/** * Group created * * @param \core\event\group_created $event * @return void */ public static function group_created(\core\event\group_created $event) { global $DB; $group = $event->get_record_snapshot('groups', $event->objectid); $courseids = local_metagroups_parent_courses($group->courseid); foreach ($courseids as $courseid) { $course = get_course($courseid); // If parent course doesn't use groups, we can skip synchronization. if (groups_get_course_groupmode($course) == NOGROUPS) { continue; } if (!$DB->record_exists('groups', array('courseid' => $course->id, 'idnumber' => $group->id))) { $metagroup = new \stdClass(); $metagroup->courseid = $course->id; $metagroup->idnumber = $group->id; $metagroup->name = $group->name; groups_create_group($metagroup, false, false); } } }
/** * * @uses $CFG * @uses $USER */ function display_filemanager_link() { global $CFG, $USER; if (!($course = get_record('course', 'id', $this->instance->pageid))) { error("Course ID is incorrect"); } $coursecontext = get_context_instance(CONTEXT_COURSE, $this->instance->pageid); $canmanagegroups = has_capability('block/file_manager:canmanagegroups', $coursecontext); $this->content->items[] = "<a title=\"" . get_string('msgfilemanager', 'block_file_manager') . "\" href=\"{$CFG->wwwroot}/blocks/file_manager/view.php?id={$this->instance->pageid}&groupid=0\">" . get_string('myfiles', 'block_file_manager') . "</a>"; $this->content->icons[] = "<img src=\"{$CFG->pixpath}/i/files.gif\" alt=\"\" />"; // If the user is member of any group of this course, links for each group in which he belongs must be displayed $groupmode = groups_get_course_groupmode($course); $groupsarray = array(); switch ($groupmode) { case NOGROUPS: // Nothing to display break; case SEPARATEGROUPS: if ($canmanagegroups) { // Displays all groups because of super rights $groupsarray = groups_get_all_groups($this->instance->pageid); } else { // Display only links for groups in which the user is member $groupsarray = groups_get_all_groups($this->instance->pageid, $USER->id); } break; case VISIBLEGROUPS: // Display a link for all groups $groupsarray = groups_get_all_groups($this->instance->pageid); break; } // Displays group links if user in a group. if (is_array($groupsarray)) { foreach ($groupsarray as $groupid => $value) { $this->content->items[] = "<a title=\"" . get_string('msgfilemanagergroup', 'block_file_manager') . "\" href=\"{$CFG->wwwroot}/blocks/file_manager/view.php?id={$this->instance->pageid}&groupid={$groupid}\">" . groups_get_group_name($groupid) . "</a>"; $this->content->icons[] = "<img src=\"{$CFG->pixpath}/i/files.gif\" alt=\"\" />"; } } }
/** * Run synchronization process * * @param progress_trace $trace * @param int|null $courseid or null for all courses * @return void */ function local_metagroups_sync(progress_trace $trace, $courseid = null) { global $DB; if ($courseid !== null) { $courseids = array($courseid); } else { $courseids = local_metagroups_parent_courses(); } foreach (array_unique($courseids) as $courseid) { $parent = get_course($courseid); // If parent course doesn't use groups, we can skip synchronization. if (groups_get_course_groupmode($parent) == NOGROUPS) { continue; } $trace->output($parent->fullname, 1); $children = local_metagroups_child_courses($parent->id); foreach ($children as $childid) { $child = get_course($childid); $trace->output($child->fullname, 2); $groups = groups_get_all_groups($child->id); foreach ($groups as $group) { if (!($metagroup = $DB->get_record('groups', array('courseid' => $parent->id, 'idnumber' => $group->id)))) { $metagroup = new stdClass(); $metagroup->courseid = $parent->id; $metagroup->idnumber = $group->id; $metagroup->name = $group->name; $metagroup->id = groups_create_group($metagroup, false, false); } $trace->output($metagroup->name, 3); $users = groups_get_members($group->id); foreach ($users as $user) { groups_add_member($metagroup->id, $user->id, 'local_metagroups', $group->id); } } } } }
/** * Get course participants details * * @param int $courseid course id * @param array $options options { * 'name' => option name * 'value' => option value * } * @return array An array of users */ public static function get_enrolled_users($courseid, $options = array()) { global $CFG, $USER, $DB; require_once $CFG->dirroot . "/user/lib.php"; $params = self::validate_parameters(self::get_enrolled_users_parameters(), array('courseid' => $courseid, 'options' => $options)); $withcapability = ''; $groupid = 0; $onlyactive = false; $userfields = array(); $limitfrom = 0; $limitnumber = 0; $sortby = 'us.id'; $sortparams = array(); $sortdirection = 'ASC'; foreach ($options as $option) { switch ($option['name']) { case 'withcapability': $withcapability = $option['value']; break; case 'groupid': $groupid = (int) $option['value']; break; case 'onlyactive': $onlyactive = !empty($option['value']); break; case 'userfields': $thefields = explode(',', $option['value']); foreach ($thefields as $f) { $userfields[] = clean_param($f, PARAM_ALPHANUMEXT); } break; case 'limitfrom': $limitfrom = clean_param($option['value'], PARAM_INT); break; case 'limitnumber': $limitnumber = clean_param($option['value'], PARAM_INT); break; case 'sortby': $sortallowedvalues = array('id', 'firstname', 'lastname', 'siteorder'); if (!in_array($option['value'], $sortallowedvalues)) { throw new invalid_parameter_exception('Invalid value for sortby parameter (value: ' . $option['value'] . '),' . 'allowed values are: ' . implode(',', $sortallowedvalues)); } if ($option['value'] == 'siteorder') { list($sortby, $sortparams) = users_order_by_sql('us'); } else { $sortby = 'us.' . $option['value']; } break; case 'sortdirection': $sortdirection = strtoupper($option['value']); $directionallowedvalues = array('ASC', 'DESC'); if (!in_array($sortdirection, $directionallowedvalues)) { throw new invalid_parameter_exception('Invalid value for sortdirection parameter (value: ' . $sortdirection . '),' . 'allowed values are: ' . implode(',', $directionallowedvalues)); } break; } } $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST); $coursecontext = context_course::instance($courseid, IGNORE_MISSING); if ($courseid == SITEID) { $context = context_system::instance(); } else { $context = $coursecontext; } try { self::validate_context($context); } catch (Exception $e) { $exceptionparam = new stdClass(); $exceptionparam->message = $e->getMessage(); $exceptionparam->courseid = $params['courseid']; throw new moodle_exception('errorcoursecontextnotvalid', 'webservice', '', $exceptionparam); } if ($courseid == SITEID) { require_capability('moodle/site:viewparticipants', $context); } else { require_capability('moodle/course:viewparticipants', $context); } // to overwrite this parameter, you need role:review capability if ($withcapability) { require_capability('moodle/role:review', $coursecontext); } // need accessallgroups capability if you want to overwrite this option if (!empty($groupid) && !groups_is_member($groupid)) { require_capability('moodle/site:accessallgroups', $coursecontext); } // to overwrite this option, you need course:enrolereview permission if ($onlyactive) { require_capability('moodle/course:enrolreview', $coursecontext); } list($enrolledsql, $enrolledparams) = get_enrolled_sql($coursecontext, $withcapability, $groupid, $onlyactive); $ctxselect = ', ' . context_helper::get_preload_record_columns_sql('ctx'); $ctxjoin = "LEFT JOIN {context} ctx ON (ctx.instanceid = u.id AND ctx.contextlevel = :contextlevel)"; $enrolledparams['contextlevel'] = CONTEXT_USER; $groupjoin = ''; if (empty($groupid) && groups_get_course_groupmode($course) == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $coursecontext)) { // Filter by groups the user can view. $usergroups = groups_get_user_groups($course->id); if (!empty($usergroups['0'])) { list($groupsql, $groupparams) = $DB->get_in_or_equal($usergroups['0'], SQL_PARAMS_NAMED); $groupjoin = "JOIN {groups_members} gm ON (u.id = gm.userid AND gm.groupid {$groupsql})"; $enrolledparams = array_merge($enrolledparams, $groupparams); } else { // User doesn't belong to any group, so he can't see any user. Return an empty array. return array(); } } $sql = "SELECT us.*\n FROM {user} us\n JOIN (\n SELECT DISTINCT u.id {$ctxselect}\n FROM {user} u {$ctxjoin} {$groupjoin}\n WHERE u.id IN ({$enrolledsql})\n ) q ON q.id = us.id\n ORDER BY {$sortby} {$sortdirection}"; $enrolledparams = array_merge($enrolledparams, $sortparams); $enrolledusers = $DB->get_recordset_sql($sql, $enrolledparams, $limitfrom, $limitnumber); $users = array(); foreach ($enrolledusers as $user) { context_helper::preload_from_record($user); if ($userdetails = user_get_user_details($user, $course, $userfields)) { $users[] = $userdetails; } } $enrolledusers->close(); return $users; }
/** * Sets up this object's group variables, mainly to restrict the selection of users to display. */ protected function setup_groups() { /// find out current groups mode if ($this->groupmode = groups_get_course_groupmode($this->course)) { $this->currentgroup = groups_get_course_group($this->course, true); $this->group_selector = groups_print_course_menu($this->course, $this->pbarurl, true); if ($this->groupmode == SEPARATEGROUPS and !$this->currentgroup and !has_capability('moodle/site:accessallgroups', $this->context)) { $this->currentgroup = -2; // means can not access any groups at all } if ($this->currentgroup) { $this->groupsql = " JOIN {groups_members} gm ON gm.userid = u.id "; $this->groupwheresql = " AND gm.groupid = :gr_grpid "; $this->groupwheresql_params = array('gr_grpid' => $this->currentgroup); } } }
} else { echo $OUTPUT->header(); $PAGE->navbar->add($struser); echo $OUTPUT->heading(get_string('notenrolledprofile')); } $referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); if (!empty($referer)) { echo $OUTPUT->continue_button($referer); } echo $OUTPUT->footer(); exit; } // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group. // Except when we are a parent, in which case we would not be in any group. if (groups_get_course_groupmode($course) == SEPARATEGROUPS and $course->groupmodeforce and !has_capability('moodle/site:accessallgroups', $coursecontext) and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id) and !$isparent) { if (!isloggedin() or isguestuser()) { // Do not use require_login() here because we might have already used require_login($course). redirect(get_login_url()); } $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name')); $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name')); if (!array_intersect($mygroups, $usergroups)) { print_error("groupnotamember", '', "../course/view.php?id=$course->id"); } } }
echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); } else { echo $OUTPUT->header(); $PAGE->navbar->add($struser); echo $OUTPUT->heading(get_string('notenrolledprofile')); } if (!empty($_SERVER['HTTP_REFERER'])) { echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']); } echo $OUTPUT->footer(); exit; } // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group if (groups_get_course_groupmode($course) == SEPARATEGROUPS and $course->groupmodeforce and !has_capability('moodle/site:accessallgroups', $coursecontext) and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) { if (!isloggedin() or isguestuser()) { // do not use require_login() here because we might have already used require_login($course) redirect(get_login_url()); } $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name')); $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name')); if (!array_intersect($mygroups, $usergroups)) { print_error("groupnotamember", '', "../course/view.php?id=$course->id"); } } } /// We've established they can see the user's name at least, so what about the rest?
