/** * this function handles the access policy to contents indexed as searchable documents. If this * function does not exist, the search engine assumes access is allowed. * When this point is reached, we already know that : * - user is legitimate in the surrounding context * - user may be guest and guest access is allowed to the module * - the function may perform local checks within the module information logic * @param path the access path to the module script code * @param itemtype the information subclassing (usefull for complex modules, defaults to 'standard') * @param this_id the item id within the information class denoted by entry_type. In chats, this id * points out a session history which is a close sequence of messages. * @param user the user record denoting the user who searches * @param group_id the current group used by the user when searching * @uses CFG * @return true if access is allowed, false elsewhere */ function chat_check_text_access($path, $itemtype, $this_id, $user, $group_id, $context_id) { global $CFG; include_once "{$CFG->dirroot}/{$path}/lib.php"; list($chat_id, $sessionstart, $sessionend) = split('-', $this_id); // get the chat session and all related stuff $chat = get_record('chat', 'id', $chat_id); $context = get_record('context', 'id', $context_id); $cm = get_record('course_modules', 'id', $context->instanceid); // $cm = get_coursemodule_from_instance('chat', $chat->id, $chat->course); // $context = get_context_instance(CONTEXT_MODULE, $cm->id); if (!$cm->visible and !has_capability('moodle/course:viewhiddenactivities', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : hidden chat "; } return false; } //group consistency check : checks the following situations about groups // trap if user is not same group and groups are separated $course = get_record('course', 'id', $chat->course); if (groupmode($course, $cm) == SEPARATEGROUPS && !ismember($group_id) && !has_capability('moodle/site:accessallgroups', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : chat element is in separated group "; } return false; } //ownership check : checks the following situations about user // trap if user is not owner and has cannot see other's entries // TODO : typically may be stored into indexing cache if (!has_capability('mod/chat:readlog', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : cannot read past sessions "; } return false; } return true; }
/** * this function handles the access policy to contents indexed as searchable documents. If this * function does not exist, the search engine assumes access is allowed. * When this point is reached, we already know that : * - user is legitimate in the surrounding context * - user may be guest and guest access is allowed to the module * - the function may perform local checks within the module information logic * @param string $path the access path to the module script code * @param string $itemtype the information subclassing (usefull for complex modules, defaults to 'standard') * @param int $this_id the item id within the information class denoted by itemtype. In databases, this id * points out an indexed data record page. * @param object $user the user record denoting the user who searches * @param int $group_id the current group used by the user when searching * @uses $CFG, $DB * @return true if access is allowed, false elsewhere */ function data_check_text_access($path, $itemtype, $this_id, $user, $group_id, $context_id) { global $CFG, $DB; // get the database object and all related stuff if ($itemtype == 'record') { $record = $DB->get_record('data_records', array('id' => $this_id)); } elseif ($itemtype == 'comment') { $comment = $DB->get_record('data_comments', array('id' => $this_id)); $record = $DB->get_record('data_records', array('id' => $comment->recordid)); } else { // we do not know what type of information is required return false; } $data = $DB->get_record('data', array('id' => $record->dataid)); $context = $DB->get_record('context', array('id' => $context_id)); $cm = $DB->get_record('course_modules', array('id' => $context->instanceid)); if (empty($cm)) { return false; } // Shirai 20090530 - MDL19342 - course module might have been delete if (!$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : hidden database "; } return false; } //group consistency check : checks the following situations about groups // trap if user is not same group and groups are separated $course = $DB->get_record('course', 'id', $data->course); if (isset($cm->groupmode) && empty($course->groupmodeforce)) { $groupmode = $cm->groupmode; } else { $groupmode = $course->groupmode; } if ($groupmode == SEPARATEGROUPS && !ismember($group_id) && !has_capability('moodle/site:accessallgroups', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : separated group owned resource "; } return false; } //ownership check : checks the following situations about user // trap if user is not owner and has cannot see other's entries if ($itemtype == 'record') { if ($user->id != $record->userid && !has_capability('mod/data:viewentry', $context) && !has_capability('mod/data:manageentries', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : not owned resource "; } return false; } } //approval check // trap if unapproved and has not approval capabilities // TODO : report a potential capability lack of : mod/data:approve $approval = $DB->get_field('data_records', 'approved', array('id' => $record->id)); if (!$approval && !has_capability('mod/data:manageentries', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : unapproved resource "; } return false; } //minimum records to view check // trap if too few records // TODO : report a potential capability lack of : mod/data:viewhiddenentries $recordsAmount = $DB->count_records('data_records', array('dataid' => $data->id)); if ($data->requiredentriestoview > $recordsAmount && !has_capability('mod/data:manageentries', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : not enough records to view "; } return false; } //opening periods check // trap if user has not capability to see hidden records and date is out of opening range // TODO : report a potential capability lack of : mod/data:viewhiddenentries $now = usertime(time()); if ($data->timeviewfrom > 0) { if ($now < $data->timeviewfrom && !has_capability('mod/data:manageentries', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : still not open activity "; } return false; } } if ($data->timeviewto > 0) { if ($now > $data->timeviewto && !has_capability('mod/data:manageentries', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : closed activity "; } return false; } } return true; }
