/**
* Move incoming usersets to be a subuset of current userset.
* @throws moodle_exception
* @param array $elements An array of userset information to assign to the track.
* @param bool $bulkaction Whether this is a bulk-action or not.
* @return array An array to format as JSON and return to the Javascript.
*/
protected function _respond_to_js(array $elements, $bulkaction)
{
global $DB, $USER;
// The userset that will be the new parent set.
$curusersetid = required_param('id', PARAM_INT);
// Limit incoming usersets to possible-to-move usersets.
$possiblesubsets = cluster_get_possible_sub_clusters($curusersetid);
$elements = array_intersect_key($elements, $possiblesubsets);
unset($possiblesubsets);
// We need edit permissions.
$perm = 'local/elisprogram:userset_edit';
$userseteditctx = pm_context_set::for_user_with_capability('cluster', $perm, $USER->id);
if ($userseteditctx->context_allowed($curusersetid, 'cluster') !== true) {
throw new moodle_exception('not_permitted', 'local_elisprogram');
}
// Loop through requested elements to move. Check for permissions and do an sanity check on IDs and parent ID, then move.
foreach ($elements as $tomoveusersetid => $label) {
// Ensure user has edit perm on $tomoveusersetid.
if ($userseteditctx->context_allowed($tomoveusersetid, 'cluster')) {
$tomove = new userset($tomoveusersetid);
$tomove->load();
// The userset we're moving shouldn't be the userset we're moving below, and it shouldn't already be a child
// of the new parent.
if ($tomove->id !== $curusersetid && $tomove->parent !== $curusersetid) {
$tomove->parent = $curusersetid;
$tomove->save();
}
}
}
return array('result' => 'success', 'msg' => 'Success');
}
function get_records($filter)
{
global $DB, $USER;
$id = $this->required_param('id', PARAM_INT);
$sort = $this->optional_param('sort', 'name', PARAM_ALPHA);
$dir = $this->optional_param('dir', 'ASC', PARAM_ALPHA);
$pagenum = $this->optional_param('page', 0, PARAM_INT);
$perpage = $this->optional_param('perpage', 30, PARAM_INT);
$filters = array();
// find users who do not have a manual assignment already
$filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new AND_filter(array(new field_filter('clusterid', $id), new field_filter('plugin', 'manual'))), true);
// user-defined filter
list($extrasql, $params) = $filter->get_sql_filter();
if ($extrasql) {
$filters[] = new select_filter($extrasql, $params);
}
// TODO: Ugly, this needs to be overhauled
$upage = new usersetpage();
if (!$upage->_has_capability('local/elisprogram:userset_enrol')) {
//perform SQL filtering for the more "conditional" capability
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id);
$allowed_clusters = userset::get_allowed_clusters($id);
if (empty($allowed_clusters)) {
$filters[] = new select_filter('FALSE');
} else {
$filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new in_list_filter('clusterid', $allowed_clusters));
}
}
$count = user::count($filters);
$users = user::find($filters, array($sort => $dir), $pagenum * $perpage, $perpage);
return array($users, $count);
}
/**
* Determines whether the current user is allowed to enrol users into the provided curriculum
*
* @param int $curriculumid The id of the curriculum we are checking permissions on
*
* @return boolean Whether the user is allowed to enrol users into the curriculum
*
*/
static function can_enrol_into_curriculum($curriculumid)
{
global $USER;
//check the standard capability
// TODO: Ugly, this needs to be overhauled
$cpage = new curriculumpage();
if ($cpage->_has_capability('local/elisprogram:program_enrol', $curriculumid)) {
return true;
}
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:program_enrol_userset_user', $USER->id);
//get the clusters and check the context against them
$clusters = clustercurriculum::get_clusters($curriculumid);
if (!empty($clusters)) {
foreach ($clusters as $cluster) {
if ($context->context_allowed($cluster->clusterid, 'cluster')) {
return true;
}
}
}
return false;
}
/**
* Obtain the count of users who can be assigned to the provided track
*
* @param int $trackid The record id of the track we are currently assigning to
* @param string $namesearch A substring of users' fullnames to search by
* @param string $alpha The first letter of users' fullnames to search by
*
* @return array The total count of appropriate users
*/
public static function count_available_users($trackid, $namesearch = '', $alpha = '')
{
global $CFG, $DB, $USER;
require_once elispm::file('trackpage.class.php');
require_once elispm::lib('data/clusterassignment.class.php');
$FULLNAME = $DB->sql_concat('usr.firstname', "' '", 'usr.lastname');
$select = 'SELECT COUNT(*) ';
$sql = 'FROM {' . user::TABLE . '} usr ' . 'LEFT OUTER JOIN {' . usertrack::TABLE . '} ut ON ut.userid = usr.id AND ut.trackid = :trackid ' . 'WHERE ut.userid IS NULL ';
$params = array('trackid' => $trackid);
if ($namesearch != '') {
$NAMELIKE = $DB->sql_like($FULLNAME, ':namesearch', false);
$namesearch = trim($namesearch);
$sql .= 'AND ' . $NAMELIKE . ' ';
$params['namesearch'] = "%{$namesearch}%";
}
if ($alpha != '') {
//todo: determine if this should actually be using last name?
$ALPHA_LIKE = $DB->sql_like($FULLNAME, ':lastname', false);
$sql .= 'AND ' . $ALPHA_LIKE . ' ';
$params['lastname'] = "{$alpha}%";
}
if (empty(elis::$config->local_elisprogram->legacy_show_inactive_users)) {
$sql .= 'AND usr.inactive = 0 ';
}
// TODO: Ugly, this needs to be overhauled
$tpage = new trackpage();
if (!$tpage->_has_capability('local/elisprogram:track_enrol', $trackid)) {
//perform SQL filtering for the more "conditional" capability
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:track_enrol_userset_user', $USER->id);
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($trackid);
$allowed_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid');
if (empty($allowed_clusters)) {
$sql .= 'AND 0=1 ';
} else {
$cluster_filter = implode(',', $allowed_clusters);
$sql .= "AND usr.id IN (\n SELECT userid FROM {" . clusterassignment::TABLE . "}\n WHERE clusterid IN (:clusterfilter)) ";
$params['clusterfilter'] = $cluster_filter;
}
}
return $DB->count_records_sql($select . $sql, $params);
}
/**
* Calculates the number of records in a listing as created by track_get_listing
*
* @param string $namesearch Search string for curriculum name
* @param string $alpha Start initial of curriculum name filter
* @param int $curriculumid Necessary associated curriculum
* @param int $clusterid Necessary associated cluster
* @param pm_context_set $contexts Contexts to provide permissions filtering, of null if none
* @return int The number of records
*/
function track_count_records($namesearch = '', $alpha = '', $curriculumid = 0, $parentclusterid = 0, $contexts = null)
{
global $DB;
//$LIKE = $this->_db->sql_compare();
$params = array();
$NAMESEARCH_LIKE = $DB->sql_like('name', ':search_namesearch', FALSE);
$ALPHA_LIKE = $DB->sql_like('name', ':search_alpha', FALSE);
$where = array('defaulttrack = 0');
if (!empty($namesearch)) {
//$where[] = "name $LIKE '%$namesearch%'";
$where[] = $NAMESEARCH_LIKE;
$params['search_namesearch'] = "%{$namesearch}%";
}
if ($alpha) {
//$where[] = "(name $LIKE '$alpha%')";
$where[] = $ALPHA_LIKE;
$params['search_alpha'] = "{$alpha}%";
}
if ($curriculumid) {
//$where[] = "(curid = $curriculumid)";
$where[] = "(curid = :curriculumid)";
$params['curriculumid'] = $curriculumid;
}
if ($parentclusterid) {
$where[] = "(id IN (SELECT trackid FROM {" . clustertrack::TABLE . "}\n WHERE clusterid = :parentclusterid))";
$params['parentclusterid'] = $parentclusterid;
}
if ($contexts !== null) {
/* TODO: not working yet...