$PAGE->navbar->add($fullname); echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); } else { echo $OUTPUT->header(); $PAGE->navbar->add($struser); echo $OUTPUT->heading(get_string('notenrolledprofile')); } if (!empty($_SERVER['HTTP_REFERER'])) { echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']); } echo $OUTPUT->footer(); exit; } // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group if (groups_get_course_groupmode($course) == SEPARATEGROUPS and $course->groupmodeforce and !has_capability('moodle/site:accessallgroups', $coursecontext) and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) { if (!isloggedin() or isguestuser()) { // do not use require_login() here because we might have already used require_login($course) redirect(get_login_url()); } $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name')); $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name')); if (!array_intersect($mygroups, $usergroups)) { print_error("groupnotamember", '', "../course/view.php?id={$course->id}"); } } } /// We've established they can see the user's name at least, so what about the rest? if (!$currentuser) { $PAGE->navigation->extend_for_user($user); if ($node = $PAGE->settingsnav->get('userviewingsettings' . $user->id)) {
/** * This function gets called by {@link settings_navigation::load_user_settings()} and actually works out * what can be shown/done * * @param int $courseid The current course' id * @param int $userid The user id to load for * @param string $gstitle The string to pass to get_string for the branch title * @return navigation_node|false */ protected function generate_user_settings($courseid, $userid, $gstitle = 'usercurrentsettings') { global $DB, $CFG, $USER, $SITE; if ($courseid != $SITE->id) { if (!empty($this->page->course->id) && $this->page->course->id == $courseid) { $course = $this->page->course; } else { $select = context_helper::get_preload_record_columns_sql('ctx'); $sql = "SELECT c.*, {$select}\n FROM {course} c\n JOIN {context} ctx ON c.id = ctx.instanceid\n WHERE c.id = :courseid AND ctx.contextlevel = :contextlevel"; $params = array('courseid' => $courseid, 'contextlevel' => CONTEXT_COURSE); $course = $DB->get_record_sql($sql, $params, MUST_EXIST); context_helper::preload_from_record($course); } } else { $course = $SITE; } $coursecontext = context_course::instance($course->id); // Course context $systemcontext = context_system::instance(); $currentuser = $USER->id == $userid; if ($currentuser) { $user = $USER; $usercontext = context_user::instance($user->id); // User context } else { $select = context_helper::get_preload_record_columns_sql('ctx'); $sql = "SELECT u.*, {$select}\n FROM {user} u\n JOIN {context} ctx ON u.id = ctx.instanceid\n WHERE u.id = :userid AND ctx.contextlevel = :contextlevel"; $params = array('userid' => $userid, 'contextlevel' => CONTEXT_USER); $user = $DB->get_record_sql($sql, $params, IGNORE_MISSING); if (!$user) { return false; } context_helper::preload_from_record($user); // Check that the user can view the profile $usercontext = context_user::instance($user->id); // User context $canviewuser = has_capability('moodle/user:viewdetails', $usercontext); if ($course->id == $SITE->id) { if ($CFG->forceloginforprofiles && !has_coursecontact_role($user->id) && !$canviewuser) { // Reduce possibility of "browsing" userbase at site level // Teachers can browse and be browsed at site level. If not forceloginforprofiles, allow access (bug #4366) return false; } } else { $canviewusercourse = has_capability('moodle/user:viewdetails', $coursecontext); $userisenrolled = is_enrolled($coursecontext, $user->id, '', true); if (!$canviewusercourse && !$canviewuser || !$userisenrolled) { return false; } $canaccessallgroups = has_capability('moodle/site:accessallgroups', $coursecontext); if (!$canaccessallgroups && groups_get_course_groupmode($course) == SEPARATEGROUPS && !$canviewuser) { // If groups are in use, make sure we can see that group (MDL-45874). That does not apply to parents. if ($courseid == $this->page->course->id) { $mygroups = get_fast_modinfo($this->page->course)->groups; } else { $mygroups = groups_get_user_groups($courseid); } $usergroups = groups_get_user_groups($courseid, $userid); if (!array_intersect_key($mygroups[0], $usergroups[0])) { return false; } } } } $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $this->page->context)); $key = $gstitle; $prefurl = new moodle_url('/user/preferences.php'); if ($gstitle != 'usercurrentsettings') { $key .= $userid; $prefurl->param('userid', $userid); } // Add a user setting branch. if ($gstitle == 'usercurrentsettings') { $dashboard = $this->add(get_string('myhome'), new moodle_url('/my/'), self::TYPE_CONTAINER, null, 'dashboard'); // This should be set to false as we don't want to show this to the user. It's only for generating the correct // breadcrumb. $dashboard->display = false; if (get_home_page() == HOMEPAGE_MY) { $dashboard->mainnavonly = true; } $iscurrentuser = $user->id == $USER->id; $baseargs = array('id' => $user->id); if ($course->id != $SITE->id && !$iscurrentuser) { $baseargs['course'] = $course->id; $issitecourse = false; } else { // Load all categories and get the context for the system. $issitecourse = true; } // Add the user profile to the dashboard. $profilenode = $dashboard->add(get_string('profile'), new moodle_url('/user/profile.php', array('id' => $user->id)), self::TYPE_SETTING, null, 'myprofile'); if (!empty($CFG->navadduserpostslinks)) { // Add nodes for forum posts and discussions if the user can view either or both // There are no capability checks here as the content of the page is based // purely on the forums the current user has access too. $forumtab = $profilenode->add(get_string('forumposts', 'forum')); $forumtab->add(get_string('posts', 'forum'), new moodle_url('/mod/forum/user.php', $baseargs), null, 'myposts'); $forumtab->add(get_string('discussions', 'forum'), new moodle_url('/mod/forum/user.php', array_merge($baseargs, array('mode' => 'discussions'))), null, 'mydiscussions'); } // Add blog nodes. if (!empty($CFG->enableblogs)) { if (!$this->cache->cached('userblogoptions' . $user->id)) { require_once $CFG->dirroot . '/blog/lib.php'; // Get all options for the user. $options = blog_get_options_for_user($user); $this->cache->set('userblogoptions' . $user->id, $options); } else { $options = $this->cache->{'userblogoptions' . $user->id}; } if (count($options) > 0) { $blogs = $profilenode->add(get_string('blogs', 'blog'), null, navigation_node::TYPE_CONTAINER); foreach ($options as $type => $option) { if ($type == "rss") { $blogs->add($option['string'], $option['link'], self::TYPE_SETTING, null, null, new pix_icon('i/rss', '')); } else { $blogs->add($option['string'], $option['link'], self::TYPE_SETTING, null, 'blog' . $type); } } } } // Add the messages link. // It is context based so can appear in the user's profile and in course participants information. if (!empty($CFG->messaging)) { $messageargs = array('user1' => $USER->id); if ($USER->id != $user->id) { $messageargs['user2'] = $user->id; } if ($course->id != $SITE->id) { $messageargs['viewing'] = MESSAGE_VIEW_COURSE . $course->id; } $url = new moodle_url('/message/index.php', $messageargs); $dashboard->add(get_string('messages', 'message'), $url, self::TYPE_SETTING, null, 'messages'); } // Add the "My private files" link. // This link doesn't have a unique display for course context so only display it under the user's profile. if ($issitecourse && $iscurrentuser && has_capability('moodle/user:manageownfiles', $usercontext)) { $url = new moodle_url('/user/files.php'); $dashboard->add(get_string('privatefiles'), $url, self::TYPE_SETTING); } // Add a node to view the users notes if permitted. if (!empty($CFG->enablenotes) && has_any_capability(array('moodle/notes:manage', 'moodle/notes:view'), $coursecontext)) { $url = new moodle_url('/notes/index.php', array('user' => $user->id)); if ($coursecontext->instanceid != SITEID) { $url->param('course', $coursecontext->instanceid); } $profilenode->add(get_string('notes', 'notes'), $url); } // Show the grades node. if ($issitecourse && $iscurrentuser || has_capability('moodle/user:viewdetails', $usercontext)) { require_once $CFG->dirroot . '/user/lib.php'; // Set the grades node to link to the "Grades" page. if ($course->id == SITEID) { $url = user_mygrades_url($user->id, $course->id); } else { // Otherwise we are in a course and should redirect to the user grade report (Activity report version). $url = new moodle_url('/course/user.php', array('mode' => 'grade', 'id' => $course->id, 'user' => $user->id)); } $dashboard->add(get_string('grades', 'grades'), $url, self::TYPE_SETTING, null, 'mygrades'); } // Let plugins hook into user navigation. $pluginsfunction = get_plugins_with_function('extend_navigation_user', 'lib.php'); foreach ($pluginsfunction as $plugintype => $plugins) { if ($plugintype != 'report') { foreach ($plugins as $pluginfunction) { $pluginfunction($profilenode, $user, $usercontext, $course, $coursecontext); } } } $usersetting = navigation_node::create(get_string('preferences', 'moodle'), $prefurl, self::TYPE_CONTAINER, null, $key); $dashboard->add_node($usersetting); } else { $usersetting = $this->add(get_string('preferences', 'moodle'), $prefurl, self::TYPE_CONTAINER, null, $key); $usersetting->display = false; } $usersetting->id = 'usersettings'; // Check if the user has been deleted. if ($user->deleted) { if (!has_capability('moodle/user:update', $coursecontext)) { // We can't edit the user so just show the user deleted message. $usersetting->add(get_string('userdeleted'), null, self::TYPE_SETTING); } else { // We can edit the user so show the user deleted message and link it to the profile. if ($course->id == $SITE->id) { $profileurl = new moodle_url('/user/profile.php', array('id' => $user->id)); } else { $profileurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id)); } $usersetting->add(get_string('userdeleted'), $profileurl, self::TYPE_SETTING); } return true; } $userauthplugin = false; if (!empty($user->auth)) { $userauthplugin = get_auth_plugin($user->auth); } $useraccount = $usersetting->add(get_string('useraccount'), null, self::TYPE_CONTAINER, null, 'useraccount'); // Add the profile edit link. if (isloggedin() && !isguestuser($user) && !is_mnet_remote_user($user)) { if (($currentuser || is_siteadmin($USER) || !is_siteadmin($user)) && has_capability('moodle/user:update', $systemcontext)) { $url = new moodle_url('/user/editadvanced.php', array('id' => $user->id, 'course' => $course->id)); $useraccount->add(get_string('editmyprofile'), $url, self::TYPE_SETTING); } else { if (has_capability('moodle/user:editprofile', $usercontext) && !is_siteadmin($user) || $currentuser && has_capability('moodle/user:editownprofile', $systemcontext)) { if ($userauthplugin && $userauthplugin->can_edit_profile()) { $url = $userauthplugin->edit_profile_url(); if (empty($url)) { $url = new moodle_url('/user/edit.php', array('id' => $user->id, 'course' => $course->id)); } $useraccount->add(get_string('editmyprofile'), $url, self::TYPE_SETTING); } } } } // Change password link. if ($userauthplugin && $currentuser && !\core\session\manager::is_loggedinas() && !isguestuser() && has_capability('moodle/user:changeownpassword', $systemcontext) && $userauthplugin->can_change_password()) { $passwordchangeurl = $userauthplugin->change_password_url(); if (empty($passwordchangeurl)) { $passwordchangeurl = new moodle_url('/login/change_password.php', array('id' => $course->id)); } $useraccount->add(get_string("changepassword"), $passwordchangeurl, self::TYPE_SETTING, null, 'changepassword'); } if (isloggedin() && !isguestuser($user) && !is_mnet_remote_user($user)) { if ($currentuser && has_capability('moodle/user:editownprofile', $systemcontext) || has_capability('moodle/user:editprofile', $usercontext)) { $url = new moodle_url('/user/language.php', array('id' => $user->id, 'course' => $course->id)); $useraccount->add(get_string('preferredlanguage'), $url, self::TYPE_SETTING, null, 'preferredlanguage'); } } $pluginmanager = core_plugin_manager::instance(); $enabled = $pluginmanager->get_enabled_plugins('mod'); if (isset($enabled['forum']) && isloggedin() && !isguestuser($user) && !is_mnet_remote_user($user)) { if ($currentuser && has_capability('moodle/user:editownprofile', $systemcontext) || has_capability('moodle/user:editprofile', $usercontext)) { $url = new moodle_url('/user/forum.php', array('id' => $user->id, 'course' => $course->id)); $useraccount->add(get_string('forumpreferences'), $url, self::TYPE_SETTING); } } $editors = editors_get_enabled(); if (count($editors) > 1) { if (isloggedin() && !isguestuser($user) && !is_mnet_remote_user($user)) { if ($currentuser && has_capability('moodle/user:editownprofile', $systemcontext) || has_capability('moodle/user:editprofile', $usercontext)) { $url = new moodle_url('/user/editor.php', array('id' => $user->id, 'course' => $course->id)); $useraccount->add(get_string('editorpreferences'), $url, self::TYPE_SETTING); } } } // Add "Course preferences" link. if (isloggedin() && !isguestuser($user)) { if ($currentuser && has_capability('moodle/user:editownprofile', $systemcontext) || has_capability('moodle/user:editprofile', $usercontext)) { $url = new moodle_url('/user/course.php', array('id' => $user->id, 'course' => $course->id)); $useraccount->add(get_string('coursepreferences'), $url, self::TYPE_SETTING, null, 'coursepreferences'); } } // View the roles settings. if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'), $usercontext)) { $roles = $usersetting->add(get_string('roles'), null, self::TYPE_SETTING); $url = new moodle_url('/admin/roles/usersroles.php', array('userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('thisusersroles', 'role'), $url, self::TYPE_SETTING); $assignableroles = get_assignable_roles($usercontext, ROLENAME_BOTH); if (!empty($assignableroles)) { $url = new moodle_url('/admin/roles/assign.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('assignrolesrelativetothisuser', 'role'), $url, self::TYPE_SETTING); } if (has_capability('moodle/role:review', $usercontext) || count(get_overridable_roles($usercontext, ROLENAME_BOTH)) > 0) { $url = new moodle_url('/admin/roles/permissions.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('permissions', 'role'), $url, self::TYPE_SETTING); } $url = new moodle_url('/admin/roles/check.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('checkpermissions', 'role'), $url, self::TYPE_SETTING); } // Repositories. if (!$this->cache->cached('contexthasrepos' . $usercontext->id)) { require_once $CFG->dirroot . '/repository/lib.php'; $editabletypes = repository::get_editable_types($usercontext); $haseditabletypes = !empty($editabletypes); unset($editabletypes); $this->cache->set('contexthasrepos' . $usercontext->id, $haseditabletypes); } else { $haseditabletypes = $this->cache->{'contexthasrepos' . $usercontext->id}; } if ($haseditabletypes) { $repositories = $usersetting->add(get_string('repositories', 'repository'), null, self::TYPE_SETTING); $repositories->add(get_string('manageinstances', 'repository'), new moodle_url('/repository/manage_instances.php', array('contextid' => $usercontext->id))); } // Portfolio. if ($currentuser && !empty($CFG->enableportfolios) && has_capability('moodle/portfolio:export', $systemcontext)) { require_once $CFG->libdir . '/portfoliolib.php'; if (portfolio_has_visible_instances()) { $portfolio = $usersetting->add(get_string('portfolios', 'portfolio'), null, self::TYPE_SETTING); $url = new moodle_url('/user/portfolio.php', array('courseid' => $course->id)); $portfolio->add(get_string('configure', 'portfolio'), $url, self::TYPE_SETTING); $url = new moodle_url('/user/portfoliologs.php', array('courseid' => $course->id)); $portfolio->add(get_string('logs', 'portfolio'), $url, self::TYPE_SETTING); } } $enablemanagetokens = false; if (!empty($CFG->enablerssfeeds)) { $enablemanagetokens = true; } else { if (!is_siteadmin($USER->id) && !empty($CFG->enablewebservices) && has_capability('moodle/webservice:createtoken', context_system::instance())) { $enablemanagetokens = true; } } // Security keys. if ($currentuser && $enablemanagetokens) { $url = new moodle_url('/user/managetoken.php', array('sesskey' => sesskey())); $useraccount->add(get_string('securitykeys', 'webservice'), $url, self::TYPE_SETTING); } // Messaging. if ($currentuser && has_capability('moodle/user:editownmessageprofile', $systemcontext) || !isguestuser($user) && has_capability('moodle/user:editmessageprofile', $usercontext) && !is_primary_admin($user->id)) { $url = new moodle_url('/message/edit.php', array('id' => $user->id)); $useraccount->add(get_string('messaging', 'message'), $url, self::TYPE_SETTING); } // Blogs. if ($currentuser && !empty($CFG->enableblogs)) { $blog = $usersetting->add(get_string('blogs', 'blog'), null, navigation_node::TYPE_CONTAINER, null, 'blogs'); if (has_capability('moodle/blog:view', $systemcontext)) { $blog->add(get_string('preferences', 'blog'), new moodle_url('/blog/preferences.php'), navigation_node::TYPE_SETTING); } if (!empty($CFG->useexternalblogs) && $CFG->maxexternalblogsperuser > 0 && has_capability('moodle/blog:manageexternal', $systemcontext)) { $blog->add(get_string('externalblogs', 'blog'), new moodle_url('/blog/external_blogs.php'), navigation_node::TYPE_SETTING); $blog->add(get_string('addnewexternalblog', 'blog'), new moodle_url('/blog/external_blog_edit.php'), navigation_node::TYPE_SETTING); } // Remove the blog node if empty. $blog->trim_if_empty(); } // Badges. if ($currentuser && !empty($CFG->enablebadges)) { $badges = $usersetting->add(get_string('badges'), null, navigation_node::TYPE_CONTAINER, null, 'badges'); if (has_capability('moodle/badges:manageownbadges', $usercontext)) { $url = new moodle_url('/badges/mybadges.php'); $badges->add(get_string('managebadges', 'badges'), $url, self::TYPE_SETTING); } $badges->add(get_string('preferences', 'badges'), new moodle_url('/badges/preferences.php'), navigation_node::TYPE_SETTING); if (!empty($CFG->badges_allowexternalbackpack)) { $badges->add(get_string('backpackdetails', 'badges'), new moodle_url('/badges/mybackpack.php'), navigation_node::TYPE_SETTING); } } // Let plugins hook into user settings navigation. $pluginsfunction = get_plugins_with_function('extend_navigation_user_settings', 'lib.php'); foreach ($pluginsfunction as $plugintype => $plugins) { foreach ($plugins as $pluginfunction) { $pluginfunction($usersetting, $user, $usercontext, $course, $coursecontext); } } return $usersetting; }