function choice_show_results($choice, $course, $cm, $forcepublish = '') { global $CFG, $COLUMN_HEIGHT, $USER; $context = get_context_instance(CONTEXT_MODULE, $cm->id); print_heading(get_string("responses", "choice")); if (empty($forcepublish)) { //alow the publish setting to be overridden $forcepublish = $choice->publish; } $groupmode = groupmode($course, $cm); if ($groupmode > 0) { $currentgroup = get_current_group($course->id); } else { $currentgroup = 0; } $users = get_users_by_capability($context, 'mod/choice:choose', 'u.id, u.picture, u.firstname, u.lastname, u.idnumber', 'u.firstname ASC', '', '', $currentgroup, '', false, true); if (!$users) { print_heading(get_string("nousersyet")); } $answers = array(); if ($allresponses = get_records("choice_answers", "choiceid", $choice->id)) { foreach ($allresponses as $aa) { //TODO: rewrite with SQL if ($groupmode and $currentgroup) { if (ismember($currentgroup, $aa->userid)) { $answers[$aa->userid] = $aa; } } else { $answers[$aa->userid] = $aa; } } } $timenow = time(); foreach ($choice->option as $optionid => $text) { $useranswer[$optionid] = array(); } if (!empty($users)) { foreach ($users as $user) { if (!empty($user->id) and !empty($answers[$user->id])) { $answer = $answers[$user->id]; $useranswer[(int) $answer->optionid][] = $user; } else { $useranswer[0][] = $user; } } } foreach ($choice->option as $optionid => $text) { if (!$choice->option[$optionid]) { unset($useranswer[$optionid]); // Throw away any data that doesn't apply } } ksort($useranswer); switch ($forcepublish) { case CHOICE_PUBLISH_NAMES: $tablewidth = (int) (100.0 / count($useranswer)); if (has_capability('mod/choice:readresponses', $context)) { echo '<div id="tablecontainer">'; echo '<form id="attemptsform" method="post" action="' . $_SERVER['PHP_SELF'] . '" onsubmit="var menu = document.getElementById(\'menuaction\'); return (menu.options[menu.selectedIndex].value == \'delete\' ? \'' . addslashes(get_string('deleteattemptcheck', 'quiz')) . '\' : true);">'; echo '<div>'; echo '<input type="hidden" name="id" value="' . $cm->id . '" />'; echo '<input type="hidden" name="mode" value="overview" />'; } echo "<table cellpadding=\"5\" cellspacing=\"10\" class=\"results names\">"; echo "<tr>"; $count = 0; $columncount = array(); // number of votes in each column foreach ($useranswer as $optionid => $userlist) { $columncount[$optionid] = 0; // init counters if ($optionid) { echo "<th class=\"col{$count} header\" style=\"width:{$tablewidth}%\" scope=\"col\">"; } else { if ($choice->showunanswered) { echo "<th class=\"col{$count} header\" style=\"width:{$tablewidth}%\" scope=\"col\">"; } else { continue; } } echo format_string(choice_get_option_text($choice, $optionid)); echo "</th>"; $count++; } echo "</tr><tr>"; $count = 0; foreach ($useranswer as $optionid => $userlist) { if ($optionid) { echo "<td class=\"col{$count} data\" style=\"width:{$tablewidth}%;\">"; } else { if ($choice->showunanswered) { echo "<td class=\"col{$count} data\" style=\"width:{$tablewidth}%;\">"; } else { continue; } } // added empty row so that when the next iteration is empty, // we do not get <table></table> erro from w3c validator // MDL-7861 echo "<table class=\"choiceresponse\"><tr><td></td></tr>"; foreach ($userlist as $user) { if ($optionid != 0 or has_capability('mod/choice:choose', $context, $user->id, false)) { $columncount[$optionid] += 1; echo "<tr>"; if (has_capability('mod/choice:readresponses', $context) && $optionid != 0) { echo '<td class="attemptcell"><input type="checkbox" name="attemptid[]" value="' . $answers[$user->id]->id . '" /></td>'; } echo "<td class=\"picture\">"; print_user_picture($user->id, $course->id, $user->picture); echo "</td><td class=\"fullname\">"; echo "<a href=\"{$CFG->wwwroot}/user/view.php?id={$user->id}&course={$course->id}\">"; echo fullname($user, has_capability('moodle/site:viewfullnames', $context)); echo "</a>"; echo "</td></tr>"; } } $count++; echo "</table>"; echo "</td>"; } echo "</tr><tr>"; $count = 0; foreach ($useranswer as $optionid => $userlist) { if (!$optionid and !$choice->showunanswered) { continue; } echo "<td align=\"center\" class=\"count\">"; if ($choice->limitanswers && !$optionid == 0) { echo get_string("taken", "choice") . ":"; echo $columncount[$optionid]; echo "<br/>"; echo get_string("limit", "choice") . ":"; $choice_option = get_record("choice_options", "id", $optionid); echo $choice_option->maxanswers; } else { if (isset($columncount[$optionid])) { echo $columncount[$optionid]; } } echo "</td>"; $count++; } echo "</tr>"; /// Print "Select all" etc. if (has_capability('mod/choice:readresponses', $context)) { echo '<tr><td></td><td>'; echo '<a href="javascript:select_all_in(\'DIV\',null,\'tablecontainer\');">' . get_string('selectall', 'quiz') . '</a> / '; echo '<a href="javascript:deselect_all_in(\'DIV\',null,\'tablecontainer\');">' . get_string('selectnone', 'quiz') . '</a> '; echo ' '; $options = array('delete' => get_string('delete')); echo choose_from_menu($options, 'action', '', get_string('withselected', 'quiz'), 'if(this.selectedIndex > 0) submitFormById(\'attemptsform\');', '', true); echo '<noscript id="noscriptmenuaction" style="display: inline;">'; echo '<div>'; echo '<input type="submit" value="' . get_string('go') . '" /></div></noscript>'; echo '<script type="text/javascript">' . "\n<!--\n" . 