$filter_object = $contexts->filter_for_context_level('id', 'track');
$where[] = $filter_object->get_sql();
*/
$filter_object = $contexts->get_filter('id', 'track');
$filter_sql = $filter_object->get_sql(false, null, SQL_PARAMS_NAMED);
if (isset($filter_sql['where'])) {
$where[] = $filter_sql['where'];
$params = array_merge($params, $filter_sql['where_parameters']);
}
}
$where = implode(' AND ', $where);
return $DB->count_records_select(track::TABLE, $where, $params);
}
/**
* Determine if the user can autocreate class instances.
*
* @return bool Whether the user can autocreate class instances.
*/
public function can_do_autocreate()
{
global $USER;
$id = $this->required_param('id', PARAM_INT);
// Determine if user has track_create or track_edit permissions.
$trackcreatectx = pm_context_set::for_user_with_capability('track', 'local/elisprogram:track_create', $USER->id);
$trackeditctx = pm_context_set::for_user_with_capability('track', 'local/elisprogram:track_edit', $USER->id);
$trackcreateallowed = $trackcreatectx->context_allowed($id, 'track') === true ? true : false;
$trackeditallowed = $trackeditctx->context_allowed($id, 'track') === true ? true : false;
return $trackcreateallowed === true || $trackeditallowed === true ? true : false;
}
/**
* Gets a curriculum listing with specific sort and other filters as a recordset.
*
* @param string $sort Field to sort on.
* @param string $dir Direction of sort.
* @param int $startrec Record number to start at.
* @param int $perpage Number of records per page.
* @param string $namesearch Search string for curriculum name.
* @param string $alpha Start initial of curriculum name filter.
* @param array $contexts Contexts to search (in the form return by
* @param int $userid The id of the user we are assigning to curricula
* @uses $CFG
* @uses $DB
* @uses $USER
* @return recordset Returned recordset.
*/
function curriculum_get_listing_recordset($sort = 'name', $dir = 'ASC', $startrec = 0, $perpage = 0, $namesearch = '', $alpha = '', $contexts = null, $userid = 0)
{
global $CFG, $DB, $USER;
require_once $CFG->dirroot . '/local/elisprogram/lib/data/curriculum.class.php';
require_once $CFG->dirroot . '/local/elisprogram/lib/data/curriculumcourse.class.php';
require_once $CFG->dirroot . '/local/elisprogram/lib/data/clustercurriculum.class.php';
$select = 'SELECT cur.*, (SELECT COUNT(*) FROM {' . curriculumcourse::TABLE . '} WHERE curriculumid = cur.id ) as courses ';
$tables = 'FROM {' . curriculum::TABLE . '} cur ';
$join = '';
$on = '';
$params = array();
$where = array("cur.iscustom = '0'");
if ($contexts !== null && !empty($namesearch)) {
$where[] = '(' . $DB->sql_like('name', ':like_param', false) . ')';
$namesearch = trim($namesearch);
$params['like_param'] = "%{$namesearch}%";
}
if ($alpha) {
$where[] = '(' . $DB->sql_like('name', ':starts_with', false) . ')';
$params['starts_with'] = "{$alpha}%";
}
if ($contexts !== null) {
$filter_object = $contexts->get_filter('id', 'curriculum');
$filter_sql = $filter_object->get_sql(false, 'cur');
if (isset($filter_sql['where'])) {
$where[] = $filter_sql['where'];
$params = array_merge($params, $filter_sql['where_parameters']);
}
}
if (!empty($userid)) {
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:program_enrol_userset_user', $USER->id);
$clusters = cluster_get_user_clusters($userid);
$allowed_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid');
$curriculum_context = pm_context_set::for_user_with_capability('curriculum', 'local/elisprogram:program_enrol', $USER->id);
$filter_object = $curriculum_context->get_filter('id', 'curriculum');
$filter_sql = $filter_object->get_sql(false, 'cur');
if (isset($filter_sql['where'])) {
$curriculum_filter = $filter_sql['where'];
$curriculum_params = $filter_sql['where_parameters'];
}
if (empty($allowed_clusters)) {
if (!empty($curriculum_filter)) {
$where[] = $curriculum_filter;
if (!empty($curriculum_params)) {
$params = array_merge($params, $curriculum_params);
}
}
} else {
$allowed_clusters_list = implode(',', $allowed_clusters);
//this allows both the indirect capability and the direct curriculum filter to work
$cluster_where = '(
cur.id IN (
SELECT clstcur.curriculumid
FROM {' . clustercurriculum::TABLE . '} clstcur
WHERE clstcur.clusterid IN (' . $allowed_clusters_list . ')
)';
if (!empty($curriculum_filter)) {
$cluster_where .= "OR\n {$curriculum_filter}\n )";
if (!empty($curriculum_params)) {
$params = array_merge($params, $curriculum_params);
}
}
$where[] = $cluster_where;
}
}
if (!empty($where)) {
$where = 'WHERE ' . implode(' AND ', $where) . ' ';
} else {
$where = '';
}
if ($sort) {
$sort = 'ORDER BY ' . $sort . ' ' . $dir . ' ';
}
$sql = $select . $tables . $join . $on . $where . $sort;
return $DB->get_recordset_sql($sql, $params, $startrec, $perpage);
}
/**
* Whether the user has access to see the main page (assigned list)
* @return bool Whether the user has access.
