/**
* Log the current user into a chat room in the given chat.
*
* @param int $chatid the chat instance id
* @param int $groupid the user group id
* @return array of warnings and the chat unique session id
* @since Moodle 3.0
* @throws moodle_exception
*/
public static function login_user($chatid, $groupid = 0)
{
global $DB;
$params = self::validate_parameters(self::login_user_parameters(), array('chatid' => $chatid, 'groupid' => $groupid));
$warnings = array();
// Request and permission validation.
$chat = $DB->get_record('chat', array('id' => $params['chatid']), '*', MUST_EXIST);
list($course, $cm) = get_course_and_cm_from_instance($chat, 'chat');
$context = context_module::instance($cm->id);
self::validate_context($context);
require_capability('mod/chat:chat', $context);
if (!empty($params['groupid'])) {
$groupid = $params['groupid'];
// Determine is the group is visible to user.
if (!groups_group_visible($groupid, $course, $cm)) {
throw new moodle_exception('notingroup');
}
} else {
// Check to see if groups are being used here.
if ($groupmode = groups_get_activity_groupmode($cm)) {
$groupid = groups_get_activity_group($cm);
// Determine is the group is visible to user (this is particullary for the group 0).
if (!groups_group_visible($groupid, $course, $cm)) {
throw new moodle_exception('notingroup');
}
} else {
$groupid = 0;
}
}
// Get the unique chat session id.
// Since we are going to use the chat via Web Service requests we set the ajax version (since it's the most similar).
if (!($chatsid = chat_login_user($chat->id, 'ajax', $groupid, $course))) {
throw moodle_exception('cantlogin', 'chat');
}
$result = array();
$result['chatsid'] = $chatsid;
$result['warnings'] = $warnings;
return $result;
}
echo $OUTPUT->footer();
exit;
} else {
echo $select;
}
// Fetch current active group.
$groupmode = groups_get_course_groupmode($course);
$currentgroup = $SESSION->activegroup[$course->id][$groupmode][$course->defaultgroupingid];
if (!empty($instanceid) && !empty($roleid)) {
// Trigger a report viewed event.
$event = \report_participation\event\report_viewed::create(array('context' => $context, 'other' => array('instanceid' => $instanceid, 'groupid' => $currentgroup, 'roleid' => $roleid, 'timefrom' => $timefrom, 'action' => $action)));
$event->trigger();
// from here assume we have at least the module we're using.
$cm = $modinfo->cms[$instanceid];
// Group security checks.
if (!groups_group_visible($currentgroup, $course, $cm)) {
echo $OUTPUT->heading(get_string("notingroup"));
echo $OUTPUT->footer();
exit;
}
$table = new flexible_table('course-participation-' . $course->id . '-' . $cm->id . '-' . $roleid);
$table->course = $course;
$table->define_columns(array('fullname', 'count', 'select'));
$table->define_headers(array(get_string('user'), !empty($action) ? get_string($action) : get_string('allactions'), get_string('select')));
$table->define_baseurl($baseurl);
$table->set_attribute('cellpadding', '5');
$table->set_attribute('class', 'generaltable generalbox reporttable');
$table->sortable(true, 'lastname', 'ASC');
$table->no_sorting('select');
$table->set_control_variables(array(TABLE_VAR_SORT => 'ssort', TABLE_VAR_HIDE => 'shide', TABLE_VAR_SHOW => 'sshow', TABLE_VAR_IFIRST => 'sifirst', TABLE_VAR_ILAST => 'silast', TABLE_VAR_PAGE => 'spage'));
$table->setup();
/**
* Get all discussions in a forum
*
* @global object
* @global object
* @global object
* @uses CONTEXT_MODULE
* @uses VISIBLEGROUPS
* @param object $cm
* @param string $forumsort
* @param bool $fullpost
* @param int $unused
* @param int $limit
* @param bool $userlastmodified
* @param int $page
* @param int $perpage
* @param int $groupid if groups enabled, get discussions for this group overriding the current group.
