/** * Test user_get_user_details_courses */ public function test_user_get_user_details_courses() { global $DB; $this->resetAfterTest(); // Create user and modify user profile. $user1 = $this->getDataGenerator()->create_user(); $user2 = $this->getDataGenerator()->create_user(); $course1 = $this->getDataGenerator()->create_course(); $coursecontext = context_course::instance($course1->id); $teacherrole = $DB->get_record('role', array('shortname' => 'teacher')); $this->getDataGenerator()->enrol_user($user1->id, $course1->id); $this->getDataGenerator()->enrol_user($user2->id, $course1->id); role_assign($teacherrole->id, $user1->id, $coursecontext->id); role_assign($teacherrole->id, $user2->id, $coursecontext->id); accesslib_clear_all_caches_for_unit_testing(); // Get user2 details as a user with super system capabilities. $result = user_get_user_details_courses($user2); $this->assertEquals($user2->id, $result['id']); $this->assertEquals(fullname($user2), $result['fullname']); $this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']); $this->setUser($user1); // Get user2 details as a user who can only see this user in a course. $result = user_get_user_details_courses($user2); $this->assertEquals($user2->id, $result['id']); $this->assertEquals(fullname($user2), $result['fullname']); $this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']); }
/** * Retrieve matching user. * * @throws moodle_exception * @param array $criteria the allowed array keys are id/lastname/firstname/idnumber/username/email/auth. * @return array An array of arrays containing user profiles. * @since Moodle 2.5 */ public static function get_users($criteria = array()) { global $CFG, $USER, $DB; require_once $CFG->dirroot . "/user/lib.php"; $params = self::validate_parameters(self::get_users_parameters(), array('criteria' => $criteria)); // Validate the criteria and retrieve the users. $c = 0; $users = array(); $warnings = array(); $sqlparams = array(); $usedkeys = array(); $sqltables = '{user}'; // Do not retrieve deleted users. $sqlwhere = ' deleted = 0'; // Get List of custom profile fields $fields = profile_get_custom_fields(true); $customprofilefields = array(); foreach ($fields as $field) { $customprofilefields[] = $field->shortname; } foreach ($params['criteria'] as $criteriaindex => $criteria) { // Check that the criteria has never been used. if (array_key_exists($criteria['key'], $usedkeys)) { throw new moodle_exception('keyalreadyset', '', '', null, 'The key ' . $criteria['key'] . ' can only be sent once'); } else { $usedkeys[$criteria['key']] = true; } $invalidcriteria = false; // Clean the parameters. $paramtype = PARAM_RAW; switch ($criteria['key']) { case 'id': $paramtype = PARAM_INT; break; case 'idnumber': $paramtype = PARAM_RAW; break; case 'username': $paramtype = PARAM_RAW; break; case 'email': // We use PARAM_RAW to allow searches with %. $paramtype = PARAM_RAW; break; case 'auth': $paramtype = PARAM_AUTH; break; case 'lastname': case 'firstname': $paramtype = PARAM_TEXT; break; default: if (substr($criteria['key'], 0, 14) == 'profile_field_' && in_array(substr($criteria['key'], 14, strlen($criteria['key'])), $customprofilefields)) { $paramtype = PARAM_TEXT; } else { // Send back a warning that this search key is not supported in this version. // This warning will make the function extandable without breaking clients. $warnings[] = array('item' => $criteria['key'], 'warningcode' => 'invalidfieldparameter', 'message' => 'The search key \'' . $criteria['key'] . '\' is not supported, look at the web service documentation'); // Do not add this invalid criteria to the created SQL request. $invalidcriteria = true; unset($params['criteria'][$criteriaindex]); } break; } if (!$invalidcriteria) { $cleanedvalue = clean_param($criteria['value'], $paramtype); $sqlwhere .= ' AND '; // Create the SQL. switch ($criteria['key']) { case 'id': case 'idnumber': case 'auth': $sqlwhere .= '{user}.' . $criteria['key'] . ' = :' . $criteria['key']; $sqlparams[$criteria['key']] = $cleanedvalue; break; case 'username': case 'email': case 'lastname': case 'firstname': $sqlwhere .= $DB->sql_like('{user}.' . $criteria['key'], ':' . $criteria['key'], false); $sqlparams[$criteria['key']] = $cleanedvalue; break; default: if (substr($criteria['key'], 0, 14) == 'profile_field_' && in_array(substr($criteria['key'], 14, strlen($criteria['key'])), $customprofilefields)) { $c++; $sqltables .= " LEFT JOIN {user_info_data} AS cfdata" . $c . " ON {user}.id = cfdata" . $c . ".userid LEFT JOIN {user_info_field} AS cfield" . $c . " ON cfdata" . $c . ".fieldid = cfield" . $c . ".id"; $sqlwhere .