Ejemplo n.º 1
0
 public function poll_user_eligible()
 {
     global $COURSE, $USER;
     $parents = $this->context->get_parent_context_ids();
     $parentctx = context::instance_by_id($parents[0]);
     $switched = false;
     if ($this->poll->eligible == 'students') {
         $switched = is_role_switched($COURSE->id);
         if (isset($USER->access['rsw'][$parentctx->path])) {
             $switched = $switched && !role_context_capabilities($USER->access['rsw'][$parentctx->path], $this->context, 'block/poll:editpoll');
         } else {
             $switched = false;
         }
     }
     // TODO: Proper roles & capabilities.
     return $this->poll->eligible == 'all' || $this->poll->eligible == 'students' && !$this->poll_can_edit() || $switched || $this->poll->eligible == 'teachers' && $this->poll_can_edit();
 }
Ejemplo n.º 2
0
  * a mini get_users_by_capability() call here, this is done instead of  *
  * get_users_by_capability() because                                    *
  * 1) get_users_by_capability() does not deal with searching by name    *
  * 2) exceptions array can be potentially large for large courses       *
  * 3) get_recordset_sql() is more efficient                             *
  *                                                                      *
  ************************************************************************/
 if ($possibleroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $context)) {
     $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM));
     $validroleids = array();
     foreach ($possibleroles as $possiblerole) {
         if (isset($doanythingroles[$possiblerole->id])) {
             // We don't want these included
             continue;
         }
         if ($caps = role_context_capabilities($possiblerole->id, $context, 'moodle/course:view')) {
             // resolved list
             if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) {
                 // resolved capability > 0
                 $validroleids[] = $possiblerole->id;
             }
         }
     }
     if ($validroleids) {
         $roleids = '(' . implode(',', $validroleids) . ')';
         $select = " SELECT u.id, u.firstname, u.lastname, u.email";
         $countselect = "SELECT COUNT(u.id)";
         $from = " FROM {$CFG->prefix}user u\n                                INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\n                                INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid";
         $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\n                                AND u.deleted = 0\n                                AND ra.roleid in {$roleids}";
         $excsql = " AND u.id NOT IN (\n                                    SELECT u.id\n                                    FROM {$CFG->prefix}role_assignments r,\n                                    {$CFG->prefix}user u\n                                    WHERE r.contextid = {$contextid}\n                                    AND u.id = r.userid\n                                    AND r.roleid = {$roleid}\n                                    {$selectsql})";
         $availableusers = get_recordset_sql($select . $from . $where . $selectsql . $excsql);
Ejemplo n.º 3
0
print_heading_with_help(get_string('overridepermissionsin', 'role', print_context_name($context)), 'overrides');
if ($roleid) {
    /// prints a form to swap roles
    echo '<div class="selector">';
    $overridableroles = array('0' => get_string('listallroles', 'role') . '...') + $overridableroles;
    popup_form("{$CFG->wwwroot}/{$CFG->admin}/roles/override.php?userid={$userid}&amp;courseid={$courseid}&amp;contextid={$contextid}&amp;roleid=", $overridableroles, 'switchrole', $roleid, '', '', '', false, 'self', $strroletooverride);
    echo '</div>';
    $parentcontexts = get_parent_contexts($context);
    if (!empty($parentcontexts)) {
        $parentcontext = array_shift($parentcontexts);
        $parentcontext = get_context_instance_by_id($parentcontext);
    } else {
        $parentcontext = $context;
        // site level in override??
    }
    $r_caps = role_context_capabilities($roleid, $parentcontext);
    $localoverrides = get_records_select('role_capabilities', "roleid = {$roleid} AND contextid = {$context->id}", '', 'capability, permission, id');
    $lang = str_replace('_utf8', '', current_language());
    if (!empty($capabilities)) {
        // Print the capabilities overrideable in this context
        print_simple_box_start('center');
        include 'override.html';
        print_simple_box_end();
    } else {
        notice(get_string('nocapabilitiesincontext', 'role'), $CFG->wwwroot . '/' . $CFG->admin . '/roles/' . $baseurl);
    }
} else {
    // Print overview table
    $table->tablealign = 'center';
    $table->cellpadding = 5;
    $table->cellspacing = 0;
 protected function load_parent_permissions()
 {
     // Get the capabilities from the parent context, so that can be shown in the interface.