* Use FORUM_POSTS_ALL_USER_GROUPS for all the user groups
* @param int $updatedsince retrieve only discussions updated since the given time
* @return array
*/
function forum_get_discussions($cm, $forumsort = "", $fullpost = true, $unused = -1, $limit = -1, $userlastmodified = false, $page = -1, $perpage = 0, $groupid = -1, $updatedsince = 0)
{
global $CFG, $DB, $USER;
$timelimit = '';
$now = round(time(), -2);
$params = array($cm->instance);
$modcontext = context_module::instance($cm->id);
if (!has_capability('mod/forum:viewdiscussion', $modcontext)) {
/// User must have perms to view discussions
return array();
}
if (!empty($CFG->forum_enabletimedposts)) {
/// Users must fulfill timed posts
if (!has_capability('mod/forum:viewhiddentimedposts', $modcontext)) {
$timelimit = " AND ((d.timestart <= ? AND (d.timeend = 0 OR d.timeend > ?))";
$params[] = $now;
$params[] = $now;
if (isloggedin()) {
$timelimit .= " OR d.userid = ?";
$params[] = $USER->id;
}
$timelimit .= ")";
}
}
if ($limit > 0) {
$limitfrom = 0;
$limitnum = $limit;
} else {
if ($page != -1) {
$limitfrom = $page * $perpage;
$limitnum = $perpage;
} else {
$limitfrom = 0;
$limitnum = 0;
}
}
$groupmode = groups_get_activity_groupmode($cm);
if ($groupmode) {
if (empty($modcontext)) {
$modcontext = context_module::instance($cm->id);
}
// Special case, we received a groupid to override currentgroup.
if ($groupid > 0) {
$course = get_course($cm->course);
if (!groups_group_visible($groupid, $course, $cm)) {
// User doesn't belong to this group, return nothing.
return array();
}
$currentgroup = $groupid;
} else {
if ($groupid === -1) {
$currentgroup = groups_get_activity_group($cm);
} else {
// Get discussions for all groups current user can see.
$currentgroup = null;
}
}
if ($groupmode == VISIBLEGROUPS or has_capability('moodle/site:accessallgroups', $modcontext)) {
if ($currentgroup) {
$groupselect = "AND (d.groupid = ? OR d.groupid = -1)";
$params[] = $currentgroup;
} else {
$groupselect = "";
}
} else {
// Separate groups.
// Get discussions for all groups current user can see.
if ($currentgroup === null) {
$mygroups = array_keys(groups_get_all_groups($cm->course, $USER->id, $cm->groupingid, 'g.id'));
if (empty($mygroups)) {
$groupselect = "AND d.groupid = -1";
} else {
list($insqlgroups, $inparamsgroups) = $DB->get_in_or_equal($mygroups);
$groupselect = "AND (d.groupid = -1 OR d.groupid {$insqlgroups})";
$params = array_merge($params, $inparamsgroups);
}
} else {
if ($currentgroup) {
$groupselect = "AND (d.groupid = ? OR d.groupid = -1)";
$params[] = $currentgroup;
} else {
$groupselect = "AND d.groupid = -1";
}
}
}
} else {
$groupselect = "";
}
if (empty($forumsort)) {
$forumsort = forum_get_default_sort_order();
}
if (empty($fullpost)) {
$postdata = "p.id,p.subject,p.modified,p.discussion,p.userid";
} else {
$postdata = "p.*";
}
if (empty($userlastmodified)) {
// We don't need to know this
$umfields = "";
$umtable = "";
} else {
$umfields = ', ' . get_all_user_name_fields(true, 'um', null, 'um') . ', um.email AS umemail, um.picture AS umpicture,
um.imagealt AS umimagealt';
$umtable = " LEFT JOIN {user} um ON (d.usermodified = um.id)";
}
$updatedsincesql = '';
if (!empty($updatedsince)) {
$updatedsincesql = 'AND d.timemodified > ?';
$params[] = $updatedsince;
}
$allnames = get_all_user_name_fields(true, 'u');
$sql = "SELECT {$postdata}, d.name, d.timemodified, d.usermodified, d.groupid, d.timestart, d.timeend, d.pinned, {$allnames},\n u.email, u.picture, u.imagealt {$umfields}\n FROM {forum_discussions} d\n JOIN {forum_posts} p ON p.discussion = d.id\n JOIN {user} u ON p.userid = u.id\n {$umtable}\n WHERE d.forum = ? AND p.parent = 0\n {$timelimit} {$groupselect} {$updatedsincesql}\n ORDER BY {$forumsort}, d.id DESC";
return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
}
/**
* Can the current user see ratings for a given itemid?
