/** * Determines whether the current user is allowed to enrol users into the provided class * * @param int $classid The id of the class we are checking permissions on * * @return boolean Whether the user is allowed to enrol users into the class * */ static function can_enrol_into_class($classid) { global $USER; //check the standard capability // TODO: Ugly, this needs to be overhauled $cpage = new pmclasspage(); if ($cpage->_has_capability('local/elisprogram:class_enrol', $classid) || $cpage->_has_capability('local/elisprogram:class_enrol_userset_user', $classid)) { return true; } //get the context for the "indirect" capability $context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:class_enrol_userset_user', $USER->id); //we first need to go through tracks to get to clusters $track_listing = new trackassignment(array('classid' => $classid)); $tracks = $track_listing->get_assigned_tracks(); //iterate over the track ides, which are the keys of the array if (!empty($tracks)) { foreach (array_keys($tracks) as $track) { //get the clusters and check the context against them $clusters = clustertrack::get_clusters($track); if (!empty($clusters)) { foreach ($clusters as $cluster) { if ($context->context_allowed($cluster->clusterid, 'cluster')) { return true; } } } } } return false; }
function can_do_default() { global $USER; $id = $this->required_param('id', PARAM_INT); // TODO: Ugly, this needs to be overhauled $cpage = new pmclasspage(); return $cpage->_has_capability('local/elisreports:view', $id) || instructor::user_is_instructor_of_class(cm_get_crlmuserid($USER->id), $id); }
/** * Determines whether the current user is allowed to create, edit, and delete associations * between a user and a class * * @param int $userid The id of the user being associated to the class * @param int $classid The id of the class we are associating the user to * @uses $DB * @uses $USER; * @return boolean True if the current user has the required permissions, otherwise false */ public static function can_manage_assoc($userid, $classid) { global $DB, $USER; // TODO: Ugly, this needs to be overhauled $cpage = new pmclasspage(); if (!pmclasspage::can_enrol_into_class($classid)) { //the users who satisfty this condition are a superset of those who can manage associations return false; } else { if ($cpage->_has_capability('local/elisprogram:class_enrol', $classid)) { //current user has the direct capability return true; } } //get the context for the "indirect" capability $context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:class_enrol_userset_user', $USER->id); $allowed_clusters = array(); $allowed_clusters = pmclass::get_allowed_clusters($classid); //query to get users associated to at least one enabling cluster $cluster_select = ''; if (empty($allowed_clusters)) { $cluster_select = '0=1'; } else { $cluster_select = 'clusterid IN (' . implode(',', $allowed_clusters) . ')'; } $select = "userid = ? AND {$cluster_select}"; //user just needs to be in one of the possible clusters if ($DB->record_exists_select(clusterassignment::TABLE, $select, array($userid))) { return true; } return false; }
/** * Returns an array of cluster ids that are associated to the supplied class through tracks and * the current user has access to enrol users into * * @param int $clsid The class whose association ids we care about * @return int array The array of accessible cluster ids */ public static function get_allowed_clusters($clsid) { global $USER; $context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:assign_userset_user_class_instructor', $USER->id); $allowed_clusters = array(); // TODO: Ugly, this needs to be overhauled $cpage = new pmclasspage(); if ($cpage->_has_capability('local/elisprogram:assign_userset_user_class_instructor', $clsid)) { require_once elispm::lib('data/clusterassignment.class.php'); $cmuserid = pm_get_crlmuserid($USER->id); $userclusters = clusterassignment::find(new field_filter('userid', $cmuserid)); foreach ($userclusters as $usercluster) { $allowed_clusters[] = $usercluster->clusterid; } } //we first need to go through tracks to get to clusters $track_listing = new trackassignment(array('classid' => $clsid)); $tracks = $track_listing->get_assigned_tracks(); //iterate over the track ides, which are the keys of the array if (!empty($tracks)) { foreach (array_keys($tracks) as $track) { //get the clusters and check the context against them $clusters = clustertrack::get_clusters($track); $allowed_track_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid'); //append all clusters that are allowed by the available clusters contexts foreach ($allowed_track_clusters as $allowed_track_cluster) { $allowed_clusters[] = $allowed_track_cluster; } } } return $allowed_clusters; }
/** * Gets filter sql for permissions. * @return array An array consisting of additional WHERE conditions, and parameters. */ protected function get_filter_sql_permissions() { global $DB; $additionalfilters = array(); $additionalfiltersparams = array(); // If appropriate limit selection to users belonging to clusters for which the user can manage instructor assignments. // TODO: Ugly, this needs to be overhauled. $cpage = new pmclasspage(); if (!$cpage->_has_capability('local/elisprogram:assign_class_instructor', $this->classid)) { // Perform SQL filtering for the more "conditional" capability. $allowedclusters = instructor::get_allowed_clusters($this->classid); if (empty($allowedclusters)) { $additionalfilters[] = 'FALSE'; } else { list($usersetinoreq, $usersetinoreqparams) = $DB->get_in_or_equal($allowedclusters); $clusterfilter = 'SELECT userid FROM {' . clusterassignment::TABLE . '} WHERE clusterid ' . $usersetinoreq; $additionalfilters[] = 'element.id IN (' . $clusterfilter . ')'; $additionalfiltersparams = array_merge($additionalfiltersparams, $usersetinoreqparams); } } return array($additionalfilters, $additionalfiltersparams); }