     $parentcontext = $this->context->get_parent_context();
     $this->parentpermissions = role_context_capabilities($this->roleid, $parentcontext);
 }
Ejemplo n.º 5
0
function backup_general_info($bf, $preferences)
{
    global $CFG;
    fwrite($bf, start_tag("INFO", 1, true));
    //The name of the backup
    fwrite($bf, full_tag("NAME", 2, false, $preferences->backup_name));
    //The moodle_version
    fwrite($bf, full_tag("MOODLE_VERSION", 2, false, $preferences->moodle_version));
    fwrite($bf, full_tag("MOODLE_RELEASE", 2, false, $preferences->moodle_release));
    //The backup_version
    fwrite($bf, full_tag("BACKUP_VERSION", 2, false, $preferences->backup_version));
    fwrite($bf, full_tag("BACKUP_RELEASE", 2, false, $preferences->backup_release));
    //The date
    fwrite($bf, full_tag("DATE", 2, false, $preferences->backup_unique_code));
    //The original site wwwroot
    fwrite($bf, full_tag("ORIGINAL_WWWROOT", 2, false, $CFG->wwwroot));
    //The original site identifier. MD5 hashed for security.
    fwrite($bf, full_tag("ORIGINAL_SITE_IDENTIFIER_HASH", 2, false, md5(get_site_identifier())));
    //The zip method used
    if (!empty($CFG->zip)) {
        $zipmethod = 'external';
    } else {
        $zipmethod = 'internal';
    }
    //Indicate if it includes external MNET users
    $sql = "SELECT b.old_id\n                   FROM   {$CFG->prefix}backup_ids b\n                     JOIN {$CFG->prefix}user       u ON b.old_id=u.id\n                   WHERE b.backup_code = '{$preferences->backup_unique_code}'\n                         AND b.table_name = 'user' AND u.mnethostid != '{$CFG->mnet_localhost_id}'";
    if (record_exists_sql($sql)) {
        fwrite($bf, full_tag("MNET_REMOTEUSERS", 2, false, 'true'));
    }
    fwrite($bf, full_tag("ZIP_METHOD", 2, false, $zipmethod));
    //Te includes tag
    fwrite($bf, start_tag("DETAILS", 2, true));
    //Now, go to mod element of preferences to print its status
    foreach ($preferences->mods as $element) {
        //Calculate info
        $included = "false";
        $userinfo = "false";
        if ($element->backup) {
            $included = "true";
            if ($element->userinfo) {
                $userinfo = "true";
            }
        }
        //Prints the mod start
        fwrite($bf, start_tag("MOD", 3, true));
        fwrite($bf, full_tag("NAME", 4, false, $element->name));
        fwrite($bf, full_tag("INCLUDED", 4, false, $included));
        fwrite($bf, full_tag("USERINFO", 4, false, $userinfo));
        if (isset($preferences->mods[$element->name]->instances) && is_array($preferences->mods[$element->name]->instances) && count($preferences->mods[$element->name]->instances)) {
            fwrite($bf, start_tag("INSTANCES", 4, true));
            foreach ($preferences->mods[$element->name]->instances as $id => $object) {
                if (!empty($object->backup)) {
                    //Calculate info
                    $included = "false";
                    $userinfo = "false";
                    if ($object->backup) {
                        $included = "true";
                        if ($object->userinfo) {
                            $userinfo = "true";
                        }
                    }
                    fwrite($bf, start_tag("INSTANCE", 5, true));
                    fwrite($bf, full_tag("ID", 5, false, $id));
                    fwrite($bf, full_tag("NAME", 5, false, $object->name));
                    fwrite($bf, full_tag("INCLUDED", 5, false, $included));
                    fwrite($bf, full_tag("USERINFO", 5, false, $userinfo));
                    fwrite($bf, end_tag("INSTANCE", 5, true));
                }
            }
            fwrite($bf, end_tag("INSTANCES", 4, true));
        }
        //Print the end
        fwrite($bf, end_tag("MOD", 3, true));
    }
    //The metacourse in backup
    if ($preferences->backup_metacourse == 1) {
        fwrite($bf, full_tag("METACOURSE", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("METACOURSE", 3, false, "false"));
    }
    //The user in backup
    if ($preferences->backup_users == 1) {
        fwrite($bf, full_tag("USERS", 3, false, "course"));
    } else {
        if ($preferences->backup_users == 0) {