*/
public function can_do_default()
{
global $USER;
$id = $this->required_param('id', PARAM_INT);
$requiredperms = array('local/elisprogram:course_view', 'local/elisprogram:associate');
foreach ($requiredperms as $perm) {
$ctx = pm_context_set::for_user_with_capability('course', $perm, $USER->id);
if ($ctx->context_allowed($id, 'course') !== true) {
return false;
}
}
return true;
}
/**
* Check whether a field has view or edit capability on either Moodle or ELIS context(s).
*
* @param object $field the custom field we are viewing / editing
* @param object $context Moodle context
* @param string $contexteditcap The edit capability to check if the field owner
* is set up to use the "edit this context" option for editing
* @param string $contextviewcap The view capability to check if the field owner
* is set up to use the "view this context" option for viewing
* @param string $entity optional entity/context name
* @param int $entityid The id of the entity. Required only if an entity is passed.
* @return int MANUAL_FIELD_NO_VIEW_OR_EDIT (-1) if not viewable or editable
* MANUAL_FIELD_VIEWABLE (0) if viewable
* MANUAL_FIELD_EDITABLE (1) if editable (which implies viewable)
*/
function manual_field_is_view_or_editable($field, $context, $contexteditcap = NULL, $contextviewcap = NULL, $entity = 'system', $entityid = 0)
{
global $CFG, $USER;
$canview = 0;
$canedit = 0;
if (!isset($field->owners['manual'])) {
return MANUAL_FIELD_NO_VIEW_OR_EDIT;
}
$manual = new field_owner($field->owners['manual']);
// Determine which exact capabilities we are checking
$editcap = $manual->param_edit_capability;
if ($editcap == '') {
// Context-specific capability
$editcap = $contexteditcap;
}
$viewcap = $manual->param_view_capability;
if ($viewcap == '') {
// Context-specific capability
$viewcap = $contextviewcap;
}
if ($editcap == NULL || $viewcap == NULL) {
// Capabilities for editing or viewing the context were not correctly specified
return MANUAL_FIELD_NO_VIEW_OR_EDIT;
}
// Check if ELIS PM exists and if the given entity exists within PM
if (file_exists($CFG->dirroot . '/local/elisprogram/lib/setup.php')) {
if (empty($entityid)) {
if ($entity !== 'system') {
// Validate entity.
\local_eliscore\context\helper::get_level_from_name($entity);
$contextset = pm_context_set::for_user_with_capability($entity, $editcap, $USER->id);
$canedit = !$contextset->is_empty();
$contextset = pm_context_set::for_user_with_capability($entity, $viewcap, $USER->id);
$canview = !$contextset->is_empty();
}
} else {
// Validate entity.
\local_eliscore\context\helper::get_level_from_name($entity);
// Check ELIS contexts for the user's capability in an entity.
$contextset = pm_context_set::for_user_with_capability($entity, $editcap, $USER->id);
$canedit = $contextset->context_allowed($entityid, $entity);
$contextset = pm_context_set::for_user_with_capability($entity, $viewcap, $USER->id);
$canview = $contextset->context_allowed($entityid, $entity);
}
}
if ($editcap == 'disabled' || !$canedit && !has_capability($editcap, $context)) {
if (!$canview && !has_capability($viewcap, $context)) {
// Do not have view or edit permissions
return MANUAL_FIELD_NO_VIEW_OR_EDIT;
}
return MANUAL_FIELD_VIEWABLE;
}
return MANUAL_FIELD_EDITABLE;
}
/**
* Adds controls specific to this filter in the form.
* @param object $mform a MoodleForm object to setup
* @uses $CFG
* @uses $OUTPUT
* @uses $PAGE
* @uses $USER
*/
function setupForm(&$mform)
{
global $CFG, $OUTPUT, $PAGE, $USER;
// Javascript for cluster dropdown onchange event
$cluster_group_separator = '------------------------------';
$js = '
<script type="text/javascript">
//<![CDATA[
function dropdown_separator(selectelem) {
/* alert("dropdown_separator(" + selectelem.selectedIndex + ")"); */
if (selectelem.options[selectelem.selectedIndex].value < 0) {
return 0;
}
return selectelem.selectedIndex;
}
//]]>
</script>
';
/**
* CSS includes
*/
$mform->addElement('html', '<style>@import url("' . $CFG->wwwroot . '/lib/yui/2.9.0/build/treeview/assets/skins/sam/treeview-skin.css");</style>' . $js);
/**
* Get set up necessary CSS classes
*/
$manageclusters_css_class = block_elisadmin_get_item_css_class('manageclusters');
$cluster_css_class = block_elisadmin_get_item_css_class('cluster_instance');
//figure out which capability to check
if ($this->execution_mode == php_report::EXECUTION_MODE_SCHEDULED) {
$capability = 'local/elisreports:schedule';
} else {
$capability = 'local/elisreports:view';
}
$context_result = pm_context_set::for_user_with_capability('cluster', $capability, $USER->id);
/**
* TreeView-related work
*/
//CM entities for placement at the top of the menu
$cm_entity_pages = array();
$cm_entity_pages[] = new menuitem('root');
if ($clusters = cluster_get_listing('priority, name', 'ASC', 0, 0, '', '', array('parent' => 0))) {
foreach ($clusters as $cluster) {
$params = array('id' => $cluster->id, 'action' => 'viewreport', 'execution_mode' => $this->execution_mode);
$cluster_count = cluster_count_records('', '', array('parent' => $cluster->id));
$isLeaf = empty($cluster_count);
$cm_entity_pages[] = test_cluster_tree_get_menu_item('cluster', $cluster, 'root', $manageclusters_css_class, $cluster->id, 0, $params, $isLeaf);
}
}
$menuitemlisting = new menuitemlisting($cm_entity_pages);
$tree = new checkbox_treerepresentation($menuitemlisting, $this->options['report_id']);
/**
* UI element setup
*/
require_once $CFG->dirroot . '/local/eliscore/lib/filtering/equalityselect.php';
$choices_array = array(0 => get_string('anyvalue', 'filters'));
//set up cluster listing
if ($records = $this->cluster_dropdown_get_listing($context_result)) {
foreach ($records as $record) {
if (empty($choices_array[$record->id])) {
if (count($choices_array) > 1) {
$choices_array[-$record->id] = $cluster_group_separator;
}
$ancestors = $record->depth - 1;
// shorten really long cluster names
$name = strlen($record->name) > 100 ? substr($record->name, 0, 100) . '...' : $record->name;
$choices_array[$record->id] = $ancestors ? str_repeat('- ', $ancestors) . $name : $name;
//merge in child clusters
$child_array = $this->find_child_clusters($records, $record->id, $ancestors);
$choices_array = $this->merge_array_keep_keys($choices_array, $child_array);
}
}
}
//get help text
if (isset($this->options['help'])) {
$this->_filterhelp = $this->options['help'];
} else {
$this->_filterhelp = null;
}
//add filterhelp and label to this filter
//import required css for the fieldset
$style = '<style>@import url("' . $CFG->wwwroot . '/local/elisprogram/styles.css");</style>';
$helplink = '';
$nested_fieldset = '';
$title = '';
if ($this->options['fieldset']) {
$nested_fieldset = '<fieldset class="nested clearfix" id="' . $this->_uniqueid . "_label\">\n";
} else {
$title = $this->_label . $helplink . ' ';
}
$legend = '<legend class="ftoggler">' . $this->_label . "</legend>\n";
$mform->addElement('html', $style . $nested_fieldset . $legend);
$mform->addElement('static', $this->_uniqueid . '_help', '');
// cluster select dropdown
$selectparams = array('onchange' => 'this.selectedIndex = dropdown_separator(this);');
$mform->addElement('select', $this->_uniqueid . '_dropdown', $title, $choices_array, $selectparams);
//dropdown / cluster tree state storage
$mform->addElement('hidden', $this->_uniqueid . '_usingdropdown');
$mform->setType($this->_uniqueid . '_usingdropdown', PARAM_BOOL);
// Must use addHelpButton() to NOT open help link on page, but in popup!
