public function poll_user_eligible() { global $COURSE, $USER; $parents = $this->context->get_parent_context_ids(); $parentctx = context::instance_by_id($parents[0]); $switched = false; if ($this->poll->eligible == 'students') { $switched = is_role_switched($COURSE->id); if (isset($USER->access['rsw'][$parentctx->path])) { $switched = $switched && !role_context_capabilities($USER->access['rsw'][$parentctx->path], $this->context, 'block/poll:editpoll'); } else { $switched = false; } } // TODO: Proper roles & capabilities. return $this->poll->eligible == 'all' || $this->poll->eligible == 'students' && !$this->poll_can_edit() || $switched || $this->poll->eligible == 'teachers' && $this->poll_can_edit(); }
* a mini get_users_by_capability() call here, this is done instead of * * get_users_by_capability() because * * 1) get_users_by_capability() does not deal with searching by name * * 2) exceptions array can be potentially large for large courses * * 3) get_recordset_sql() is more efficient * * * ************************************************************************/ if ($possibleroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $context)) { $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM)); $validroleids = array(); foreach ($possibleroles as $possiblerole) { if (isset($doanythingroles[$possiblerole->id])) { // We don't want these included continue; } if ($caps = role_context_capabilities($possiblerole->id, $context, 'moodle/course:view')) { // resolved list if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; } } } if ($validroleids) { $roleids = '(' . implode(',', $validroleids) . ')'; $select = " SELECT u.id, u.firstname, u.lastname, u.email"; $countselect = "SELECT COUNT(u.id)"; $from = " FROM {$CFG->prefix}user u\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\n INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid"; $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\n AND u.deleted = 0\n AND ra.roleid in {$roleids}"; $excsql = " AND u.id NOT IN (\n SELECT u.id\n FROM {$CFG->prefix}role_assignments r,\n {$CFG->prefix}user u\n WHERE r.contextid = {$contextid}\n AND u.id = r.userid\n AND r.roleid = {$roleid}\n {$selectsql})"; $availableusers = get_recordset_sql($select . $from . $where . $selectsql . $excsql);
print_heading_with_help(get_string('overridepermissionsin', 'role', print_context_name($context)), 'overrides'); if ($roleid) { /// prints a form to swap roles echo '<div class="selector">'; $overridableroles = array('0' => get_string('listallroles', 'role') . '...') + $overridableroles; popup_form("{$CFG->wwwroot}/{$CFG->admin}/roles/override.php?userid={$userid}&courseid={$courseid}&contextid={$contextid}&roleid=", $overridableroles, 'switchrole', $roleid, '', '', '', false, 'self', $strroletooverride); echo '</div>'; $parentcontexts = get_parent_contexts($context); if (!empty($parentcontexts)) { $parentcontext = array_shift($parentcontexts); $parentcontext = get_context_instance_by_id($parentcontext); } else { $parentcontext = $context; // site level in override?? } $r_caps = role_context_capabilities($roleid, $parentcontext); $localoverrides = get_records_select('role_capabilities', "roleid = {$roleid} AND contextid = {$context->id}", '', 'capability, permission, id'); $lang = str_replace('_utf8', '', current_language()); if (!empty($capabilities)) { // Print the capabilities overrideable in this context print_simple_box_start('center'); include 'override.html'; print_simple_box_end(); } else { notice(get_string('nocapabilitiesincontext', 'role'), $CFG->wwwroot . '/' . $CFG->admin . '/roles/' . $baseurl); } } else { // Print overview table $table->tablealign = 'center'; $table->cellpadding = 5; $table->cellspacing = 0;
protected function load_parent_permissions() { // Get the capabilities from the parent context, so that can be shown in the interface. $parentcontext = $this->context->get_parent_context(); $this->parentpermissions = role_context_capabilities($this->roleid, $parentcontext); }