            fwrite($bf, full_tag("USERS", 3, false, "all"));
        } else {
            fwrite($bf, full_tag("USERS", 3, false, "none"));
        }
    }
    //The logs in backup
    if ($preferences->backup_logs == 1) {
        fwrite($bf, full_tag("LOGS", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("LOGS", 3, false, "false"));
    }
    //The user files
    if ($preferences->backup_user_files == 1) {
        fwrite($bf, full_tag("USERFILES", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("USERFILES", 3, false, "false"));
    }
    //The course files
    if ($preferences->backup_course_files == 1) {
        fwrite($bf, full_tag("COURSEFILES", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("COURSEFILES", 3, false, "false"));
    }
    //The site files
    if ($preferences->backup_site_files == 1) {
        fwrite($bf, full_tag("SITEFILES", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("SITEFILES", 3, false, "false"));
    }
    //The gradebook histories
    if (empty($CFG->disablegradehistory) && $preferences->backup_gradebook_history == 1) {
        fwrite($bf, full_tag("GRADEBOOKHISTORIES", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("GRADEBOOKHISTORIES", 3, false, "false"));
    }
    //The messages in backup
    if ($preferences->backup_messages == 1 && $preferences->backup_course == SITEID) {
        fwrite($bf, full_tag("MESSAGES", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("MESSAGES", 3, false, "false"));
    }
    //The blogs in backup
    if ($preferences->backup_blogs == 1 && $preferences->backup_course == SITEID) {
        fwrite($bf, full_tag("BLOGS", 3, false, "true"));
    } else {
        fwrite($bf, full_tag("BLOGS", 3, false, "false"));
    }
    //The mode of writing the block data
    fwrite($bf, full_tag('BLOCKFORMAT', 3, false, 'instances'));
    fwrite($bf, end_tag("DETAILS", 2, true));
    $status = fwrite($bf, end_tag("INFO", 1, true));
    ///Roles stuff goes in here
    fwrite($bf, start_tag('ROLES', 1, true));
    $roles = backup_fetch_roles($preferences);
    $sitecontext = get_context_instance(CONTEXT_SYSTEM);
    $coursecontext = get_context_instance(CONTEXT_COURSE, $preferences->backup_course);
    foreach ($roles as $role) {
        fwrite($bf, start_tag('ROLE', 2, true));
        fwrite($bf, full_tag('ID', 3, false, $role->id));
        fwrite($bf, full_tag('NAME', 3, false, $role->name));
        fwrite($bf, full_tag('SHORTNAME', 3, false, $role->shortname));
        /// Calculate $role name in course
        $nameincourse = role_get_name($role, $coursecontext);
        if ($nameincourse != $role->name) {
            fwrite($bf, full_tag('NAMEINCOURSE', 3, false, $nameincourse));
        }
        // find and write all default capabilities
        fwrite($bf, start_tag('CAPABILITIES', 3, true));
        // pull out all default (site context) capabilities
        if ($capabilities = role_context_capabilities($role->id, $sitecontext)) {
            foreach ($capabilities as $capability => $value) {
                fwrite($bf, start_tag('CAPABILITY', 4, true));
                fwrite($bf, full_tag('NAME', 5, false, $capability));
                fwrite($bf, full_tag('PERMISSION', 5, false, $value));
                // use this to pull out the other info (timemodified and modifierid)
                $cap = get_record_sql("SELECT *\n                                           FROM {$CFG->prefix}role_capabilities\n                                           WHERE capability = '{$capability}'\n                                                 AND contextid = {$sitecontext->id}\n                                                 AND roleid = {$role->id}");
                fwrite($bf, full_tag("TIMEMODIFIED", 5, false, $cap->timemodified));
                fwrite($bf, full_tag("MODIFIERID", 5, false, $cap->modifierid));
                fwrite($bf, end_tag('CAPABILITY', 4, true));
            }
        }
        fwrite($bf, end_tag('CAPABILITIES', 3, true));
        fwrite($bf, end_tag('ROLE', 2, true));
    }
    fwrite($bf, end_tag('ROLES', 1, true));
    return $status;
}
Ejemplo n.º 6
0
 protected function load_parent_permissions()
 {
     global $DB;
     /// Get the capabilities from the parent context, so that can be shown in the interface.
