/** * Validate access permissions to the report * * @param int $courseid the courseid * @param int $userid the user id to retrieve data from * @param int $groupid the group id * @return array with the parameters cleaned and other required information * @since Moodle 3.2 */ protected static function check_report_access($courseid, $userid, $groupid = 0) { global $USER; // Validate the parameter. $params = self::validate_parameters(self::get_grades_table_parameters(), array('courseid' => $courseid, 'userid' => $userid, 'groupid' => $groupid)); // Compact/extract functions are not recommended. $courseid = $params['courseid']; $userid = $params['userid']; $groupid = $params['groupid']; // Function get_course internally throws an exception if the course doesn't exist. $course = get_course($courseid); $context = context_course::instance($courseid); self::validate_context($context); // Specific capabilities. require_capability('gradereport/user:view', $context); $user = null; if (empty($userid)) { require_capability('moodle/grade:viewall', $context); } else { $user = core_user::get_user($userid, '*', MUST_EXIST); core_user::require_active_user($user); // Check if we can view the user group (if any). // When userid == 0, we are retrieving all the users, we'll check then if a groupid is required. if (!groups_user_groups_visible($course, $user->id)) { throw new moodle_exception('notingroup'); } } $access = false; if (has_capability('moodle/grade:viewall', $context)) { // Can view all course grades. $access = true; } else { if ($userid == $USER->id and has_capability('moodle/grade:view', $context) and $course->showgrades) { // View own grades. $access = true; } } if (!$access) { throw new moodle_exception('nopermissiontoviewgrades', 'error'); } if (!empty($groupid)) { // Determine is the group is visible to user. if (!groups_group_visible($groupid, $course)) { throw new moodle_exception('notingroup'); } } else { // Check to see if groups are being used here. if ($groupmode = groups_get_course_groupmode($course)) { $groupid = groups_get_course_group($course); // Determine is the group is visible to user (this is particullary for the group 0). if (!groups_group_visible($groupid, $course)) { throw new moodle_exception('notingroup'); } } else { $groupid = 0; } } return array($params, $course, $context, $user, $groupid); }
// Building the url to use for links.+ data details buildup. $url = new moodle_url('/mod/scorm/report/userreportinteractions.php', array('id' => $id, 'user' => $userid, 'attempt' => $attempt)); $cm = get_coursemodule_from_id('scorm', $id, 0, false, MUST_EXIST); $course = get_course($cm->course); $scorm = $DB->get_record('scorm', array('id' => $cm->instance), '*', MUST_EXIST); $user = $DB->get_record('user', array('id' => $userid), user_picture::fields(), MUST_EXIST); // Get list of attempts this user has made. $attemptids = scorm_get_all_attempts($scorm->id, $userid); $PAGE->set_url($url); // END of url setting + data buildup. // Checking login +logging +getting context. require_login($course, false, $cm); $contextmodule = context_module::instance($cm->id); require_capability('mod/scorm:viewreport', $contextmodule); // Check user has group access. if (!groups_user_groups_visible($course, $userid, $cm)) { throw new moodle_exception('nopermissiontoshow'); } // Trigger a user interactions viewed event. $event = \mod_scorm\event\interactions_viewed::create(array('context' => $contextmodule, 'relateduserid' => $userid, 'other' => array('attemptid' => $attempt, 'instanceid' => $scorm->id))); $event->add_record_snapshot('course_modules', $cm); $event->add_record_snapshot('scorm', $scorm); $event->trigger(); $trackdata = $DB->get_records('scorm_scoes_track', array('userid' => $user->id, 'scormid' => $scorm->id, 'attempt' => $attempt)); $usertrack = scorm_format_interactions($trackdata); $questioncount = get_scorm_question_count($scorm->id); $courseshortname = format_string($course->shortname, true, array('context' => context_course::instance($course->id))); $exportfilename = $courseshortname . '-' . format_string($scorm->name, true) . '-' . get_string('interactions', 'scorm'); // Set up the table. $table = new flexible_table('mod-scorm-userreport-interactions'); if (!$table->is_downloading($download, $exportfilename)) {
