/** * Determines whether the current user is allowed to create, edit, and delete associations * between a user (instructor) and a class * * @param int $userid The id of the user being associated to the class * @param int $classid The id of the class we are associating the user to * @uses $DB * @uses $USER; * @return boolean True if the current user has the required permissions, otherwise false */ public static function can_manage_assoc($userid, $classid) { global $DB, $USER; // TODO: Ugly, this needs to be overhauled $cpage = new pmclasspage(); if (!instructorpage::can_enrol_into_class($classid)) { //the users who satisfty this condition are a superset of those who can manage associations return false; } else { if ($cpage->_has_capability('local/elisprogram:assign_class_instructor', $classid)) { //current user has the direct capability return true; } } //get the context for the "indirect" capability $context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:assign_userset_user_class_instructor', $USER->id); $allowed_clusters = array(); $allowed_clusters = instructor::get_allowed_clusters($classid); //query to get users associated to at least one enabling cluster $cluster_select = ''; if (empty($allowed_clusters)) { $cluster_select = '0=1'; } else { $cluster_select = 'clusterid IN (' . implode(',', $allowed_clusters) . ')'; } $select = "userid = ? AND {$cluster_select}"; //user just needs to be in one of the possible clusters if ($DB->record_exists_select(clusterassignment::TABLE, $select, array($userid))) { return true; } return false; }
/** * Gets filter sql for permissions. * @return array An array consisting of additional WHERE conditions, and parameters. */ protected function get_filter_sql_permissions() { global $DB; $additionalfilters = array(); $additionalfiltersparams = array(); // If appropriate limit selection to users belonging to clusters for which the user can manage instructor assignments. // TODO: Ugly, this needs to be overhauled. $cpage = new pmclasspage(); if (!$cpage->_has_capability('local/elisprogram:assign_class_instructor', $this->classid)) { // Perform SQL filtering for the more "conditional" capability. $allowedclusters = instructor::get_allowed_clusters($this->classid); if (empty($allowedclusters)) { $additionalfilters[] = 'FALSE'; } else { list($usersetinoreq, $usersetinoreqparams) = $DB->get_in_or_equal($allowedclusters); $clusterfilter = 'SELECT userid FROM {' . clusterassignment::TABLE . '} WHERE clusterid ' . $usersetinoreq; $additionalfilters[] = 'element.id IN (' . $clusterfilter . ')'; $additionalfiltersparams = array_merge($additionalfiltersparams, $usersetinoreqparams); } } return array($additionalfilters, $additionalfiltersparams); }