether this role is in the latest definition
if (array_key_exists($role->shortname, $customroles)) {
continue;
}
// extra safety: check undeletable roles
if (isset($undeletableroles[$role->id])) {
continue;
}
delete_role($role->id);
}
// hack to avoid sortorder unique constraint
execute_sql("UPDATE {$CFG->prefix}role SET sortorder = (sortorder+1000) WHERE custom IS NOT NULL");
// set sortorder to current highest value
$sortorder = get_field_sql("SELECT " . sql_max('sortorder') . " FROM {$CFG->prefix}role WHERE custom IS NULL");
// now loop through the new settings
foreach ($customroles as $shortname => $role) {
$sortorder++;
// get the roleid
$roleid = get_field('role', 'id', 'shortname', $shortname);
// if exists then make updates
if (!empty($roleid)) {
// only update fields that have been set
if (isset($role['name'])) {
set_field('role', 'name', $role['name'], 'shortname', $shortname);
}
if (isset($role['description'])) {
set_field('role', 'description', $role['description'], 'shortname', $shortname);
}
// reset sortorder
set_field('role', 'sortorder', $sortorder, 'shortname', $shortname);
// else create record
} else {
$newrole = new stdclass();
$newrole->name = $role['name'];
$newrole->shortname = $shortname;
$newrole->description = $role['description'];
$newrole->sortorder = $sortorder;
$newrole->custom = 1;
$roleid = insert_record('role', $newrole);
}
// remove any previously set legacy roles
$legacyroles = get_legacy_roles();
foreach ($legacyroles as $ltype => $lcap) {
unassign_capability($lcap, $roleid);
}
// reset legacy role
if (isset($role['legacy'])) {
$legacycap = $legacyroles[$role['legacy']];
$context = get_context_instance(CONTEXT_SYSTEM);
assign_capability($legacycap, CAP_ALLOW, $roleid, $context->id);
}
// update the context settings
set_role_contextlevels($roleid, $role['context']);
// e.g. array(CONTEXT_SYSTEM, CONTEXT_COURSECAT)
// set allow assigns
if (is_array($role['canassign'])) {
// delete existing
delete_records('role_allow_assign', 'allowassign', $roleid);
foreach ($role['canassign'] as $canassign) {
$canassignid = get_field('role', 'id', 'shortname', $canassign);
allow_assign($canassignid, $roleid);
}
}
}
// reset custom capabilities to keep up with changes
return tao_reset_capabilities();
}
