function get_records($filter) { global $DB, $USER; $id = $this->required_param('id', PARAM_INT); $sort = $this->optional_param('sort', 'name', PARAM_ALPHA); $dir = $this->optional_param('dir', 'ASC', PARAM_ALPHA); $pagenum = $this->optional_param('page', 0, PARAM_INT); $perpage = $this->optional_param('perpage', 30, PARAM_INT); $filters = array(); // find users who do not have a manual assignment already $filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new AND_filter(array(new field_filter('clusterid', $id), new field_filter('plugin', 'manual'))), true); // user-defined filter list($extrasql, $params) = $filter->get_sql_filter(); if ($extrasql) { $filters[] = new select_filter($extrasql, $params); } // TODO: Ugly, this needs to be overhauled $upage = new usersetpage(); if (!$upage->_has_capability('local/elisprogram:userset_enrol')) { //perform SQL filtering for the more "conditional" capability //get the context for the "indirect" capability $context = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id); $allowed_clusters = userset::get_allowed_clusters($id); if (empty($allowed_clusters)) { $filters[] = new select_filter('FALSE'); } else { $filters[] = new join_filter('id', clusterassignment::TABLE, 'userid', new in_list_filter('clusterid', $allowed_clusters)); } } $count = user::count($filters); $users = user::find($filters, array($sort => $dir), $pagenum * $perpage, $perpage); return array($users, $count); }
/** * Determine whether the current can manage the association between a given user and userset. * @param int $userid The ID of a user. * @param int $clustid The ID of a userset. * @return bool Success status. */ public static function can_manage_assoc($userid, $usersetid) { global $USER; $allowedusersets = array(); // TODO: Ugly, this needs to be overhauled. $upage = new usersetpage(); if (!usersetpage::can_enrol_into_cluster($usersetid)) { // The users who satisfty this condition are a superset of those who can manage associations. return false; } else { if ($upage->_has_capability('local/elisprogram:userset_enrol', $usersetid)) { // Current user has the direct capability. return true; } } $allowedusersets = userset::get_allowed_clusters($usersetid); $filter = array(new field_filter('userid', $userid)); // Query to get users associated to at least one enabling userset. if (empty($allowedusersets)) { $filter[] = new select_filter('FALSE'); } else { $filter[] = new in_list_filter('clusterid', $allowedusersets); } // User just needs to be in one of the possible usersets. if (clusterassignment::exists($filter)) { return true; } return false; }
/** * Determines whether the current user is allowed to enrol users into the provided cluster * * @param int $clusterid The id of the cluster we are checking permissions on * * @return boolean Whether the user is allowed to enrol users into the cluster * */ static function can_enrol_into_cluster($clusterid) { global $USER; //check the standard capability $page = new usersetpage(); if ($page->_has_capability('local/elisprogram:userset_enrol', $clusterid)) { return true; } /* TBD: the folowing commented-out code was removed for ELIS-3846 $cluster = new userset($clusterid); $cluster->load(); // ELIS-3848 Needed otherwise the 'parent' property is not set =( if (!empty($cluster->parent)) { //check to see if the current user has the secondary capability anywhere up the cluster tree $contexts = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id); return $contexts->context_allowed($clusterid, 'cluster'); } */ //check to see if the current user has the secondary capability anywhere up the cluster tree $contexts = pm_context_set::for_user_with_capability('cluster', 'local/elisprogram:userset_enrol_userset_user', $USER->id); return $contexts->context_allowed($clusterid, 'cluster'); }