'document.getElementById("noscriptmenuaction").style.display = "none";' . "\n-->\n" . '</script>'; echo '</td><td></td></tr>'; } echo "</table>"; if (has_capability('mod/choice:readresponses', $context)) { echo "</div></form></div>"; } break; case CHOICE_PUBLISH_ANONYMOUS: $tablewidth = (int) (100.0 / count($useranswer)); echo "<table cellpadding=\"5\" cellspacing=\"0\" class=\"results anonymous\">"; echo "<tr>"; $count = 0; foreach ($useranswer as $optionid => $userlist) { if ($optionid) { echo "<th style=\"width:{$tablewidth}%\" class=\"col{$count} header\" scope=\"col\">"; } else { if ($choice->showunanswered) { echo "<th style=\"width:{$tablewidth}%\" class=\"col{$count} header\" scope=\"col\">"; } else { continue; } } echo format_string(choice_get_option_text($choice, $optionid)); echo "</th>"; $count++; } echo "</tr>"; $maxcolumn = 0; foreach ($useranswer as $optionid => $userlist) { if (!$optionid and !$choice->showunanswered) { continue; } $column[$optionid] = 0; foreach ($userlist as $user) { if ($optionid != 0 or has_capability('mod/choice:choose', $context, $user->id, false)) { $column[$optionid]++; } } if ($column[$optionid] > $maxcolumn) { $maxcolumn = $column[$optionid]; } } echo "<tr>"; $count = 0; foreach ($useranswer as $optionid => $userlist) { if (!$optionid and !$choice->showunanswered) { continue; } $height = 0; if ($maxcolumn) { $height = $COLUMN_HEIGHT * ((double) $column[$optionid] / (double) $maxcolumn); } echo "<td style=\"vertical-align:bottom\" align=\"center\" class=\"col{$count} data\">"; echo "<img src=\"column.png\" height=\"{$height}\" width=\"49\" alt=\"\" />"; echo "</td>"; $count++; } echo "</tr>"; echo "<tr>"; $count = 0; foreach ($useranswer as $optionid => $userlist) { if (!$optionid and !$choice->showunanswered) { continue; } echo "<td align=\"center\" class=\"col{$count} count\">"; if ($choice->limitanswers && !$optionid == 0) { echo get_string("taken", "choice") . ":"; echo $column[$optionid]; echo "<br/>"; echo get_string("limit", "choice") . ":"; $choice_option = get_record("choice_options", "id", $optionid); echo $choice_option->maxanswers; } else { echo $column[$optionid]; } echo "</td>"; $count++; } echo "</tr></table>"; break; } }
// fix for MDL-9268 if (!($group = groups_get_group($filterselect))) { //TODO:check. error('Incorrect group id specified'); } if (!($course = get_record('course', 'id', $group->courseid))) { error('Incorrect course id specified'); } $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); $courseid = $course->id; require_login($course); if (!has_capability('moodle/blog:view', $coursecontext)) { error('You do not have the required permissions to view blogs in this course/group'); } if (groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $coursecontext)) { if (!ismember($filterselect)) { error('You are not a member of this course group'); } } break; case 'user': if ($CFG->bloglevel < BLOG_USER_LEVEL) { error('Blogs is not enabled'); } if (!($user = get_record('user', 'id', $filterselect))) { error('Incorrect user id'); } if ($user->deleted) { print_header(); print_heading(get_string('userdeleted')); print_footer();
/** * Returns list of all the teachers who can access a group * * @uses $CFG * @param int $courseid The course in question. * @param int $groupid The group in question. * @return object */ function get_group_teachers($courseid, $groupid) { /// Returns a list of all the teachers who can access a group if ($teachers = get_course_teachers($courseid)) { foreach ($teachers as $key => $teacher) { if ($teacher->editall) { // These can access anything continue; } if ($teacher->authority > 0 and ismember($groupid, $teacher->id)) { // Specific group teachers continue; } unset($teachers[$key]); } } return $teachers; }
// Group ID if (!($cm = get_coursemodule_from_id('survey', $id))) { error("Course Module ID was incorrect"); } if (!($course = get_record("course", "id", $cm->course))) { error("Course is misconfigured"); } require_login($course->id, false, $cm); $groupmode = groupmode($course, $cm); // Groups are being used $context = get_context_instance(CONTEXT_MODULE, $cm->id); if (!has_capability('mod/survey:readresponses', $context)) { if ($type != "student.png" or $sid != $USER->id) { error("Sorry, you aren't allowed to see this."); } else { if ($groupmode and !ismember($group)) { error("Sorry, you aren't allowed to see this."); } } } if (!($survey = get_record("survey", "id", $cm->instance))) { error("Survey ID was incorrect"); } /// Check to see if groups are being used in this survey if ($groupmode and $group) { $users = get_group_users($group); } else { $users = get_course_users($course->id); $group = false; } $stractual = get_string("actual", "survey");
function wiki_user_can_access_student_wiki(&$wiki, $userid, &$course) { global $USER; /// Get the groupmode. It's been added to the wiki object. $groupmode = groupmode($course, $wiki); $usersgroup = mygroupid($course->id); $isteacher = wiki_is_teacher($wiki, $USER->id); /// If this user is allowed to access this wiki then return TRUE. /// *** THIS COULD BE A PROBLEM, IF STUDENTS COULD EVER BE PART OF MORE THAN ONE GROUP *** /// A user can access a student wiki, if: /// - it is their wiki, /// - group mode is VISIBLEGROUPS, /// - group mode is SEPARATEGROUPS, and the user is a member of the requested user's group, /// - they are an editing teacher or administrator, /// - they are a non-editing teacher not assigned to a specific group, /// - they are a non-editing teacher and group mode is NOGROUPS. /// - they are an administrator (mostly for site-level wikis). if ($userid and $USER->id == $userid or $groupmode == VISIBLEGROUPS or $groupmode == SEPARATEGROUPS and ismember($usersgroup, $userid) or wiki_is_teacheredit($wiki, $USER->id) or wiki_is_teacher($wiki, $USER->id) and (!$usersgroup or $groupmode == NOGROUPS)) { $can_access = true; } else { $can_access = false; } return $can_access; }