function backup_general_info($bf, $preferences) { global $CFG; fwrite($bf, start_tag("INFO", 1, true)); //The name of the backup fwrite($bf, full_tag("NAME", 2, false, $preferences->backup_name)); //The moodle_version fwrite($bf, full_tag("MOODLE_VERSION", 2, false, $preferences->moodle_version)); fwrite($bf, full_tag("MOODLE_RELEASE", 2, false, $preferences->moodle_release)); //The backup_version fwrite($bf, full_tag("BACKUP_VERSION", 2, false, $preferences->backup_version)); fwrite($bf, full_tag("BACKUP_RELEASE", 2, false, $preferences->backup_release)); //The date fwrite($bf, full_tag("DATE", 2, false, $preferences->backup_unique_code)); //The original site wwwroot fwrite($bf, full_tag("ORIGINAL_WWWROOT", 2, false, $CFG->wwwroot)); //The original site identifier. MD5 hashed for security. fwrite($bf, full_tag("ORIGINAL_SITE_IDENTIFIER_HASH", 2, false, md5(get_site_identifier()))); //The zip method used if (!empty($CFG->zip)) { $zipmethod = 'external'; } else { $zipmethod = 'internal'; } //Indicate if it includes external MNET users $sql = "SELECT b.old_id\n FROM {$CFG->prefix}backup_ids b\n JOIN {$CFG->prefix}user u ON b.old_id=u.id\n WHERE b.backup_code = '{$preferences->backup_unique_code}'\n AND b.table_name = 'user' AND u.mnethostid != '{$CFG->mnet_localhost_id}'"; if (record_exists_sql($sql)) { fwrite($bf, full_tag("MNET_REMOTEUSERS", 2, false, 'true')); } fwrite($bf, full_tag("ZIP_METHOD", 2, false, $zipmethod)); //Te includes tag fwrite($bf, start_tag("DETAILS", 2, true)); //Now, go to mod element of preferences to print its status foreach ($preferences->mods as $element) { //Calculate info $included = "false"; $userinfo = "false"; if ($element->backup) { $included = "true"; if ($element->userinfo) { $userinfo = "true"; } } //Prints the mod start fwrite($bf, start_tag("MOD", 3, true)); fwrite($bf, full_tag("NAME", 4, false, $element->name)); fwrite($bf, full_tag("INCLUDED", 4, false, $included)); fwrite($bf, full_tag("USERINFO", 4, false, $userinfo)); if (isset($preferences->mods[$element->name]->instances) && is_array($preferences->mods[$element->name]->instances) && count($preferences->mods[$element->name]->instances)) { fwrite($bf, start_tag("INSTANCES", 4, true)); foreach ($preferences->mods[$element->name]->instances as $id => $object) { if (!empty($object->backup)) { //Calculate info $included = "false"; $userinfo = "false"; if ($object->backup) { $included = "true"; if ($object->userinfo) { $userinfo = "true"; } } fwrite($bf, start_tag("INSTANCE", 5, true)); fwrite($bf, full_tag("ID", 5, false, $id)); fwrite($bf, full_tag("NAME", 5, false, $object->name)); fwrite($bf, full_tag("INCLUDED", 5, false, $included)); fwrite($bf, full_tag("USERINFO", 5, false, $userinfo)); fwrite($bf, end_tag("INSTANCE", 5, true)); } } fwrite($bf, end_tag("INSTANCES", 4, true)); } //Print the end fwrite($bf, end_tag("MOD", 3, true)); } //The metacourse in backup if ($preferences->backup_metacourse == 1) { fwrite($bf, full_tag("METACOURSE", 3, false, "true")); } else { fwrite($bf, full_tag("METACOURSE", 3, false, "false")); } //The user in backup if ($preferences->backup_users == 1) { fwrite($bf, full_tag("USERS", 3, false, "course")); } else { if ($preferences->backup_users == 0) { fwrite($bf, full_tag("USERS", 3, false, "all")); } else { fwrite($bf, full_tag("USERS", 3, false, "none")); } } //The logs in backup if ($preferences->backup_logs == 1) { fwrite($bf, full_tag("LOGS", 3, false, "true")); } else { fwrite($bf, full_tag("LOGS", 3, false, "false")); } //The user files if ($preferences->backup_user_files == 1) { fwrite($bf, full_tag("USERFILES", 3, false, "true")); } else { fwrite($bf, full_tag("USERFILES", 3, false, "false")); } //The course files if ($preferences->backup_course_files == 1) { fwrite($bf, full_tag("COURSEFILES", 3, false, "true")); } else { fwrite($bf, full_tag("COURSEFILES", 3, false, "false")); } //The site files if ($preferences->backup_site_files == 1) { fwrite($bf, full_tag("SITEFILES", 3, false, "true")); } else { fwrite($bf, full_tag("SITEFILES", 3, false, "false")); } //The gradebook histories if (empty($CFG->disablegradehistory) && $preferences->backup_gradebook_history == 1) { fwrite($bf, full_tag("GRADEBOOKHISTORIES", 3, false, "true")); } else { fwrite($bf, full_tag("GRADEBOOKHISTORIES", 3, false, "false")); } //The messages in backup if ($preferences->backup_messages == 1 && $preferences->backup_course == SITEID) { fwrite($bf, full_tag("MESSAGES", 3, false, "true")); } else { fwrite($bf, full_tag("MESSAGES", 3, false, "false")); } //The blogs in backup if ($preferences->backup_blogs == 1 && $preferences->backup_course == SITEID) { fwrite($bf, full_tag("BLOGS", 3, false, "true")); } else { fwrite($bf, full_tag("BLOGS", 3, false, "false")); } //The mode of writing the block data fwrite($bf, full_tag('BLOCKFORMAT', 3, false, 'instances')); fwrite($bf, end_tag("DETAILS", 2, true)); $status = fwrite($bf, end_tag("INFO", 1, true)); ///Roles stuff goes in here fwrite($bf, start_tag('ROLES', 1, true)); $roles = backup_fetch_roles($preferences); $sitecontext = get_context_instance(CONTEXT_SYSTEM); $coursecontext = get_context_instance(CONTEXT_COURSE, $preferences->backup_course); foreach ($roles as $role) { fwrite($bf, start_tag('ROLE', 2, true)); fwrite($bf, full_tag('ID', 3, false, $role->id)); fwrite($bf, full_tag('NAME', 3, false, $role->name)); fwrite($bf, full_tag('SHORTNAME', 3, false, $role->shortname)); /// Calculate $role name in course $nameincourse = role_get_name($role, $coursecontext); if ($nameincourse != $role->name) { fwrite($bf, full_tag('NAMEINCOURSE', 3, false, $nameincourse)); } // find and write all default capabilities fwrite($bf, start_tag('CAPABILITIES', 3, true)); // pull out all default (site context) capabilities if ($capabilities = role_context_capabilities($role->id, $sitecontext)) { foreach ($capabilities as $capability => $value) { fwrite($bf, start_tag('CAPABILITY', 4, true)); fwrite($bf, full_tag('NAME', 5, false, $capability)); fwrite($bf, full_tag('PERMISSION', 5, false, $value)); // use this to pull out the other info (timemodified and modifierid) $cap = get_record_sql("SELECT *\n FROM {$CFG->prefix}role_capabilities\n WHERE capability = '{$capability}'\n AND contextid = {$sitecontext->id}\n AND roleid = {$role->id}"); fwrite($bf, full_tag("TIMEMODIFIED", 5, false, $cap->timemodified)); fwrite($bf, full_tag("MODIFIERID", 5, false, $cap->modifierid)); fwrite($bf, end_tag('CAPABILITY', 4, true)); } } fwrite($bf, end_tag('CAPABILITIES', 3, true)); fwrite($bf, end_tag('ROLE', 2, true)); } fwrite($bf, end_tag('ROLES', 1, true)); return $status; }
protected function load_parent_permissions() { global $DB; /// Get the capabilities from the parent context, so that can be shown in the interface. $parentcontext = context::instance_by_id(get_parent_contextid($this->context)); $this->parentpermissions = role_context_capabilities($this->roleid, $parentcontext); }
/** * Obtains a list of the possible roles that group members might come from, * on a course. Generally this includes all the roles who would have * course:view on that course, except the doanything roles. * @param object $context Context of course * @return Array of role ID integers, or false if error/none. */ function groups_get_possible_roles($context) { $capability = 'moodle/course:view'; $doanything = false; // find all possible "student" roles if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) { if (!$doanything) { if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) { return false; // Something is seriously wrong } $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext); } $validroleids = array(); foreach ($possibleroles as $possiblerole) { if (!$doanything) { if (isset($doanythingroles[$possiblerole->id])) { // We don't want these included continue; } } if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list if (isset($caps[$capability]) && $caps[$capability] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; } } } if (empty($validroleids)) { return false; } return $validroleids; } else { return false; // No need to continue, since no roles have this capability set } }