$mform->addHelpButton($this->_uniqueid . '_dropdown', $this->_filterhelp[0], $this->_filterhelp[2]);
// TBV
//default to showing dropdown if nothing has been persisted
$report_shortname = $this->options['report_shortname'];
$preferences = php_report_filtering_get_user_preferences($report_shortname);
if (!isset($preferences["php_report_{$report_shortname}/{$this->_uniqueid}_usingdropdown"])) {
$mform->setDefault($this->_uniqueid . '_usingdropdown', 1);
}
$initclustertreeopts = array($CFG->httpswwwroot, $tree->instanceid, $this->_uniqueid, $tree->get_js_object(), $this->execution_mode, $this->options['report_id'], $this->options['dropdown_button_text'], $this->options['tree_button_text']);
$PAGE->requires->yui_module('moodle-local_elisprogram-clustertree', 'M.local_elisprogram.init_clustertree', $initclustertreeopts, null, true);
// cluster tree
$clustertreehtml = '<div class="fitem"><div class="fitemtitle"></div>' . '<style>@import url("' . $CFG->wwwroot . '/lib/yui/2.9.0/build/treeview/assets/skins/sam/treeview.css");</style>' . '<div id="cluster_param_tree_' . $tree->instanceid . '_' . $this->_uniqueid . '" class="ygtv-checkbox felement"></div>' . '</div>';
$mform->addElement('html', $clustertreehtml);
//list of explicitly selected elements
$mform->addElement('hidden', $this->_uniqueid . '_listing');
$mform->setType($this->_uniqueid . '_listing', PARAM_TEXT);
//list of selected and unexpanded elements
$mform->addElement('hidden', $this->_uniqueid . '_unexpanded');
$mform->setType($this->_uniqueid . '_unexpanded', PARAM_TEXT);
//list of explicitly unselected elements
$mform->addElement('hidden', $this->_uniqueid . '_clrunexpanded');
$mform->setType($this->_uniqueid . '_clrunexpanded', PARAM_TEXT);
$mform->addElement('button', $this->_uniqueid . '_toggle', '');
// close hacked nested fieldset
if ($this->options['fieldset']) {
$mform->addElement('html', '</fieldset>');
}
}
/**
* Fetch the contexts where the user has a given capability. This only works
* with the CM context levels.
*
* Assumes that the user does not have "too many" role assignments. Assumes
* the user has no "prevents"/"prohibits" roles.
*/
static function for_user_with_capability($contextlevel, $capability, $userid = null, $doanything = true)
{
global $USER, $DB;
static $pm_context_parents = array('track' => array('curriculum'), 'course' => array('curriculum'), 'class' => array('course', 'track'), 'user' => array('cluster'));
if ($userid === null) {
$userid = $USER->id;
}
$obj = new pm_context_set();
$obj->contextlevel = $contextlevel;
// if the user has the capability at the system level (or has the
// manage master capability), we can stop here
if (has_capability($capability, context_system::instance(), $userid, $doanything) || has_capability('local/elisprogram:manage', context_system::instance(), $userid, $doanything)) {
$obj->contexts = array('system' => 1);
return $obj;
}
$contexts = array($contextlevel => array());
// find all contexts at the given context level where the user has a direct
// role assignment
$ctxlevel = \local_eliscore\context\helper::get_level_from_name($contextlevel);
$ctxclass = \local_eliscore\context\helper::get_class_for_level($ctxlevel);
$sql = "SELECT c.id, c.instanceid\n FROM {role_assignments} ra\n JOIN {context} c ON ra.contextid = c.id\n WHERE ra.userid = {$userid}\n AND c.contextlevel = " . $ctxlevel;
$possiblecontexts = $DB->get_recordset_sql($sql);
foreach ($possiblecontexts as $c) {
$context = $ctxclass::instance($c->instanceid);
if (has_capability($capability, $context, $userid, $doanything)) {
$contexts[$contextlevel][] = $context->__get('instanceid');
}
}
if (empty($contexts[$contextlevel])) {
unset($contexts[$contextlevel]);
}
// look in the parent contexts
if (isset($pm_context_parents[$contextlevel])) {
foreach ($pm_context_parents[$contextlevel] as $parentlevel) {
$parent = pm_context_set::for_user_with_capability($parentlevel, $capability, $userid, $doanything);
$contexts = array_merge($contexts, $parent->contexts);
}
}
$obj->contexts = $contexts;
return $obj;
}
function can_do_view()
{
$id = $this->required_param('id', PARAM_INT);
if ($this->_has_capability('local/elisprogram:userset_view')) {
return true;
}
/*
* Start of cluster hierarchy extension
*/
$viewable_clusters = userset::get_viewable_clusters();
$contextset = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_view');
return in_array($id, $viewable_clusters) || userset::exists(array(new usersubset_filter('id', new field_filter('id', $id)), $contextset->get_filter('id'))) || userset::exists(array(new usersubset_filter('id', $contextset->get_filter('id')), new field_filter('id', $id)));
/*
* End of cluster hierarchy extension
*/
}
/**
* Test the basic functionality of the methods for fetching users as a
* recordset when applying userset permissions and an appropriate SQL filter
*/
public function test_usermanagementgetsusersrecordsetrespectsfilters()
{
global $USER, $DB;
require_once elispm::lib('data/clusterassignment.class.php');
require_once elispm::lib('data/user.class.php');
require_once elispm::lib('lib.php');
// Make sure we don't hit corner-cases with permissions.
set_config('siteguest', '');
set_config('siteadmins', '');
// Prevent accesslib caching.
accesslib_clear_all_caches(true);
// Data setup.