*
* @param array $params submitted data
* contextid => int contextid [required]
* component => The component for this module - should always be mod_data [required]
* ratingarea => object the context in which the rated items exists [required]
* itemid => int the ID of the object being rated [required]
* scaleid => int scale id [optional]
* @return bool
* @throws coding_exception
* @throws rating_exception
*/
function mod_data_rating_can_see_item_ratings($params)
{
global $DB;
// Check the component is mod_data.
if (!isset($params['component']) || $params['component'] != 'mod_data') {
throw new rating_exception('invalidcomponent');
}
// Check the ratingarea is entry (the only rating area in data).
if (!isset($params['ratingarea']) || $params['ratingarea'] != 'entry') {
throw new rating_exception('invalidratingarea');
}
if (!isset($params['itemid'])) {
throw new rating_exception('invaliditemid');
}
$datasql = "SELECT d.id as dataid, d.course, r.groupid\n FROM {data_records} r\n JOIN {data} d ON r.dataid = d.id\n WHERE r.id = :itemid";
$dataparams = array('itemid' => $params['itemid']);
if (!($info = $DB->get_record_sql($datasql, $dataparams))) {
// Item doesn't exist.
throw new rating_exception('invaliditemid');
}
// User can see ratings of all participants.
if ($info->groupid == 0) {
return true;
}
$course = $DB->get_record('course', array('id' => $info->course), '*', MUST_EXIST);
$cm = get_coursemodule_from_instance('data', $info->dataid, $course->id, false, MUST_EXIST);
// Make sure groups allow this user to see the item they're rating.
return groups_group_visible($info->groupid, $course, $cm);
}
/**
* Validate access permissions to the report
*
* @param int $courseid the courseid
* @param int $userid the user id to retrieve data from
* @param int $groupid the group id
* @return array with the parameters cleaned and other required information
* @since Moodle 3.2
*/
protected static function check_report_access($courseid, $userid, $groupid = 0)
{
global $USER;
// Validate the parameter.
$params = self::validate_parameters(self::get_grades_table_parameters(), array('courseid' => $courseid, 'userid' => $userid, 'groupid' => $groupid));
// Compact/extract functions are not recommended.
$courseid = $params['courseid'];
$userid = $params['userid'];
$groupid = $params['groupid'];
// Function get_course internally throws an exception if the course doesn't exist.
$course = get_course($courseid);
$context = context_course::instance($courseid);
self::validate_context($context);
// Specific capabilities.
require_capability('gradereport/user:view', $context);
$user = null;
if (empty($userid)) {
require_capability('moodle/grade:viewall', $context);
} else {
$user = core_user::get_user($userid, '*', MUST_EXIST);
core_user::require_active_user($user);
// Check if we can view the user group (if any).
// When userid == 0, we are retrieving all the users, we'll check then if a groupid is required.
if (!groups_user_groups_visible($course, $user->id)) {
throw new moodle_exception('notingroup');
}
}
$access = false;
if (has_capability('moodle/grade:viewall', $context)) {
// Can view all course grades.
$access = true;
} else {
if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) {
// View own grades.
$access = true;
}
}
if (!$access) {
throw new moodle_exception('nopermissiontoviewgrades', 'error');
}
if (!empty($groupid)) {
// Determine is the group is visible to user.
if (!groups_group_visible($groupid, $course)) {
throw new moodle_exception('notingroup');
}
} else {
// Check to see if groups are being used here.
if ($groupmode = groups_get_course_groupmode($course)) {
$groupid = groups_get_course_group($course);
// Determine is the group is visible to user (this is particullary for the group 0).
if (!groups_group_visible($groupid, $course)) {
throw new moodle_exception('notingroup');
}
} else {
$groupid = 0;
}
}
return array($params, $course, $context, $user, $groupid);
}
require_once $CFG->dirroot . '/grade/export/uag/grade_export_uag.php';
$id = required_param('id', PARAM_INT);
$groupid = optional_param('groupid', 0, PARAM_INT);
$itemids = required_param('itemids', PARAM_RAW);
$exportfeedback = optional_param('export_feedback', 0, PARAM_BOOL);
$separator = optional_param('separator', 'comma', PARAM_ALPHA);
$displaytype = optional_param('displaytype', $CFG->grade_export_displaytype, PARAM_RAW);
$decimalpoints = optional_param('decimalpoints', $CFG->grade_export_decimalpoints, PARAM_INT);
$onlyactive = optional_param('export_onlyactive', 0, PARAM_BOOL);
if (!($course = $DB->get_record('course', array('id' => $id)))) {
print_error('nocourseid');
}
require_user_key_login('grade/export', $id);
// We want different keys for each course.
if (empty($CFG->gradepublishing)) {
print_error('gradepubdisable');
}
$context = context_course::instance($id);
require_capability('moodle/grade:export', $context);
require_capability('gradeexport/uag:publish', $context);
require_capability('gradeexport/uag:view', $context);
if (!groups_group_visible($groupid, $COURSE)) {
print_error('cannotaccessgroup', 'grades');
}
$coursegradeitem = $DB->get_record('grade_items', array('courseid' => $id, 'itemtype' => 'course'));
$itemids = $coursegradeitem->id;
// Get all url parameters and create an object to simulate a form submission.