$mygroupid = mygroupid($course->id); //only useful if 0, otherwise it's an array now if ($groupmode == SEPARATEGROUPS) { require_login(); if ((empty($mygroupid) and $discussion->groupid == -1) || (ismember($discussion->groupid) || $mygroupid == $discussion->groupid)) { // $canreply = true; } elseif ($discussion->groupid == -1) { $canreply = false; } else { print_heading("Sorry, you can't see this discussion because you are not in this group"); print_footer($course); die; } } else { if ($groupmode == VISIBLEGROUPS) { $canreply = empty($mygroupid) && $discussion->groupid == -1 || (ismember($discussion->groupid) || $mygroupid == $discussion->groupid); } } } } else { // allow guests to see the link $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); if (has_capability('moodle/legacy:guest', $coursecontext, NULL, false)) { // User is a guest here! $canreply = true; } } /// Print the controls across the top echo '<table width="100%" class="discussioncontrols"><tr><td>'; // groups selector not needed here echo "</td><td>";
/** * Checks to see if a user can view the blogs of another user. * Only blog level is checked here, the capabilities are enforced * in blog/index.php */ function blog_user_can_view_user_post($targetuserid, $blogEntry = null) { global $CFG, $USER; if (empty($CFG->bloglevel)) { return false; // blog system disabled } if (!empty($USER->id) and $USER->id == $targetuserid) { return true; // can view own posts in any case } $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); if (has_capability('moodle/blog:manageentries', $sitecontext)) { return true; // can manage all posts } // coming for 1 post, make sure it's not a draft if ($blogEntry and $blogEntry->publishstate == 'draft') { return false; // can not view draft of others } // coming for 1 post, make sure user is logged in, if not a public blog if ($blogEntry && $blogEntry->publishstate != 'public' && !isloggedin()) { return false; } switch ($CFG->bloglevel) { case BLOG_GLOBAL_LEVEL: return true; break; case BLOG_SITE_LEVEL: if (!empty($USER->id)) { // not logged in viewers forbidden return true; } return false; break; case BLOG_COURSE_LEVEL: $mycourses = array_keys(get_my_courses($USER->id)); $usercourses = array_keys(get_my_courses($targetuserid)); $shared = array_intersect($mycourses, $usercourses); if (!empty($shared)) { return true; } return false; break; case BLOG_GROUP_LEVEL: $mycourses = array_keys(get_my_courses($USER->id)); $usercourses = array_keys(get_my_courses($targetuserid)); $shared = array_intersect($mycourses, $usercourses); foreach ($shared as $courseid) { $coursecontext = get_context_instance(CONTEXT_COURSE, $courseid); if (has_capability('moodle/site:accessallgroups', $coursecontext) or groupmode($courseid) != SEPARATEGROUPS) { return true; } else { if ($usergroups = user_group($courseid, $targetuserid)) { foreach ($usergroups as $usergroup) { if (ismember($usergroup->id)) { return true; } } } } } return false; break; case BLOG_USER_LEVEL: default: $personalcontext = get_context_instance(CONTEXT_USER, $targetuserid); return has_capability('moodle/user:readuserblogs', $personalcontext); break; } }
$dcount = 0; foreach ($discussions as $discussion) { $dcount++; print_progress($dcount, $dtotal); if ($discussion->course != $currcourse) { /// Discussions are ordered by course, so we only need to get any course's users once. $currcourse = $discussion->course; $users = get_course_users($currcourse, '', '', 'u.id,u.confirmed'); } /// If this course has users, and posts more than a day old, mark them for each user. if ($users && ($posts = get_records_select('forum_posts', 'discussion = ' . $discussion->id . ' AND ' . $dateafter . ' < modified AND modified < ' . $onedayago, '', 'id,discussion,modified'))) { foreach ($users as $user) { /// If its a group discussion, make sure the user is in the group. if ($discussion->groupid) { if (!isset($groups[$discussion->groupid][$user->id])) { $groups[$discussion->groupid][$user->id] = ismember($discussion->groupid, $user->id); } } if (!$discussion->groupid || !empty($groups[$discussion->groupid][$user->id])) { foreach ($posts as $post) { print_progress($dcount, $dtotal); forum_tp_mark_post_read($user->id, $post, $discussion->forum); } } } } } print_progress($dcount, $dtotal, 0); } delete_records('config', 'name', 'upgrade', 'value', 'forumread'); notify('Log upgrading was successful!', 'notifysuccess');
function workshop_get_recent_mod_activity(&$activities, &$index, $sincetime, $courseid, $workshop = "0", $user = "", $groupid = "") { // Returns all workshop posts since a given time. If workshop is specified then // this restricts the results global $CFG; if ($workshop) { $workshopselect = " AND cm.id = '{$workshop}'"; } else { $workshopselect = ""; } if ($user) { $userselect = " AND u.id = '{$user}'"; } else { $userselect = ""; } $posts = get_records_sql("SELECT s.*, u.firstname, u.lastname,\n u.picture, cm.instance, w.name, cm.section\n FROM {$CFG->prefix}workshop_submissions s,\n {$CFG->prefix}user u,\n {$CFG->prefix}course_modules cm,\n {$CFG->prefix}workshop w\n WHERE s.timecreated > '{$sincetime}' {$workshopselect}\n AND s.userid = u.id {$userselect}\n AND w.course = '{$courseid}' \n AND cm.instance = w.id\n AND cm.course = w.course\n AND s.workshopid = w.id\n ORDER BY s.id"); if (empty($posts)) { return; } foreach ($posts as $post) { if (empty($groupid) || ismember($groupid, $post->userid)) { $tmpactivity = new Object(); $tmpactivity->type = "workshop"; $tmpactivity->defaultindex = $index; $tmpactivity->instance = $post->instance; $tmpactivity->name = $post->name; $tmpactivity->section = $post->section; $tmpactivity->content->id = $post->id; $tmpactivity->content->title = $post->title; $tmpactivity->user->userid = $post->userid; $tmpactivity->user->fullname = fullname($post); $tmpactivity->user->picture = $post->picture; $tmpactivity->timestamp = $post->timecreated; $activities[] = $tmpactivity; $index++; } } return; }