/** * Gets the users for a course who are not in a specified group * @param int $groupid The id of the group * @param string searchtext similar to searchtext in role assign, search * @return array An array of the userids of the non-group members, or false if * an error occurred. * This function was changed to get_users_by_capability style * mostly because of the searchtext requirement */ function groups_get_users_not_in_group($courseid, $groupid, $searchtext = '') { global $CFG; $context = get_context_instance(CONTEXT_COURSE, $courseid); if ($searchtext !== '') { // Search for a subset of remaining users $LIKE = sql_ilike(); $FULLNAME = sql_fullname(); $wheresearch = " AND u.id IN (SELECT id FROM {$CFG->prefix}user WHERE {$FULLNAME} {$LIKE} '%{$searchtext}%' OR email {$LIKE} '%{$searchtext}%' )"; } else { $wheresearch = ''; } $capability = 'moodle/course:view'; $doanything = false; // find all possible "student" roles if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) { if (!$doanything) { if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) { return false; // Something is seriously wrong } $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext); } $validroleids = array(); foreach ($possibleroles as $possiblerole) { if (!$doanything) { if (isset($doanythingroles[$possiblerole->id])) { // We don't want these included continue; } } if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list if (isset($caps[$capability]) && $caps[$capability] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; } } } if (empty($validroleids)) { return false; } $roleids = '(' . implode(',', $validroleids) . ')'; } else { return false; // No need to continue, since no roles have this capability set } /// Construct the main SQL $select = " SELECT u.id, u.firstname, u.lastname"; $from = " FROM {$CFG->prefix}user u\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\n INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid"; $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\n AND u.deleted = 0\n AND ra.roleid in {$roleids}\n AND u.id NOT IN (SELECT userid\n FROM {$CFG->prefix}groups_members\n WHERE groupid = {$groupid})\n {$wheresearch}"; $groupby = " GROUP BY u.id, u.firstname, u.lastname "; return get_records_sql($select . $from . $where . $groupby); }
function forum_role_assign($userid, $context, $roleid) { // check to see if this role comes with mod/forum:initialsubscriptions $cap = role_context_capabilities($roleid, $context, 'mod/forum:initialsubscriptions'); $cap1 = role_context_capabilities($roleid, $context, 'moodle/course:view'); // we are checking the role because has_capability() will pull this capability out // from other roles this user might have and resolve them, which is no good // the role needs course view to if (isset($cap['mod/forum:initialsubscriptions']) && $cap['mod/forum:initialsubscriptions'] == CAP_ALLOW && isset($cap1['moodle/course:view']) && $cap1['moodle/course:view'] == CAP_ALLOW) { return forum_add_user_default_subscriptions($userid, $context); } else { // MDL-8981, do not subscribe to forum return true; } }
/** * who has this capability in this context * does not handling user level resolving!!! * i.e 1 person has 2 roles 1 allow, 1 prevent, this will not work properly * @param $context - object * @param $capability - string capability * @param $fields - fields to be pulled * @param $sort - the sort order * @param $limitfrom - number of records to skip (offset) * @param $limitnum - number of records to fetch * @param $groups - single group or array of groups - group(s) user is in * @param $exceptions - list of users to exclude */ function internalmail_get_users_by_capability($context, $capability, $fields = '', $sort = 'u.firstname', $limitfrom = '', $limitnum = '', $groups = '', $exceptions = '', $doanything = true, $search = '', $firstinitial = '', $lastinitial = '') { global $CFG, $USER, $COURSE; /// Sorting out groups if ($groups !== '') { $groupjoin = 'INNER JOIN ' . $CFG->prefix . 'groups_members gm ON gm.userid = ra.userid'; if (is_array($groups)) { $groupsql = 'AND gm.groupid IN (' . implode(',', $groups) . ')'; } else { if ($groups == 0) { if (!has_capability('block/email_list:viewallgroups', $context) && $COURSE->groupmode == 1) { $groupids = groups_get_groups_for_user($USER->id, $COURSE->id); $groupsql = 'AND gm.groupid IN (' . implode(',', $groupids) . ')'; } else { $groupsql = ''; } } else { $groupsql = 'AND gm.groupid = ' . $groups; } } } else { $groupjoin = ''; $groupsql = ''; } /// Sorting out exceptions $exceptionsql = $exceptions ? "AND u.id NOT IN ({$exceptions})" : ''; /// Set up default fields if (empty($fields)) { $fields = 'u.