/**
  * Determine whether the current can manage the association between a given user and userset.
  * @param int $userid The ID of a user.
  * @param int $clustid The ID of a userset.
  * @return bool Success status.
  */
 public static function can_manage_assoc($userid, $usersetid)
 {
     global $USER;
     $allowedusersets = array();
     // TODO: Ugly, this needs to be overhauled.
     $upage = new usersetpage();
     if (!usersetpage::can_enrol_into_cluster($usersetid)) {
         // The users who satisfty this condition are a superset of those who can manage associations.
         return false;
     } else {
         if ($upage->_has_capability('local/elisprogram:userset_enrol', $usersetid)) {
             // Current user has the direct capability.
             return true;
         }
     }
     $allowedusersets = userset::get_allowed_clusters($usersetid);
     $filter = array(new field_filter('userid', $userid));
     // Query to get users associated to at least one enabling userset.
     if (empty($allowedusersets)) {
         $filter[] = new select_filter('FALSE');
     } else {
         $filter[] = new in_list_filter('clusterid', $allowedusersets);
     }
     // User just needs to be in one of the possible usersets.
     if (clusterassignment::exists($filter)) {
         return true;
     }
     return false;
 }
Example #2
0
 function get_records($filter)
 {
     global $DB, $USER;
     $id = $this->required_param('id', PARAM_INT);
     $sort = $this->optional_param('sort', 'name', PARAM_ALPHA);
     $dir = $this->optional_param('dir', 'ASC', PARAM_ALPHA);
     $pagenum = $this->optional_param('page', 0, PARAM_INT);
     $perpage = $this->optional_param('perpage', 30, PARAM_INT);
     $filters = array();
     // find users who do not have a manual assignment already
     $filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new AND_filter(array(new field_filter('clusterid', $id), new field_filter('plugin', 'manual'))), true);
     // user-defined filter
     list($extrasql, $params) = $filter->get_sql_filter();
     if ($extrasql) {
         $filters[] = new select_filter($extrasql, $params);
     }
     // TODO: Ugly, this needs to be overhauled
     $upage = new usersetpage();
     if (!$upage->_has_capability('local/elisprogram:userset_enrol')) {
         //perform SQL filtering for the more "conditional" capability
         //get the context for the "indirect" capability
         $context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id);
         $allowed_clusters = userset::get_allowed_clusters($id);
         if (empty($allowed_clusters)) {
             $filters[] = new select_filter('FALSE');
         } else {
             $filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new in_list_filter('clusterid', $allowed_clusters));
         }
     }
     $count = user::count($filters);
     $users = user::find($filters, array($sort => $dir), $pagenum * $perpage, $perpage);
     return array($users, $count);
 }
Example #3
0
 /**
  * A get_filter_sql_permissions_elementuser compatible version of userset::get_allowed_clusters
  * @param int $usersetid The userset whose parents we care about.
  */
 public static function get_allowed_clusters($usersetid)
 {
     global $DB;
     $ids = userset::get_allowed_clusters($usersetid);
     if (!empty($ids)) {
         list($idswhere, $idsparams) = $DB->get_in_or_equal($ids);
         $sql = 'SELECT id as clusterid FROM {' . userset::TABLE . '} WHERE id ' . $idswhere;
         return $DB->get_records_sql($sql, $idsparams);
     } else {
         return array();
     }
 }
 /**
  * Tests contexts in userset data object.
  *
  * Covers:
  * local/elisprogram/lib/data/userset.class.php:334
  * local/elisprogram/lib/data/userset.class.php:453
  * local/elisprogram/lib/data/userset.class.php:561
  * local/elisprogram/lib/data/userset.class.php:595
  * local/elisprogram/lib/data/userset.class.php:616
  * local/elisprogram/lib/data/userset.class.php:721
  * local/elisprogram/lib/data/userset.class.php:755
  * local/elisprogram/lib/data/userset.class.php:847
  * local/elisprogram/lib/data/userset.class.php:901
  */
 public function test_usersetcontexts()
 {
     global $USER, $DB;
     require_once elispm::file('plugins/usetclassify/usersetclassification.class.php');
     require_once elispm::file('plugins/usetclassify/lib.php');
     $this->setup_users();
     $this->setup_usersets();
     // TEST local/elisprogram/lib/data/userset.class.php:334.
     $res = userset::get_allowed_clusters(1);
     // TEST local/elisprogram/lib/data/userset.class.php:453.
     $ussfilter = new usersubset_filter('id', new field_filter('id', 1));
     $res = $ussfilter->get_sql();
     // TEST
     // local/elisprogram/lib/data/userset.class.php:561
     // local/elisprogram/lib/data/userset.class.php:595
     // local/elisprogram/lib/data/userset.class.php:616
     // local/elisprogram/lib/data/userset.class.php:721
     // local/elisprogram/lib/data/userset.class.php:755.