/** * A combination function to make it easier for modules * to set up groups. * * It will use a given "groupid" parameter and try to use * that to reset the current group for the user. * * @uses VISIBLEGROUPS * @param course $course A {@link $COURSE} object * @param int $groupmode Either NOGROUPS, SEPARATEGROUPS or VISIBLEGROUPS * @param int $groupid Will try to use this optional parameter to * reset the current group for the user * @return int|false Returns the current group id or false if error. */ function get_and_set_current_group($course, $groupmode, $groupid = -1) { //TODO: ?? groups_has_permission($userid, $groupingid, $courseid, $groupid, $permissiontype); // Sets to the specified group, provided the current user has view permission if (!$groupmode) { // Groups don't even apply return false; } $currentgroupid = get_current_group($course->id); if ($groupid < 0) { // No change was specified return $currentgroupid; } $context = get_context_instance(CONTEXT_COURSE, $course->id); if ($groupid) { // Try to change the current group to this groupid if (groups_group_belongs_to_course($groupid, $course->id)) { // Exists TODO:check. if (has_capability('moodle/site:accessallgroups', $context)) { // Sets current default group $currentgroupid = set_current_group($course->id, $groupid); } elseif ($groupmode == VISIBLEGROUPS) { // All groups are visible //if (ismember($group->id)){ $currentgroupid = set_current_group($course->id, $groupid); //set this since he might post /*)}else { $currentgroupid = $group->id;*/ } elseif ($groupmode == SEPARATEGROUPS) { // student in separate groups switching if (ismember($groupid)) { //check if is a member $currentgroupid = set_current_group($course->id, $groupid); //might need to set_current_group? } else { notify('You do not belong to this group! (' . $groupid . ')', 'error'); } } } } else { // When groupid = 0 it means show ALL groups // this is changed, non editting teacher needs access to group 0 as well, // for viewing work in visible groups (need to set current group for multiple pages) if (has_capability('moodle/site:accessallgroups', $context)) { // Sets current default group $currentgroupid = set_current_group($course->id, 0); } else { if ($groupmode == VISIBLEGROUPS) { // All groups are visible $currentgroupid = set_current_group($course->id, 0); } } } return $currentgroupid; }
function referentiel_user_can_add_certificat($referentiel, $currentgroup, $groupmode) { global $USER; global $CFG; if (!($cm = get_coursemodule_from_instance('referentiel', $referentiel->id, $referentiel->course))) { print_error('Course Module ID was incorrect'); } $context = context_module::instance($cm->id); if (!has_capability('mod/referentiel:writecertificat', $context)) { return false; } if (!$groupmode or has_capability('moodle/site:accessallgroups', $context)) { return true; } if ($currentgroup) { return ismember($currentgroup); } else { //else it might be group 0 in visible mode if ($groupmode == VISIBLEGROUPS) { return true; } else { return false; } } }
<?php include $_SERVER["DOCUMENT_ROOT"] . "/44/func/mysql.php"; ismember(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>無標題文件</title> <style> a:hover { color:red; } a { color:blue; } table { border-collapse: collapse; } th, td { width: 140px; } </style> </head> <body> <button onclick="location='/44/login/logout.php'">登出</button> <?php echo getsession("account") . " #" . getsession("id") . " ~" . getsession("name"); ?>
/** * this function handles the access policy to contents indexed as searchable documents. If this * function does not exist, the search engine assumes access is allowed. * When this point is reached, we already know that : * - user is legitimate in the surrounding context * - user may be guest and guest access is allowed to the module * - the function may perform local checks within the module information logic * @param string $path the access path to the module script code * @param string $itemtype the information subclassing (usefull for complex modules, defaults to 'standard') * @param int $this_id the item id within the information class denoted by entry_type. In chats, this id * points out a session history which is a close sequence of messages. * @param int $user the user record denoting the user who searches * @param int $group_id the current group used by the user when searching * @uses $CFG, $DB * @return true if access is allowed, false elsewhere */ function chat_check_text_access($path, $itemtype, $this_id, $user, $group_id, $context_id) { global $CFG, $DB; include_once "{$CFG->dirroot}/{$path}/lib.php"; list($chat_id, $sessionstart, $sessionend) = explode('-', $this_id); // get the chat session and all related stuff $chat = $DB->get_record('chat', array('id' => $chat_id)); $context = $DB->get_record('context', array('id' => $context_id)); $cm = $DB->get_record('course_modules', array('id' => $context->instanceid)); if (empty($cm)) { return false; } // Shirai 20090530 - MDL19342 - course module might have been delete if (!$cm->visible and !has_capability('moodle/course:viewhiddenactivities', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : hidden chat "; } return false; } //group consistency check : checks the following situations about groups // trap if user is not same group and groups are separated $course = $DB->get_record('course', array('id' => $chat->course)); if (isset($cm->groupmode) && empty($course->groupmodeforce)) { $groupmode = $cm->groupmode; } else { $groupmode = $course->groupmode; } if ($groupmode == SEPARATEGROUPS && !ismember($group_id) && !has_capability('moodle/site:accessallgroups', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : chat element is in separated group "; } return false; } //ownership check : checks the following situations about user // trap if user is not owner and has cannot see other's entries // TODO : typically may be stored into indexing cache if (!has_capability('mod/chat:readlog', $context)) { if (!empty($CFG->search_access_debug)) { echo "search reject : cannot read past sessions "; } return false; } return true; }