*, ul.timeaccess as lastaccess, ra.hidden'; } /// Set up default sort if (empty($sort)) { $sortby = 'ul.timeaccess'; } $sortby = $sort ? " ORDER BY {$sort} " : ''; /// If context is a course, then construct sql for ul if ($context->contextlevel == CONTEXT_COURSE) { $courseid = $context->instanceid; $coursesql = "AND (ul.courseid = {$courseid} OR ul.courseid IS NULL)"; } else { $coursesql = ''; } $LIKE = sql_ilike(); $fullname = sql_fullname(); $search_sql = ''; if (!empty($search)) { $search = trim($search); $search_sql .= " AND ({$fullname} {$LIKE} '%{$search}%' OR email {$LIKE} '%{$search}%' OR username {$LIKE} '%{$search}%' OR idnumber {$LIKE} '%{$search}%') "; } if ($firstinitial) { $search_sql .= ' AND firstname ' . $LIKE . ' \'' . $firstinitial . '%\''; } if ($lastinitial) { $search_sql .= ' AND lastname ' . $LIKE . ' \'' . $lastinitial . '%\''; } /// Sorting out roles with this capability set if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) { if (!$doanything) { if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) { return false; // Something is seriously wrong } $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext); } $validroleids = array(); foreach ($possibleroles as $possiblerole) { if (!$doanything) { if (isset($doanythingroles[$possiblerole->id])) { // We don't want these included continue; } } if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list if (isset($caps[$capability]) && $caps[$capability] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; } } } if (empty($validroleids)) { return false; } $roleids = '(' . implode(',', $validroleids) . ')'; } else { return false; // No need to continue, since no roles have this capability set } /// Construct the main SQL $select = " SELECT {$fields}"; $from = " FROM {$CFG->prefix}user u\r\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\r\n INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid\r\n LEFT OUTER JOIN {$CFG->prefix}user_lastaccess ul ON ul.userid = u.id\r\n {$groupjoin}"; $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\r\n AND u.deleted = 0\r\n AND ra.roleid in {$roleids}\r\n {$exceptionsql}\r\n {$coursesql}\r\n {$groupsql}\r\n {$search_sql}"; return get_records_sql($select . $from . $where . $sortby, $limitfrom, $limitnum); }
} } else { if ($action == 'edit' and !empty($errors) and !empty($newrole)) { $role = stripslashes_safe($newrole); } else { if (!($role = get_record('role', 'id', $roleid))) { error('Incorrect role ID!'); } $role->legacytype = get_legacy_type($role->id); } } foreach ($roles as $rolex) { $roleoptions[$rolex->id] = strip_tags(format_string($rolex->name)); } // this is the array holding capabilities of this role sorted till this context $r_caps = role_context_capabilities($roleid, $sitecontext); // this is the available capabilities assignable in this context $capabilities = fetch_context_capabilities($sitecontext); $usehtmleditor = can_use_html_editor(); switch ($action) { case 'add': print_heading_with_help(get_string('addrole', 'role'), 'roles'); break; case 'view': print_heading_with_help(get_string('viewrole', 'role'), 'roles'); break; case 'edit': print_heading_with_help(get_string('editrole', 'role'), 'roles'); break; } echo '<div class="selector">';