     $parentcontext = context::instance_by_id(get_parent_contextid($this->context));
     $this->parentpermissions = role_context_capabilities($this->roleid, $parentcontext);
 }
Ejemplo n.º 7
0
/**
 * Obtains a list of the possible roles that group members might come from,
 * on a course. Generally this includes all the roles who would have 
 * course:view on that course, except the doanything roles.
 * @param object $context Context of course
 * @return Array of role ID integers, or false if error/none.
 */
function groups_get_possible_roles($context)
{
    $capability = 'moodle/course:view';
    $doanything = false;
    // find all possible "student" roles
    if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) {
        if (!$doanything) {
            if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) {
                return false;
                // Something is seriously wrong
            }
            $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
        }
        $validroleids = array();
        foreach ($possibleroles as $possiblerole) {
            if (!$doanything) {
                if (isset($doanythingroles[$possiblerole->id])) {
                    // We don't want these included
                    continue;
                }
            }
            if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) {
                // resolved list
                if (isset($caps[$capability]) && $caps[$capability] > 0) {
                    // resolved capability > 0
                    $validroleids[] = $possiblerole->id;
                }
            }
        }
        if (empty($validroleids)) {
            return false;
        }
        return $validroleids;
    } else {
        return false;
        // No need to continue, since no roles have this capability set
    }
}
Ejemplo n.º 8
0
/**
 * Gets the users for a course who are not in a specified group
 * @param int $groupid The id of the group
 * @param string searchtext similar to searchtext in role assign, search
 * @return array An array of the userids of the non-group members,  or false if
 * an error occurred.
 * This function was changed to get_users_by_capability style
 * mostly because of the searchtext requirement
 */
function groups_get_users_not_in_group($courseid, $groupid, $searchtext = '')
{
    global $CFG;
    $context = get_context_instance(CONTEXT_COURSE, $courseid);
    if ($searchtext !== '') {
        // Search for a subset of remaining users
        $LIKE = sql_ilike();
        $FULLNAME = sql_fullname();
        $wheresearch = " AND u.id IN (SELECT id FROM {$CFG->prefix}user WHERE {$FULLNAME} {$LIKE} '%{$searchtext}%' OR email {$LIKE} '%{$searchtext}%' )";
    } else {
        $wheresearch = '';
    }
    $capability = 'moodle/course:view';
    $doanything = false;
    // find all possible "student" roles
    if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) {
        if (!$doanything) {
            if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) {
                return false;
                // Something is seriously wrong
            }
            $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
        }
        $validroleids = array();
        foreach ($possibleroles as $possiblerole) {
            if (!$doanything) {
                if (isset($doanythingroles[$possiblerole->id])) {
                    // We don't want these included
                    continue;
                }
            }
            if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) {
                // resolved list
                if (isset($caps[$capability]) && $caps[$capability] > 0) {
                    // resolved capability > 0
                    $validroleids[] = $possiblerole->id;
                }
            }
        }
        if (empty($validroleids)) {
            return false;
        }
        $roleids = '(' . implode(',', $validroleids) . ')';
    } else {
        return false;
        // No need to continue, since no roles have this capability set
    }
    /// Construct the main SQL
    $select = " SELECT u.id, u.firstname, u.lastname";
    $from = " FROM {$CFG->prefix}user u\n                INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\n                INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid";
    $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\n                  AND u.deleted = 0\n                  AND ra.roleid in {$roleids}\n                  AND u.id NOT IN (SELECT userid\n                                   FROM {$CFG->prefix}groups_members\n                                   WHERE groupid = {$groupid})\n                  {$wheresearch}";
    $groupby = " GROUP BY u.id, u.firstname, u.lastname ";
    return get_records_sql($select . $from . $where . $groupby);
}
Ejemplo n.º 9
0
Archivo: lib.php Proyecto: r007/PMoodle
function forum_role_assign($userid, $context, $roleid)
{
    // check to see if this role comes with mod/forum:initialsubscriptions
    $cap = role_context_capabilities($roleid, $context, 'mod/forum:initialsubscriptions');
    $cap1 = role_context_capabilities($roleid, $context, 'moodle/course:view');
    // we are checking the role because has_capability() will pull this capability out
    // from other roles this user might have and resolve them, which is no good
    // the role needs course view to
    if (isset($cap['mod/forum:initialsubscriptions']) && $cap['mod/forum:initialsubscriptions'] == CAP_ALLOW && isset($cap1['moodle/course:view']) && $cap1['moodle/course:view'] == CAP_ALLOW) {
        return forum_add_user_default_subscriptions($userid, $context);
    } else {
        // MDL-8981, do not subscribe to forum
        return true;
    }
}
Ejemplo n.º 10
0
/**
 * who has this capability in this context
 * does not handling user level resolving!!!
