/** * Reset role capabilitites to default according to selected legacy capability. * If several legacy caps selected, use the first from get_default_capabilities. * If no legacy selected, removes all capabilities. * * @param int @roleid */ function reset_role_capabilities($roleid) { global $DB; $sitecontext = get_context_instance(CONTEXT_SYSTEM); $legacyroles = get_legacy_roles(); $defaultcaps = array(); foreach ($legacyroles as $ltype => $lcap) { $localoverride = get_local_override($roleid, $sitecontext->id, $lcap); if (!empty($localoverride->permission) and $localoverride->permission == CAP_ALLOW) { //choose first selected legacy capability $defaultcaps = get_default_capabilities($ltype); break; } } $DB->delete_records('role_capabilities', array('roleid' => $roleid)); if (!empty($defaultcaps)) { foreach ($defaultcaps as $cap => $permission) { assign_capability($cap, $permission, $roleid, $sitecontext->id); } } }
public function __construct($context, $roleid) { $this->roleid = $roleid; parent::__construct($context, 'defineroletable', $roleid); $this->displaypermissions = $this->allpermissions; $this->strperms[$this->allpermissions[CAP_INHERIT]] = get_string('notset', 'role'); $this->allcontextlevels = array(CONTEXT_SYSTEM => get_string('coresystem'), CONTEXT_USER => get_string('user'), CONTEXT_COURSECAT => get_string('category'), CONTEXT_COURSE => get_string('course'), CONTEXT_MODULE => get_string('activitymodule'), CONTEXT_BLOCK => get_string('block')); $this->legacyroles = get_legacy_roles(); }
} // added a role sitewide... mark_context_dirty($sitecontext->path); if (empty($errors)) { $rolename = get_field('role', 'name', 'id', $newroleid); add_to_log(SITEID, 'role', 'add', 'admin/roles/manage.php?action=add', $rolename, '', $USER->id); redirect('manage.php'); } } break; case 'edit': if ($data = data_submitted() and confirm_sesskey()) { $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters $legacytype = required_param('legacytype', PARAM_RAW); $legacyroles = get_legacy_roles(); if (!array_key_exists($legacytype, $legacyroles)) { $legacytype = ''; } if (empty($name)) { $errors['name'] = get_string('errorbadrolename', 'role'); } else { if ($rs = get_records('role', 'name', $name)) { unset($rs[$roleid]); if (!empty($rs)) { $errors['name'] = get_string('errorexistsrolename', 'role'); } } } if (empty($shortname)) { $errors['shortname'] = get_string('errorbadroleshortname', 'role');
/** * When called resets all custom roles as per definition set down in /local/roles.php * * Note that this uses the non-core role.custom field to isolate roles to remove. * * Utilise the $path parameter to allow for localisation (i.e. different roles defintion than core). * * Sort order is reset based on the order listed in the defintion. * * WARNING: as long as you retain the same shortname existing user role assigments will * be retained. if you change the shortname they will be lost. * * KNOWN ISSUE: we rely on shortname being unique, but this is not enforced by the db. * this is more a problem with moodle. * * @param text $path * */ function tao_reset_custom_roles($path = 'local') { global $CFG; if (!get_site()) { // not finished installing, skip return true; } // get latest role definition from roles file $rolespath = $CFG->dirroot . '/' . $path . '/roles.php'; if (!file_exists($rolespath)) { debugging("Local caps reassignment called with invalid path {$path}"); return false; } require_once $rolespath; if (!isset($customroles)) { return true; // nothing to do. } $undeletableroles = array(); $undeletableroles[$CFG->notloggedinroleid] = 1; $undeletableroles[$CFG->guestroleid] = 1; $undeletableroles[$CFG->defaultuserroleid] = 1; $undeletableroles[$CFG->defaultcourseroleid] = 1; // If there is only one admin role, add that to $undeletableroles too. $adminroles = get_admin_roles(); if (count($adminroles) == 1) { $undeletableroles[reset($adminroles)->id] = 1; } // get recordset of existing custom roles $sql = "SELECT id, name, shortname, description, sortorder, custom\n FROM {$CFG->prefix}role\n WHERE custom IS NOT NULL"; $roles = get_records_sql($sql); // remove custom roles that are not in the latest definition foreach ($roles as $role) { // check whether this role is in the latest definition if (array_key_exists($role->shortname, $customroles)) { continue; } // extra safety: check undeletable roles if (isset($undeletableroles[$role->id])) { continue; } delete_role($role->id); } // hack to avoid sortorder unique constraint execute_sql("UPDATE {$CFG->prefix}role SET sortorder = (sortorder+1000) WHERE custom IS NOT NULL"); // set sortorder to current highest value $sortorder = get_field_sql("SELECT " . sql_max('sortorder') . " FROM {$CFG->prefix}role WHERE custom IS NULL"); // now loop through the new settings foreach ($customroles as $shortname => $role) { $sortorder++; // get the roleid $roleid = get_field('role', 'id', 'shortname', $shortname); // if exists then make updates if (!empty($roleid)) { // only update fields that have been set if (isset($role['name'])) { set_field('role', 'name', $role['name'], 'shortname', $shortname); } if (isset($role['description'])) { set_field('role', 'description', $role['description'], 'shortname', $shortname); } // reset sortorder set_field('role', 'sortorder', $sortorder, 'shortname', $shortname); // else create record } else { $newrole = new stdclass(); $newrole->name = $role['name']; $newrole->shortname = $shortname; $newrole->description = $role['description']; $newrole->sortorder = $sortorder; $newrole->custom = 1; $roleid = insert_record('role', $newrole); } // remove any previously set legacy roles $legacyroles = get_legacy_roles(); foreach ($legacyroles as $ltype => $lcap) { unassign_capability($lcap, $roleid); } // reset legacy role if (isset($role['legacy'])) { $legacycap = $legacyroles[$role['legacy']]; $context = get_context_instance(CONTEXT_SYSTEM); assign_capability($legacycap, CAP_ALLOW, $roleid, $context->id); } // update the context settings set_role_contextlevels($roleid, $role['context']); // e.g. array(CONTEXT_SYSTEM, CONTEXT_COURSECAT) // set allow assigns if (is_array($role['canassign'])) { // delete existing delete_records('role_allow_assign', 'allowassign', $roleid); foreach ($role['canassign'] as $canassign) { $canassignid = get_field('role', 'id', 'shortname', $canassign); allow_assign($canassignid, $roleid); } } } // reset custom capabilities to keep up with changes return tao_reset_capabilities(); }