$this->load_csv_data();
$this->set_up_users();
// Assign a second user to the user set.
$secondclusteruser = new user(array('idnumber' => 'secondclusteruser', 'username' => 'secondclusteruser', 'firstname' => 'Secondcluster', 'lastname' => 'User', 'email' => '*****@*****.**', 'country' => 'CA'));
$secondclusteruser->save();
$clusterassignment = new clusterassignment(array('clusterid' => 1, 'userid' => $secondclusteruser->id));
$clusterassignment->save();
// The context set our user set administrator has access to.
$contextset = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:user_edit', $USER->id);
// Add a filter to filter down to only our first test user.
$extrasql = array('username = :testusername', array('testusername' => 'clusteruser'));
// Validate record.
$users = usermanagement_get_users_recordset('name', 'ASC', 0, 0, $extrasql, $contextset);
$this->assertTrue($users->valid());
$user = $users->current();
$this->assertEquals('clusteruser', $user->idnumber);
$this->assertNull($users->next());
}
function get_content()
{
global $CFG, $ADMIN, $USER, $HTTPSPAGEREQUIRED, $PAGE, $DB, $SITE;
require_once $CFG->libdir . '/adminlib.php';
//dependencies on page classes
require_once elispm::file('usersetpage.class.php');
require_once elispm::file('curriculumpage.class.php');
require_once elispm::file('coursepage.class.php');
require_once elispm::file('trackpage.class.php');
//require_once($CFG->dirroot . '/my/pagelib.php');
/// Determine the users CM access level.
$access = cm_determine_access($USER->id);
//make sure local_elisprogram / custom contexts set up correctly
//to prevent error before the upgrade to ELIS 2
if (empty($access) || $this->content !== NULL || !defined('CONTEXT_ELIS_PROGRAM')) {
return $this->content;
}
//if we are not on a PM page, disable the expansion of
//entities in the curr admin tree (logic in curriculum/index.php)
if (!is_a($PAGE, 'pm_page') && $PAGE->pagetype != 'admin-setting-local_elisprogram_settings') {
unset($USER->currentitypath);
}
// Include Icon CSS.
$PAGE->requires->css('/local/elisprogram/icons.css');
//CM entities for placement at the top of the menu
$cm_entity_pages = array();
$cm_entity_pages[] = new menuitem('root');
$num_block_icons = isset(elis::$config->local_elisprogram->num_block_icons) ? elis::$config->local_elisprogram->num_block_icons : 5;
/*****************************************
* Clusters
*****************************************/
if (!isset(elis::$config->local_elisprogram->display_clusters_at_top_level) || !empty(elis::$config->local_elisprogram->display_clusters_at_top_level)) {
$manageclusters_css_class = block_elisadmin_get_item_css_class('manageclusters');
$cluster_css_class = block_elisadmin_get_item_css_class('cluster_instance');
require_once elispm::lib('contexts.php');
$context_result = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_view', $USER->id);
$extrafilters = array('contexts' => $context_result, 'parent' => 0);
$num_records = cluster_count_records('', '', $extrafilters);
if ($clusters = cluster_get_listing('priority, name', 'ASC', 0, $num_block_icons, '', '', $extrafilters)) {
foreach ($clusters as $cluster) {
$params = array('id' => $cluster->id, 'action' => 'view');
//count sub-clusters
$cluster_filter = array('contexts' => usersetpage::get_contexts('local/elisprogram:userset_view'));
$cluster_count = cluster_count_records('', '', array('parent' => $cluster->id), $cluster_filter);
//count associated curricula
$curriculum_filter = array('contexts' => curriculumpage::get_contexts('local/elisprogram:program_view'));
$curriculum_count = clustercurriculum::count_curricula($cluster->id, $curriculum_filter);
$isLeaf = empty($cluster_count) && empty($curriculum_count);
$cm_entity_pages[] = block_elisadmin_get_menu_item('userset', $cluster, 'root', $manageclusters_css_class, $cluster->id, 0, $params, $isLeaf);
}
}
if ($num_block_icons < $num_records) {
$cm_entity_pages[] = block_elisadmin_get_menu_summary_item('userset', $cluster_css_class, $num_records - $num_block_icons);
}
}
/*****************************************
* Curricula
*****************************************/
if (!empty(elis::$config->local_elisprogram->display_curricula_at_top_level)) {
$managecurricula_css_class = block_elisadmin_get_item_css_class('managecurricula');
$curriculum_css_class = block_elisadmin_get_item_css_class('curriculum_instance');
require_once elispm::file('curriculumpage.class.php');
$num_records = curriculum_count_records('', '', curriculumpage::get_contexts('local/elisprogram:program_view'));
$curricula = $DB->get_recordset(curriculum::TABLE, null, 'priority ASC, name ASC', '*', 0, $num_block_icons);
foreach ($curricula as $curriculum) {
$params = array('id' => $curriculum->id, 'action' => 'view');
//count associated courses
$course_filter = array('contexts' => coursepage::get_contexts('local/elisprogram:course_view'));
$course_count = curriculumcourse_count_records($curriculum->id, '', '', $course_filter);
//count associated tracks
$track_contexts = trackpage::get_contexts('local/elisprogram:track_view');
$track_count = track_count_records('', '', $curriculum->id, 0, $track_contexts);
//count associated clusters
$cluster_filter = array('contexts' => usersetpage::get_contexts('local/elisprogram:userset_view'));
$cluster_count = clustercurriculum::count_clusters($curriculum->id, 0, $cluster_filter);
$isLeaf = empty($course_count) && empty($track_count) && empty($cluster_count);
$cm_entity_pages[] = block_elisadmin_get_menu_item('curriculum', $curriculum, 'root', $managecurricula_css_class, 0, $curriculum->id, $params, $isLeaf);
}
unset($curricula);
if ($num_block_icons < $num_records) {
$cm_entity_pages[] = block_elisadmin_get_menu_summary_item('curriculum', $curriculum_css_class, $num_records - $num_block_icons);
}
}
//general cm pages
$pages = array(new menuitem('dashboard', new menuitempage('dashboardpage'), 'root', '', block_elisadmin_get_item_css_class('dashboard')), new menuitem('admn', null, 'root', get_string('admin'), block_elisadmin_get_item_css_class('admn', true)), new menuitem('bulkuser', new menuitempage('bulkuserpage'), null, get_string('userbulk', 'admin'), block_elisadmin_get_item_css_class('bulkuser')), new menuitem('resultsconfig', new menuitempage('resultsconfigpage'), null, 'Default Results Engine Score Settings', block_elisadmin_get_item_css_class('resultsconfig')));
