/**
* Test user_get_user_details_courses
*/
public function test_user_get_user_details_courses()
{
global $DB;
$this->resetAfterTest();
// Create user and modify user profile.
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$course1 = $this->getDataGenerator()->create_course();
$coursecontext = context_course::instance($course1->id);
$teacherrole = $DB->get_record('role', array('shortname' => 'teacher'));
$this->getDataGenerator()->enrol_user($user1->id, $course1->id);
$this->getDataGenerator()->enrol_user($user2->id, $course1->id);
role_assign($teacherrole->id, $user1->id, $coursecontext->id);
role_assign($teacherrole->id, $user2->id, $coursecontext->id);
accesslib_clear_all_caches_for_unit_testing();
// Get user2 details as a user with super system capabilities.
$result = user_get_user_details_courses($user2);
$this->assertEquals($user2->id, $result['id']);
$this->assertEquals(fullname($user2), $result['fullname']);
$this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']);
$this->setUser($user1);
// Get user2 details as a user who can only see this user in a course.
$result = user_get_user_details_courses($user2);
$this->assertEquals($user2->id, $result['id']);
$this->assertEquals(fullname($user2), $result['fullname']);
$this->assertEquals($course1->id, $result['enrolledcourses'][0]['id']);
}
/**
* Retrieve matching user.
*
* @throws moodle_exception
* @param array $criteria the allowed array keys are id/lastname/firstname/idnumber/username/email/auth.
* @return array An array of arrays containing user profiles.
* @since Moodle 2.5
*/
public static function get_users($criteria = array())
{
global $CFG, $USER, $DB;
require_once $CFG->dirroot . "/user/lib.php";
$params = self::validate_parameters(self::get_users_parameters(), array('criteria' => $criteria));
// Validate the criteria and retrieve the users.
$c = 0;
$users = array();
$warnings = array();
$sqlparams = array();
$usedkeys = array();
$sqltables = '{user}';
// Do not retrieve deleted users.
$sqlwhere = ' deleted = 0';
// Get List of custom profile fields
$fields = profile_get_custom_fields(true);
$customprofilefields = array();
foreach ($fields as $field) {
$customprofilefields[] = $field->shortname;
}
foreach ($params['criteria'] as $criteriaindex => $criteria) {
// Check that the criteria has never been used.
if (array_key_exists($criteria['key'], $usedkeys)) {
throw new moodle_exception('keyalreadyset', '', '', null, 'The key ' . $criteria['key'] . ' can only be sent once');
} else {
$usedkeys[$criteria['key']] = true;
}
$invalidcriteria = false;
// Clean the parameters.
$paramtype = PARAM_RAW;
switch ($criteria['key']) {
case 'id':
$paramtype = PARAM_INT;
break;
case 'idnumber':
$paramtype = PARAM_RAW;
break;
case 'username':
$paramtype = PARAM_RAW;
break;
case 'email':
// We use PARAM_RAW to allow searches with %.
$paramtype = PARAM_RAW;
break;
case 'auth':
$paramtype = PARAM_AUTH;
break;
case 'lastname':
case 'firstname':
$paramtype = PARAM_TEXT;
break;
default:
if (substr($criteria['key'], 0, 14) == 'profile_field_' && in_array(substr($criteria['key'], 14, strlen($criteria['key'])), $customprofilefields)) {
$paramtype = PARAM_TEXT;
} else {
// Send back a warning that this search key is not supported in this version.
// This warning will make the function extandable without breaking clients.
$warnings[] = array('item' => $criteria['key'], 'warningcode' => 'invalidfieldparameter', 'message' => 'The search key \'' . $criteria['key'] . '\' is not supported, look at the web service documentation');
// Do not add this invalid criteria to the created SQL request.
$invalidcriteria = true;
unset($params['criteria'][$criteriaindex]);
}
break;
}
if (!$invalidcriteria) {
$cleanedvalue = clean_param($criteria['value'], $paramtype);
$sqlwhere .= ' AND ';
// Create the SQL.
switch ($criteria['key']) {
case 'id':
case 'idnumber':
case 'auth':
$sqlwhere .= '{user}.' . $criteria['key'] . ' = :' . $criteria['key'];
$sqlparams[$criteria['key']] = $cleanedvalue;
break;
case 'username':
case 'email':
case 'lastname':
case 'firstname':
$sqlwhere .= $DB->sql_like('{user}.' . $criteria['key'], ':' . $criteria['key'], false);
$sqlparams[$criteria['key']] = $cleanedvalue;
break;
default:
if (substr($criteria['key'], 0, 14) == 'profile_field_' && in_array(substr($criteria['key'], 14, strlen($criteria['key'])), $customprofilefields)) {
$c++;
$sqltables .= " LEFT JOIN {user_info_data} AS cfdata" . $c . " ON {user}.id = cfdata" . $c . ".userid LEFT JOIN {user_info_field} AS cfield" . $c . " ON cfdata" . $c . ".fieldid = cfield" . $c . ".id";
$sqlwhere .= 'cfield' . $c . '.shortname = :cfield' . $c . ' AND cfdata' . $c . '.data = :cfdata' . $c;
$sqlparams['cfield' . $c] = substr($criteria['key'], 14, strlen($criteria['key']));
$sqlparams['cfdata' . $c] = $cleanedvalue;
$warnings[] = array('warningcode' => 'customfieldname', 'message' => 'cfield' . $c . " = " . substr($criteria['key'], 14, strlen($criteria['key'])));
$warnings[] = array('warningcode' => 'customfielddata', 'message' => 'cfdata' . $c . " = " . $cleanedvalue);
}
break;
}
}
}
$sql = 'SELECT {user}.* FROM ' . $sqltables . ' WHERE ' . $sqlwhere . ' ORDER BY id ASC';
$users = $DB->get_records_sql($sql, $sqlparams);
// Finally retrieve each users information.