/** * Print groupmode form element on module setup forms in mod/.../mod.html */ function print_groupmode_setting($form, $course = NULL) { if (empty($course)) { if (!($course = get_record('course', 'id', $form->course))) { error("This course doesn't exist"); } } if ($form->coursemodule) { if (!($cm = get_record('course_modules', 'id', $form->coursemodule))) { error("This course module doesn't exist"); } $groupmode = groups_get_activity_groupmode($cm); } else { $cm = null; $groupmode = groups_get_course_groupmode($course); } if ($course->groupmode or !$course->groupmodeforce) { echo '<tr valign="top">'; echo '<td align="right"><b>' . get_string('groupmode') . ':</b></td>'; echo '<td align="left">'; $choices = array(); $choices[NOGROUPS] = get_string('groupsnone'); $choices[SEPARATEGROUPS] = get_string('groupsseparate'); $choices[VISIBLEGROUPS] = get_string('groupsvisible'); choose_from_menu($choices, 'groupmode', $groupmode, '', '', 0, false, $course->groupmodeforce); helpbutton('groupmode', get_string('groupmode')); echo '</td></tr>'; } }
/** * This function delegates file serving to individual plugins * * @param string $relativepath * @param bool $forcedownload * @param null|string $preview the preview mode, defaults to serving the original file * @todo MDL-31088 file serving improments */ function file_pluginfile($relativepath, $forcedownload, $preview = null) { global $DB, $CFG, $USER; // relative path must start with '/' if (!$relativepath) { print_error('invalidargorconf'); } else { if ($relativepath[0] != '/') { print_error('pathdoesnotstartslash'); } } // extract relative path components $args = explode('/', ltrim($relativepath, '/')); if (count($args) < 3) { // always at least context, component and filearea print_error('invalidarguments'); } $contextid = (int) array_shift($args); $component = clean_param(array_shift($args), PARAM_COMPONENT); $filearea = clean_param(array_shift($args), PARAM_AREA); list($context, $course, $cm) = get_context_info_array($contextid); $fs = get_file_storage(); // ======================================================================================================================== if ($component === 'blog') { // Blog file serving if ($context->contextlevel != CONTEXT_SYSTEM) { send_file_not_found(); } if ($filearea !== 'attachment' and $filearea !== 'post') { send_file_not_found(); } if (empty($CFG->enableblogs)) { print_error('siteblogdisable', 'blog'); } $entryid = (int) array_shift($args); if (!($entry = $DB->get_record('post', array('module' => 'blog', 'id' => $entryid)))) { send_file_not_found(); } if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { require_login(); if (isguestuser()) { print_error('noguest'); } if ($CFG->bloglevel == BLOG_USER_LEVEL) { if ($USER->id != $entry->userid) { send_file_not_found(); } } } if ($entry->publishstate === 'public') { if ($CFG->forcelogin) { require_login(); } } else { if ($entry->publishstate === 'site') { require_login(); //ok } else { if ($entry->publishstate === 'draft') { require_login(); if ($USER->id != $entry->userid) { send_file_not_found(); } } } } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, $component, $filearea, $entryid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } send_stored_file($file, 10 * 60, 0, true, array('preview' => $preview)); // download MUST be forced - security! // ======================================================================================================================== } else { if ($component === 'grade') { if (($filearea === 'outcome' or $filearea === 'scale') and $context->contextlevel == CONTEXT_SYSTEM) { // Global gradebook files if ($CFG->forcelogin) { require_login(); } $fullpath = "/{$context->id}/{$component}/{$filearea}/" . implode('/', $args); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'feedback' and $context->contextlevel == CONTEXT_COURSE) { //TODO: nobody implemented this yet in grade edit form!! send_file_not_found(); if ($CFG->forcelogin || $course->id != SITEID) { require_login($course); } $fullpath = "/{$context->id}/{$component}/{$filearea}/" . implode('/', $args); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { send_file_not_found(); } } // ======================================================================================================================== } else { if ($component === 'tag') { if ($filearea === 'description' and $context->contextlevel == CONTEXT_SYSTEM) { // All tag descriptions are going to be public but we still need to respect forcelogin if ($CFG->forcelogin) { require_login(); } $fullpath = "/{$context->id}/tag/description/" . implode('/', $args); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, true, array('preview' => $preview)); } else { send_file_not_found(); } // ======================================================================================================================== } else { if ($component === 'badges') { require_once $CFG->libdir . '/badgeslib.php'; $badgeid = (int) array_shift($args); $badge = new badge($badgeid); $filename = array_pop($args); if ($filearea === 'badgeimage') { if ($filename !== 'f1' && $filename !== 'f2') { send_file_not_found(); } if (!($file = $fs->get_file($context->id, 'badges', 'badgeimage', $badge->id, '/', $filename . '.png'))) { send_file_not_found(); } \core\session\manager::write_close(); send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'userbadge' and $context->contextlevel == CONTEXT_USER) { if (!($file = $fs->get_file($context->id, 'badges', 'userbadge', $badge->id, '/', $filename . '.png'))) { send_file_not_found(); } \core\session\manager::write_close(); send_stored_file($file, 60 * 60, 0, true, array('preview' => $preview)); } } // ======================================================================================================================== } else { if ($component === 'calendar') { if ($filearea === 'event_description' and $context->contextlevel == CONTEXT_SYSTEM) { // All events here are public the one requirement is that we respect forcelogin if ($CFG->forcelogin) { require_login(); } // Get the event if from the args array $eventid = array_shift($args); // Load the event from the database if (!($event = $DB->get_record('event', array('id' => (int) $eventid, 'eventtype' => 'site')))) { send_file_not_found(); } // Get the file and serve if successful $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, $component, $filearea, $eventid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'event_description' and $context->contextlevel == CONTEXT_USER) { // Must be logged in, if they are not then they obviously can't be this user require_login(); // Don't want guests here, potentially saves a DB call if (isguestuser()) { send_file_not_found(); } // Get the event if from the args array $eventid = array_shift($args); // Load the event from the database - user id must match if (!($event = $DB->get_record('event', array('id' => (int) $eventid, 'userid' => $USER->id, 'eventtype' => 'user')))) { send_file_not_found(); } // Get the file and serve if successful $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, $component, $filearea, $eventid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, true, array('preview' => $preview)); } else { if ($filearea === 'event_description' and $context->contextlevel == CONTEXT_COURSE) { // Respect forcelogin and require login unless this is the site.... it probably // should NEVER be the site if ($CFG->forcelogin || $course->id != SITEID) { require_login($course); } // Must be able to at least view the course. This does not apply to the front page. if ($course->id != SITEID && !is_enrolled($context) && !is_viewing($context)) { //TODO: hmm, do we really want to block guests here? send_file_not_found(); } // Get the event id $eventid = array_shift($args); // Load the event from the database we need to check whether it is // a) valid course event // b) a group event // Group events use the course context (there is no group context) if (!($event = $DB->get_record('event', array('id' => (int) $eventid, 'courseid' => $course->id)))) { send_file_not_found(); } // If its a group event require either membership of view all groups capability if ($event->eventtype === 'group') { if (!has_capability('moodle/site:accessallgroups', $context) && !groups_is_member($event->groupid, $USER->id)) { send_file_not_found(); } } else { if ($event->eventtype === 'course' || $event->eventtype === 'site') { // Ok. Please note that the event type 'site' still uses a course context. } else { // Some other type. send_file_not_found(); } } // If we get this far we can serve the file $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, $component, $filearea, $eventid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { send_file_not_found(); } } } // ======================================================================================================================== } else { if ($component === 'user') { if ($filearea === 'icon' and $context->contextlevel == CONTEXT_USER) { if (count($args) == 1) { $themename = theme_config::DEFAULT_THEME; $filename = array_shift($args); } else { $themename = array_shift($args); $filename = array_shift($args); } // fix file name automatically if ($filename !== 'f1' and $filename !== 'f2' and $filename !== 'f3') { $filename = 'f1'; } if ((!empty($CFG->forcelogin) and !isloggedin()) || !empty($CFG->forceloginforprofileimage) && (!isloggedin() || isguestuser())) { // protect images if login required and not logged in; // also if login is required for profile images and is not logged in or guest // do not use require_login() because it is expensive and not suitable here anyway $theme = theme_config::load($themename); redirect($theme->pix_url('u/' . $filename, 'moodle')); // intentionally not cached } if (!($file = $fs->get_file($context->id, 'user', 'icon', 0, '/', $filename . '.png'))) { if (!($file = $fs->get_file($context->id, 'user', 'icon', 0, '/', $filename . '.jpg'))) { if ($filename === 'f3') { // f3 512x512px was introduced in 2.3, there might be only the smaller version. if (!($file = $fs->get_file($context->id, 'user', 'icon', 0, '/', 'f1.png'))) { $file = $fs->get_file($context->id, 'user', 'icon', 0, '/', 'f1.jpg'); } } } } if (!$file) { // bad reference - try to prevent future retries as hard as possible! if ($user = $DB->get_record('user', array('id' => $context->instanceid), 'id, picture')) { if ($user->picture > 0) { $DB->set_field('user', 'picture', 0, array('id' => $user->id)); } } // no redirect here because it is not cached $theme = theme_config::load($themename); $imagefile = $theme->resolve_image_location('u/' . $filename, 'moodle', null); send_file($imagefile, basename($imagefile), 60 * 60 * 24 * 14); } $options = array('preview' => $preview); if (empty($CFG->forcelogin) && empty($CFG->forceloginforprofileimage)) { // Profile images should be cache-able by both browsers and proxies according // to $CFG->forcelogin and $CFG->forceloginforprofileimage. $options['cacheability'] = 'public'; } send_stored_file($file, 60 * 60 * 24 * 365, 0, false, $options); // enable long caching, there are many images on each page } else { if ($filearea === 'private' and $context->contextlevel == CONTEXT_USER) { require_login(); if (isguestuser()) { send_file_not_found(); } if ($USER->id !== $context->instanceid) { send_file_not_found(); } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, $component, $filearea, 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, true, array('preview' => $preview)); // must force download - security! } else { if ($filearea === 'profile' and $context->contextlevel == CONTEXT_USER) { if ($CFG->forcelogin) { require_login(); } $userid = $context->instanceid; if ($USER->id == $userid) { // always can access own } else { if (!empty($CFG->forceloginforprofiles)) { require_login(); if (isguestuser()) { send_file_not_found(); } // we allow access to site profile of all course contacts (usually teachers) if (!has_coursecontact_role($userid) && !has_capability('moodle/user:viewdetails', $context)) { send_file_not_found(); } $canview = false; if (has_capability('moodle/user:viewdetails', $context)) { $canview = true; } else { $courses = enrol_get_my_courses(); } while (!$canview && count($courses) > 0) { $course = array_shift($courses); if (has_capability('moodle/user:viewdetails', context_course::instance($course->id))) { $canview = true; } } } } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, $component, $filearea, 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, true, array('preview' => $preview)); // must force download - security! } else { if ($filearea === 'profile' and $context->contextlevel == CONTEXT_COURSE) { $userid = (int) array_shift($args); $usercontext = context_user::instance($userid); if ($CFG->forcelogin) { require_login(); } if (!empty($CFG->forceloginforprofiles)) { require_login(); if (isguestuser()) { print_error('noguest'); } //TODO: review this logic of user profile access prevention if (!has_coursecontact_role($userid) and !has_capability('moodle/user:viewdetails', $usercontext)) { print_error('usernotavailable'); } if (!has_capability('moodle/user:viewdetails', $context) && !has_capability('moodle/user:viewdetails', $usercontext)) { print_error('cannotviewprofile'); } if (!is_enrolled($context, $userid)) { print_error('notenrolledprofile'); } if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { print_error('groupnotamember'); } } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($usercontext->id, 'user', 'profile', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, true, array('preview' => $preview)); // must force download - security! } else { if ($filearea === 'backup' and $context->contextlevel == CONTEXT_USER) { require_login(); if (isguestuser()) { send_file_not_found(); } $userid = $context->instanceid; if ($USER->id != $userid) { send_file_not_found(); } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'user', 'backup', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, true, array('preview' => $preview)); // must force download - security! } else { send_file_not_found(); } } } } } // ======================================================================================================================== } else { if ($component === 'coursecat') { if ($context->contextlevel != CONTEXT_COURSECAT) { send_file_not_found(); } if ($filearea === 'description') { if ($CFG->forcelogin) { // no login necessary - unless login forced everywhere require_login(); } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'coursecat', 'description', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { send_file_not_found(); } // ======================================================================================================================== } else { if ($component === 'course') { if ($context->contextlevel != CONTEXT_COURSE) { send_file_not_found(); } if ($filearea === 'summary' || $filearea === 'overviewfiles') { if ($CFG->forcelogin) { require_login(); } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'course', $filearea, 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'section') { if ($CFG->forcelogin) { require_login($course); } else { if ($course->id != SITEID) { require_login($course); } } $sectionid = (int) array_shift($args); if (!