/** * Returns all webquestscorms since a given time. * * If webquestscorm is specified then this restricts the results */ function webquestscorm_get_recent_mod_activity(&$activities, &$index, $sincetime, $courseid, $webquestscorm = "0", $user = "", $groupid = "") { global $CFG; if ($webquestscorm) { $webquestscormselect = " AND cm.id = '{$webquestscorm}'"; } else { $webquestscormselect = ""; } if ($user) { $userselect = " AND u.id = '{$user}'"; } else { $userselect = ""; } $webquestscorms = get_records_sql("SELECT asub.*, u.firstname, u.lastname, u.picture, u.id as userid,\n a.grade as maxgrade, name, cm.instance, cm.section\n FROM {$CFG->prefix}webquestscorm_submissions asub,\n {$CFG->prefix}user u,\n {$CFG->prefix}webquestscorm a,\n {$CFG->prefix}course_modules cm\n WHERE asub.timemodified > '{$sincetime}'\n AND asub.userid = u.id {$userselect}\n AND a.id = asub.webquestscorm {$webquestscormselect}\n AND cm.course = '{$courseid}'\n AND cm.instance = a.id\n ORDER BY asub.timemodified ASC"); if (empty($webquestscorms)) { return; } foreach ($webquestscorms as $webquestscorm) { if (empty($groupid) || ismember($groupid, $webquestscorm->userid)) { $tmpactivity = new Object(); $tmpactivity->type = "webquestscorm"; $tmpactivity->defaultindex = $index; $tmpactivity->instance = $webquestscorm->instance; $tmpactivity->name = $webquestscorm->name; $tmpactivity->section = $webquestscorm->section; $tmpactivity->content->grade = $webquestscorm->grade; $tmpactivity->content->maxgrade = $webquestscorm->maxgrade; $tmpactivity->user->userid = $webquestscorm->userid; $tmpactivity->user->fullname = fullname($webquestscorm); $tmpactivity->user->picture = $webquestscorm->picture; $tmpactivity->timestamp = $webquestscorm->timemodified; $activities[] = $tmpactivity; $index++; } } return; }
function hotpot_get_recent_mod_activity(&$activities, &$index, $sincetime, $courseid, $cmid = "", $userid = "", $groupid = "") { // Returns all quizzes since a given time. global $CFG; // If $cmid or $userid are specified, then this restricts the results $cm_select = empty($cmid) ? "" : " AND cm.id = '{$cmid}'"; $user_select = empty($userid) ? "" : " AND u.id = '{$userid}'"; $records = get_records_sql("\n SELECT\n a.*,\n h.name, h.course,\n cm.instance, cm.section,\n u.firstname, u.lastname, u.picture\n FROM\n {$CFG->prefix}hotpot_attempts a,\n {$CFG->prefix}hotpot h,\n {$CFG->prefix}course_modules cm,\n {$CFG->prefix}user u\n WHERE\n a.timefinish > '{$sincetime}'\n AND a.id = a.clickreportid\n AND a.userid = u.id {$user_select}\n AND a.hotpot = h.id {$cm_select}\n AND cm.instance = h.id\n AND cm.course = '{$courseid}'\n AND h.course = cm.course\n ORDER BY\n a.timefinish ASC\n "); if (!empty($records)) { foreach ($records as $record) { if (empty($groupid) || ismember($groupid, $record->userid)) { unset($activity); $activity->type = "hotpot"; $activity->defaultindex = $index; $activity->instance = $record->hotpot; $activity->name = $record->name; $activity->section = $record->section; $activity->content->attemptid = $record->id; $activity->content->attempt = $record->attempt; $activity->content->score = $record->score; $activity->content->timestart = $record->timestart; $activity->content->timefinish = $record->timefinish; $activity->user->userid = $record->userid; $activity->user->fullname = fullname($record); $activity->user->picture = $record->picture; $activity->timestamp = $record->timefinish; $activities[] = $activity; $index++; } } // end foreach } }
} else { $users = get_course_students($course->id); } if (!$users) { print_heading(get_string("nousersyet")); } else { $grades = make_grades_menu($journal->assessed); $teachers = get_course_teachers($course->id); $allowedtograde = ($groupmode != VISIBLEGROUPS or isteacheredit($course->id) or ismember($currentgroup)); if ($allowedtograde) { echo '<form action="report.php" method="post">'; } if ($usersdone = journal_get_users_done($journal)) { foreach ($usersdone as $user) { if ($currentgroup) { if (!ismember($currentgroup, $user->id)) { /// Yes, it's inefficient, but this module will die continue; } } journal_print_user_entry($course, $user, $entrybyuser[$user->id], $teachers, $grades); unset($users[$user->id]); } } foreach ($users as $user) { // Remaining users journal_print_user_entry($course, $user, NULL, $teachers, $grades); } if ($allowedtograde) { echo "<center>"; echo "<input type=\"hidden\" name=\"id\" value=\"{$cm->id}\" />";
function workshop_print_league_table($workshop) { // print an order table of (student) submissions showing teacher's and student's assessments if (!($course = get_record("course", "id", $workshop->course))) { error("Print league table: Course is misconfigured"); } if (!($cm = get_coursemodule_from_instance("workshop", $workshop->id, $workshop->course))) { error("Course Module ID was incorrect"); } // set $groupid if workshop is in SEPARATEGROUPS mode if (groupmode($course, $cm) == SEPARATEGROUPS) { $groupid = get_current_group($course->id); } else { $groupid = 0; } $nentries = $workshop->showleaguetable; if ($workshop->anonymous and workshop_is_student($workshop)) { $table->head = array(get_string("title", "workshop"), get_string("teacherassessments", "workshop", $course->teacher), get_string("studentassessments", "workshop", $course->student), get_string("overallgrade", "workshop")); $table->align = array("left", "center", "center", "center"); $table->size = array("*", "*", "*", "*"); } else { // show names $table->head = array(get_string("title", "workshop"), get_string("name"), get_string("teacherassessments", "workshop", $course->teacher), get_string("studentassessments", "workshop", $course->student), get_string("overallgrade", "workshop")); $table->align = array("left", "left", "center", "center", "center"); $table->size = array("*", "*", "*", "*", "*"); } $table->cellpadding = 2; $table->cellspacing = 0; if ($submissions = workshop_get_student_submissions($workshop)) { foreach ($submissions as $submission) { if ($groupid) { // check submission's group if (!ismember($groupid, $submission->userid)) { continue; // skip this submission } } $grades[$submission->id] = workshop_submission_grade($workshop, $submission); } arsort($grades); // largest grade first reset($grades); $n = 1; while (list($submissionid, $grade) = each($grades)) { if (!($submission = get_record("workshop_submissions", "id", $submissionid))) { error("Print league table: submission not found"); } if (!($user = get_record("user", "id", $submission->userid))) { error("Print league table: user not found"); } if ($workshop->anonymous and workshop_is_student($workshop)) { $table->data[] = array(workshop_print_submission_title($workshop, $submission), workshop_print_submission_assessments($workshop, $submission, "teacher"), workshop_print_submission_assessments($workshop, $submission, "student"), $grade); } else { $table->data[] = array(workshop_print_submission_title($workshop, $submission), fullname($user), workshop_print_submission_assessments($workshop, $submission, "teacher"), workshop_print_submission_assessments($workshop, $submission, "student"), $grade); } $n++; if ($n > $nentries) { break; } } print_heading(get_string("leaguetable", "workshop")); print_table($table); workshop_print_key($workshop); } }