     $field = new field(array('shortname' => USERSET_CLASSIFICATION_FIELD));
     $field->load();
     $userset = $this->create_userset($field);
     // Get a role to assign.
     $rolesctx = $DB->get_records('role_context_levels', array('contextlevel' => CONTEXT_ELIS_USERSET));
     foreach ($rolesctx as $i => $rolectx) {
         $roleid = $rolectx->roleid;
     }
     // Add userset_view capability to our role.
     $usersetcontext = \local_elisprogram\context\userset::instance($userset->id);
     $rc = new stdClass();
     $rc->contextid = $usersetcontext->id;
     $rc->roleid = $roleid;
     $rc->capability = 'local/elisprogram:userset_view';
     $rc->permission = 1;
     $rc->timemodified = time();
     $rc->modifierid = 0;
     $DB->insert_record('role_capabilities', $rc);
     $rc = new stdClass();
     $rc->contextid = $usersetcontext->id;
     $rc->roleid = $roleid;
     $rc->capability = 'local/elisprogram:userset_enrol_userset_user';
     $rc->permission = 1;
     $rc->timemodified = time();
     $rc->modifierid = 0;
     $DB->insert_record('role_capabilities', $rc);
     // Assign role.
     $user = new user(103);
     $muser = $user->get_moodleuser();
     $raid = role_assign($roleid, $muser->id, $usersetcontext->id);
     $this->setUser(100);
     // Assign other user to userset.
     $clst = new clusterassignment();
     $clst->clusterid = $userset->id;
     $clst->userid = 104;
     $clst->plugin = 'manual';
     $clst->save();
     // Get cluster listing.
     $capability = 'local/elisprogram:userset_view';
     $contexts = get_contexts_by_capability_for_user('cluster', $capability, 100);
     $extrafilters = array('contexts' => $contexts, 'classification' => 'test field data');
     $res = cluster_get_listing('name', 'ASC', 0, 0, '', '', $extrafilters, 104);
     $res = cluster_count_records('', '', $extrafilters);
     // TEST local/elisprogram/lib/data/userset.class.php:847.
     cluster_get_non_child_clusters(1);
     // TEST local/elisprogram/lib/data/userset.class.php:901.
     cluster_get_possible_sub_clusters(1);
     $this->setUser(null);
 }
Example #5
0
 /**
  * Test whether a user can enrol users into a sub-userset if they have the required capability on the
  * parent userset.
  */
 public function test_getallowedclusterswithparentpermission()
 {
     global $DB;
     $this->load_csv_data();
     // Create role with cap: 'local/elisprogram:class_view'.
     $testrole = new stdClass();
     $testrole->name = 'ELIS Sub-Userset Manager';
     $testrole->shortname = '_test_ELIS_3848';
     $testrole->description = 'ELIS userset enrol into sub-userser';
     $testrole->archetype = '';
     $testrole->id = create_role($testrole->name, $testrole->shortname, $testrole->description, $testrole->archetype);
     // Ensure our new role is assignable to ELIS class contexts.
     set_role_contextlevels($testrole->id, array(CONTEXT_ELIS_USERSET));
     // Ensure the role has our required capability assigned.
     $syscontext = context_system::instance();
     assign_capability('local/elisprogram:userset', CAP_ALLOW, $testrole->id, $syscontext->id, true);
     assign_capability('local/elisprogram:userset_view', CAP_ALLOW, $testrole->id, $syscontext->id, true);
     assign_capability('local/elisprogram:userset_create', CAP_ALLOW, $testrole->id, $syscontext->id, true);
     assign_capability('local/elisprogram:userset_enrol_userset_user', CAP_ALLOW, $testrole->id, $syscontext->id, true);
     $syscontext->mark_dirty();
     // Assign a test user a role within the parent userset.
     $context = \local_elisprogram\context\userset::instance(1);
     role_assign($testrole->id, 100, $context->id);
     // Assign a test user a role within the sub-sub-userset.
     $ctx2 = \local_elisprogram\context\userset::instance(4);
     role_assign($testrole->id, 100, $ctx2->id);
     // Switch to testuser.
     $USER = $DB->get_record('user', array('id' => 100));
     $USER->access = get_user_accessdata($USER->id);
     load_role_access_by_context($testrole->id, $context, $USER->access);
     // We need to force the accesslib cache to refresh.
     $GLOBALS['USER'] = $USER;
     // Check which of the parent usersets the user has access to based on the sub-userset.
     $allowed = userset::get_allowed_clusters(2);
     $this->assertInternalType('array', $allowed);
     $this->assertEquals(1, count($allowed));
     // Check which of the parent usersets the user has access to basdd on the sub-sub-userset.
     $allowed = userset::get_allowed_clusters(4);
     $this->assertInternalType('array', $allowed);
     $this->assertEquals(2, count($allowed));
 }