$formdata = grade_export::export_bulk_export_data($id, $itemids, $exportfeedback, $onlyactive, $displaytype, $decimalpoints, null, $separator);
$export = new grade_export_uag($course, $groupid, $formdata);
$export->finalitemid = $coursegradeitem->id;
$export->print_grades();
/**
* Retrieves the list of students to be graded for the assignment.
*
* @param int $assignid the assign instance id
* @param int $groupid the current group id
* @param string $filter search string to filter the results.
* @param int $skip Number of records to skip
* @param int $limit Maximum number of records to return
* @param bool $onlyids Only return user ids.
* @param bool $includeenrolments Return courses where the user is enrolled.
* @return array of warnings and status result
* @since Moodle 3.1
* @throws moodle_exception
*/
public static function list_participants($assignid, $groupid, $filter, $skip, $limit, $onlyids, $includeenrolments) {
global $DB, $CFG;
require_once($CFG->dirroot . "/mod/assign/locallib.php");
require_once($CFG->dirroot . "/user/lib.php");
$params = self::validate_parameters(self::list_participants_parameters(),
array(
'assignid' => $assignid,
'groupid' => $groupid,
'filter' => $filter,
'skip' => $skip,
'limit' => $limit,
'onlyids' => $onlyids,
'includeenrolments' => $includeenrolments
));
$warnings = array();
list($assign, $course, $cm, $context) = self::validate_assign($params['assignid']);
require_capability('mod/assign:view', $context);
$assign->require_view_grades();
$participants = array();
if (groups_group_visible($params['groupid'], $course, $cm)) {
$participants = $assign->list_participants_with_filter_status_and_group($params['groupid']);
}
$userfields = user_get_default_fields();
if (!$params['includeenrolments']) {
// Remove enrolled courses from users fields to be returned.
$key = array_search('enrolledcourses', $userfields);
if ($key !== false) {
unset($userfields[$key]);
} else {
throw new moodle_exception('invaliduserfield', 'error', '', 'enrolledcourses');
}
}
$result = array();
$index = 0;
foreach ($participants as $record) {
// Preserve the fullname set by the assignment.
$fullname = $record->fullname;
$searchable = $fullname;
$match = false;
if (empty($filter)) {
$match = true;
} else {
$filter = core_text::strtolower($filter);
$value = core_text::strtolower($searchable);
if (is_string($value) && (core_text::strpos($value, $filter) !== false)) {
$match = true;
}
}
if ($match) {
$index++;
if ($index <= $params['skip']) {
continue;
}
if (($params['limit'] > 0) && (($index - $params['skip']) > $params['limit'])) {
break;
}
// Now we do the expensive lookup of user details because we completed the filtering.
if (!$assign->is_blind_marking() && !$params['onlyids']) {
$userdetails = user_get_user_details($record, $course, $userfields);
} else {
$userdetails = array('id' => $record->id);
}
$userdetails['fullname'] = $fullname;
$userdetails['submitted'] = $record->submitted;
$userdetails['requiregrading'] = $record->requiregrading;
if (!empty($record->groupid)) {
$userdetails['groupid'] = $record->groupid;
}
if (!empty($record->groupname)) {
$userdetails['groupname'] = $record->groupname;
}
$result[] = $userdetails;
}
}
return $result;
}
/**
* Tests for groups_group_visible.
*/
public function test_groups_group_visible()
{
global $CFG, $DB;
$generator = $this->getDataGenerator();
$this->resetAfterTest();
$this->setAdminUser();
// Create a course category, course and groups.
$cat = $generator->create_category(array('parent' => 0));
$course = $generator->create_course(array('category' => $cat->id));
$coursecontext = context_course::instance($course->id);
$group1 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 1'));
$group2 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 2'));
$group3 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 3'));
$group4 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 4'));
// Create cm.
$assign = $generator->create_module("assign", array('course' => $course->id));
$cm = get_coursemodule_from_instance("assign", $assign->id);
// Create users.
$user1 = $generator->create_user();
$user2 = $generator->create_user();
$user3 = $generator->create_user();
// Enrol users into the course.