public function find_users($search) { global $DB; // Get roles with some assignement to the 'moodle/course:view' capability. $possibleroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $this->context); if (empty($possibleroles)) { // If there aren't any, we are done. return array(); } // Now exclude the admin roles, and check the actual permission on // 'moodle/course:view' to make sure it is allow. $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM)); $validroleids = array(); foreach ($possibleroles as $possiblerole) { if (isset($doanythingroles[$possiblerole->id])) { continue; } if ($caps = role_context_capabilities($possiblerole->id, $this->context, 'moodle/course:view')) { // resolved list if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; } } } // If there are no valid roles, we are done. if (!$validroleids) { return array(); } // Now we have to go to the database. list($wherecondition, $params) = $this->search_sql($search, 'u'); if ($wherecondition) { $wherecondition = ' AND ' . $wherecondition; } $roleids = '(' . implode(',', $validroleids) . ')'; $fields = 'SELECT DISTINCT ' . $this->required_fields_sql('u'); $countfields = 'SELECT COUNT(DISTINCT u.id)'; $sql = " FROM {user} u\n JOIN {role_assignments} ra ON ra.userid = u.id\n JOIN {role} r ON r.id = ra.roleid\n WHERE ra.contextid " . get_related_contexts_string($this->context) . "\n {$wherecondition}\n AND ra.roleid IN {$roleids}\n AND u.id NOT IN (\n SELECT u.id\n FROM {role_assignments} r, {user} u\n WHERE r.contextid = ?\n AND u.id = r.userid\n AND r.roleid = ?)"; $order = ' ORDER BY lastname ASC, firstname ASC'; $params[] = $this->context->id; $params[] = $this->roleid; // Check to see if there are too many to show sensibly. if (!$this->is_validating()) { $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params); if ($potentialmemberscount > role_assign_user_selector_base::MAX_USERS_PER_PAGE) { return $this->too_many_results($search, $potentialmemberscount); } } // If not, show them. $availableusers = $DB->get_records_sql($fields . $sql . $order, $params); if (empty($availableusers)) { return array(); } if ($search) { $groupname = get_string('potusersmatching', 'role', $search); } else { $groupname = get_string('potusers', 'role'); } return array($groupname => $availableusers); }
/** * who has this capability in this context * does not handling user level resolving!!! * (!)pleaes note if $fields is empty this function attempts to get u.* * which can get rather large. * i.e 1 person has 2 roles 1 allow, 1 prevent, this will not work properly * @param $context - object * @param $capability - string capability * @param $fields - fields to be pulled * @param $sort - the sort order * @param $limitfrom - number of records to skip (offset) * @param $limitnum - number of records to fetch * @param $groups - single group or array of groups - only return * users who are in one of these group(s). * @param $exceptions - list of users to exclude * @param view - set to true when roles are pulled for display only * this is so that we can filter roles with no visible * assignment, for example, you might want to "hide" all * course creators when browsing the course participants * list. * @param boolean $useviewallgroups if $groups is set the return users who * have capability both $capability and moodle/site:accessallgroups * in this context, as well as users who have $capability and who are * in $groups. */ function get_users_by_capability($context, $capability, $fields = '', $sort = '', $limitfrom = '', $limitnum = '', $groups = '', $exceptions = '', $doanything = true, $view = false, $useviewallgroups = false) { global $CFG; /// check for front page course, and see if default front page role has the required capability $frontpagectx = get_context_instance(CONTEXT_COURSE, SITEID); if (!empty($CFG->defaultfrontpageroleid) && ($context->id == $frontpagectx->id || strstr($context->path, '/' . $frontpagectx->id . '/'))) { $roles = get_roles_with_capability($capability, CAP_ALLOW, $context); if (in_array($CFG->defaultfrontpageroleid, array_keys($roles))) { return get_records_sql("SELECT {$fields} FROM {$CFG->prefix}user ORDER BY {$sort}, {$limitfrom}, {$limitnum}"); } } /// Sorting out groups if ($groups) { if (is_array($groups)) { $grouptest = 'gm.groupid IN (' . implode(',', $groups) . ')'; } else { $grouptest = 'gm.groupid = ' . $groups; } $grouptest = 'ra.userid IN (SELECT userid FROM ' . $CFG->prefix . 'groups_members gm WHERE ' . $grouptest . ')'; if ($useviewallgroups) { $viewallgroupsusers = get_users_by_capability($context, 'moodle/site:accessallgroups', 'u.id, u.id', '', '', '', '', $exceptions); $groupsql = ' AND (' . $grouptest . ' OR ra.userid IN (' . implode(',', array_keys($viewallgroupsusers)) . '))'; } else { $groupsql = ' AND ' . $grouptest; } } else { $groupsql = ''; } /// Sorting out exceptions $exceptionsql = $exceptions ? "AND u.id NOT IN ({$exceptions})" : ''; /// Set up default fields if (empty($fields)) { $fields = 'u.