($section = $DB->get_record('course_sections', array('id' => $sectionid, 'course' => $course->id)))) { send_file_not_found(); } $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'course', 'section', $sectionid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { send_file_not_found(); } } } else { if ($component === 'cohort') { $cohortid = (int) array_shift($args); $cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST); $cohortcontext = context::instance_by_id($cohort->contextid); // The context in the file URL must be either cohort context or context of the course underneath the cohort's context. if ($context->id != $cohort->contextid && ($context->contextlevel != CONTEXT_COURSE || !in_array($cohort->contextid, $context->get_parent_context_ids()))) { send_file_not_found(); } // User is able to access cohort if they have view cap on cohort level or // the cohort is visible and they have view cap on course level. $canview = has_capability('moodle/cohort:view', $cohortcontext) || $cohort->visible && has_capability('moodle/cohort:view', $context); if ($filearea === 'description' && $canview) { $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (($file = $fs->get_file($cohortcontext->id, 'cohort', 'description', $cohort->id, $filepath, $filename)) && !$file->is_directory()) { \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } } send_file_not_found(); } else { if ($component === 'group') { if ($context->contextlevel != CONTEXT_COURSE) { send_file_not_found(); } require_course_login($course, true, null, false); $groupid = (int) array_shift($args); $group = $DB->get_record('groups', array('id' => $groupid, 'courseid' => $course->id), '*', MUST_EXIST); if ($course->groupmodeforce and $course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context) and !groups_is_member($group->id, $USER->id)) { // do not allow access to separate group info if not member or teacher send_file_not_found(); } if ($filearea === 'description') { require_login($course); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'group', 'description', $group->id, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'icon') { $filename = array_pop($args); if ($filename !== 'f1' and $filename !== 'f2') { send_file_not_found(); } if (!($file = $fs->get_file($context->id, 'group', 'icon', $group->id, '/', $filename . '.png'))) { if (!($file = $fs->get_file($context->id, 'group', 'icon', $group->id, '/', $filename . '.jpg'))) { send_file_not_found(); } } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, false, array('preview' => $preview)); } else { send_file_not_found(); } } } else { if ($component === 'grouping') { if ($context->contextlevel != CONTEXT_COURSE) { send_file_not_found(); } require_login($course); $groupingid = (int) array_shift($args); // note: everybody has access to grouping desc images for now if ($filearea === 'description') { $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'grouping', 'description', $groupingid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { send_file_not_found(); } // ======================================================================================================================== } else { if ($component === 'backup') { if ($filearea === 'course' and $context->contextlevel == CONTEXT_COURSE) { require_login($course); require_capability('moodle/backup:downloadfile', $context); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'backup', 'course', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'section' and $context->contextlevel == CONTEXT_COURSE) { require_login($course); require_capability('moodle/backup:downloadfile', $context); $sectionid = (int) array_shift($args); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'backup', 'section', $sectionid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'activity' and $context->contextlevel == CONTEXT_MODULE) { require_login($course, false, $cm); require_capability('moodle/backup:downloadfile', $context); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'backup', 'activity', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } else { if ($filearea === 'automated' and $context->contextlevel == CONTEXT_COURSE) { // Backup files that were generated by the automated backup systems. require_login($course); require_capability('moodle/site:config', $context); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'backup', 'automated', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 0, 0, $forcedownload, array('preview' => $preview)); } else { send_file_not_found(); } } } } // ======================================================================================================================== } else { if ($component === 'question') { require_once $CFG->libdir . '/questionlib.php'; question_pluginfile($course, $context, 'question', $filearea, $args, $forcedownload); send_file_not_found(); // ======================================================================================================================== } else { if ($component === 'grading') { if ($filearea === 'description') { // files embedded into the form definition description if ($context->contextlevel == CONTEXT_SYSTEM) { require_login(); } else { if ($context->contextlevel >= CONTEXT_COURSE) { require_login($course, false, $cm); } else { send_file_not_found(); } } $formid = (int) array_shift($args); $sql = "SELECT ga.id\n FROM {grading_areas} ga\n JOIN {grading_definitions} gd ON (gd.areaid = ga.id)\n WHERE gd.id = ? AND ga.contextid = ?"; $areaid = $DB->get_field_sql($sql, array($formid, $context->id), IGNORE_MISSING); if (!$areaid) { send_file_not_found(); } $fullpath = "/{$context->id}/{$component}/{$filearea}/{$formid}/" . implode('/', $args); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { send_file_not_found(); } \core\session\manager::write_close(); // Unlock session during file serving. send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview)); } // ======================================================================================================================== } else { if (strpos($component, 'mod_') === 0) { $modname = substr($component, 4); if (!file_exists("{$CFG->dirroot}/mod/{$modname}/lib.php")) { send_file_not_found(); } require_once "{$CFG->dirroot}/mod/{$modname}/lib.php"; if ($context->contextlevel == CONTEXT_MODULE) { if ($cm->modname !== $modname) { // somebody tries to gain illegal access, cm type must match the component! send_file_not_found(); } } if ($filearea === 'intro') { if (!plugin_supports('mod', $modname, FEATURE_MOD_INTRO, true)) { send_file_not_found(); } require_course_login($course, true, $cm); // all users may access it $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'mod_' . $modname, 'intro', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } // finally send the file send_stored_file($file, null, 0, false, array('preview' => $preview)); } $filefunction = $component . '_pluginfile'; $filefunctionold = $modname . '_pluginfile'; if (function_exists($filefunction)) { // if the function exists, it must send the file and terminate. Whatever it returns leads to "not found" $filefunction($course, $cm, $context, $filearea, $args, $forcedownload, array('preview' => $preview)); } else { if (function_exists($filefunctionold)) { // if the function exists, it must send the file and terminate. Whatever it returns leads to "not found" $filefunctionold($course, $cm, $context, $filearea, $args, $forcedownload, array('preview' => $preview)); } } send_file_not_found(); // ======================================================================================================================== } else { if (strpos($component, 'block_') === 0) { $blockname = substr($component, 6); // note: no more class methods in blocks please, that is .... if (!file_exists("{$CFG->dirroot}/blocks/{$blockname}/lib.php")) { send_file_not_found(); } require_once "{$CFG->dirroot}/blocks/{$blockname}/lib.php"; if ($context->contextlevel == CONTEXT_BLOCK) { $birecord = $DB->get_record('block_instances', array('id' => $context->instanceid), '*', MUST_EXIST); if ($birecord->blockname !== $blockname) { // somebody tries to gain illegal access, cm type must match the component! send_file_not_found(); } if ($context->get_course_context(false)) { // If block is in course context, then check if user has capability to access course. require_course_login($course); } else { if ($CFG->forcelogin) { // If user is logged out, bp record will not be visible, even if the user would have access if logged in. require_login(); } } $bprecord = $DB->get_record('block_positions', array('contextid' => $context->id, 'blockinstanceid' => $context->instanceid)); // User can't access file, if block is hidden or doesn't have block:view capability if ($bprecord && !$bprecord->visible || !has_capability('moodle/block:view', $context)) { send_file_not_found(); } } else { $birecord = null; } $filefunction = $component . '_pluginfile'; if (function_exists($filefunction)) { // if the function exists, it must send the file and terminate. Whatever it returns leads to "not found" $filefunction($course, $birecord, $context, $filearea, $args, $forcedownload, array('preview' => $preview)); } send_file_not_found(); // ======================================================================================================================== } else { if (strpos($component, '_') === false) { // all core subsystems have to be specified above, no more guessing here! send_file_not_found(); } else { // try to serve general plugin file in arbitrary context $dir = core_component::get_component_directory($component); if (!file_exists("{$dir}/lib.php")) { send_file_not_found(); } include_once "{$dir}/lib.php"; $filefunction = $component . '_pluginfile'; if (function_exists($filefunction)) { // if the function exists, it must send the file and terminate. Whatever it returns leads to "not found" $filefunction($course, $cm, $context, $filearea, $args, $forcedownload, array('preview' => $preview)); } send_file_not_found(); } } } } } } } } } } } } } } } } } }
/** * Return a list of current user contacts * This function checks if the current user can send messages to all the users or only to managers * * @param int $group Group to filter * @param string $fi Firstname initial to filter * @param string $li Lastname initial to filter * @param int $roleid Role id to filter * @return array Array of contacts */ public function get_contacts($group, $fi, $li, $roleid) { global $DB, $OUTPUT, $SESSION, $USER; if (!$this->cansend) { return array(); } // Cache (see refresh cache bellow) $hash = "-{$group}-{$fi}-{$li}-{$roleid}-"; if (isset($SESSION->jmailcache->contacts[$this->course->id][$hash])) { // Problem when sending messages to new users. //return $SESSION->jmailcache->contacts[$this->course->id][$hash]; } if (!$this->globalinbox) { if (!has_capability('moodle/course:viewparticipants', $this->context)) { return array(); } } $groupmode = groups_get_course_groupmode($this->course); // Groups are being used $currentgroup = groups_get_course_group($this->course, true); if (!$currentgroup) { // To make some other functions work better later $currentgroup = NULL; } $this->isseparategroups = ($this->course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $this->context)); if ($this->isseparategroups and !$currentgroup) { return array(); } $capability = null; // Users without cansendtoall capability cand send only to managers // Managers are those who can send to all messages if (!$this->cansendtoall and $this->cansendtomanagers) { $capability = "block/jmail:sendtoall"; } list($esql, $params) = get_enrolled_sql($this->context, $capability, $currentgroup, true); $joins = array("FROM {user} u"); $wheres = array(); $select = "SELECT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email"; $joins[] = "JOIN ({$esql}) e ON e.id = u.id"; // course enrolled users only $params['courseid'] = $this->course->id; // performance hacks - we preload user contexts together with accounts list($ccselect, $ccjoin) = context_instance_preload_sql('u.id', CONTEXT_USER, 'ctx'); $select .= $ccselect; $joins[] = $ccjoin; if ($roleid) { $contextlist = get_related_contexts_string($this->context); $wheres[] = "u.id IN (SELECT userid FROM {role_assignments} WHERE roleid = :roleid AND contextid {$contextlist})"; $params['roleid'] = $roleid; } if ($fi) { $wheres[] = $DB->sql_like('firstname', ':search1', false, false); $params['search1'] = "{$fi}%"; } if ($li) { $wheres[] = $DB->sql_like('lastname', ':search2', false, false); $params['search2'] = "{$li}%"; } if (!empty($this->config->filterfield)) { $wheres[] = "u." . $this->config->filterfield . " = :filterfield"; $params['filterfield'] = $USER->{$this->config->filterfield}; } $from = implode("\n", $joins); if ($wheres) { $where = "WHERE " . implode(" AND ", $wheres); } else { $where = ""; } $sort = ''; $start = ''; $end = ''; $userlist = $DB->get_records_sql("{$select} {$from} {$where} {$sort}", $params, $start, $end); if ($userlist) { foreach ($userlist as $key => $u) { $userlist[$key]->fullname = fullname($u); $userlist[$key]->profileimage = $OUTPUT->user_picture($u); unset($userlist[$key]->email); } } $SESSION->jmailcache->contacts[$this->course->id][$hash] = $userlist; return $userlist; }