$generator->enrol_user($user1->id, $course->id);
$generator->enrol_user($user2->id, $course->id);
// Assign groups.
groups_add_member($group1, $user2);
// Give capability at course level to the user to access all groups.
$role = $DB->get_field("role", "id", array("shortname" => "manager"));
$generator->enrol_user($user3->id, $course->id, $role);
// Make sure the user has the capability.
assign_capability('moodle/site:accessallgroups', CAP_ALLOW, $role, $coursecontext->id);
// No groups , not forced.
$result = groups_group_visible($group1->id, $course, null, $user1->id);
$this->assertTrue($result);
$result = groups_group_visible(0, $course, null, $user1->id);
$this->assertTrue($result);
// Requesting all groups.
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with no groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertFalse($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user2->id);
$this->assertTrue($result);
// Cm with separate groups.
$cm->groupmode = VISIBLEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with visible groups.
// No groups, forced.
$course->groupmode = NOGROUPS;
$course->groupmodeforce = true;
update_course($course);
$result = groups_group_visible($group1->id, $course, null, $user1->id);
$this->assertTrue($result);
$result = groups_group_visible(0, $course, null, $user1->id);
$this->assertTrue($result);
// Requesting all groups.
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with no groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user2->id);
$this->assertTrue($result);
// Cm with separate groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with visible groups.
// Visible groups, forced.
$course->groupmode = VISIBLEGROUPS;
$course->groupmodeforce = true;
update_course($course);
$result = groups_group_visible($group1->id, $course, null, $user1->id);
$this->assertTrue($result);
$result = groups_group_visible(0, $course, null, $user1->id);
$this->assertTrue($result);
// Requesting all groups.
$cm->groupmode = NOGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with no groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user2->id);
$this->assertTrue($result);
// Cm with separate groups.
$cm->groupmode = VISIBLEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with visible groups.
// Visible groups, not forced.
$course->groupmode = VISIBLEGROUPS;
$course->groupmodeforce = false;
update_course($course);
$result = groups_group_visible($group1->id, $course, null, $user1->id);
$this->assertTrue($result);
$result = groups_group_visible(0, $course, null, $user1->id);
$this->assertTrue($result);
// Requesting all groups.
$cm->groupmode = NOGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with no groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertFalse($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user2->id);
$this->assertTrue($result);
// Cm with separate groups.
$cm->groupmode = VISIBLEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with visible groups.
// Separate groups, forced.
$course->groupmode = SEPARATEGROUPS;
$course->groupmodeforce = true;
update_course($course);
$result = groups_group_visible($group1->id, $course, null, $user1->id);
$this->assertFalse($result);
$result = groups_group_visible($group1->id, $course, null, $user2->id);
$this->assertTrue($result);
$result = groups_group_visible(0, $course, null, $user2->id);
$this->assertFalse($result);
// Requesting all groups.
$result = groups_group_visible(0, $course, null, $user3->id);
$this->assertTrue($result);
// Requesting all groups.
$result = groups_group_visible($group1->id, $course, null, $user3->id);
$this->assertTrue($result);
// Make sure user with access to all groups can see any group.
$cm->groupmode = NOGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertFalse($result);
// Cm with no groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertFalse($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user2->id);
$this->assertTrue($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user3->id);
$this->assertTrue($result);
// Make sure user with access to all groups can see any group.
$cm->groupmode = VISIBLEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertFalse($result);
// Cm with visible groups.
// Separate groups, not forced.
$course->groupmode = SEPARATEGROUPS;
$course->groupmodeforce = false;
update_course($course);
$result = groups_group_visible($group1->id, $course, null, $user1->id);
$this->assertFalse($result);
$result = groups_group_visible($group1->id, $course, null, $user2->id);
$this->assertTrue($result);
$result = groups_group_visible(0, $course, null, $user2->id);
$this->assertFalse($result);
// Requesting all groups.
$result = groups_group_visible(0, $course, null, $user3->id);
$this->assertTrue($result);
// Requesting all groups.
$cm->groupmode = NOGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with no groups.
$cm->groupmode = SEPARATEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertFalse($result);
// Cm with separate groups.
$result = groups_group_visible($group1->id, $course, $cm, $user2->id);
$this->assertTrue($result);
// Cm with separate groups.
$cm->groupmode = VISIBLEGROUPS;
$result = groups_group_visible($group1->id, $course, $cm, $user1->id);
$this->assertTrue($result);
// Cm with visible groups.
}