/**
* Determines whether the current user is allowed to enrol users into the provided class
*
* @param int $classid The id of the class we are checking permissions on
*
* @return boolean Whether the user is allowed to enrol users into the class
*
*/
static function can_enrol_into_class($classid)
{
global $USER;
//check the standard capability
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
if ($cpage->_has_capability('local/elisprogram:class_enrol', $classid) || $cpage->_has_capability('local/elisprogram:class_enrol_userset_user', $classid)) {
return true;
}
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:class_enrol_userset_user', $USER->id);
//we first need to go through tracks to get to clusters
$track_listing = new trackassignment(array('classid' => $classid));
$tracks = $track_listing->get_assigned_tracks();
//iterate over the track ides, which are the keys of the array
if (!empty($tracks)) {
foreach (array_keys($tracks) as $track) {
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($track);
if (!empty($clusters)) {
foreach ($clusters as $cluster) {
if ($context->context_allowed($cluster->clusterid, 'cluster')) {
return true;
}
}
}
}
}
return false;
}
function can_do_default()
{
global $USER;
$id = $this->required_param('id', PARAM_INT);
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
return $cpage->_has_capability('local/elisreports:view', $id) || instructor::user_is_instructor_of_class(cm_get_crlmuserid($USER->id), $id);
}
/**
* Determines whether the current user is allowed to create, edit, and delete associations
* between a user and a class
*
* @param int $userid The id of the user being associated to the class
* @param int $classid The id of the class we are associating the user to
* @uses $DB
* @uses $USER;
* @return boolean True if the current user has the required permissions, otherwise false
*/
public static function can_manage_assoc($userid, $classid)
{
global $DB, $USER;
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
if (!pmclasspage::can_enrol_into_class($classid)) {
//the users who satisfty this condition are a superset of those who can manage associations
return false;
} else {
if ($cpage->_has_capability('local/elisprogram:class_enrol', $classid)) {
//current user has the direct capability
return true;
}
}
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:class_enrol_userset_user', $USER->id);
$allowed_clusters = array();
$allowed_clusters = pmclass::get_allowed_clusters($classid);
//query to get users associated to at least one enabling cluster
$cluster_select = '';
if (empty($allowed_clusters)) {
$cluster_select = '0=1';
} else {
$cluster_select = 'clusterid IN (' . implode(',', $allowed_clusters) . ')';
}
$select = "userid = ? AND {$cluster_select}";
//user just needs to be in one of the possible clusters
if ($DB->record_exists_select(clusterassignment::TABLE, $select, array($userid))) {
return true;
}
return false;
}
/**
* Returns an array of cluster ids that are associated to the supplied class through tracks and
* the current user has access to enrol users into
*
* @param int $clsid The class whose association ids we care about
* @return int array The array of accessible cluster ids
*/
public static function get_allowed_clusters($clsid)
{
global $USER;
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:assign_userset_user_class_instructor', $USER->id);
$allowed_clusters = array();
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
if ($cpage->_has_capability('local/elisprogram:assign_userset_user_class_instructor', $clsid)) {
require_once elispm::lib('data/clusterassignment.class.php');
$cmuserid = pm_get_crlmuserid($USER->id);
$userclusters = clusterassignment::find(new field_filter('userid', $cmuserid));
foreach ($userclusters as $usercluster) {
$allowed_clusters[] = $usercluster->clusterid;
}
}
//we first need to go through tracks to get to clusters
$track_listing = new trackassignment(array('classid' => $clsid));
$tracks = $track_listing->get_assigned_tracks();
//iterate over the track ides, which are the keys of the array
if (!empty($tracks)) {
foreach (array_keys($tracks) as $track) {
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($track);
$allowed_track_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid');
//append all clusters that are allowed by the available clusters contexts
foreach ($allowed_track_clusters as $allowed_track_cluster) {
$allowed_clusters[] = $allowed_track_cluster;
}
}
}
return $allowed_clusters;
}
/**
* Gets filter sql for permissions.
* @return array An array consisting of additional WHERE conditions, and parameters.
*/
protected function get_filter_sql_permissions()
{
global $DB;
$additionalfilters = array();
$additionalfiltersparams = array();
// If appropriate limit selection to users belonging to clusters for which the user can manage instructor assignments.
// TODO: Ugly, this needs to be overhauled.
$cpage = new pmclasspage();
if (!$cpage->_has_capability('local/elisprogram:assign_class_instructor', $this->classid)) {
// Perform SQL filtering for the more "conditional" capability.
$allowedclusters = instructor::get_allowed_clusters($this->classid);
if (empty($allowedclusters)) {
$additionalfilters[] = 'FALSE';
} else {
list($usersetinoreq, $usersetinoreqparams) = $DB->get_in_or_equal($allowedclusters);
$clusterfilter = 'SELECT userid FROM {' . clusterassignment::TABLE . '} WHERE clusterid ' . $usersetinoreq;
$additionalfilters[] = 'element.id IN (' . $clusterfilter . ')';
$additionalfiltersparams = array_merge($additionalfiltersparams, $usersetinoreqparams);
}
}
return array($additionalfilters, $additionalfiltersparams);
}