 * i.e 1 person has 2 roles 1 allow, 1 prevent, this will not work properly
 * @param $context - object
 * @param $capability - string capability
 * @param $fields - fields to be pulled
 * @param $sort - the sort order
 * @param $limitfrom - number of records to skip (offset)
 * @param $limitnum - number of records to fetch
 * @param $groups - single group or array of groups - group(s) user is in
 * @param $exceptions - list of users to exclude
 */
function internalmail_get_users_by_capability($context, $capability, $fields = '', $sort = 'u.firstname', $limitfrom = '', $limitnum = '', $groups = '', $exceptions = '', $doanything = true, $search = '', $firstinitial = '', $lastinitial = '')
{
    global $CFG, $USER, $COURSE;
    /// Sorting out groups
    if ($groups !== '') {
        $groupjoin = 'INNER JOIN ' . $CFG->prefix . 'groups_members gm ON gm.userid = ra.userid';
        if (is_array($groups)) {
            $groupsql = 'AND gm.groupid IN (' . implode(',', $groups) . ')';
        } else {
            if ($groups == 0) {
                if (!has_capability('block/email_list:viewallgroups', $context) && $COURSE->groupmode == 1) {
                    $groupids = groups_get_groups_for_user($USER->id, $COURSE->id);
                    $groupsql = 'AND gm.groupid IN (' . implode(',', $groupids) . ')';
                } else {
                    $groupsql = '';
                }
            } else {
                $groupsql = 'AND gm.groupid = ' . $groups;
            }
        }
    } else {
        $groupjoin = '';
        $groupsql = '';
    }
    /// Sorting out exceptions
    $exceptionsql = $exceptions ? "AND u.id NOT IN ({$exceptions})" : '';
    /// Set up default fields
    if (empty($fields)) {
        $fields = 'u.*, ul.timeaccess as lastaccess, ra.hidden';
    }
    /// Set up default sort
    if (empty($sort)) {
        $sortby = 'ul.timeaccess';
    }
    $sortby = $sort ? " ORDER BY {$sort} " : '';
    /// If context is a course, then construct sql for ul
    if ($context->contextlevel == CONTEXT_COURSE) {
        $courseid = $context->instanceid;
        $coursesql = "AND (ul.courseid = {$courseid} OR ul.courseid IS NULL)";
    } else {
        $coursesql = '';
    }
    $LIKE = sql_ilike();
    $fullname = sql_fullname();
    $search_sql = '';
    if (!empty($search)) {
        $search = trim($search);
        $search_sql .= " AND ({$fullname} {$LIKE} '%{$search}%' OR email {$LIKE} '%{$search}%' OR username {$LIKE} '%{$search}%' OR idnumber {$LIKE} '%{$search}%') ";
    }
    if ($firstinitial) {
        $search_sql .= ' AND firstname ' . $LIKE . ' \'' . $firstinitial . '%\'';
    }
    if ($lastinitial) {
        $search_sql .= ' AND lastname ' . $LIKE . ' \'' . $lastinitial . '%\'';
    }
    /// Sorting out roles with this capability set
    if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) {
        if (!$doanything) {
            if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) {
                return false;
                // Something is seriously wrong
            }
            $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
        }
        $validroleids = array();
        foreach ($possibleroles as $possiblerole) {
            if (!$doanything) {
                if (isset($doanythingroles[$possiblerole->id])) {
                    // We don't want these included
                    continue;
                }
            }
            if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) {
                // resolved list
                if (isset($caps[$capability]) && $caps[$capability] > 0) {
                    // resolved capability > 0
                    $validroleids[] = $possiblerole->id;
                }
            }
        }
        if (empty($validroleids)) {
            return false;
        }
        $roleids = '(' . implode(',', $validroleids) . ')';
    } else {
        return false;
        // No need to continue, since no roles have this capability set
    }
    /// Construct the main SQL
    $select = " SELECT {$fields}";
