/** * Determines whether the current user is allowed to enrol users into the provided class * * @param int $classid The id of the class we are checking permissions on * * @return boolean Whether the user is allowed to enrol users into the class * */ static function can_enrol_into_class($classid) { global $USER; //check the standard capability if (cmclasspage::_has_capability('block/curr_admin:class:enrol', $classid) || cmclasspage::_has_capability('block/curr_admin:class:enrol_cluster_user', $classid)) { return true; } //get the context for the "indirect" capability $context = cm_context_set::for_user_with_capability('cluster', 'block/curr_admin:class:enrol_cluster_user', $USER->id); //we first need to go through tracks to get to clusters $track_listing = new trackassignmentclass(array('classid' => $classid)); $tracks = $track_listing->get_assigned_tracks(); //iterate over the track ides, which are the keys of the array if (!empty($tracks)) { foreach (array_keys($tracks) as $track) { //get the clusters and check the context against them $clusters = clustertrack::get_clusters($track); if (!empty($clusters)) { foreach ($clusters as $cluster) { if ($context->context_allowed($cluster->clusterid, 'cluster')) { return true; } } } } } return false; }
function can_do_edit() { // the user must have 'block/curr_admin:associate' permissions on both // ends $association_id = $this->required_param('association_id', PARAM_INT); $record = new trackassignmentclass($association_id); $trackid = $record->trackid; $classid = $record->classid; return trackpage::_has_capability('block/curr_admin:associate', $trackid) && cmclasspage::_has_capability('block/curr_admin:associate', $classid); }
function can_do_updatemultiple() { //todo: allow multi-update for non-admins $id = $this->required_param('id'); return cmclasspage::_has_capability('block/curr_admin:track:enrol', $id); }
function can_do_default() { global $USER; $id = $this->required_param('id', PARAM_INT); return cmclasspage::_has_capability('block/curr_admin:viewreports', $id) || instructor::user_is_instructor_of_class(cm_get_crlmuserid($USER->id), $id); }
/** * Determines whether the current user is allowed to create, edit, and delete associations * between a user and a class * * @param int $userid The id of the user being associated to the class * @param int $classid The id of the class we are associating the user to * * @return boolean True if the current user has the required permissions, otherwise false */ public static function can_manage_assoc($userid, $classid) { global $USER; if (!cmclasspage::can_enrol_into_class($classid)) { //the users who satisfty this condition are a superset of those who can manage associations return false; } else { if (cmclasspage::_has_capability('block/curr_admin:track:enrol', $classid)) { //current user has the direct capability return true; } } //get the context for the "indirect" capability $context = cm_context_set::for_user_with_capability('cluster', 'block/curr_admin:class:enrol_cluster_user', $USER->id); $allowed_clusters = array(); $allowed_clusters = cmclass::get_allowed_clusters($classid); //query to get users associated to at least one enabling cluster $cluster_select = ''; if (empty($allowed_clusters)) { $cluster_select = '0=1'; } else { $cluster_select = 'clusterid IN (' . implode(',', $allowed_clusters) . ')'; } $select = "userid = {$userid} AND {$cluster_select}"; //user just needs to be in one of the possible clusters if (record_exists_select(CLSTUSERTABLE, $select)) { return true; } return false; }
/** * Returns an array of cluster ids that are associated to the supplied class through tracks and * the current user has access to enrol users into * * @param int $clsid The class whose association ids we care about * @return int array The array of accessible cluster ids */ public static function get_allowed_clusters($clsid) { global $USER; $context = cm_context_set::for_user_with_capability('cluster', 'block/curr_admin:class:enrol_cluster_user', $USER->id); $allowed_clusters = array(); if (cmclasspage::_has_capability('block/curr_admin:class:enrol_cluster_user', $clsid)) { global $CURMAN; require_once CURMAN_DIRLOCATION . '/lib/usercluster.class.php'; $cmuserid = cm_get_crlmuserid($USER->id); $userclusters = $CURMAN->db->get_records(CLSTUSERTABLE, 'userid', $cmuserid); foreach ($userclusters as $usercluster) { $allowed_clusters[] = $usercluster->clusterid; } } //we first need to go through tracks to get to clusters $track_listing = new trackassignmentclass(array('classid' => $clsid)); $tracks = $track_listing->get_assigned_tracks(); //iterate over the track ides, which are the keys of the array if (!empty($tracks)) { foreach (array_keys($tracks) as $track) { //get the clusters and check the context against them $clusters = clustertrack::get_clusters($track); $allowed_track_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid'); //append all clusters that are allowed by the available clusters contexts foreach ($allowed_track_clusters as $allowed_track_cluster) { $allowed_clusters[] = $allowed_track_cluster; } } } return $allowed_clusters; }