// ELIS-3208 - commented out this code as the Jasper reports no longer work in ELIS 2
/*
//show the Jasper report server link if applicable
if (cm_jasper_link_enabled()) {
//page action
$jasper_link_params = array('action' => 'reportslist');
//page instance
$jasper_link_page = new menuitempage('jasperreportpage', '', $jasper_link_params);
//styling for the link
$jasper_link_css = block_elisadmin_get_item_css_class('reportslist');
$pages[] = new menuitem('reportslist', $jasper_link_page, null, '', $jasper_link_css);
}
*/
$pages = array_merge($pages, array(new menuitem('customfields', new menuitempage('customfieldpage', '', array('level' => 'user')), null, '', block_elisadmin_get_item_css_class('customfields')), new menuitem('clusterclassification', new menuitempage('usersetclassificationpage', 'plugins/usetclassify/usersetclassificationpage.class.php'), null, get_string('userset_classification', 'elisprogram_usetclassify'), block_elisadmin_get_item_css_class('clusterclassification')), new menuitem('users', null, 'root', '', block_elisadmin_get_item_css_class('users', true)), new menuitem('manageusers', new menuitempage('userpage'), null, '', block_elisadmin_get_item_css_class('manageusers')), new menuitem('manageclusters', new menuitempage('usersetpage'), null, '', block_elisadmin_get_item_css_class('manageclusters')), new menuitem('curr', null, 'root', get_string('curriculum', 'local_elisprogram'), block_elisadmin_get_item_css_class('curr', true)), new menuitem('certificatelist', new menuitempage('certificatelistpage'), null, '', block_elisadmin_get_item_css_class('certificatelist')), new menuitem('managecurricula', new menuitempage('curriculumpage'), null, '', block_elisadmin_get_item_css_class('managecurricula')), new menuitem('managecourses', new menuitempage('coursepage'), null, '', block_elisadmin_get_item_css_class('managecourses')), new menuitem('manageclasses', new menuitempage('pmclasspage'), null, '', block_elisadmin_get_item_css_class('manageclasses')), new menuitem('crscat', null, 'root', get_string('learningplan', 'local_elisprogram'), block_elisadmin_get_item_css_class('crscat', true)), new menuitem('currentcourses', new menuitempage('coursecatalogpage', '', array('action' => 'current')), null, '', block_elisadmin_get_item_css_class('currentcourses')), new menuitem('availablecourses', new menuitempage('coursecatalogpage', '', array('action' => 'available')), null, '', block_elisadmin_get_item_css_class('availablecourses')), new menuitem('waitlist', new menuitempage('coursecatalogpage', '', array('action' => 'waitlist')), null, get_string('waitlistcourses', 'local_elisprogram'), block_elisadmin_get_item_css_class('waitlist')), new menuitem('rept', null, 'root', get_string('reports', 'local_elisprogram'), block_elisadmin_get_item_css_class('rept', true))));
if (has_capability('moodle/course:managegroups', context_course::instance($SITE->id))) {
if (elis::$config->elisprogram_usetgroups->site_course_userset_groups) {
$pages[] = new menuitem('frontpagegroups', new menuitempage('url_page', 'lib/menuitem.class.php', "{$CFG->wwwroot}/group/index.php?id={$SITE->id}"), 'admn', get_string('frontpagegroups', 'elisprogram_usetgroups'), block_elisadmin_get_item_css_class('manageclusters'));
}
if (elis::$config->elisprogram_usetgroups->userset_groupings) {
$pages[] = new menuitem('frontpagegroupings', new menuitempage('url_page', 'lib/menuitem.class.php', "{$CFG->wwwroot}/group/groupings.php?id={$SITE->id}"), 'admn', get_string('frontpagegroupings', 'elisprogram_usetgroups'), block_elisadmin_get_item_css_class('manageclusters'));
}
}
/**
* This section adds all the necessary PHP reports to the menu
*/
//get all report pages, including categories but not including the
//topmost report element
$report_pages = block_elisadmin_get_report_tree_items();
//merge in the reporting page links
$pages = array_merge($pages, $report_pages);
if (empty(elis::$config->local_elisprogram->userdefinedtrack)) {
$pages[] = new menuitem('managetracks', new menuitempage('trackpage'), null, '', block_elisadmin_get_item_css_class('managetracks'));
}
$syscontext = context_system::instance();
if (has_capability('local/elisprogram:config', $syscontext)) {
$pages[] = new menuitem('configmanager', new menuitempage('url_page', 'lib/menuitem.class.php', "{$CFG->wwwroot}/admin/settings.php?section=local_elisprogram_settings"), 'admn', get_string('configuration'), block_elisadmin_get_item_css_class('configuration'));
}
$pages[] = new menuitem('notifications', new menuitempage('notifications', 'notificationspage.class.php', array('section' => 'admn')), null, '', block_elisadmin_get_item_css_class('notifications'));
//$pages[] = new menuitem('dataimport', new menuitempage('dataimportpage', 'elis_ip/elis_ip_page.php', array('section' => 'admn')), null, '', block_elisadmin_get_item_css_class('integrationpoint'));
$pages[] = new menuitem('defaultcls', new menuitempage('configclsdefaultpage', '', array('section' => 'admn')), null, '', block_elisadmin_get_item_css_class('defaultcls'));
$pages[] = new menuitem('defaultcrs', new menuitempage('configcrsdefaultpage', '', array('section' => 'admn')), null, '', block_elisadmin_get_item_css_class('defaultcrs'));
//turn all pages that have no children into leaf nodes
menuitemlisting::flag_leaf_nodes($pages);
//combine the specific entity page listing with the general CM listing
$menuitemlisting = new menuitemlisting(array_merge($cm_entity_pages, $pages));
$tree = new treerepresentation($menuitemlisting);
$this->content = new stdClass();
$this->content->text = $tree->convert_to_markup();
$this->content->footer = '';
$PAGE->requires->yui_module('moodle-local_elisprogram-menuitem', 'M.local_elisprogram.init_menuitem', array($tree->get_js_object(), $CFG->httpswwwroot), null, true);
return $this->content;
}
/**
* Determine whether the current user can unassign the track from the userset.
* @param int $usersetid The ID of the userset.