/** * This function gets called by {@link settings_navigation::load_user_settings()} and actually works out * what can be shown/done * * @param int $courseid The current course' id * @param int $userid The user id to load for * @param string $gstitle The string to pass to get_string for the branch title * @return navigation_node|false */ protected function generate_user_settings($courseid, $userid, $gstitle = 'usercurrentsettings') { global $DB, $CFG, $USER, $SITE; if ($courseid != $SITE->id) { if (!empty($this->page->course->id) && $this->page->course->id == $courseid) { $course = $this->page->course; } else { $select = context_helper::get_preload_record_columns_sql('ctx'); $sql = "SELECT c.*, {$select}\n FROM {course} c\n JOIN {context} ctx ON c.id = ctx.instanceid\n WHERE c.id = :courseid AND ctx.contextlevel = :contextlevel"; $params = array('courseid' => $courseid, 'contextlevel' => CONTEXT_COURSE); $course = $DB->get_record_sql($sql, $params, MUST_EXIST); context_helper::preload_from_record($course); } } else { $course = $SITE; } $coursecontext = context_course::instance($course->id); // Course context $systemcontext = context_system::instance(); $currentuser = $USER->id == $userid; if ($currentuser) { $user = $USER; $usercontext = context_user::instance($user->id); // User context } else { $select = context_helper::get_preload_record_columns_sql('ctx'); $sql = "SELECT u.*, {$select}\n FROM {user} u\n JOIN {context} ctx ON u.id = ctx.instanceid\n WHERE u.id = :userid AND ctx.contextlevel = :contextlevel"; $params = array('userid' => $userid, 'contextlevel' => CONTEXT_USER); $user = $DB->get_record_sql($sql, $params, IGNORE_MISSING); if (!$user) { return false; } context_helper::preload_from_record($user); // Check that the user can view the profile $usercontext = context_user::instance($user->id); // User context $canviewuser = has_capability('moodle/user:viewdetails', $usercontext); if ($course->id == $SITE->id) { if ($CFG->forceloginforprofiles && !has_coursecontact_role($user->id) && !$canviewuser) { // Reduce possibility of "browsing" userbase at site level // Teachers can browse and be browsed at site level. If not forceloginforprofiles, allow access (bug #4366) return false; } } else { $canviewusercourse = has_capability('moodle/user:viewdetails', $coursecontext); $userisenrolled = is_enrolled($coursecontext, $user->id); if (!$canviewusercourse && !$canviewuser || !$userisenrolled) { return false; } $canaccessallgroups = has_capability('moodle/site:accessallgroups', $coursecontext); if (!$canaccessallgroups && groups_get_course_groupmode($course) == SEPARATEGROUPS && !$canviewuser) { // If groups are in use, make sure we can see that group (MDL-45874). That does not apply to parents. if ($courseid == $this->page->course->id) { $mygroups = get_fast_modinfo($this->page->course)->groups; } else { $mygroups = groups_get_user_groups($courseid); } $usergroups = groups_get_user_groups($courseid, $userid); if (!array_intersect_key($mygroups[0], $usergroups[0])) { return false; } } } } $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $this->page->context)); $key = $gstitle; if ($gstitle != 'usercurrentsettings') { $key .= $userid; } // Add a user setting branch $usersetting = $this->add(get_string($gstitle, 'moodle', $fullname), null, self::TYPE_CONTAINER, null, $key); $usersetting->id = 'usersettings'; if ($this->page->context->contextlevel == CONTEXT_USER && $this->page->context->instanceid == $user->id) { // Automatically start by making it active $usersetting->make_active(); } // Check if the user has been deleted if ($user->deleted) { if (!has_capability('moodle/user:update', $coursecontext)) { // We can't edit the user so just show the user deleted message $usersetting->add(get_string('userdeleted'), null, self::TYPE_SETTING); } else { // We can edit the user so show the user deleted message and link it to the profile if ($course->id == $SITE->id) { $profileurl = new moodle_url('/user/profile.php', array('id' => $user->id)); } else { $profileurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id)); } $usersetting->add(get_string('userdeleted'), $profileurl, self::TYPE_SETTING); } return true; } $userauthplugin = false; if (!empty($user->auth)) { $userauthplugin = get_auth_plugin($user->auth); } // Add the profile edit link if (isloggedin() && !isguestuser($user) && !is_mnet_remote_user($user)) { if (($currentuser || is_siteadmin($USER) || !is_siteadmin($user)) && has_capability('moodle/user:update', $systemcontext)) { $url = new moodle_url('/user/editadvanced.php', array('id' => $user->id, 'course' => $course->id)); $usersetting->add(get_string('editmyprofile'), $url, self::TYPE_SETTING); } else { if (has_capability('moodle/user:editprofile', $usercontext) && !is_siteadmin($user) || $currentuser && has_capability('moodle/user:editownprofile', $systemcontext)) { if ($userauthplugin && $userauthplugin->can_edit_profile()) { $url = $userauthplugin->edit_profile_url(); if (empty($url)) { $url = new moodle_url('/user/edit.php', array('id' => $user->id, 'course' => $course->id)); } $usersetting->add(get_string('editmyprofile'), $url, self::TYPE_SETTING); } } } } // Change password link if ($userauthplugin && $currentuser && !\core\session\manager::is_loggedinas() && !isguestuser() && has_capability('moodle/user:changeownpassword', $systemcontext) && $userauthplugin->can_change_password()) { $passwordchangeurl = $userauthplugin->change_password_url(); if (empty($passwordchangeurl)) { $passwordchangeurl = new moodle_url('/login/change_password.php', array('id' => $course->id)); } $usersetting->add(get_string("changepassword"), $passwordchangeurl, self::TYPE_SETTING, null, 'changepassword'); } // View the roles settings if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'), $usercontext)) { $roles = $usersetting->add(get_string('roles'), null, self::TYPE_SETTING); $url = new moodle_url('/admin/roles/usersroles.php', array('userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('thisusersroles', 'role'), $url, self::TYPE_SETTING); $assignableroles = get_assignable_roles($usercontext, ROLENAME_BOTH); if (!empty($assignableroles)) { $url = new moodle_url('/admin/roles/assign.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('assignrolesrelativetothisuser', 'role'), $url, self::TYPE_SETTING); } if (has_capability('moodle/role:review', $usercontext) || count(get_overridable_roles($usercontext, ROLENAME_BOTH)) > 0) { $url = new moodle_url('/admin/roles/permissions.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('permissions', 'role'), $url, self::TYPE_SETTING); } $url = new moodle_url('/admin/roles/check.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('checkpermissions', 'role'), $url, self::TYPE_SETTING); } // Portfolio if ($currentuser && !empty($CFG->enableportfolios) && has_capability('moodle/portfolio:export', $systemcontext)) { require_once $CFG->libdir . '/portfoliolib.php'; if (portfolio_has_visible_instances()) { $portfolio = $usersetting->add(get_string('portfolios', 'portfolio'), null, self::TYPE_SETTING); $url = new moodle_url('/user/portfolio.php', array('courseid' => $course->id)); $portfolio->add(get_string('configure', 'portfolio'), $url, self::TYPE_SETTING); $url = new moodle_url('/user/portfoliologs.php', array('courseid' => $course->id)); $portfolio->add(get_string('logs', 'portfolio'), $url, self::TYPE_SETTING); } } $enablemanagetokens = false; if (!empty($CFG->enablerssfeeds)) { $enablemanagetokens = true; } else { if (!is_siteadmin($USER->id) && !empty($CFG->enablewebservices) && has_capability('moodle/webservice:createtoken', context_system::instance())) { $enablemanagetokens = true; } } // Security keys if ($currentuser && $enablemanagetokens) { $url = new moodle_url('/user/managetoken.php', array('sesskey' => sesskey())); $usersetting->add(get_string('securitykeys', 'webservice'), $url, self::TYPE_SETTING); } // Messaging if ($currentuser && has_capability('moodle/user:editownmessageprofile', $systemcontext) || !isguestuser($user) && has_capability('moodle/user:editmessageprofile', $usercontext) && !is_primary_admin($user->id)) { $url = new moodle_url('/message/edit.php', array('id' => $user->id)); $usersetting->add(get_string('messaging', 'message'), $url, self::TYPE_SETTING); } // Blogs if ($currentuser && !empty($CFG->enableblogs)) { $blog = $usersetting->add(get_string('blogs', 'blog'), null, navigation_node::TYPE_CONTAINER, null, 'blogs'); $blog->add(get_string('preferences', 'blog'), new moodle_url('/blog/preferences.php'), navigation_node::TYPE_SETTING); if (!empty($CFG->useexternalblogs) && $CFG->maxexternalblogsperuser > 0 && has_capability('moodle/blog:manageexternal', context_system::instance())) { $blog->add(get_string('externalblogs', 'blog'), new moodle_url('/blog/external_blogs.php'), navigation_node::TYPE_SETTING); $blog->add(get_string('addnewexternalblog', 'blog'), new moodle_url('/blog/external_blog_edit.php'), navigation_node::TYPE_SETTING); } } // Badges. if ($currentuser && !empty($CFG->enablebadges)) { $badges = $usersetting->add(get_string('badges'), null, navigation_node::TYPE_CONTAINER, null, 'badges'); $badges->add(get_string('preferences'), new moodle_url('/badges/preferences.php'), navigation_node::TYPE_SETTING); if (!empty($CFG->badges_allowexternalbackpack)) { $badges->add(get_string('backpackdetails', 'badges'), new moodle_url('/badges/mybackpack.php'), navigation_node::TYPE_SETTING); } } // Add reports node. $reporttab = $usersetting->add(get_string('activityreports')); $reports = get_plugin_list_with_function('report', 'extend_navigation_user', 'lib.php'); foreach ($reports as $reportfunction) { $reportfunction($reporttab, $user, $course); } $anyreport = has_capability('moodle/user:viewuseractivitiesreport', $usercontext); if ($anyreport || $course->showreports && $currentuser) { // Add grade hardcoded grade report if necessary. $gradeaccess = false; if (has_capability('moodle/grade:viewall', $coursecontext)) { // Can view all course grades. $gradeaccess = true; } else { if ($course->showgrades) { if ($currentuser && has_capability('moodle/grade:view', $coursecontext)) { // Can view own grades. $gradeaccess = true; } else { if (has_capability('moodle/grade:viewall', $usercontext)) { // Can view grades of this user - parent most probably. $gradeaccess = true; } else { if ($anyreport) { // Can view grades of this user - parent most probably. $gradeaccess = true; } } } } } if ($gradeaccess) { $reporttab->add(get_string('grade'), new moodle_url('/course/user.php', array('mode' => 'grade', 'id' => $course->id, 'user' => $usercontext->instanceid))); } } // Check the number of nodes in the report node... if there are none remove the node $reporttab->trim_if_empty(); // Login as ... if (!$user->deleted and !$currentuser && !\core\session\manager::is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) && !is_siteadmin($user->id)) { $url = new moodle_url('/course/loginas.php', array('id' => $course->id, 'user' => $user->id, 'sesskey' => sesskey())); $usersetting->add(get_string('loginas'), $url, self::TYPE_SETTING); } // Let admin tools hook into user settings navigation. $tools = get_plugin_list_with_function('tool', 'extend_navigation_user_settings', 'lib.php'); foreach ($tools as $toolfunction) { $toolfunction($usersetting, $user, $usercontext, $course, $coursecontext); } return $usersetting; }
/** * Return list of groups. * * @return array list of groups. */ public function get_group_list() { // No groups for system. if (empty($this->course)) { return array(); } $context = context_course::instance($this->course->id); $groups = array(); $groupmode = groups_get_course_groupmode($this->course); if ($groupmode == VISIBLEGROUPS || ($groupmode == SEPARATEGROUPS and has_capability('moodle/site:accessallgroups', $context))) { // Get all groups. if ($cgroups = groups_get_all_groups($this->course->id)) { foreach ($cgroups as $cgroup) { $groups[$cgroup->id] = $cgroup->name; } } } return $groups; }
/** * Sets up this object's group variables, mainly to restrict the selection of users to display. */ function setup_groups() { global $CFG; /// find out current groups mode if ($this->groupmode = groups_get_course_groupmode($this->course)) { $this->currentgroup = groups_get_course_group($this->course, true); $this->group_selector = groups_print_course_menu($this->course, $this->pbarurl, true); if ($this->groupmode == SEPARATEGROUPS and !$this->currentgroup and !has_capability('moodle/site:accessallgroups', $this->context)) { $this->currentgroup = -2; // means can not accesss any groups at all } if ($this->currentgroup) { $this->groupsql = " JOIN {$CFG->prefix}groups_members gm ON gm.userid = u.id "; $this->groupwheresql = " AND gm.groupid = {$this->currentgroup} "; } } }
/** * This function returns an object of all users whithin current course who match * the search query. * *Modified version of datalib.php's search_user() function * * @param object $course Current Course object * @param string $query Search query * @param boolean $dispadmins Flag to return course admins or not * @param boolean $displayunconfirmed Flag to specify to return unconfirmed users * @return object result set of all matching users * @todo Add option to remove active user from results */ function email_search_course_users($course, $query = '', $dispadmins = false, $dispunconfirmed = true) { global $CFG, $USER; $LIKE = sql_ilike(); $order = 'ORDER BY firstname, lastname, id'; $select = 'u.deleted = \'0\''; if (!$dispunconfirmed) { $select .= ' AND u.confirmed = \'1\''; } if (!$course or $course->id == SITEID) { $results = get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email\n FROM {$CFG->prefix}user u\n WHERE {$select}\n AND (u.firstname {$LIKE} '{$query}%' OR u.lastname {$LIKE} '{$query}%')\n AND u.username != 'guest'\n {$order}"); } else { if ($course->id == SITEID) { $context = get_context_instance(CONTEXT_SYSTEM, SITEID); } else { $context = get_context_instance(CONTEXT_COURSE, $course->id); } $contextlists = get_related_contexts_string($context); // Returns only group(s) members for users without the viewallgroups capability $groupmembers = ''; // Separate groups $groupmode = groups_get_course_groupmode($course); if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { // Returns all groups current user is assigned to in course if ($groups = groups_get_all_groups($course->id, $USER->id)) { $groupmembers = array(); foreach ($groups as $group) { $groupmembers += groups_get_members($group->id, 'u.id'); } if (!empty($groupmembers)) { $groupmembers = 'AND u.id IN (' . implode(',', array_keys($groupmembers)) . ')'; } else { // Nobody in their groups :( return false; } } else { // They have no group :( return false; } } // Hides course admin roles (eg: admin && course creator) if requested (default) if (!$dispadmins) { $avoidroles = array(); if ($roles = get_roles_used_in_context($context, true)) { $canviewroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $context); $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $context); if (!$CFG->email_add_admins) { $adminsroles = get_roles_with_capability('moodle/legacy:admin', CAP_ALLOW, $context); } foreach ($roles as $role) { if (!isset($canviewroles[$role->id])) { // Avoid this role (eg course creator) $avoidroles[] = $role->id; unset($roles[$role->id]); continue; } if (isset($doanythingroles[$role->id])) { // Avoid this role (ie admin) $avoidroles[] = $role->id; unset($roles[$role->id]); continue; } if (!$CFG->email_add_admins) { if (isset($adminsroles[$role->id])) { // Avoid this role (ie admin) $avoidroles[] = $role->id; unset($roles[$role->id]); continue; } } } } // exclude users with roles we are avoiding if ($avoidroles) { $adminroles = 'AND ra.roleid NOT IN ('; $adminroles .= implode(',', $avoidroles); $adminroles .= ')'; } else { $adminroles = ''; } } else { $adminroles = ''; } $results = get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email\n FROM {$CFG->prefix}user u,\n {$CFG->prefix}role_assignments ra\n WHERE {$select} AND ra.contextid {$contextlists} AND ra.userid = u.id\n AND (u.firstname {$LIKE} '{$query}%' OR u.lastname {$LIKE} '{$query}%')\n AND (u.username != 'guest')\n {$adminroles} {$groupmembers} {$order}"); } return $results; }
/** * Checks to see if a user can view the blogs of another user. * Only blog level is checked here, the capabilities are enforced * in blog/index.php */ function blog_user_can_view_user_post($targetuserid, $blogEntry = null) { global $CFG, $USER; if (empty($CFG->bloglevel)) { return false; // blog system disabled } // a hack to publish some blogs openly. Uses $CFG->openblogs = array(44, 322); in config.php if (isset($CFG->openblogs) && in_array($targetuserid, $CFG->openblogs)) { return true; } if (!empty($USER->id) and $USER->id == $targetuserid) { return true; // can view own posts in any case } $sitecontext = get_context_instance(CONTEXT_SYSTEM); if (has_capability('moodle/blog:manageentries', $sitecontext)) { return true; // can manage all posts } // coming for 1 post, make sure it's not a draft if ($blogEntry and $blogEntry->publishstate == 'draft') { return false; // can not view draft of others } // coming for 1 post, make sure user is logged in, if not a public blog if ($blogEntry && $blogEntry->publishstate != 'public' && !isloggedin()) { return false; } switch ($CFG->bloglevel) { case BLOG_GLOBAL_LEVEL: return true; break; case BLOG_SITE_LEVEL: if (!empty($USER->id)) { // not logged in viewers forbidden return true; } return false; break; case BLOG_COURSE_LEVEL: $mycourses = array_keys(get_my_courses($USER->id)); $usercourses = array_keys(get_my_courses($targetuserid)); $shared = array_intersect($mycourses, $usercourses); if (!empty($shared)) { return true; } return false; break; case BLOG_GROUP_LEVEL: $mycourses = array_keys(get_my_courses($USER->id)); $usercourses = array_keys(get_my_courses($targetuserid)); $shared = array_intersect($mycourses, $usercourses); foreach ($shared as $courseid) { $course = get_record('course', 'id', $courseid); $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); if (has_capability('moodle/site:accessallgroups', $coursecontext) or groups_get_course_groupmode($course) != SEPARATEGROUPS) { return true; } else { if ($usergroups = groups_get_all_groups($courseid, $targetuserid)) { foreach ($usergroups as $usergroup) { if (groups_is_member($usergroup->id)) { return true; } } } } } return false; break; case BLOG_USER_LEVEL: default: $personalcontext = get_context_instance(CONTEXT_USER, $targetuserid); return has_capability('moodle/user:readuserblogs', $personalcontext); break; } }