/** * Check if a user has the permission to viewdetails in a shared course's context. * * @param object $user The other user's details. * @param object $course Use this course to see if we have permission to see this user's profile. * @param context $usercontext The user context if available. * @return bool true for ability to view this user, else false. */ function user_can_view_profile($user, $course = null, $usercontext = null) { global $USER, $CFG; if ($user->deleted) { return false; } // If any of these four things, return true. // Number 1. if ($USER->id == $user->id) { return true; } // Number 2. if (empty($CFG->forceloginforprofiles)) { return true; } if (empty($usercontext)) { $usercontext = context_user::instance($user->id); } // Number 3. if (has_capability('moodle/user:viewdetails', $usercontext)) { return true; } // Number 4. if (has_coursecontact_role($user->id)) { return true; } if (isset($course)) { $sharedcourses = array($course); } else { $sharedcourses = enrol_get_shared_courses($USER->id, $user->id, true); } foreach ($sharedcourses as $sharedcourse) { $coursecontext = context_course::instance($sharedcourse->id); if (has_capability('moodle/user:viewdetails', $coursecontext)) { if (!groups_user_groups_visible($sharedcourse, $user->id)) { // Not a member of the same group. continue; } return true; } } return false; }
/** * Get Course completion status * * @param int $courseid ID of the Course * @param int $userid ID of the User * @return array of course completion status and warnings * @since Moodle 2.9 * @throws moodle_exception */ public static function get_course_completion_status($courseid, $userid) { global $CFG, $USER; require_once $CFG->libdir . '/grouplib.php'; $warnings = array(); $arrayparams = array('courseid' => $courseid, 'userid' => $userid); $params = self::validate_parameters(self::get_course_completion_status_parameters(), $arrayparams); $course = get_course($params['courseid']); $user = core_user::get_user($params['userid'], 'id', MUST_EXIST); $context = context_course::instance($course->id); self::validate_context($context); // Can current user see user's course completion status? // This check verifies if completion is enabled because $course is mandatory. if (!completion_can_view_data($user->id, $course)) { throw new moodle_exception('cannotviewreport'); } // The previous function doesn't check groups. if ($user->id != $USER->id) { if (!groups_user_groups_visible($course, $user->id)) { // We are not in the same group! throw new moodle_exception('accessdenied', 'admin'); } } $info = new completion_info($course); // Check this user is enroled. if (!$info->is_tracked_user($user->id)) { if ($USER->id == $user->id) { throw new moodle_exception('notenroled', 'completion'); } else { throw new moodle_exception('usernotenroled', 'completion'); } } $completions = $info->get_completions($user->id); if (empty($completions)) { throw new moodle_exception('nocriteriaset', 'completion'); } // Load course completion. $completionparams = array('userid' => $user->id, 'course' => $course->id); $ccompletion = new completion_completion($completionparams); $completionrows = array(); // Loop through course criteria. foreach ($completions as $completion) { $criteria = $completion->get_criteria(); $completionrow = array(); $completionrow['type'] = $criteria->criteriatype; $completionrow['title'] = $criteria->get_title(); $completionrow['status'] = $completion->get_status(); $completionrow['complete'] = $completion->is_complete(); $completionrow['timecompleted'] = $completion->timecompleted; $completionrow['details'] = $criteria->get_details($completion); $completionrows[] = $completionrow; } $result = array('completed' => $info->is_course_complete($user->id), 'aggregation' => $info->get_aggregation_method(), 'completions' => $completionrows); $results = array('completionstatus' => $result, 'warnings' => $warnings); return $results; }
/** * Tests for groups_user_groups_visible. */ public function test_groups_user_groups_visible() { global $CFG, $DB; $generator = $this->getDataGenerator(); $this->resetAfterTest(); $this->setAdminUser(); // Create a course category, course and groups. $cat = $generator->create_category(array('parent' => 0)); $course = $generator->create_course(array('category' => $cat->id)); $coursecontext = context_course::instance($course->id); $group1 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 1')); $group2 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 2')); $group3 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 3')); $group4 = $generator->create_group(array('courseid' => $course->id, 'name' => 'Group 4')); // Create cm. $assign = $generator->create_module("assign", array('course' => $course->id)); $cm = get_coursemodule_from_instance("assign", $assign->id); // Create users. $user1 = $generator->create_user(); // Normal user. $user2 = $generator->create_user(); // Normal user. $user3 = $generator->create_user(); // Teacher, access all groups. $user4 = $generator->create_user(); // Normal user. // Enrol users into the course. $generator->enrol_user($user1->id, $course->id); $generator->enrol_user($user2->id, $course->id); $generator->enrol_user($user4->id, $course->id); // Assign groups. // User1 and User4 share groups. groups_add_member($group1, $user1); groups_add_member($group2, $user2); groups_add_member($group1, $user4); // Give capability at course level to the user to access all groups. $role = $DB->get_field("role", "id", array("shortname" => "manager")); $generator->enrol_user($user3->id, $course->id, $role); // Make sure the user has the