    $from = " FROM {$CFG->prefix}user u\r\n                INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\r\n                INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid\r\n                LEFT OUTER JOIN {$CFG->prefix}user_lastaccess ul ON ul.userid = u.id\r\n                {$groupjoin}";
    $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\r\n                  AND u.deleted = 0\r\n                  AND ra.roleid in {$roleids}\r\n                      {$exceptionsql}\r\n                      {$coursesql}\r\n                      {$groupsql}\r\n                      {$search_sql}";
    return get_records_sql($select . $from . $where . $sortby, $limitfrom, $limitnum);
}
Ejemplo n.º 11
0
     }
 } else {
     if ($action == 'edit' and !empty($errors) and !empty($newrole)) {
         $role = stripslashes_safe($newrole);
     } else {
         if (!($role = get_record('role', 'id', $roleid))) {
             error('Incorrect role ID!');
         }
         $role->legacytype = get_legacy_type($role->id);
     }
 }
 foreach ($roles as $rolex) {
     $roleoptions[$rolex->id] = strip_tags(format_string($rolex->name));
 }
 // this is the array holding capabilities of this role sorted till this context
 $r_caps = role_context_capabilities($roleid, $sitecontext);
 // this is the available capabilities assignable in this context
 $capabilities = fetch_context_capabilities($sitecontext);
 $usehtmleditor = can_use_html_editor();
 switch ($action) {
     case 'add':
         print_heading_with_help(get_string('addrole', 'role'), 'roles');
         break;
     case 'view':
         print_heading_with_help(get_string('viewrole', 'role'), 'roles');
         break;
     case 'edit':
         print_heading_with_help(get_string('editrole', 'role'), 'roles');
         break;
 }
 echo '<div class="selector">';
Ejemplo n.º 12
0
 public function find_users($search)
 {
     global $DB;
     // Get roles with some assignement to the 'moodle/course:view' capability.
     $possibleroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $this->context);
     if (empty($possibleroles)) {
         // If there aren't any, we are done.
         return array();
     }
     // Now exclude the admin roles, and check the actual permission on
     // 'moodle/course:view' to make sure it is allow.
     $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM));
     $validroleids = array();
     foreach ($possibleroles as $possiblerole) {
         if (isset($doanythingroles[$possiblerole->id])) {
             continue;
         }
         if ($caps = role_context_capabilities($possiblerole->id, $this->context, 'moodle/course:view')) {
             // resolved list
             if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) {
                 // resolved capability > 0
                 $validroleids[] = $possiblerole->id;
             }
         }
     }
     // If there are no valid roles, we are done.
     if (!$validroleids) {
         return array();
     }
     // Now we have to go to the database.
     list($wherecondition, $params) = $this->search_sql($search, 'u');
     if ($wherecondition) {
         $wherecondition = ' AND ' . $wherecondition;
     }
     $roleids = '(' . implode(',', $validroleids) . ')';
     $fields = 'SELECT DISTINCT ' . $this->required_fields_sql('u');
     $countfields = 'SELECT COUNT(DISTINCT u.id)';
     $sql = " FROM {user} u\n                   JOIN {role_assignments} ra ON ra.userid = u.id\n                   JOIN {role} r ON r.id = ra.roleid\n                  WHERE ra.contextid " . get_related_contexts_string($this->context) . "\n                        {$wherecondition}\n                        AND ra.roleid IN {$roleids}\n                        AND u.id NOT IN (\n                           SELECT u.id\n                             FROM {role_assignments} r, {user} u\n                            WHERE r.contextid = ?\n                                  AND u.id = r.userid\n                                  AND r.roleid = ?)";
     $order = ' ORDER BY lastname ASC, firstname ASC';
     $params[] = $this->context->id;
     $params[] = $this->roleid;
     // Check to see if there are too many to show sensibly.