protected function definition() { global $OUTPUT, $PAGE, $COURSE, $CFG, $USER; $mform =& $this->_form; $courseid = $this->_customdata['courseid']; $postid = !empty($this->_customdata['options']->postid) ? $this->_customdata['options']->postid : 0; // Update of save a post. $action = $postid > 0 ? 'updatepost' : 'savepost'; $context = context_course::instance($courseid); // ...get formparameters from cache. $cache = cache::make('format_socialwall', 'postformparams'); $formparams = $cache->get($courseid . '_' . $postid); $loadposteditor = optional_param('loadposteditor', -1, PARAM_INT); if ($loadposteditor != -1) { $formparams['loadposteditor'] = $loadposteditor; // ...remember this setting, if page is reloaded. $cache->set($courseid . '_' . $postid, $formparams); } // ...get errors from cache and set them to elements. $errorcache = cache::make('format_socialwall', 'postformerrors'); if ($errors = $errorcache->get($courseid)) { foreach ($errors as $element => $error) { $mform->setElementError($element, $error['message']); } } $errorcache->delete($courseid); // ... value of this element is set by javascript (postform.js) before submit. $mform->addElement('hidden', 'cmsequence', '', array('id' => 'cmsequence')); $mform->setType('cmsequence', PARAM_TEXT); $mform->setDefault('cmsequence', ''); // ... posttext. $buttongroup = array(); $buttongroup[] = $mform->createElement('submit', 'submitbutton', get_string($action, 'format_socialwall')); if ($action == 'updatepost') { $buttongroup[] = $mform->createElement('cancel'); } $mform->addGroup($buttongroup); // ... htmleditor/texarea to post text. $canposthtml = has_capability('format/socialwall:posthtml', $context); $showeditor = (!empty($formparams['loadposteditor']) and $canposthtml); $params = array('class' => 'sw-texarea', 'id' => 'posttext'); if ($showeditor) { $mform->addElement('editor', 'posttext', get_string('poststatusordnote', 'format_socialwall'), $params); $mform->setType('posttext', PARAM_RAW); if (isset($formparams['posttext'])) { $element = $mform->getElement('posttext'); $element->setValue(array('text' => $formparams['posttext'])); } } else { $mform->addElement('textarea', 'posttext', get_string('poststatusordnote', 'format_socialwall'), $params); $mform->setType('posttext', PARAM_TEXT); if (isset($formparams['posttext'])) { $mform->setDefault('posttext', $formparams['posttext']); } } $postoptions = array(); // ... Select group. $groupmode = groups_get_course_groupmode($COURSE); if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/course:managegroups', $context)) { $allgroups = groups_get_all_groups($courseid, $USER->id); } else { $allgroups = groups_get_all_groups($courseid); } $groupsmenu = array(); $groupsmenu[0] = get_string('allparticipants'); foreach ($allgroups as $gid => $unused) { $groupsmenu[$gid] = format_string($allgroups[$gid]->name); } if (count($groupsmenu) > 0) { $postoptions[] = $mform->createElement('select', 'togroupid', '', $groupsmenu); if (isset($formparams['togroupid'])) { $mform->setDefault('togroupid', $formparams['togroupid']); } } // ... options group. $poststatusmenu = array(0 => get_string('poststatus', 'format_socialwall')); if (has_capability('format/socialwall:makesticky', $context)) { $poststatusmenu[1] = get_string('makesticky', 'format_socialwall'); } if (has_capability('format/socialwall:postprivate', $context)) { $poststatusmenu[2] = get_string('privatepost', 'format_socialwall'); } if ($PAGE->user_allowed_editing()) { $poststatusmenu[4] = get_string('makealert', 'format_socialwall'); } if (count($poststatusmenu) > 1) { $postoptions[] = $mform->createElement('select', 'poststatus', '', $poststatusmenu); if (isset($formparams['poststatus'])) { $mform->setDefault('poststatus', $formparams['poststatus']); } } // ...switch htmleditor on/off. if ($canposthtml) { $key = !empty($formparams['loadposteditor']) ? 'turneditoroff' : 'turneditoron'; $postoptions[] = $mform->createElement('submit', $key, get_string($key, 'format_socialwall')); } if (count($postoptions) > 0) { $mform->addGroup($postoptions); } // ... display the activites prepared for the next post only by a teacher. if ($PAGE->user_allowed_editing()) { if (!isset($USER->editing) or !$USER->editing) { $addstr = get_string('addactivityresource', 'format_socialwall'); $mform->addElement('submit', 'turneditingon', $addstr, array('id' => 'sw-addactivitylink')); } } else { $o = html_writer::tag('div', '', array('class' => 'clearfix')); $mform->addElement('html', $o); // ...upload options for all users, which cannot edit page. $attachgroup = array(); $course = course_get_format($COURSE)->get_course(); $canpostfile = has_capability('format/socialwall:postfile', $context) && !empty($course->enablestudentupload); if ($canpostfile) { $uploadfileicon = html_writer::empty_tag('img', array('src' => $OUTPUT->pix_url('icon', 'resource'))); $linktext = $uploadfileicon . get_string('uploadafile', 'format_socialwall'); $url = new moodle_url('/course/view.php', array('id' => $courseid, 'loadfilemanager' => 1)); $link = html_writer::link($url, $linktext, array('id' => 'uploadfile')); $attachgroup[] = $mform->createElement('static', 'uploadfile', '', $link); } $canposturl = has_capability('format/socialwall:posturl', $context) && !empty($course->enablestudentupload); if ($canposturl) { $addlinkicon = html_writer::empty_tag('img', array('src' => $OUTPUT->pix_url('icon', 'url'))); $at = html_writer::link('#', $addlinkicon . get_string('addalink', 'format_socialwall'), array('id' => 'addalink')); $attachgroup[] = $mform->createElement('static', 'addalink', '', $at); } if (!empty($attachgroup)) { $mform->addGroup($attachgroup); } $loadfilemanager = optional_param('loadfilemanager', 0, PARAM_INT); if ($canpostfile and $loadfilemanager == 1) { $mform->addElement('html', html_writer::start_div('', array('id' => 'fileswrapper'))); // ... filemanager. $filemanageroptions = array(); $filemanageroptions['accepted_types'] = '*'; $filemanageroptions['maxbytes'] = 0; $filemanageroptions['maxfiles'] = 1; $filemanageroptions['mainfile'] = true; $mform->addElement('filemanager', 'files', get_string('selectfiles'), array(), $filemanageroptions); $mform->addElement('html', html_writer::end_div()); $mform->addElement('hidden', 'loadfilemanager', '1', array('id' => 'loadfilemanager')); $mform->setType('loadfilemanager', PARAM_INT); } // ...external url. $style = isset($errors['externalurl']) ? 'display:auto' : 'display:none'; $mform->addElement('html', html_writer::start_div('', array('id' => 'externalurlwrapper', 'style' => $style))); $mform->addElement('url', 'externalurl', get_string('externalurl', 'url'), array('size' => '60'), array('usefilepicker' => true)); $mform->setType('externalurl', PARAM_URL); if (isset($errors['externalurl'])) { $mform->setDefault('externalurl', $errors['externalurl']['value']); } // ... get urlresource filter a try. $filters = filter_get_active_in_context($context); if (isset($filters['urlresource'])) { require_once $CFG->dirroot . '/filter/urlresource/lib.php'; filter_url_resource_helper::add_postformfields($mform, $courseid); } $mform->addElement('html', html_writer::end_div()); } // Id of post to remember the update option for further pageloads. $mform->addElement('hidden', 'id', 0, array('id' => 'id')); $mform->setType('id', PARAM_INT); $mform->setDefault('id', $postid); // Id of course we are in. $mform->addElement('hidden', 'courseid'); $mform->setType('courseid', PARAM_INT); $mform->setDefault('courseid', $courseid); $mform->addElement('hidden', 'action', $action); $mform->setType('action', PARAM_TEXT); $mform->disable_form_change_checker(); }
function definition() { global $CFG, $COURSE, $USER; $mform =& $this->_form; $context = get_context_instance(CONTEXT_COURSE, $COURSE->id); $modinfo = get_fast_modinfo($COURSE); $mform->addElement('header', 'filters', get_string('managefilters')); //TODO: add better string if ($COURSE->id == SITEID) { $viewparticipants = has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM)); } else { $viewparticipants = has_capability('moodle/course:viewparticipants', $context); } $viewfullnames = has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $COURSE->id)); if ($viewparticipants) { $options = array(); $options[0] = get_string('allparticipants'); if ($guest = get_guest()) { $options[$guest->id] = fullname($guest); } if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS) { $groups = groups_get_user_groups($COURSE->id); $groups = $groups[0]; } else { $groups = ''; } if ($courseusers = get_users_by_capability($context, 'moodle/course:view', 'u.id, u.firstname, u.lastname', 'lastname ASC, firstname DESC', '', '', $groups)) { foreach ($courseusers as $courseuser) { $options[$courseuser->id] = fullname($courseuser, $viewfullnames); } } $mform->addElement('select', 'user', get_string('participants'), $options); $mform->setAdvanced('user'); } switch ($COURSE->format) { case 'weeks': $sectiontitle = get_string('week'); break; case 'topics': $sectiontitle = get_string('topic'); break; default: $sectiontitle = get_string('section'); break; } $options = array('' => get_string('allactivities')); $modsused = array(); foreach ($modinfo->cms as $cm) { if (!$cm->uservisible) { continue; } $modsused[$cm->modname] = true; } foreach ($modsused as $modname => $unused) { $libfile = "{$CFG->dirroot}/mod/{$modname}/lib.php"; if (!file_exists($libfile)) { unset($modsused[$modname]); continue; } include_once $libfile; $libfunction = $modname . "_get_recent_mod_activity"; if (!function_exists($libfunction)) { unset($modsused[$modname]); continue; } $options["mod/{$modname}"] = get_string('allmods', '', get_string('modulenameplural', $modname)); } foreach ($modinfo->sections as $section => $cmids) { $options["section/{$section}"] = "-- {$sectiontitle} {$section} --"; foreach ($cmids as $cmid) { $cm = $modinfo->cms[$cmid]; if (empty($modsused[$cm->modname]) or !$cm->uservisible) { continue; } $options[$cm->id] = format_string($cm->name); } } $mform->addElement('select', 'modid', get_string('activities'), $options); $mform->setAdvanced('modid'); if (has_capability('moodle/site:accessallgroups', $context)) { if ($groups = groups_get_all_groups($COURSE->id)) { $options = array('0' => get_string('allgroups')); foreach ($groups as $group) { $options[$group->id] = format_string($group->name); } $mform->addElement('select', 'group', get_string('groups'), $options); $mform->setAdvanced('group'); } } else { $mform->addElement('hidden', 'group'); $mform->setType('group', PARAM_INT); $mform->setConstants(array('group' => 0)); } $options = array('default' => get_string('bycourseorder'), 'dateasc' => get_string('datemostrecentlast'), 'datedesc' => get_string('datemostrecentfirst')); $mform->addElement('select', 'sortby', get_string('sortby'), $options); $mform->setAdvanced('sortby'); $mform->addElement('date_time_selector', 'date', get_string('since'), array('optional' => true)); $mform->addElement('hidden', 'id'); $mform->setType('id', PARAM_INT); $mform->setType('courseid', PARAM_INT); $this->add_action_buttons(false, get_string('showrecent')); }
/** * Get all Posts (with authors) from the database by courseid * * @param int $course, with theme settings loaded. * @return \stdClass, postsdata (infodata for all posts). */ protected function get_all_posts($course, $options = null, $limitfrom = 0, $limitcount = 0, $orderby = array()) { global $DB, $COURSE, $USER; $courseid = $course->id; $context = \context_course::instance($courseid); // ... prepare posts infodata. $postsdata = new \stdClass(); $postsdata->posts = array(); $postsdata->poststotal = 0; $postsdata->postsloaded = 0; $postsdata->filteroptions = $options; $postsdata->authors = array(); if ($limitcount == 0) { $limitcount = !empty($course->tlnumposts) ? $course->tlnumposts : 0; } $cond = array("WHERE sp.courseid = ?"); $params = array($courseid); $join = ""; // ... no private posts? if (!has_capability('format/socialwall:viewprivate', $context)) { $cond[] = " sp.private = '0'"; } // ... only users groups? if (!empty($options->filtergroups)) { $cond[] = " sp.togroupid = ?"; $params[] = $options->filtergroups; } else { // ... if seperate groups are set and user is not allowed to see other groups set filter. $groupmode = groups_get_course_groupmode($COURSE); if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/course:managegroups', $context)) { $keys = array(0); // To all participants. if ($usersgroups = groups_get_all_groups($courseid, $USER->id)) { $keys = array_merge($keys, array_keys($usersgroups)); } list($ingroups, $inparams) = $DB->get_in_or_equal($keys); $cond[] = " sp.togroupid {$ingroups}"; $params = array_merge($params, $inparams); } } if (!empty($options->filtermodules)) { $join = "JOIN {format_socialwall_attaches} at ON at.postid = sp.id "; $join .= "JOIN {course_modules} cm ON cm.id = at.coursemoduleid "; $join .= "JOIN {modules} m ON m.id = cm.module "; $cond[] = " m.name = ?"; $params[] = $options->filtermodules; } if (!empty($options->filteralerts)) { $cond[] = " sp.alert = '1'"; } if (!empty($options->postid)) { $cond[] = " sp.id = ? "; $params[] = $options->postid; } // ...show only one post on page, when option showalert is set. if (!empty($options->showalert)) { $cond[] = " sp.id = ?"; $params[] = $options->showalert; } if (!empty($options->orderby)) { $orderby[] = 'sp.' . $options->orderby; } $ordering = ''; if (!empty($orderby)) { $ordering = 'ORDER BY ' . implode(', ', $orderby); } $where = implode(' AND ', $cond); // ... get all posts. $sqlfrom = "FROM {format_socialwall_posts} sp {$join} {$where} "; $sql = "SELECT DISTINCT sp.* " . $sqlfrom . " {$ordering} "; $countsql = "SELECT count(DISTINCT sp.id) as total " . $sqlfrom; if (!($postsdata->poststotal = $DB->count_records_sql($countsql, $params))) { return $postsdata; } if (!($postsdata->posts = $DB->get_records_sql($sql, $params, $limitfrom, $limitcount))) { return $postsdata; } $postsdata->postsloaded = $limitfrom + count($postsdata->posts); return $postsdata; }
$url = new moodle_url('/grade/import/csv/index.php', array('id' => $id)); if ($separator !== '') { $url->param('separator', $separator); } if ($verbosescales !== 1) { $url->param('verbosescales', $verbosescales); } $PAGE->set_url($url); if (!($course = $DB->get_record('course', array('id' => $id)))) { print_error('nocourseid'); } require_login($course); $context = context_course::instance($id); require_capability('moodle/grade:import', $context); require_capability('gradeimport/csv:view', $context); $separatemode = (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)); $currentgroup = groups_get_course_group($course); print_grade_page_head($course->id, 'import', 'csv', get_string('importcsv', 'grades')); // Set up the grade import mapping form. $gradeitems = array(); if ($id) { if ($grade_items = grade_item::fetch_all(array('courseid' => $id))) { foreach ($grade_items as $grade_item) { // Skip course type and category type. if ($grade_item->itemtype == 'course' || $grade_item->itemtype == 'category') { continue; } $displaystring = null; if (!empty($grade_item->itemmodule)) { $displaystring = get_string('modulename', $grade_item->itemmodule) . get_string('labelsep', 'langconfig') . $grade_item->get_name(); } else {