*, ul.timeaccess as lastaccess, ra.hidden'; } /// Set up default sort if (empty($sort)) { $sort = 'ul.timeaccess'; } $sortby = $sort ? " ORDER BY {$sort} " : ''; /// Set up hidden sql $hiddensql = $view && !has_capability('moodle/role:viewhiddenassigns', $context) ? ' AND ra.hidden = 0 ' : ''; /// If context is a course, then construct sql for ul if ($context->contextlevel == CONTEXT_COURSE) { $courseid = $context->instanceid; $coursesql1 = "AND ul.courseid = {$courseid}"; } else { $coursesql1 = ''; } /// Sorting out roles with this capability set if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) { if (!$doanything) { if (!($sitecontext = get_context_instance(CONTEXT_SYSTEM))) { return false; // Something is seriously wrong } $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext); } $validroleids = array(); foreach ($possibleroles as $possiblerole) { if (!$doanything) { if (isset($doanythingroles[$possiblerole->id])) { // We don't want these included continue; } } if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list if (isset($caps[$capability]) && $caps[$capability] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; } } } if (empty($validroleids)) { return false; } $roleids = '(' . implode(',', $validroleids) . ')'; } else { return false; // No need to continue, since no roles have this capability set } /// Construct the main SQL $select = " SELECT {$fields}"; $from = " FROM {$CFG->prefix}user u\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.userid = u.id\n INNER JOIN {$CFG->prefix}role r ON r.id = ra.roleid\n LEFT OUTER JOIN {$CFG->prefix}user_lastaccess ul ON (ul.userid = u.id {$coursesql1})"; $where = " WHERE ra.contextid " . get_related_contexts_string($context) . "\n AND u.deleted = 0\n AND ra.roleid in {$roleids}\n {$exceptionsql}\n {$groupsql}\n {$hiddensql}"; return get_records_sql($select . $from . $where . $sortby, $limitfrom, $limitnum); }
$gmroleid = $role->id; } $roles = get_records_menu('role', '', '', 'sortorder ASC', 'id,name'); if (empty($roles)) { $roles = array(); } $course = get_site(); $role = get_default_course_role($course); $defaultroleid = $role->id; $item = new admin_setting_configcheckbox('block_fn_site_groups_enabled', get_string('fn_site_groups_enabled', 'block_fn_site_groups'), get_string('fn_config_site_groups_enabled', 'block_fn_site_groups'), '0'); $item->set_updatedcallback('fn_sg_set_site_group_mode'); $settings->add($item); $settings->add(new admin_setting_configselect('block_fn_site_groups_defaultroleid', get_string('fn_site_groups_defaultroleid', 'block_fn_site_groups'), get_string('fn_config_site_groups_defaultroleid', 'block_fn_site_groups'), $defaultroleid, $roles)); $settings->add(new admin_setting_configmulticheckbox('block_fn_site_groups_roles', get_string('fn_site_groups_roles', 'block_fn_site_groups'), get_string('fn_config_site_groups_roles', 'block_fn_site_groups'), '0', $roles)); /// These settings don't actually use the $CFG variable, but are used to manage capabilities. $caps = role_context_capabilities($gmroleid, $context); $sgusers = array(); if (!empty($caps['block/fn_site_groups:assignowngroupusers'])) { $sgusers[] = 1; } if (!empty($caps['block/fn_site_groups:assignallusers'])) { $sgusers[] = 2; } $CFG->block_fn_site_groups_users = implode(',', $sgusers); $users = array(1 => get_string('fn_site_groups:assignowngroupusers', 'block_fn_site_groups'), 2 => get_string('fn_site_groups:assignallusers', 'block_fn_site_groups')); $item = new admin_setting_configmulticheckbox('block_fn_site_groups_users', get_string('fn_site_groups_users', 'block_fn_site_groups'), get_string('fn_config_site_groups_users', 'block_fn_site_groups'), '1', $users); $item->set_updatedcallback('fn_sg_set_user_capability'); $settings->add($item); if (!empty($caps['block/fn_site_groups:createnewgroups'])) { $CFG->block_fn_site_groups_creategroups = 1; } else {