public function execute() { global $CFG, $DB; $roleid = $this->arguments[0]; $filearg = $this->arguments[1]; if (substr($filearg, 0, 1) == '/') { // Absolute file. $filename = $filearg; } else { // Relative to current directory. $filename = $this->cwd . DIRECTORY_SEPARATOR . $filearg; } $fh = fopen($filename, 'r'); $roledefinition = fread($fh, filesize($filename)); if ($roledefinition) { $systemcontext = \context_system::instance(); $options = array('shortname' => 1, 'name' => 1, 'description' => 1, 'permissions' => 1, 'archetype' => 1, 'contextlevels' => 1, 'allowassign' => 1, 'allowoverride' => 1, 'allowswitch' => 1, 'permissions' => 1); $definitiontable = new \core_role_define_role_table_advanced($systemcontext, $roleid); // Add all permissions from definition file to $_POST, otherwise, they won't be applied. $info = \core_role_preset::parse_preset($roledefinition); $_POST = $info['permissions']; $definitiontable->read_submitted_permissions(); $definitiontable->force_preset($roledefinition, $options); $definitiontable->save_changes(); } }
public function test_xml() { global $DB; $roles = $DB->get_records('role'); foreach ($roles as $role) { $xml = core_role_preset::get_export_xml($role->id); $this->assertTrue(core_role_preset::is_valid_preset($xml)); $info = core_role_preset::parse_preset($xml); $this->assertSame($role->shortname, $info['shortname']); $this->assertSame($role->name, $info['name']); $this->assertSame($role->description, $info['description']); $this->assertSame($role->archetype, $info['archetype']); $contextlevels = get_role_contextlevels($role->id); $this->assertEquals(array_values($contextlevels), array_values($info['contextlevels'])); foreach (array('assign', 'override', 'switch') as $type) { $records = $DB->get_records('role_allow_' . $type, array('roleid' => $role->id), "allow{$type} ASC"); $allows = array(); foreach ($records as $record) { if ($record->{'allow' . $type} == $role->id) { array_unshift($allows, -1); } $allows[] = $record->{'allow' . $type}; } $this->assertEquals($allows, $info['allow' . $type], "{$type} {$role->shortname} does not match"); } $capabilities = $DB->get_records_sql("SELECT *\n FROM {role_capabilities}\n WHERE contextid = :syscontext AND roleid = :roleid\n ORDER BY capability ASC", array('syscontext' => context_system::instance()->id, 'roleid' => $role->id)); foreach ($capabilities as $cap) { $this->assertEquals($cap->permission, $info['permissions'][$cap->capability]); unset($info['permissions'][$cap->capability]); } // The remainders should be only inherits. foreach ($info['permissions'] as $capability => $permission) { if ($permission == CAP_INHERIT) { continue; } $this->fail('only CAP_INHERIT expected'); } } }
/** * Validate this form. * * @param array $data submitted data * @param array $files not used * @return array errors */ public function validation($data, $files) { $errors = parent::validation($data, $files); if ($files = $this->get_draft_files('rolepreset')) { /** @var stored_file $file */ $file = reset($files); $xml = $file->get_content(); if (!core_role_preset::is_valid_preset($xml)) { $errors['rolepreset'] = get_string('invalidpresetfile', 'core_role'); } } return $errors; }
/** * Change the role definition to match given preset. * * @param string $xml * @param array $options array with following keys: * 'name', 'shortname', 'description', 'permissions', 'archetype', * 'contextlevels', 'allowassign', 'allowoverride', 'allowswitch' */ public function force_preset($xml, array $options) { if (!($info = core_role_preset::parse_preset($xml))) { throw new coding_exception('Invalid role preset'); } if ($options['shortname']) { if (isset($info['shortname'])) { $this->role->shortname = $info['shortname']; } } if ($options['name']) { if (isset($info['name'])) { $this->role->name = $info['name']; } } if ($options['description']) { if (isset($info['description'])) { $this->role->description = $info['description']; } } if ($options['archetype']) { if (isset($info['archetype'])) { $this->role->archetype = $info['archetype']; } } if ($options['contextlevels']) { if (isset($info['contextlevels'])) { $this->contextlevels = $info['contextlevels']; } } foreach (array('assign', 'override', 'switch') as $type) { if ($options['allow' . $type]) { if (isset($info['allow' . $type])) { $this->{'allow' . $type} = $info['allow' . $type]; } } } if ($options['permissions']) { foreach ($this->permissions as $k => $v) { // Note: do not set everything else to CAP_INHERIT here // because the xml file might not contain all capabilities. if (isset($info['permissions'][$k])) { $this->permissions[$k] = $info['permissions'][$k]; } } } }
// Get the base URL for this and related pages into a convenient variable. $baseurl = new moodle_url('/admin/roles/define.php', array('action' => $action, 'roleid' => $roleid)); $manageurl = new moodle_url('/admin/roles/manage.php'); if ($return === 'manage') { $returnurl = $manageurl; } else { $returnurl = new moodle_url('/admin/roles/define.php', array('action' => 'view', 'roleid' => $roleid)); } // Check access permissions. $systemcontext = context_system::instance(); require_login(); require_capability('moodle/role:manage', $systemcontext); admin_externalpage_setup('defineroles', '', array('action' => $action, 'roleid' => $roleid), new moodle_url('/admin/roles/define.php')); // Export role. if ($action === 'export') { core_role_preset::send_export_xml($roleid); die; } // Handle the toggle advanced mode button. $showadvanced = get_user_preferences('definerole_showadvanced', false); if (optional_param('toggleadvanced', false, PARAM_BOOL)) { $showadvanced = !$showadvanced; set_user_preference('definerole_showadvanced', $showadvanced); } // Get some basic data we are going to need. $roles = get_all_roles(); $rolenames = role_fix_names($roles, $systemcontext, ROLENAME_ORIGINAL); $rolescount = count($roles); if ($action === 'add') { $title = get_string('addinganewrole', 'core_role'); } else {