function definition() { global $CFG, $COURSE, $USER; $mform =& $this->_form; $context = context_course::instance($COURSE->id); $modinfo = get_fast_modinfo($COURSE); $sections = get_all_sections($COURSE->id); $mform->addElement('header', 'filters', get_string('managefilters')); //TODO: add better string $groupoptions = array(); if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { // limited group access $groups = groups_get_user_groups($COURSE->id); $allgroups = groups_get_all_groups($COURSE->id); if (!empty($groups[$COURSE->defaultgroupingid])) { foreach ($groups[$COURSE->defaultgroupingid] as $groupid) { $groupoptions[$groupid] = format_string($allgroups[$groupid]->name, true, array('context' => $context)); } } } else { $groupoptions = array('0' => get_string('allgroups')); if (has_capability('moodle/site:accessallgroups', $context)) { // user can see all groups $allgroups = groups_get_all_groups($COURSE->id); } else { // user can see course level groups $allgroups = groups_get_all_groups($COURSE->id, 0, $COURSE->defaultgroupingid); } foreach ($allgroups as $group) { $groupoptions[$group->id] = format_string($group->name, true, array('context' => $context)); } } if ($COURSE->id == SITEID) { $viewparticipants = has_capability('moodle/site:viewparticipants', context_system::instance()); } else { $viewparticipants = has_capability('moodle/course:viewparticipants', $context); } if ($viewparticipants) { $viewfullnames = has_capability('moodle/site:viewfullnames', context_course::instance($COURSE->id)); $options = array(); $options[0] = get_string('allparticipants'); $options[$CFG->siteguest] = get_string('guestuser'); if (isset($groupoptions[0])) { // can see all enrolled users if ($enrolled = get_enrolled_users($context, null, 0, user_picture::fields('u'))) { foreach ($enrolled as $euser) { $options[$euser->id] = fullname($euser, $viewfullnames); } } } else { // can see users from some groups only foreach ($groupoptions as $groupid => $unused) { if ($enrolled = get_enrolled_users($context, null, $groupid, user_picture::fields('u'))) { foreach ($enrolled as $euser) { if (!array_key_exists($euser->id, $options)) { $options[$euser->id] = fullname($euser, $viewfullnames); } } } } } $mform->addElement('select', 'user', get_string('participants'), $options); $mform->setAdvanced('user'); } $sectiontitle = get_string('sectionname', 'format_' . $COURSE->format); $options = array('' => get_string('allactivities')); $modsused = array(); foreach ($modinfo->cms as $cm) { if (!$cm->uservisible) { continue; } $modsused[$cm->modname] = true; } foreach ($modsused as $modname => $unused) { $libfile = "{$CFG->dirroot}/mod/{$modname}/lib.php"; if (!file_exists($libfile)) { unset($modsused[$modname]); continue; } include_once $libfile; $libfunction = $modname . "_get_recent_mod_activity"; if (!function_exists($libfunction)) { unset($modsused[$modname]); continue; } $options["mod/{$modname}"] = get_string('allmods', '', get_string('modulenameplural', $modname)); } foreach ($modinfo->sections as $section => $cmids) { $options["section/{$section}"] = "-- " . get_section_name($COURSE, $sections[$section]) . " --"; foreach ($cmids as $cmid) { $cm = $modinfo->cms[$cmid]; if (empty($modsused[$cm->modname]) or !$cm->uservisible) { continue; } $options[$cm->id] = format_string($cm->name); } } $mform->addElement('select', 'modid', get_string('activities'), $options); $mform->setAdvanced('modid'); if ($groupoptions) { $mform->addElement('select', 'group', get_string('groups'), $groupoptions); $mform->setAdvanced('group'); } else { // no access to groups in separate mode $mform->addElement('hidden', 'group'); $mform->setType('group', PARAM_INT); $mform->setConstants(array('group' => -1)); } $options = array('default' => get_string('bycourseorder'), 'dateasc' => get_string('datemostrecentlast'), 'datedesc' => get_string('datemostrecentfirst')); $mform->addElement('select', 'sortby', get_string('sortby'), $options); $mform->setAdvanced('sortby'); $mform->addElement('date_time_selector', 'date', get_string('since'), array('optional' => true)); $mform->addElement('hidden', 'id'); $mform->setType('id', PARAM_INT); $mform->setType('courseid', PARAM_INT); $this->add_action_buttons(false, get_string('showrecent')); }
/** * Determine if a given group is visible to user or not in a given context. * * @since Moodle 2.6 * @param int $groupid Group id to test. 0 for all groups. * @param stdClass $course Course object. * @param stdClass $cm Course module object. * @param int $userid user id to test against. Defaults to $USER. * @return boolean true if visible, false otherwise */ function groups_group_visible($groupid, $course, $cm = null, $userid = null) { global $USER; if (empty($userid)) { $userid = $USER->id; } $groupmode = empty($cm) ? groups_get_course_groupmode($course) : groups_get_activity_groupmode($cm, $course); if ($groupmode == NOGROUPS || $groupmode == VISIBLEGROUPS) { // Groups are not used, or everything is visible, no need to go any further. return true; } $context = empty($cm) ? context_course::instance($course->id) : context_module::instance($cm->id); if (has_capability('moodle/site:accessallgroups', $context, $userid)) { // User can see everything. Groupid = 0 is handled here as well. return true; } else { if ($groupid != 0) { // Group mode is separate, and user doesn't have access all groups capability. Check if user can see requested group. $groups = empty($cm) ? groups_get_all_groups($course->id, $userid) : groups_get_activity_allowed_groups($cm, $userid); if (array_key_exists($groupid, $groups)) { // User can see the group. return true; } } } return false; }
if ($CFG->bloglevel < BLOG_SITE_LEVEL) { print_error('groupblogdisable', 'blog'); } if (!($group = groups_get_group($groupid))) { print_error(get_string('invalidgroupid', 'blog')); } if (!($course = $DB->get_record('course', array('id' => $group->courseid)))) { print_error('invalidcourseid'); } $coursecontext = context_course::instance($course->id); $courseid = $course->id; require_login($course); if (!has_capability('moodle/blog:view', $sitecontext)) { print_error(get_string('cannotviewcourseorgroupblog', 'blog')); } if (groups_get_course_groupmode($course) == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $coursecontext)) { if (!groups_is_member($groupid)) { print_error('notmemberofgroup'); } } } if (!empty($userid)) { if ($CFG->bloglevel < BLOG_USER_LEVEL) { print_error('blogdisable', 'blog'); } if (!($user = $DB->get_record('user', array('id' => $userid)))) { print_error('invaliduserid'); } if ($user->deleted) { echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('userdeleted'));
/** * Returns posts made by the selected user in the requested courses. * * This method can be used to return all of the posts made by the requested user * within the given courses. * For each course the access of the current user and requested user is checked * and then for each post access to the post and forum is checked as well. * * This function is safe to use with usercapabilities. * * @global moodle_database $DB * @param stdClass $user The user whose posts we want to get * @param array $courses The courses to search * @param bool $musthaveaccess If set to true errors will be thrown if the user * cannot access one or more of the courses to search * @param bool $discussionsonly If set to true only discussion starting posts * will be returned. * @param int $limitfrom The offset of records to return * @param int $limitnum The number of records to return * @return stdClass An object the following properties * ->totalcount: the total number of posts made by the requested user * that the current user can see. * ->courses: An array of courses the current user can see that the * requested user has posted in. * ->forums: An array of forums relating to the posts returned in the * property below. * ->posts: An array containing the posts to show for this request. */ function forum_get_posts_by_user($user, array $courses, $musthaveaccess = false, $discussionsonly = false, $limitfrom = 0, $limitnum = 50) { global $DB, $USER, $CFG; $return = new stdClass; $return->totalcount = 0; // The total number of posts that the current user is able to view $return->courses = array(); // The courses the current user can access $return->forums = array(); // The forums that the current user can access that contain posts $return->posts = array(); // The posts to display // First up a small sanity check. If there are no courses to check we can // return immediately, there is obviously nothing to search. if (empty($courses)) { return $return; } // A couple of quick setups $isloggedin = isloggedin(); $isguestuser = $isloggedin && isguestuser(); $iscurrentuser = $isloggedin && $USER->id == $user->id; // Checkout whether or not the current user has capabilities over the requested // user and if so they have the capabilities required to view the requested // users content. $usercontext = context_user::instance($user->id, MUST_EXIST); $hascapsonuser = !$iscurrentuser && $DB->record_exists('role_assignments', array('userid' => $USER->id, 'contextid' => $usercontext->id)); $hascapsonuser = $hascapsonuser && has_all_capabilities(array('moodle/user:viewdetails', 'moodle/user:readuserposts'), $usercontext); // Before we actually search each course we need to check the user's access to the // course. If the user doesn't have the appropraite access then we either throw an // error if a particular course was requested or we just skip over the course. foreach ($courses as $course) { $coursecontext = context_course::instance($course->id, MUST_EXIST); if ($iscurrentuser || $hascapsonuser) { // If it is the current user, or the current user has capabilities to the // requested user then all we need to do is check the requested users // current access to the course. // Note: There is no need to check group access or anything of the like // as either the current user is the requested user, or has granted // capabilities on the requested user. Either way they can see what the // requested user posted, although its VERY unlikely in the `parent` situation // that the current user will be able to view the posts in context. if (!is_viewing($coursecontext, $user) && !is_enrolled($coursecontext, $user)) { // Need to have full access to a course to see the rest of own info if ($musthaveaccess) { print_error('errorenrolmentrequired', 'forum'); } continue; } } else { // Check whether the current user is enrolled or has access to view the course // if they don't we immediately have a problem. if (!can_access_course($course)) { if ($musthaveaccess) { print_error('errorenrolmentrequired', 'forum'); } continue; } // Check whether the requested user is enrolled or has access to view the course // if they don't we immediately have a problem. if (!can_access_course($course, $user)) { if ($musthaveaccess) { print_error('notenrolled', 'forum'); } continue; } // If groups are in use and enforced throughout the course then make sure // we can meet in at least one course level group. // Note that we check if either the current user or the requested user have // the capability to access all groups. This is because with that capability // a user in group A could post in the group B forum. Grrrr. if (groups_get_course_groupmode($course) == SEPARATEGROUPS && $course->groupmodeforce && !has_capability('moodle/site:accessallgroups', $coursecontext) && !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) { // If its the guest user to bad... the guest user cannot access groups if (!$isloggedin or $isguestuser) { // do not use require_login() here because we might have already used require_login($course) if ($musthaveaccess) { redirect(get_login_url()); } continue; } // Get the groups of the current user $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name')); // Get the groups the requested user is a member of $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name')); // Check whether they are members of the same group. If they are great. $intersect = array_intersect($mygroups, $usergroups); if (empty($intersect)) { // But they're not... if it was a specific course throw an error otherwise // just skip this course so that it is not searched. if ($musthaveaccess) { print_error("groupnotamember", '', $CFG->wwwroot."/course/view.php?id=$course->id"); } continue; } } } // Woo hoo we got this far which means the current user can search this // this course for the requested user. Although this is only the course accessibility // handling that is complete, the forum accessibility tests are yet to come. $return->courses[$course->id] = $course; } // No longer beed $courses array - lose it not it may be big unset($courses); // Make sure that we have some courses to search if (empty($return->courses)) { // If we don't have any courses to search then the reality is that the current // user doesn't have access to any courses is which the requested user has posted. // Although we do know at this point that the requested user has posts. if ($musthaveaccess) { print_error('permissiondenied'); } else { return $return; } } // Next step: Collect all of the forums that we will want to search. // It is important to note that this step isn't actually about searching, it is // about determining which forums we can search by testing accessibility. $forums = forum_get_forums_user_posted_in($user, array_keys($return->courses), $discussionsonly); // Will be used to build the where conditions for the search $forumsearchwhere = array(); // Will be used to store the where condition params for the search $forumsearchparams = array(); // Will record forums where the user can freely access everything $forumsearchfullaccess = array(); // DB caching friendly $now = round(time(), -2); // For each course to search we want to find the forums the user has posted in // and providing the current user can access the forum create a search condition // for the forum to get the requested users posts. foreach ($return->courses as $course) { // Now we need to get the forums $modinfo = get_fast_modinfo($course); if (empty($modinfo->instances['forum'])) { // hmmm, no forums? well at least its easy... skip! continue; } // Iterate foreach ($modinfo->get_instances_of('forum') as $forumid => $cm) { if (!$cm->uservisible or !isset($forums[$forumid])) { continue; } // Get the forum in question $forum = $forums[$forumid]; // This is needed for functionality later on in the forum code.... $forum->cm = $cm; // Check that either the current user can view the forum, or that the // current user has capabilities over the requested user and the requested // user can view the discussion if (!has_capability('mod/forum:viewdiscussion', $cm->context) && !($hascapsonuser && has_capability('mod/forum:viewdiscussion', $cm->context, $user->id))) { continue; } // This will contain forum specific where clauses $forumsearchselect = array(); if (!$iscurrentuser && !$hascapsonuser) { // Make sure we check group access if (groups_get_activity_groupmode($cm, $course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $cm->context)) { $groups = $modinfo->get_groups($cm->groupingid); $groups[] = -1; list($groupid_sql, $groupid_params) = $DB->get_in_or_equal($groups, SQL_PARAMS_NAMED, 'grps'.$forumid.'_'); $forumsearchparams = array_merge($forumsearchparams, $groupid_params); $forumsearchselect[] = "d.groupid $groupid_sql"; } // hidden timed discussions if (!empty($CFG->forum_enabletimedposts) && !has_capability('mod/forum:viewhiddentimedposts', $cm->context)) { $forumsearchselect[] = "(d.userid = :userid{$forumid} OR (d.timestart < :timestart{$forumid} AND (d.timeend = 0 OR d.timeend > :timeend{$forumid})))"; $forumsearchparams['userid'.$forumid] = $user->id; $forumsearchparams['timestart'.$forumid] = $now; $forumsearchparams['timeend'.$forumid] = $now; } // qanda access if ($forum->type == 'qanda' && !has_capability('mod/forum:viewqandawithoutposting', $cm->context)) { // We need to check whether the user has posted in the qanda forum. $discussionspostedin = forum_discussions_user_has_posted_in($forum->id, $user->id); if (!empty($discussionspostedin)) { $forumonlydiscussions = array(); // Holds discussion ids for the discussions the user is allowed to see in this forum. foreach ($discussionspostedin as $d) { $forumonlydiscussions[] = $d->id; } list($discussionid_sql, $discussionid_params) = $DB->get_in_or_equal($forumonlydiscussions, SQL_PARAMS_NAMED, 'qanda'.$forumid.'_'); $forumsearchparams = array_merge($forumsearchparams, $discussionid_params); $forumsearchselect[] = "(d.id $discussionid_sql OR p.parent = 0)"; } else { $forumsearchselect[] = "p.parent = 0"; } } if (count($forumsearchselect) > 0) { $forumsearchwhere[] = "(d.forum = :forum{$forumid} AND ".implode(" AND ", $forumsearchselect).")"; $forumsearchparams['forum'.$forumid] = $forumid; } else { $forumsearchfullaccess[] = $forumid; } } else { // The current user/parent can see all of their own posts $forumsearchfullaccess[] = $forumid; } } } // If we dont have any search conditions, and we don't have any forums where // the user has full access then we just return the default. if (empty($forumsearchwhere) && empty($forumsearchfullaccess)) { return $return; } // Prepare a where condition for the full access forums. if (count($forumsearchfullaccess) > 0) { list($fullidsql, $fullidparams) = $DB->get_in_or_equal($forumsearchfullaccess, SQL_PARAMS_NAMED, 'fula'); $forumsearchparams = array_merge($forumsearchparams, $fullidparams); $forumsearchwhere[] = "(d.forum $fullidsql)"; } // Prepare SQL to both count and search. // We alias user.id to useridx because we forum_posts already has a userid field and not aliasing this would break // oracle and mssql. $userfields = user_picture::fields('u', null, 'useridx'); $countsql = 'SELECT COUNT(*) '; $selectsql = 'SELECT p.*, d.forum, d.name AS discussionname, '.$userfields.' '; $wheresql = implode(" OR ", $forumsearchwhere); if ($discussionsonly) { if ($wheresql == '') { $wheresql = 'p.parent = 0'; } else { $wheresql = 'p.parent = 0 AND ('.$wheresql.')'; } } $sql = "FROM {forum_posts} p JOIN {forum_discussions} d ON d.id = p.discussion JOIN {user} u ON u.id = p.userid WHERE ($wheresql) AND p.userid = :userid "; $orderby = "ORDER BY p.modified DESC"; $forumsearchparams['userid'] = $user->id; // Set the total number posts made by the requested user that the current user can see $return->totalcount = $DB->count_records_sql($countsql.$sql, $forumsearchparams); // Set the collection of posts that has been requested $return->posts = $DB->get_records_sql($selectsql.$sql.$orderby, $forumsearchparams, $limitfrom, $limitnum); // We need to build an array of forums for which posts will be displayed. // We do this here to save the caller needing to retrieve them themselves before // printing these forums posts. Given we have the forums already there is // practically no overhead here. foreach ($return->posts as $post) { if (!array_key_exists($post->forum, $return->forums)) { $return->forums[$post->forum] = $forums[$post->forum]; } } return $return; }