     if (!$this->is_validating()) {
         $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params);
         if ($potentialmemberscount > role_assign_user_selector_base::MAX_USERS_PER_PAGE) {
             return $this->too_many_results($search, $potentialmemberscount);
         }
     }
     // If not, show them.
     $availableusers = $DB->get_records_sql($fields . $sql . $order, $params);
     if (empty($availableusers)) {
         return array();
     }
     if ($search) {
         $groupname = get_string('potusersmatching', 'role', $search);
     } else {
         $groupname = get_string('potusers', 'role');
     }
     return array($groupname => $availableusers);
 }
Ejemplo n.º 13
0
/**
 * who has this capability in this context
 * does not handling user level resolving!!!
 * (!)pleaes note if $fields is empty this function attempts to get u.*
 * which can get rather large.
 * i.e 1 person has 2 roles 1 allow, 1 prevent, this will not work properly
 * @param $context - object
 * @param $capability - string capability
 * @param $fields - fields to be pulled
 * @param $sort - the sort order
 * @param $limitfrom - number of records to skip (offset)
 * @param $limitnum - number of records to fetch
 * @param $groups - single group or array of groups - only return
 *               users who are in one of these group(s).
 * @param $exceptions - list of users to exclude
 * @param view - set to true when roles are pulled for display only
 *               this is so that we can filter roles with no visible
 *               assignment, for example, you might want to "hide" all
 *               course creators when browsing the course participants
 *               list.
 * @param boolean $useviewallgroups if $groups is set the return users who
 *               have capability both $capability and moodle/site:accessallgroups
 *               in this context, as well as users who have $capability and who are
 *               in $groups.
 */
function get_users_by_capability($context, $capability, $fields = '', $sort = '', $limitfrom = '', $limitnum = '', $groups = '', $exceptions = '', $doanything = true, $view = false, $useviewallgroups = false)
{
    global $CFG;
    /// check for front page course, and see if default front page role has the required capability
    $frontpagectx = get_context_instance(CONTEXT_COURSE, SITEID);
    if (!empty($CFG->defaultfrontpageroleid) && ($context->id == $frontpagectx->id || strstr($context->path, '/' . $frontpagectx->id . '/'))) {
        $roles = get_roles_with_capability($capability, CAP_ALLOW, $context);
        if (in_array($CFG->defaultfrontpageroleid, array_keys($roles))) {
            return get_records_sql("SELECT {$fields} FROM {$CFG->prefix}user ORDER BY {$sort}, {$limitfrom}, {$limitnum}");
        }
    }
    /// Sorting out groups
    if ($groups) {
        if (is_array($groups)) {
            $grouptest = 'gm.groupid IN (' . implode(',', $groups) . ')';
        } else {
            $grouptest = 'gm.groupid = ' . $groups;
        }
        $grouptest = 'ra.userid IN (SELECT userid FROM ' . $CFG->prefix . 'groups_members gm WHERE ' . $grouptest . ')';
        if ($useviewallgroups) {
            $viewallgroupsusers = get_users_by_capability($context, 'moodle/site:accessallgroups', 'u.id, u.id', '', '', '', '', $exceptions);
            $groupsql = ' AND (' . $grouptest . ' OR ra.userid IN (' . implode(',', array_keys($viewallgroupsusers)) . '))';
        } else {
            $groupsql = ' AND ' . $grouptest;
        }
    } else {
        $groupsql = '';
    }
    /// Sorting out exceptions
    $exceptionsql = $exceptions ? "AND u.id NOT IN ({$exceptions})" : '';
    /// Set up default fields
    if (empty($fields)) {
        $fields = 'u.*, ul.timeaccess as lastaccess, ra.hidden';
    }
    /// Set up default sort
    if (empty($sort)) {
        $sort = 'ul.timeaccess';
    }
    $sortby = $sort ? " ORDER BY {$sort} " : '';
    /// Set up hidden sql
    $hiddensql = $view && !has_capability('moodle/role:viewhiddenassigns', $context) ? ' AND ra.hidden = 0 ' : '';
    /// If context is a course, then construct sql for ul