* @param int $trackid The ID of the track.
* @return bool Whether the current can unassign (true) or not (false)
*/
protected function can_unassign($usersetid, $trackid)
{
global $USER;
$perm = 'local/elisprogram:associate';
$trkassocctx = pm_context_set::for_user_with_capability('track', $perm, $USER->id);
$trackassociateallowed = $trkassocctx->context_allowed($trackid, 'track') === true ? true : false;
$clstassocctx = pm_context_set::for_user_with_capability('cluster', $perm, $USER->id);
$usersetassociateallowed = $clstassocctx->context_allowed($usersetid, 'cluster') === true ? true : false;
return $trackassociateallowed === true && $usersetassociateallowed === true ? true : false;
}
/**
* Determine whether the current user has certain permissions for a given ID and context level.
* @param array $perms An array of permissions the user must have to return true.
* @param int $ctxlevel The context level name.
* @param int $id The instance ID to check for.
* @return bool Whether the user has all required permissions.
*/
protected function has_perms_for_element(array $perms, $ctxlevel, $id)
{
global $USER;
foreach ($perms as $perm) {
$ctx = pm_context_set::for_user_with_capability($ctxlevel, $perm, $USER->id);
if ($ctx->context_allowed($id, $ctxlevel) !== true) {
return false;
}
}
return true;
}
/**
* Determines whether the current user is allowed to create, edit, and delete associations
* between a user and a class
*
* @param int $userid The id of the user being associated to the class
* @param int $classid The id of the class we are associating the user to
* @uses $DB
* @uses $USER;
* @return boolean True if the current user has the required permissions, otherwise false
*/
public static function can_manage_assoc($userid, $classid)
{
global $DB, $USER;
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
if (!pmclasspage::can_enrol_into_class($classid)) {
//the users who satisfty this condition are a superset of those who can manage associations
return false;
} else {
if ($cpage->_has_capability('local/elisprogram:class_enrol', $classid)) {
//current user has the direct capability
return true;
}
}
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:class_enrol_userset_user', $USER->id);
$allowed_clusters = array();
$allowed_clusters = pmclass::get_allowed_clusters($classid);
//query to get users associated to at least one enabling cluster
$cluster_select = '';
if (empty($allowed_clusters)) {
$cluster_select = '0=1';
} else {
$cluster_select = 'clusterid IN (' . implode(',', $allowed_clusters) . ')';
}
$select = "userid = ? AND {$cluster_select}";
//user just needs to be in one of the possible clusters
if ($DB->record_exists_select(clusterassignment::TABLE, $select, array($userid))) {
return true;
}
return false;
}
/**
* Test user capability check.
*/
public function test_usercapabilitycheck()
{
global $DB, $USER;
$role = $DB->get_record('role', array('shortname' => 'editingteacher'));
// Assign the test user the editing teacher role on a test cluster.
$ctx = \local_elisprogram\context\user::instance($this->tuserid);
$this->assertNotEmpty(role_assign($role->id, $this->mdluserid, $ctx->id));
load_role_access_by_context($role->id, $ctx, $USER->access);
// We need to force the accesslib cache to refresh.
// Validate the return value when looking at the 'user' level.
$contextsuser = new pm_context_set();
$contextsuser->contexts = array('user' => array($this->tuserid));
$contextsuser->contextlevel = 'user';
$contexts = pm_context_set::for_user_with_capability('user', 'local/elisprogram:userset_enrol_userset_user', $this->mdluserid);
$this->assertEquals($contextsuser, $contexts);
// Validate checking for users with the given capability on this context.
$users = pm_get_users_by_capability('user', $this->tuserid, 'local/elisprogram:userset_enrol_userset_user');
$this->assertEquals($this->mdluserid, current($users)->id);
}
/**
* Whether the user has access to see the main page (assigned list)
*
* @return bool Whether the user has access.
*/
public function can_do_default()
{
global $USER;
$id = $this->required_param('id', PARAM_INT);
$usersetviewctx = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_view', $USER->id);
return $usersetviewctx->context_allowed($id, 'cluster') === true ? true : false;
}
/**
* Determine whether the current user can unassign the course from the program.
* @param int $programid The ID of the program.
* @param int $courseid The ID of the course.
* @return bool Whether the current can unassign (true) or not (false)
*/
protected function can_unassign($programid, $courseid)
{
global $USER;
$perm = 'local/elisprogram:associate';
$programassocctx = pm_context_set::for_user_with_capability('curriculum', $perm, $USER->id);
$programassociateallowed = $programassocctx->context_allowed($programid, 'curriculum') === true ? true : false;
$courseassocctx = pm_context_set::for_user_with_capability('course', $perm, $USER->id);
$courseassociateallowed = $courseassocctx->context_allowed($courseid, 'course') === true ? true : false;
return $programassociateallowed === true && $courseassociateallowed === true ? true : false;
}
/**
* Gets filter sql for permissions.
* @return array An array consisting of additional WHERE conditions, and parameters.