= 'cfield' . $c . '.shortname = :cfield' . $c . ' AND cfdata' . $c . '.data = :cfdata' . $c; $sqlparams['cfield' . $c] = substr($criteria['key'], 14, strlen($criteria['key'])); $sqlparams['cfdata' . $c] = $cleanedvalue; $warnings[] = array('warningcode' => 'customfieldname', 'message' => 'cfield' . $c . " = " . substr($criteria['key'], 14, strlen($criteria['key']))); $warnings[] = array('warningcode' => 'customfielddata', 'message' => 'cfdata' . $c . " = " . $cleanedvalue); } break; } } } $sql = 'SELECT {user}.* FROM ' . $sqltables . ' WHERE ' . $sqlwhere . ' ORDER BY id ASC'; $users = $DB->get_records_sql($sql, $sqlparams); // Finally retrieve each users information. $returnedusers = array(); foreach ($users as $user) { $userdetails = user_get_user_details_courses($user); $customfields = profile_user_record($user->id); // Return the user only if all the searched fields are returned. // Otherwise it means that the $USER was not allowed to search the returned user. if (!empty($userdetails)) { $validuser = true; foreach ($params['criteria'] as $criteria) { if (substr($criteria['key'], 0, 14) != 'profile_field_' && empty($userdetails[$criteria['key']])) { $validuser = false; } } if ($validuser) { $returnedusers[] = $userdetails; } } } return array('users' => $returnedusers, 'warnings' => $warnings); }
/** * Retrieve matching user. * * @throws moodle_exception * @param array $criteria the allowed array keys are id/lastname/firstname/idnumber/username/email/auth. * @return array An array of arrays containing user profiles. * @since Moodle 2.5 */ public static function get_users($criteria = array()) { global $CFG, $USER, $DB; require_once $CFG->dirroot . "/user/lib.php"; $params = self::validate_parameters(self::get_users_parameters(), array('criteria' => $criteria)); // Validate the criteria and retrieve the users. $users = array(); $warnings = array(); $sqlparams = array(); $usedkeys = array(); // Do not retrieve deleted users. $sql = ' deleted = 0'; foreach ($params['criteria'] as $criteriaindex => $criteria) { // Check that the criteria has never been used. if (array_key_exists($criteria['key'], $usedkeys)) { throw new moodle_exception('keyalreadyset', '', '', null, 'The key ' . $criteria['key'] . ' can only be sent once'); } else { $usedkeys[$criteria['key']] = true; } $invalidcriteria = false; // Clean the parameters. $paramtype = PARAM_RAW; switch ($criteria['key']) { case 'id': $paramtype = PARAM_INT; break; case 'idnumber': $paramtype = PARAM_RAW; break; case 'username': $paramtype = PARAM_RAW; break; case 'email': // We use PARAM_RAW to allow searches with %. $paramtype = PARAM_RAW; break; case 'auth': $paramtype = PARAM_AUTH; break; case 'lastname': case 'firstname': $paramtype = PARAM_TEXT; break; default: // Send back a warning that this search key is not supported in this version. // This warning will make the function extandable without breaking clients. $warnings[] = array('item' => $criteria['key'], 'warningcode' => 'invalidfieldparameter', 'message' => 'The search key \'' . $criteria['key'] . '\' is not supported, look at the web service documentation'); // Do not add this invalid criteria to the created SQL request. $invalidcriteria = true; unset($params['criteria'][$criteriaindex]); break; } if (!$invalidcriteria) { $cleanedvalue = clean_param($criteria['value'], $paramtype); $sql .= ' AND '; // Create the SQL. switch ($criteria['key']) { case 'id': case 'idnumber': case 'username': case 'auth': $sql .= $criteria['key'] . ' = :' . $criteria['key']; $sqlparams[$criteria['key']] = $cleanedvalue; break; case 'email': case 'lastname': case 'firstname': $sql .= $DB->sql_like($criteria['key'], ':' . $criteria['key'], false); $sqlparams[$criteria['key']] = $cleanedvalue; break; default: break; } } } $users = $DB->get_records_select('user', $sql, $sqlparams, 'id ASC'); // Finally retrieve each users information. $returnedusers = array(); foreach ($users as $user) { $userdetails = user_get_user_details_courses($user); // Return the user only if all the searched fields are returned. // Otherwise it means that the $USER was not allowed to search the returned user. if (!empty($userdetails)) { $validuser = true; foreach ($params['criteria'] as $criteria) { if (empty($userdetails[$criteria['key']])) { $validuser = false; } } if ($validuser) { $returnedusers[] = $userdetails; } } } return array('users' => $returnedusers, 'warnings' => $warnings); }