$returnedusers = array();
foreach ($users as $user) {
$userdetails = user_get_user_details_courses($user);
$customfields = profile_user_record($user->id);
// Return the user only if all the searched fields are returned.
// Otherwise it means that the $USER was not allowed to search the returned user.
if (!empty($userdetails)) {
$validuser = true;
foreach ($params['criteria'] as $criteria) {
if (substr($criteria['key'], 0, 14) != 'profile_field_' && empty($userdetails[$criteria['key']])) {
$validuser = false;
}
}
if ($validuser) {
$returnedusers[] = $userdetails;
}
}
}
return array('users' => $returnedusers, 'warnings' => $warnings);
}
/**
* Retrieve matching user.
*
* @throws moodle_exception
* @param array $criteria the allowed array keys are id/lastname/firstname/idnumber/username/email/auth.
* @return array An array of arrays containing user profiles.
* @since Moodle 2.5
*/
public static function get_users($criteria = array())
{
global $CFG, $USER, $DB;
require_once $CFG->dirroot . "/user/lib.php";
$params = self::validate_parameters(self::get_users_parameters(), array('criteria' => $criteria));
// Validate the criteria and retrieve the users.
$users = array();
$warnings = array();
$sqlparams = array();
$usedkeys = array();
// Do not retrieve deleted users.
$sql = ' deleted = 0';
foreach ($params['criteria'] as $criteriaindex => $criteria) {
// Check that the criteria has never been used.
if (array_key_exists($criteria['key'], $usedkeys)) {
throw new moodle_exception('keyalreadyset', '', '', null, 'The key ' . $criteria['key'] . ' can only be sent once');
} else {
$usedkeys[$criteria['key']] = true;
}
$invalidcriteria = false;
// Clean the parameters.
$paramtype = PARAM_RAW;
switch ($criteria['key']) {
case 'id':
$paramtype = PARAM_INT;
break;
case 'idnumber':
$paramtype = PARAM_RAW;
break;
case 'username':
$paramtype = PARAM_RAW;
break;
case 'email':
// We use PARAM_RAW to allow searches with %.
$paramtype = PARAM_RAW;
break;
case 'auth':
$paramtype = PARAM_AUTH;
break;
case 'lastname':
case 'firstname':
$paramtype = PARAM_TEXT;
break;
default:
// Send back a warning that this search key is not supported in this version.
// This warning will make the function extandable without breaking clients.
$warnings[] = array('item' => $criteria['key'], 'warningcode' => 'invalidfieldparameter', 'message' => 'The search key \'' . $criteria['key'] . '\' is not supported, look at the web service documentation');
// Do not add this invalid criteria to the created SQL request.
$invalidcriteria = true;
unset($params['criteria'][$criteriaindex]);
break;
}
if (!$invalidcriteria) {
$cleanedvalue = clean_param($criteria['value'], $paramtype);
$sql .= ' AND ';
// Create the SQL.
switch ($criteria['key']) {
case 'id':
case 'idnumber':
case 'username':
case 'auth':
$sql .= $criteria['key'] . ' = :' . $criteria['key'];
$sqlparams[$criteria['key']] = $cleanedvalue;
break;
case 'email':
case 'lastname':
case 'firstname':
$sql .= $DB->sql_like($criteria['key'], ':' . $criteria['key'], false);
$sqlparams[$criteria['key']] = $cleanedvalue;
break;
default:
break;
}
}
}
$users = $DB->get_records_select('user', $sql, $sqlparams, 'id ASC');
// Finally retrieve each users information.
$returnedusers = array();
foreach ($users as $user) {
$userdetails = user_get_user_details_courses($user);
// Return the user only if all the searched fields are returned.
// Otherwise it means that the $USER was not allowed to search the returned user.
if (!empty($userdetails)) {
$validuser = true;
foreach ($params['criteria'] as $criteria) {
if (empty($userdetails[$criteria['key']])) {
$validuser = false;
}
}
if ($validuser) {
$returnedusers[] = $userdetails;
}
}
}
return array('users' => $returnedusers, 'warnings' => $warnings);
}