/** * Determine if the current user can see at least one of the groups of the specified user. * * @param stdClass $course Course object. * @param int $userid user id to check against. * @param stdClass $cm Course module object. Optional, just for checking at activity level instead course one. * @return boolean true if visible, false otherwise * @since Moodle 2.9 */ function groups_user_groups_visible($course, $userid, $cm = null) { global $USER; $groupmode = empty($cm) ? groups_get_course_groupmode($course) : groups_get_activity_groupmode($cm, $course); if ($groupmode == NOGROUPS || $groupmode == VISIBLEGROUPS) { // Groups are not used, or everything is visible, no need to go any further. return true; } $context = empty($cm) ? context_course::instance($course->id) : context_module::instance($cm->id); if (has_capability('moodle/site:accessallgroups', $context)) { // User can see everything. return true; } else { // Group mode is separate, and user doesn't have access all groups capability. if (empty($cm)) { $usergroups = groups_get_all_groups($course->id, $userid); $currentusergroups = groups_get_all_groups($course->id, $USER->id); } else { $usergroups = groups_get_activity_allowed_groups($cm, $userid); $currentusergroups = groups_get_activity_allowed_groups($cm, $USER->id); } $samegroups = array_intersect_key($currentusergroups, $usergroups); if (!empty($samegroups)) { // We share groups! return true; } } return false; }
$datestring->mins = get_string('mins'); $datestring->sec = get_string('sec'); $datestring->secs = get_string('secs'); if ($mode !== null) { $mode = (int) $mode; $SESSION->userindexmode = $mode; } else { if (isset($SESSION->userindexmode)) { $mode = (int) $SESSION->userindexmode; } else { $mode = MODE_BRIEF; } } // Check to see if groups are being used in this course // and if so, set $currentgroup to reflect the current group. $groupmode = groups_get_course_groupmode($course); // Groups are being used. $currentgroup = groups_get_course_group($course, true); if (!$currentgroup) { // To make some other functions work better later. $currentgroup = null; } $isseparategroups = ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)); $PAGE->set_title("{$course->shortname}: " . get_string('participants')); $PAGE->set_heading($course->fullname); $PAGE->set_pagetype('course-view-' . $course->format); $PAGE->add_body_class('path-user'); // So we can style it independently. $PAGE->set_other_editing_capability('moodle/course:manageactivities'); echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('participants'));
/** * Validate access permissions to the report * * @param int $courseid the courseid * @param int $userid the user id to retrieve data from * @param int $groupid the group id * @return array with the parameters cleaned and other required information * @since Moodle 3.2 */ protected static function check_report_access($courseid, $userid, $groupid = 0) { global $USER; // Validate the parameter. $params = self::validate_parameters(self::get_grades_table_parameters(), array('courseid' => $courseid, 'userid' => $userid, 'groupid' => $groupid)); // Compact/extract functions are not recommended. $courseid = $params['courseid']; $userid = $params['userid']; $groupid = $params['groupid']; // Function get_course internally throws an exception if the course doesn't exist. $course = get_course($courseid); $context = context_course::instance($courseid); self::validate_context($context); // Specific capabilities. require_capability('gradereport/user:view', $context); $user = null; if (empty($userid)) { require_capability('moodle/grade:viewall', $context); } else { $user = core_user::get_user($userid, '*', MUST_EXIST); core_user::require_active_user($user); // Check if we can view the user group (if any). // When userid == 0, we are retrieving all the users, we'll check then if a groupid is required. if (!groups_user_groups_visible($course, $user->id)) { throw new moodle_exception('notingroup'); } } $access = false; if (has_capability('moodle/grade:viewall', $context)) { // Can view all course grades. $access = true; } else { if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) { // View own grades. $access = true; } } if (!$access) { throw new moodle_exception('nopermissiontoviewgrades', 'error'); } if (!empty($groupid)) { // Determine is the group is visible to user. if (!groups_group_visible($groupid, $course)) { throw new moodle_exception('notingroup'); } } else { // Check to see if groups are being used here. if ($groupmode = groups_get_course_groupmode($course)) { $groupid = groups_get_course_group($course); // Determine is the group is visible to user (this is particullary for the group 0). if (!groups_group_visible($groupid, $course)) { throw new moodle_exception('notingroup'); } } else { $groupid = 0; } } return array($params, $course, $context, $user, $groupid); }
/** * This function gets called by {@link settings_navigation::load_user_settings()} and actually works out * what can be shown/done * * @param int $courseid The current course' id * @param int $userid The user id to load for * @param string $gstitle The string to pass to get_string for the branch title * @return navigation_node|false */ protected function generate_user_settings($courseid, $userid, $gstitle = 'usercurrentsettings') { global $DB, $CFG, $USER, $SITE; if ($courseid != $SITE->id) { if (!empty($this->page->course->id) && $this->page->course->id == $courseid) { $course = $this->page->course; } else { $select = context_helper::get_preload_record_columns_sql('ctx'); $sql = "SELECT c.*, {$select}\n FROM {course} c\n JOIN {context} ctx ON c.id = ctx.instanceid\n WHERE c.id = :courseid AND ctx.contextlevel = :contextlevel"; $params = array('courseid' => $courseid, 'contextlevel' => CONTEXT_COURSE); $course = $DB->get_record_sql($sql, $params, MUST_EXIST); context_helper::preload_from_record($course); } } else { $course = $SITE; } $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context $systemcontext = get_system_context(); $currentuser = $USER->id == $userid; if ($currentuser) { $user = $USER; $usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context } else { $select = context_helper::get_preload_record_columns_sql('ctx'); $sql = "SELECT u.*, {$select}\n FROM {user} u\n JOIN {context} ctx ON u.id = ctx.instanceid\n WHERE u.id = :userid AND ctx.contextlevel = :contextlevel"; $params = array('userid' => $userid, 'contextlevel' => CONTEXT_USER); $user = $DB->get_record_sql($sql, $params, IGNORE_MISSING); if (!$user) { return false; } context_helper::preload_from_record($user); // Check that the user can view the profile $usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context $canviewuser = has_capability('moodle/user:viewdetails', $usercontext); if ($course->id == $SITE->id) { if ($CFG->forceloginforprofiles && !has_coursecontact_role($user->id) && !$canviewuser) { // Reduce possibility of "browsing" userbase at site level // Teachers can browse and be browsed at site level. If not forceloginforprofiles, allow access (bug #4366) return false; } } else { $canviewusercourse = has_capability('moodle/user:viewdetails', $coursecontext); $canaccessallgroups = has_capability('moodle/site:accessallgroups', $coursecontext); if (!$canviewusercourse && !$canviewuser || !can_access_course($course, $user->id)) { return false; } if (!$canaccessallgroups && groups_get_course_groupmode($course) == SEPARATEGROUPS) { // If groups are in use, make sure we can see that group return false; } } } $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $this->page->context)); $key = $gstitle; if ($gstitle != 'usercurrentsettings') { $key .= $userid; } // Add a user setting branch $usersetting = $this->add(get_string($gstitle, 'moodle', $fullname), null, self::TYPE_CONTAINER, null, $key); $usersetting->id = 'usersettings'; if ($this->page->context->contextlevel == CONTEXT_USER && $this->page->context->instanceid == $user->id) { // Automatically start by making it active $usersetting->make_active(); } // Check if the user has been deleted if ($user->deleted) { if (!has_capability('moodle/user:update', $coursecontext)) { // We can't edit the user so just show the user deleted message $usersetting->add(get_string('userdeleted'), null, self::TYPE_SETTING); } else { // We can edit the user so show the user deleted message and link it to the profile if ($course->id == $SITE->id) { $profileurl = new moodle_url('/user/profile.php', array('id' => $user->id)); } else { $profileurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id)); } $usersetting->add(get_string('userdeleted'), $profileurl, self::TYPE_SETTING); } return true; } $userauthplugin = false; if (!empty($user->auth)) { $userauthplugin = get_auth_plugin($user->auth); } // Add the profile edit link if (isloggedin() && !isguestuser($user) && !is_mnet_remote_user($user)) { if (($currentuser || is_siteadmin($USER) || !is_siteadmin($user)) && has_capability('moodle/user:update', $systemcontext)) { $url = new moodle_url('/user/editadvanced.php', array('id' => $user->id, 'course' => $course->id)); $usersetting->add(get_string('editmyprofile'), $url, self::TYPE_SETTING); } else { if (has_capability('moodle/user:editprofile', $usercontext) && !is_siteadmin($user) || $currentuser && has_capability('moodle/user:editownprofile', $systemcontext)) { if ($userauthplugin && $userauthplugin->can_edit_profile()) { $url = $userauthplugin->edit_profile_url(); if (empty($url)) { $url = new moodle_url('/user/edit.php', array('id' => $user->id, 'course' => $course->id)); } $usersetting->add(get_string('editmyprofile'), $url, self::TYPE_SETTING); } } } } // Change password link if ($userauthplugin && $currentuser && !session_is_loggedinas() && !isguestuser() && has_capability('moodle/user:changeownpassword', $systemcontext) && $userauthplugin->can_change_password()) { $passwordchangeurl = $userauthplugin->change_password_url(); if (empty($passwordchangeurl)) { $passwordchangeurl = new moodle_url('/login/change_password.php', array('id' => $course->id)); } $usersetting->add(get_string("changepassword"), $passwordchangeurl, self::TYPE_SETTING); } // View the roles settings if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'), $usercontext)) { $roles = $usersetting->add(get_string('roles'), null, self::TYPE_SETTING); $url = new moodle_url('/admin/roles/usersroles.php', array('userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('thisusersroles', 'role'), $url, self::TYPE_SETTING); $assignableroles = get_assignable_roles($usercontext, ROLENAME_BOTH); if (!empty($assignableroles)) { $url = new moodle_url('/admin/roles/assign.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('assignrolesrelativetothisuser', 'role'), $url, self::TYPE_SETTING); } if (has_capability('moodle/role:review', $usercontext) || count(get_overridable_roles($usercontext, ROLENAME_BOTH)) > 0) { $url = new moodle_url('/admin/roles/permissions.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('permissions', 'role'), $url, self::TYPE_SETTING); } $url = new moodle_url('/admin/roles/check.php', array('contextid' => $usercontext->id, 'userid' => $user->id, 'courseid' => $course->id)); $roles->add(get_string('checkpermissions', 'role'), $url, self::TYPE_SETTING); } // Portfolio if ($currentuser && !empty($CFG->enableportfolios) && has_capability('moodle/portfolio:export', $systemcontext)) { require_once $CFG->libdir . '/portfoliolib.php'; if (portfolio_instances(true, false)) { $portfolio = $usersetting->add(get_string('portfolios', 'portfolio'), null, self::TYPE_SETTING); $url = new moodle_url('/user/portfolio.php', array('courseid' => $course->id)); $portfolio->add(get_string('configure', 'portfolio'), $url, self::TYPE_SETTING); $url = new moodle_url('/user/portfoliologs.php', array('courseid' => $course->id)); $portfolio->add(get_string('logs', 'portfolio'), $url, self::TYPE_SETTING); } } $enablemanagetokens = false; if (!empty($CFG->enablerssfeeds)) { $enablemanagetokens = true; } else { if (!is_siteadmin($USER->id) && !empty($CFG->enablewebservices) && has_capability('moodle/webservice:createtoken', get_system_context())) { $enablemanagetokens = true; } } // Security keys if ($currentuser && $enablemanagetokens) { $url = new moodle_url('/user/managetoken.php', array('sesskey' => sesskey())); $usersetting->add(get_string('securitykeys', 'webservice'), $url, self::TYPE_SETTING); } // Repository if (!$currentuser && $usercontext->contextlevel == CONTEXT_USER) { if (!$this->cache->cached('contexthasrepos' . $usercontext->id)) { require_once $CFG->dirroot . '/repository/lib.php'; $editabletypes = repository::get_editable_types($usercontext); $haseditabletypes = !empty($editabletypes); unset($editabletypes); $this->cache->set('contexthasrepos' . $usercontext->id, $haseditabletypes); } else { $haseditabletypes = $this->cache->{'contexthasrepos' . $usercontext->id}; } if ($haseditabletypes) { $url = new moodle_url('/repository/manage_instances.php', array('contextid' => $usercontext->id)); $usersetting->add(get_string('repositories', 'repository'), $url, self::TYPE_SETTING); } } // Messaging if ($currentuser && has_capability('moodle/user:editownmessageprofile', $systemcontext) || !isguestuser($user) && has_capability('moodle/user:editmessageprofile', $usercontext) && !is_primary_admin($user->id)) { $url = new moodle_url('/message/edit.php', array('id' => $user->id)); $usersetting->add(get_string('editmymessage', 'message'), $url, self::TYPE_SETTING); } // Blogs if ($currentuser && !empty($CFG->bloglevel)) { $blog = $usersetting->add(get_string('blogs', 'blog'), null, navigation_node::TYPE_CONTAINER, null, 'blogs'); $blog->add(get_string('preferences', 'blog'), new moodle_url('/blog/preferences.php'), navigation_node::TYPE_SETTING); if (!empty($CFG->useexternalblogs) && $CFG->maxexternalblogsperuser > 0 && has_capability('moodle/blog:manageexternal', get_context_instance(CONTEXT_SYSTEM))) { $blog->add(get_string('externalblogs', 'blog'), new moodle_url('/blog/external_blogs.php'), navigation_node::TYPE_SETTING); $blog->add(get_string('addnewexternalblog', 'blog'), new moodle_url('/blog/external_blog_edit.php'), navigation_node::TYPE_SETTING); } } // Login as ... if (!$user->deleted and !$currentuser && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) && !is_siteadmin($user->id)) { $url = new moodle_url('/course/loginas.php', array('id' => $course->id, 'user' => $user->id, 'sesskey' => sesskey())); $usersetting->add(get_string('loginas'), $url, self::TYPE_SETTING); } return $usersetting; }
$datestring->sec = get_string('sec'); $datestring->secs = get_string('secs'); if ($mode !== NULL) { $mode = (int)$mode; $SESSION->userindexmode = $mode; } else if (isset($SESSION->userindexmode)) { $mode = (int)$SESSION->userindexmode; } else { $mode = MODE_BRIEF; } /// Check to see if groups are being used in this course /// and if so, set $currentgroup to reflect the current group $groupmode = groups_get_course_groupmode($course); // Groups are being used $currentgroup = groups_get_course_group($course, true); if (!$currentgroup) { // To make some other functions work better later $currentgroup = NULL; } $isseparategroups = ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)); if ($course->id===SITEID) { $PAGE->navbar->ignore_active(); } $PAGE->navbar->add(get_string('participants')); $PAGE->set_title("$course->shortname: ".get_string('participants')); $PAGE->set_heading($course->fullname);