capability. assign_capability('moodle/site:accessallgroups', CAP_ALLOW, $role, $coursecontext->id); // Normal users in different groups. $this->setUser($user1); // No groups , not forced. $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertFalse($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with visible groups. // No groups, forced. $course->groupmode = NOGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); // Cm with visible groups. // Visible groups, forced. $course->groupmode = VISIBLEGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Visible groups, not forced. $course->groupmode = VISIBLEGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertFalse($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Separate groups, forced. $course->groupmode = SEPARATEGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user2->id); $this->assertFalse($result); $result = groups_user_groups_visible($course, $user3->id); $this->assertFalse($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertFalse($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertFalse($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user3->id, $cm); $this->assertTrue($result); $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertFalse($result); // Cm with visible groups. // Separate groups, not forced. $course->groupmode = SEPARATEGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user2->id); $this->assertFalse($result); $result = groups_user_groups_visible($course, $user3->id); $this->assertFalse($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertFalse($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Users sharing groups. // No groups , not forced. $course->groupmode = NOGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with visible groups. // No groups, forced. $course->groupmode = NOGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); // Cm with visible groups. // Visible groups, forced. $course->groupmode = VISIBLEGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Visible groups, not forced. $course->groupmode = VISIBLEGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Separate groups, forced. $course->groupmode = SEPARATEGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user3->id); $this->assertFalse($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user3->id, $cm); $this->assertTrue($result); $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Separate groups, not forced. $course->groupmode = SEPARATEGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user4->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user3->id); $this->assertFalse($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user4->id, $cm); $this->assertTrue($result); // Cm with visible groups. // For teacher with access all groups. // No groups , not forced. $course->groupmode = NOGROUPS; $course->groupmodeforce = false; update_course($course); $this->setUser($user3); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Requesting all groups. $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with visible groups. // No groups, forced. $course->groupmode = NOGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Requesting all groups. $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Cm with visible groups. // Visible groups, forced. $course->groupmode = VISIBLEGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Visible groups, not forced. $course->groupmode = VISIBLEGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Separate groups, forced. $course->groupmode = SEPARATEGROUPS; $course->groupmodeforce = true; update_course($course); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); // Requesting all groups. $result = groups_user_groups_visible($course, $user3->id); $this->assertTrue($result); // Requesting all groups. $result = groups_user_groups_visible($course, $user3->id); $this->assertTrue($result); $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user3->id, $cm); $this->assertTrue($result); $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with visible groups. // Separate groups, not forced. $course->groupmode = SEPARATEGROUPS; $course->groupmodeforce = false; update_course($course); $result = groups_user_groups_visible($course, $user1->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); $result = groups_user_groups_visible($course, $user2->id); $this->assertTrue($result); // Requesting all groups. $result = groups_user_groups_visible($course, $user3->id); $this->assertTrue($result); // Requesting all groups. $cm->groupmode = NOGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with no groups. $cm->groupmode = SEPARATEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with separate groups. $result = groups_user_groups_visible($course, $user2->id, $cm); $this->assertTrue($result); // Cm with separate groups. $cm->groupmode = VISIBLEGROUPS; $result = groups_user_groups_visible($course, $user1->id, $cm); $this->assertTrue($result); // Cm with visible groups. }