/**
* Determine whether the current can manage the association between a given user and userset.
* @param int $userid The ID of a user.
* @param int $clustid The ID of a userset.
* @return bool Success status.
*/
public static function can_manage_assoc($userid, $usersetid)
{
global $USER;
$allowedusersets = array();
// TODO: Ugly, this needs to be overhauled.
$upage = new usersetpage();
if (!usersetpage::can_enrol_into_cluster($usersetid)) {
// The users who satisfty this condition are a superset of those who can manage associations.
return false;
} else {
if ($upage->_has_capability('local/elisprogram:userset_enrol', $usersetid)) {
// Current user has the direct capability.
return true;
}
}
$allowedusersets = userset::get_allowed_clusters($usersetid);
$filter = array(new field_filter('userid', $userid));
// Query to get users associated to at least one enabling userset.
if (empty($allowedusersets)) {
$filter[] = new select_filter('FALSE');
} else {
$filter[] = new in_list_filter('clusterid', $allowedusersets);
}
// User just needs to be in one of the possible usersets.
if (clusterassignment::exists($filter)) {
return true;
}
return false;
}
function get_records($filter)
{
global $DB, $USER;
$id = $this->required_param('id', PARAM_INT);
$sort = $this->optional_param('sort', 'name', PARAM_ALPHA);
$dir = $this->optional_param('dir', 'ASC', PARAM_ALPHA);
$pagenum = $this->optional_param('page', 0, PARAM_INT);
$perpage = $this->optional_param('perpage', 30, PARAM_INT);
$filters = array();
// find users who do not have a manual assignment already
$filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new AND_filter(array(new field_filter('clusterid', $id), new field_filter('plugin', 'manual'))), true);
// user-defined filter
list($extrasql, $params) = $filter->get_sql_filter();
if ($extrasql) {
$filters[] = new select_filter($extrasql, $params);
}
// TODO: Ugly, this needs to be overhauled
$upage = new usersetpage();
if (!$upage->_has_capability('local/elisprogram:userset_enrol')) {
//perform SQL filtering for the more "conditional" capability
//get the context for the "indirect" capability
$context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id);
$allowed_clusters = userset::get_allowed_clusters($id);
if (empty($allowed_clusters)) {
$filters[] = new select_filter('FALSE');
} else {
$filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new in_list_filter('clusterid', $allowed_clusters));
}
}
$count = user::count($filters);
$users = user::find($filters, array($sort => $dir), $pagenum * $perpage, $perpage);
return array($users, $count);
}
/**
* A get_filter_sql_permissions_elementuser compatible version of userset::get_allowed_clusters
* @param int $usersetid The userset whose parents we care about.
*/
public static function get_allowed_clusters($usersetid)
{
global $DB;
$ids = userset::get_allowed_clusters($usersetid);
if (!empty($ids)) {
list($idswhere, $idsparams) = $DB->get_in_or_equal($ids);
$sql = 'SELECT id as clusterid FROM {' . userset::TABLE . '} WHERE id ' . $idswhere;
return $DB->get_records_sql($sql, $idsparams);
} else {
return array();
}
}
/**
* Tests contexts in userset data object.
*
* Covers:
* local/elisprogram/lib/data/userset.class.php:334
* local/elisprogram/lib/data/userset.class.php:453
* local/elisprogram/lib/data/userset.class.php:561
* local/elisprogram/lib/data/userset.class.php:595
* local/elisprogram/lib/data/userset.class.php:616
* local/elisprogram/lib/data/userset.class.php:721
* local/elisprogram/lib/data/userset.class.php:755
* local/elisprogram/lib/data/userset.class.php:847
* local/elisprogram/lib/data/userset.class.php:901
*/
public function test_usersetcontexts()
{
global $USER, $DB;
require_once elispm::file('plugins/usetclassify/usersetclassification.class.php');
require_once elispm::file('plugins/usetclassify/lib.php');
$this->setup_users();
$this->setup_usersets();
// TEST local/elisprogram/lib/data/userset.class.php:334.
$res = userset::get_allowed_clusters(1);
// TEST local/elisprogram/lib/data/userset.class.php:453.
$ussfilter = new usersubset_filter('id', new field_filter('id', 1));
$res = $ussfilter->get_sql();
// TEST
// local/elisprogram/lib/data/userset.class.php:561
// local/elisprogram/lib/data/userset.class.php:595
// local/elisprogram/lib/data/userset.class.php:616
// local/elisprogram/lib/data/userset.class.php:721
// local/elisprogram/lib/data/userset.class.php:755.