*/
protected function get_filter_sql_permissions()
{
global $USER;
$ctxlevel = 'cluster';
$perm = 'local/elisprogram:associate';
$additionalfilters = array();
$additionalparams = array();
$associatectxs = pm_context_set::for_user_with_capability($ctxlevel, $perm, $USER->id);
$associatectxsfilerobject = $associatectxs->get_filter('id', $ctxlevel);
$associatefilter = $associatectxsfilerobject->get_sql(false, 'element', SQL_PARAMS_QM);
if (isset($associatefilter['where'])) {
$additionalfilters[] = $associatefilter['where'];
$additionalparams = array_merge($additionalparams, $associatefilter['where_parameters']);
}
return array($additionalfilters, $additionalparams);
}
/**
* Determines whether the current user is allowed to enrol users into the provided class
*
* @param int $classid The id of the class we are checking permissions on
*
* @return boolean Whether the user is allowed to enrol users into the class
*
*/
static function can_enrol_into_class($classid)
{
global $USER;
//check the standard capability
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
if ($cpage->_has_capability('local/elisprogram:class_enrol', $classid) || $cpage->_has_capability('local/elisprogram:class_enrol_userset_user', $classid)) {
return true;
}
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:class_enrol_userset_user', $USER->id);
//we first need to go through tracks to get to clusters
$track_listing = new trackassignment(array('classid' => $classid));
$tracks = $track_listing->get_assigned_tracks();
//iterate over the track ides, which are the keys of the array
if (!empty($tracks)) {
foreach (array_keys($tracks) as $track) {
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($track);
if (!empty($clusters)) {
foreach ($clusters as $cluster) {
if ($context->context_allowed($cluster->clusterid, 'cluster')) {
return true;
}
}
}
}
}
return false;
}
function get_records($filter)
{
global $USER;
$sort = optional_param('sort', 'name', PARAM_ALPHA);
$dir = optional_param('dir', 'ASC', PARAM_ALPHA);
$pagenum = optional_param('page', 0, PARAM_INT);
$perpage = optional_param('perpage', 30, PARAM_INT);
if ($sort == 'name') {
$sort = 'lastname';
}
$extrasql = $filter->get_sql_filter();
//filter based on cluster role assignments
$context_set = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:user_edit', $USER->id);
// Get list of users
$items = usermanagement_get_users_recordset($sort, $dir, $perpage * $pagenum, $perpage, $extrasql, $context_set);
$numitems = usermanagement_count_users($extrasql, $context_set);
return array($items, $numitems);
}
/**
* Returns an array of cluster ids that are associated to the supplied class through tracks and
* the current user has access to enrol users into
*
* @param int $clsid The class whose association ids we care about
* @return int array The array of accessible cluster ids
*/
public static function get_allowed_clusters($clsid)
{
global $USER;
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:assign_userset_user_class_instructor', $USER->id);
$allowed_clusters = array();
// TODO: Ugly, this needs to be overhauled
$cpage = new pmclasspage();
if ($cpage->_has_capability('local/elisprogram:assign_userset_user_class_instructor', $clsid)) {
require_once elispm::lib('data/clusterassignment.class.php');
$cmuserid = pm_get_crlmuserid($USER->id);
$userclusters = clusterassignment::find(new field_filter('userid', $cmuserid));
foreach ($userclusters as $usercluster) {
$allowed_clusters[] = $usercluster->clusterid;
}
}
//we first need to go through tracks to get to clusters
$track_listing = new trackassignment(array('classid' => $clsid));
$tracks = $track_listing->get_assigned_tracks();
//iterate over the track ides, which are the keys of the array
if (!empty($tracks)) {
foreach (array_keys($tracks) as $track) {
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($track);
$allowed_track_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid');
//append all clusters that are allowed by the available clusters contexts
foreach ($allowed_track_clusters as $allowed_track_cluster) {
$allowed_clusters[] = $allowed_track_cluster;
}
}
}
return $allowed_clusters;
}
/**
* Get standard permission filters for an element - user available table.
*
* This takes into account the local/elisprogram:[element]_enrol, and elis:program/[element]_enrol_userset_user permissions.
*
* @param string $elementtype The type of element we're associating to. I.e. program, track, class, userset.
* @param int $elementid The ID of the base element we're associating to.
* @param string $elementid2clusterscallable A callable that will get the associated cluster ids from an element id.
* @return array An array consisting of an array of additional filters as 0, and parameters as 1
*/
protected function get_filter_sql_permissions_elementuser($elementtype, $elementid, $elementid2clusterscallable)
{
global $USER, $DB;
$elementtype2ctxlevel = array('program' => 'curriculum', 'track' => 'track', 'class' => 'pmclass', 'userset' => 'cluster');
if (!isset($elementtype2ctxlevel[$elementtype])) {
throw new Exception('Bad element type specified for get_filter_sql_permissions_userelement_available');
}
$enrolperm = 'local/elisprogram:' . $elementtype . '_enrol';
$usersetenrolperm = 'local/elisprogram:' . $elementtype . '_enrol_userset_user';
$ctxlevel = $elementtype2ctxlevel[$elementtype];
$additionalfilters = array();
$additionalparams = array();
// If $USER has $enrolperm permission for this element, we don't have to go any further.
$enrolctxs = pm_context_set::for_user_with_capability($ctxlevel, $enrolperm, $USER->id);
if ($enrolctxs->context_allowed($elementid, $ctxlevel) !== true) {
// We now cross-reference the clusters the assigner has the $usersetenrolperm permission with clusters the element is
// assigned to. We limit the users returned in the search results to users that are in the resulting clusters.
$enrolusersetuserctxs = pm_context_set::for_user_with_capability('cluster', $usersetenrolperm, $USER->id);
// Get the clusters and check the context against them.
$clusters = call_user_func($elementid2clusterscallable, $elementid);
$allowedclusters = $enrolusersetuserctxs->get_allowed_instances($clusters, 'cluster', 'clusterid');
if (!empty($allowedclusters)) {
list($clusterfilterwhere, $clusterfilterparams) = $DB->get_in_or_equal($allowedclusters);
$useridsfromclusters = 'SELECT userid FROM {' . clusterassignment::TABLE . '} WHERE clusterid ' . $clusterfilterwhere;
$additionalfilters[] = 'element.id IN (' . $useridsfromclusters . ')';
$additionalparams = array_merge($additionalparams, $clusterfilterparams);
} else {
$additionalfilters[] = 'FALSE';
}
} else {
$additionalfilters[] = 'TRUE';
}
return array($additionalfilters, $additionalparams);
}
/**
* Returns an array of cluster ids that are parents of the supplied cluster
* and the current user has access to enrol users into
*
* @param int $clusterid The cluster whose parents we care about
* @return int array The array of accessible cluster ids
*/
public static function get_allowed_clusters($clusterid)
{
global $USER, $DB;
//get the clusters and check the context against them
$cluster_context_instance = \local_elisprogram\context\userset::instance($clusterid);
// ELIS-3848 -- Use named parameters otherwise array += array doesn't work correctly
$path = $DB->sql_concat('ctxt.path', ':pathwildcard');
//query to get parent cluster contexts
$cluster_permissions_sql = 'SELECT clst.*
FROM {' . self::TABLE . "} clst\n JOIN {context} ctxt\n ON clst.id = ctxt.instanceid\n AND ctxt.contextlevel = :ctxlevel\n AND :ctxpath LIKE {$path} ";
$params = array('ctxlevel' => CONTEXT_ELIS_USERSET, 'ctxpath' => $cluster_context_instance->path, 'pathwildcard' => '/%');
// filter out the records that the user can't see
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id);
$filtersql = $context->get_filter('id')->get_sql(true, 'clst', SQL_PARAMS_NAMED);
if (isset($filtersql['join'])) {
$cluster_permissions_sql .= $filtersql['join'];
$params = array_merge($params, $filtersql['join_params']);
}
if (isset($filtersql['where'])) {
$cluster_permissions_sql .= ' WHERE ' . $filtersql['where'];
$params = array_merge($params, $filtersql['where_parameters']);
}
$result = array();
$allowed_clusters = $DB->get_recordset_sql($cluster_permissions_sql, $params);
foreach ($allowed_clusters as $cluster) {
$result[] = $cluster->id;
}
unset($allowed_clusters);
return $result;
}