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); if (!forum_user_can_post($forum)) { if (has_capability('moodle/legacy:guest', $coursecontext, NULL, false)) { // User is a guest here! $SESSION->wantsurl = $FULLME; $SESSION->enrolcancel = $_SERVER['HTTP_REFERER']; redirect($CFG->wwwroot . '/course/enrol.php?id=' . $course->id, get_string('youneedtoenrol')); } else { print_error('nopostforum', 'forum'); } } if (groupmode($course, $cm)) { // Make sure user can post here $mygroupid = mygroupid($course->id); if (!((empty($mygroupid) and $discussion->groupid == -1) || ismember($discussion->groupid) || has_capability('moodle/site:accessallgroups', $modcontext, NULL, false))) { print_error('nopostdiscussion', 'forum'); } } if (!$cm->visible and !has_capability('moodle/course:manageactivities', $coursecontext)) { error(get_string("activityiscurrentlyhidden")); } // Load up the $post variable. $post = new object(); $post->course = $course->id; $post->forum = $forum->id; $post->discussion = $parent->discussion; $post->parent = $parent->id; $post->subject = $parent->subject; $post->userid = $USER->id; $post->message = '';
/** * Prints the discussion view screen for a forum. * * @param object $course The current course object. * @param object $forum Forum to be printed. * @param int $maxdiscussions The maximum number of discussions per page(optional). * @param string $displayformat The display format to use (optional). * @param string $sort Sort arguments for database query (optional). * @param int $currentgroup Group to display discussions for (optional). * @param int $groupmode Group mode of the forum (optional). * @param int $page Page mode, page to display (optional). * */ function forum_print_latest_discussions($course, $forum, $maxdiscussions = 5, $displayformat = 'plain', $sort = '', $currentgroup = -1, $groupmode = -1, $page = -1, $cm = NULL) { global $CFG, $USER; if (!$cm) { if (!($cm = get_coursemodule_from_instance('forum', $forum->id, $forum->course))) { error('Course Module ID was incorrect'); } } $context = get_context_instance(CONTEXT_MODULE, $cm->id); // Sort out some defaults if (!$maxdiscussions && $displayformat == 'plain') { $displayformat = 'header'; // Abbreviate display by default } $fullpost = false; if ($displayformat == 'plain') { $fullpost = true; } // Decide if current user is allowed to see ALL the current discussions or not // First check the group stuff $groupmode = groupmode($course, $cm); $currentgroup = get_and_set_current_group($course, $groupmode); // If the user can post discussions, then this is a good place to put the // button for it. We do not show the button if we are showing site news // and the current user is a guest. if (forum_user_can_post_discussion($forum, $currentgroup, $groupmode, $cm, $context) || $forum->type != 'news' && has_capability('moodle/legacy:guest', $context, NULL, false)) { echo '<div class="singlebutton forumaddnew">'; echo "<form id=\"newdiscussionform\" method=\"get\" action=\"{$CFG->wwwroot}/mod/forum/post.php\">"; echo '<div>'; echo "<input type=\"hidden\" name=\"forum\" value=\"{$forum->id}\" />"; echo '<input type="submit" value="'; echo $forum->type == 'news' ? get_string('addanewtopic', 'forum') : ($forum->type == 'qanda' ? get_string('addanewquestion', 'forum') : get_string('addanewdiscussion', 'forum')); echo '" />'; echo '</div>'; echo '</form>'; echo "</div>\n"; } else { if (!isguestuser() and isloggedin() and $forum->type != 'news' and $groupmode == SEPARATEGROUPS and !ismember($currentgroup)) { notify(get_string('cannotadddiscussion', 'forum')); } } // Get all the recent discussions we're allowed to see $getuserlastmodified = $displayformat == 'header'; if (!($discussions = forum_get_discussions($forum->id, $sort, 0, $fullpost, $currentgroup, 0, $getuserlastmodified))) { echo '<div class="forumnodiscuss">'; if ($forum->type == 'news') { echo '(' . get_string('nonews', 'forum') . ')'; } else { if ($forum->type == 'qanda') { echo '(' . get_string('noquestions', 'forum') . ')'; } else { echo '(' . get_string('nodiscussions', 'forum') . ')'; } } echo "</div>\n"; return; } // If no discussions then don't use paging (to avoid some divide by 0 errors) if ($maxdiscussions <= 0) { $page = -1; $maxdiscussions = 0; } // If we want paging if ($page != -1) { ///Get the number of discussions found $numdiscussions = count($discussions); ///Show the paging bar print_paging_bar($numdiscussions, $page, $maxdiscussions, "view.php?f={$forum->id}&"); //Calculate the page "window" $pagestart = $page * $maxdiscussions + 1; $pageend = $pagestart + $maxdiscussions - 1; } $replies = forum_count_discussion_replies($forum->id); $canreply = forum_user_can_post($forum); $canviewparticipants = has_capability('moodle/course:viewparticipants', $context); $discussioncount = 0; $olddiscussionlink = false; $strdatestring = get_string('strftimerecentfull'); // Check if the forum is tracked. if ($cantrack = forum_tp_can_track_forums($forum)) { $forumtracked = forum_tp_is_tracked($forum); } else { $forumtracked = false; } if ($displayformat == 'header') { echo '<table cellspacing="0" class="forumheaderlist">'; echo '<thead>'; echo '<tr>'; echo '<th class="header topic" scope="col">' . get_string('discussion', 'forum') . '</th>'; echo '<th class="header author" colspan="2" scope="col">' . get_string('startedby', 'forum') . '</th>'; if ($groupmode > 0) { echo '<th class="header group" scope="col">' . get_string('group') . '</th>'; } if (has_capability('mod/forum:viewdiscussion', $context)) { echo '<th class="header replies" scope="col">' . get_string('replies', 'forum') . '</th>'; // If the forum can be tracked, display the unread column. if ($cantrack) { echo '<th class="header replies" scope="col">' . get_string('unread', 'forum'); if ($forumtracked) { echo ' <a title="' . get_string('markallread', 'forum') . '" href="' . $CFG->wwwroot . '/mod/forum/markposts.php?f=' . $forum->id . '&mark=read&returnpage=view.php">' . '<img src="' . $CFG->pixpath . '/t/clear.gif" class="iconsmall" alt="' . get_string('markallread', 'forum') . '" /></a>'; } echo '</th>'; } } echo '<th class="header lastpost" scope="col">' . get_string('lastpost', 'forum') . '</th>'; echo '</tr>'; echo '</thead>'; echo '<tbody>'; } foreach ($discussions as $discussion) { $discussioncount++; if ($page != -1) { // We are using paging if ($discussioncount < $pagestart) { // Not there yet continue; } if ($discussioncount > $pageend) { // All done, finish the loop break; } //Without paging, old approach } else { if ($maxdiscussions && $discussioncount > $maxdiscussions) { $olddiscussionlink = true; break; } } if (!empty($replies[$discussion->discussion])) { $discussion->replies = $replies[$discussion->discussion]->replies; $discussion->lastpostid = $replies[$discussion->discussion]->lastpostid; } else { $discussion->replies = 0; } // SPECIAL CASE: The front page can display a news item post to non-logged in users. // All posts are read in this case. if (!$forumtracked) { $discussion->unread = '-'; } else { if (empty($USER)) { $discussion->unread = 0; } else { $discussion->unread = forum_tp_count_discussion_unread_posts($USER->id, $discussion->discussion); } } if (!empty($USER->id)) { $ownpost = $discussion->userid == $USER->id; } else { $ownpost = false; } // Use discussion name instead of subject of first post $discussion->subject = $discussion->name; switch ($displayformat) { case 'header': if ($groupmode > 0) { if (isset($groups[$discussion->groupid])) { $group = $groups[$discussion->groupid]; } else { $group = $groups[$discussion->groupid] = groups_get_group($discussion->groupid); //TODO: } } else { $group = -1; } forum_print_discussion_header($discussion, $forum, $group, $strdatestring, $cantrack, $forumtracked, $canviewparticipants, $context); break; default: if ($canreply or $discussion->replies) { $link = true; } else { $link = false; } $discussion->forum = $forum->id; forum_print_post($discussion, $course->id, $ownpost, $reply = 0, $link, $assessed = false); break; } } if ($displayformat == "header") { echo '</tbody>'; echo '</table>'; } if ($olddiscussionlink) { echo '<div class="forumolddiscuss">'; echo '<a href="' . $CFG->wwwroot . '/mod/forum/view.php?f=' . $forum->id . '&showall=1">'; echo get_string('olderdiscussions', 'forum') . '</a> ...</div>'; } if ($page != -1) { ///Show the paging bar print_paging_bar($numdiscussions, $page, $maxdiscussions, "view.php?f={$forum->id}&"); } }
/** * Return a list of teachers that the current user is able to open a dialogue with * * Called by dialogue_get_available_users(). The list is used to populate a drop-down * list in the UI. The returned array of usernames is filtered to hide teacher names * if those teachers have a hidden role assignment, unless the list is being returned * for a teacher in which case those hidden teachers are listed * @param object $dialogue * @param object $context for a user in this activity * @param int $editconversationid * @return array usernames and ids */ function dialogue_get_available_teachers($dialogue, $context, $editconversationid = 0) { global $USER, $CFG; $canseehidden = has_capability('moodle/role:viewhiddenassigns', $context); if (!($course = get_record('course', 'id', $dialogue->course))) { error('Course is misconfigured'); } if (!($cm = get_coursemodule_from_instance('dialogue', $dialogue->id, $course->id))) { error('Course Module ID was incorrect'); } // get the list of teachers (actually, those who have dialogue:manage capability) $hiddenTeachers = array(); if ($users = get_users_by_capability($context, 'mod/dialogue:manage', '', null, null, null, null, null, null, true, null)) { foreach ($users as $user) { $userRoles = get_user_roles($context, $user->id, true); foreach ($userRoles as $role) { if ($role->hidden == 1) { $hiddenTeachers[$user->id] = 1; break; } } } $canSeeHidden = false; if (has_capability('moodle/role:viewhiddenassigns', $context)) { $canSeeHidden = true; } $groupid = get_current_group($course->id); foreach ($users as $otheruser) { // ...exclude self and ... if ($USER->id != $otheruser->id) { // ...if groupmode is SEPARATEGROUPS then exclude teachers not in student's group if ($groupid and groupmode($course, $cm) == SEPARATEGROUPS) { if (!ismember($groupid, $otheruser->id)) { continue; } } if (!$canSeeHidden && array_key_exists($otheruser->id, $hiddenTeachers) && $hiddenTeachers[$otheruser->id] == 1) { continue; } // ...any already in open conversations unless multiple conversations allowed if ($dialogue->multipleconversations or count_records_select('dialogue_conversations', "dialogueid = {$dialogue->id} AND id != {$editconversationid} AND ((userid = {$USER->id} AND \n recipientid = {$otheruser->id}) OR (userid = {$otheruser->id} AND \n recipientid = {$USER->id})) AND closed = 0") == 0) { $names[$otheruser->id] = fullname($otheruser); } } } } if (isset($names)) { natcasesort($names); return $names; } return; }
function data_user_can_add_entry($data, $currentgroup, $groupmode) { global $USER; if (!($cm = get_coursemodule_from_instance('data', $data->id))) { error('Course Module ID was incorrect'); } $context = get_context_instance(CONTEXT_MODULE, $cm->id); if (!has_capability('mod/data:writeentry', $context) and !has_capability('mod/data:manageentries', $context)) { return false; } if (!$groupmode or has_capability('moodle/site:accessallgroups', $context)) { return true; } if ($currentgroup) { return ismember($currentgroup); } else { //else it might be group 0 in visible mode if ($groupmode == VISIBLEGROUPS) { return true; } else { return false; } } }