$field = new field(array('shortname' => USERSET_CLASSIFICATION_FIELD));
$field->load();
$userset = $this->create_userset($field);
// Get a role to assign.
$rolesctx = $DB->get_records('role_context_levels', array('contextlevel' => CONTEXT_ELIS_USERSET));
foreach ($rolesctx as $i => $rolectx) {
$roleid = $rolectx->roleid;
}
// Add userset_view capability to our role.
$usersetcontext = \local_elisprogram\context\userset::instance($userset->id);
$rc = new stdClass();
$rc->contextid = $usersetcontext->id;
$rc->roleid = $roleid;
$rc->capability = 'local/elisprogram:userset_view';
$rc->permission = 1;
$rc->timemodified = time();
$rc->modifierid = 0;
$DB->insert_record('role_capabilities', $rc);
$rc = new stdClass();
$rc->contextid = $usersetcontext->id;
$rc->roleid = $roleid;
$rc->capability = 'local/elisprogram:userset_enrol_userset_user';
$rc->permission = 1;
$rc->timemodified = time();
$rc->modifierid = 0;
$DB->insert_record('role_capabilities', $rc);
// Assign role.
$user = new user(103);
$muser = $user->get_moodleuser();
$raid = role_assign($roleid, $muser->id, $usersetcontext->id);
$this->setUser(100);
// Assign other user to userset.
$clst = new clusterassignment();
$clst->clusterid = $userset->id;
$clst->userid = 104;
$clst->plugin = 'manual';
$clst->save();
// Get cluster listing.
$capability = 'local/elisprogram:userset_view';
$contexts = get_contexts_by_capability_for_user('cluster', $capability, 100);
$extrafilters = array('contexts' => $contexts, 'classification' => 'test field data');
$res = cluster_get_listing('name', 'ASC', 0, 0, '', '', $extrafilters, 104);
$res = cluster_count_records('', '', $extrafilters);
// TEST local/elisprogram/lib/data/userset.class.php:847.
cluster_get_non_child_clusters(1);
// TEST local/elisprogram/lib/data/userset.class.php:901.
cluster_get_possible_sub_clusters(1);
$this->setUser(null);
}
/**
* Test whether a user can enrol users into a sub-userset if they have the required capability on the
* parent userset.
*/
public function test_getallowedclusterswithparentpermission()
{
global $DB;
$this->load_csv_data();
// Create role with cap: 'local/elisprogram:class_view'.
$testrole = new stdClass();
$testrole->name = 'ELIS Sub-Userset Manager';
$testrole->shortname = '_test_ELIS_3848';
$testrole->description = 'ELIS userset enrol into sub-userser';
$testrole->archetype = '';
$testrole->id = create_role($testrole->name, $testrole->shortname, $testrole->description, $testrole->archetype);
// Ensure our new role is assignable to ELIS class contexts.
set_role_contextlevels($testrole->id, array(CONTEXT_ELIS_USERSET));
// Ensure the role has our required capability assigned.
$syscontext = context_system::instance();
assign_capability('local/elisprogram:userset', CAP_ALLOW, $testrole->id, $syscontext->id, true);
assign_capability('local/elisprogram:userset_view', CAP_ALLOW, $testrole->id, $syscontext->id, true);
assign_capability('local/elisprogram:userset_create', CAP_ALLOW, $testrole->id, $syscontext->id, true);
assign_capability('local/elisprogram:userset_enrol_userset_user', CAP_ALLOW, $testrole->id, $syscontext->id, true);
$syscontext->mark_dirty();
// Assign a test user a role within the parent userset.
$context = \local_elisprogram\context\userset::instance(1);
role_assign($testrole->id, 100, $context->id);
// Assign a test user a role within the sub-sub-userset.
$ctx2 = \local_elisprogram\context\userset::instance(4);
role_assign($testrole->id, 100, $ctx2->id);
// Switch to testuser.
$USER = $DB->get_record('user', array('id' => 100));
$USER->access = get_user_accessdata($USER->id);
load_role_access_by_context($testrole->id, $context, $USER->access);
// We need to force the accesslib cache to refresh.
$GLOBALS['USER'] = $USER;
// Check which of the parent usersets the user has access to based on the sub-userset.
$allowed = userset::get_allowed_clusters(2);
$this->assertInternalType('array', $allowed);
$this->assertEquals(1, count($allowed));
// Check which of the parent usersets the user has access to basdd on the sub-sub-userset.
$allowed = userset::get_allowed_clusters(4);
$this->assertInternalType('array', $allowed);
$this->assertEquals(2, count($allowed));
}