    if ($context->contextlevel == CONTEXT_COURSE) {
        $courseid = $context->instanceid;
        $coursesql1 = "AND ul.courseid = {$courseid}";
    } else {
        $coursesql1 = '';
    }
    /// Sorting out roles with this capability set
    if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) {
        if (!$doanything) {
            if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) {
                return false;
                // Something is seriously wrong
            }
            $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
        }
        $validroleids = array();
        foreach ($possibleroles as $possiblerole) {
            if (!$doanything) {
                if (isset($doanythingroles[$possiblerole->id])) {
                    // We don't want these included
                    continue;
                }
            }
            if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) {
                // resolved list
                if (isset($caps[$capability]) && $caps[$capability] > 0) {
                    // resolved capability > 0
                    $validroleids[] = $possiblerole->id;
                }
            }
        }
        if (empty($validroleids)) {
            return false;
        }
        $roleids = '(' . implode(',', $validroleids) . ')';
    } else {
        return false;
        // No need to continue, since no roles have this capability set
    }
    /// Construct the main SQL
    $select = " SELECT {$fields}";
    $from = " FROM {$CFG->prefix}user u\n                INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\n                INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid\n                LEFT OUTER JOIN {$CFG->prefix}user_lastaccess ul ON (ul.userid = u.id {$coursesql1})";
    $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\n                  AND u.deleted = 0\n                  AND ra.roleid in {$roleids}\n                      {$exceptionsql}\n                      {$groupsql}\n                      {$hiddensql}";
    return get_records_sql($select . $from . $where . $sortby, $limitfrom, $limitnum);
}
    $gmroleid = $role->id;
}
$roles = get_records_menu('role', '', '', 'sortorder ASC', 'id,name');
if (empty($roles)) {
    $roles = array();
}
$course = get_site();
$role = get_default_course_role($course);
$defaultroleid = $role->id;
$item = new admin_setting_configcheckbox('block_fn_site_groups_enabled', get_string('fn_site_groups_enabled', 'block_fn_site_groups'), get_string('fn_config_site_groups_enabled', 'block_fn_site_groups'), '0');
$item->set_updatedcallback('fn_sg_set_site_group_mode');
$settings->add($item);
$settings->add(new admin_setting_configselect('block_fn_site_groups_defaultroleid', get_string('fn_site_groups_defaultroleid', 'block_fn_site_groups'), get_string('fn_config_site_groups_defaultroleid', 'block_fn_site_groups'), $defaultroleid, $roles));
$settings->add(new admin_setting_configmulticheckbox('block_fn_site_groups_roles', get_string('fn_site_groups_roles', 'block_fn_site_groups'), get_string('fn_config_site_groups_roles', 'block_fn_site_groups'), '0', $roles));
/// These settings don't actually use the $CFG variable, but are used to manage capabilities.
$caps = role_context_capabilities($gmroleid, $context);
$sgusers = array();
if (!empty($caps['block/fn_site_groups:assignowngroupusers'])) {
    $sgusers[] = 1;
}
if (!empty($caps['block/fn_site_groups:assignallusers'])) {
    $sgusers[] = 2;
}
$CFG->block_fn_site_groups_users = implode(',', $sgusers);
$users = array(1 => get_string('fn_site_groups:assignowngroupusers', 'block_fn_site_groups'), 2 => get_string('fn_site_groups:assignallusers', 'block_fn_site_groups'));
$item = new admin_setting_configmulticheckbox('block_fn_site_groups_users', get_string('fn_site_groups_users', 'block_fn_site_groups'), get_string('fn_config_site_groups_users', 'block_fn_site_groups'), '1', $users);
$item->set_updatedcallback('fn_sg_set_user_capability');
$settings->add($item);
if (!empty($caps['block/fn_site_groups:createnewgroups'])) {
    $CFG->block_fn_site_groups_creategroups = 1;
} else {