/**
* Determines whether the current user is allowed to enrol users into the provided class
*
* @param int $classid The id of the class we are checking permissions on
*
* @return boolean Whether the user is allowed to enrol users into the class
*
*/
static function can_enrol_into_class($classid)
{
global $USER;
//check the standard capability
if (cmclasspage::_has_capability('block/curr_admin:class:enrol', $classid) || cmclasspage::_has_capability('block/curr_admin:class:enrol_cluster_user', $classid)) {
return true;
}
//get the context for the "indirect" capability
$context = cm_context_set::for_user_with_capability('cluster', 'block/curr_admin:class:enrol_cluster_user', $USER->id);
//we first need to go through tracks to get to clusters
$track_listing = new trackassignmentclass(array('classid' => $classid));
$tracks = $track_listing->get_assigned_tracks();
//iterate over the track ides, which are the keys of the array
if (!empty($tracks)) {
foreach (array_keys($tracks) as $track) {
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($track);
if (!empty($clusters)) {
foreach ($clusters as $cluster) {
if ($context->context_allowed($cluster->clusterid, 'cluster')) {
return true;
}
}
}
}
}
return false;
}
function can_do_edit()
{
// the user must have 'block/curr_admin:associate' permissions on both
// ends
$association_id = $this->required_param('association_id', PARAM_INT);
$record = new trackassignmentclass($association_id);
$trackid = $record->trackid;
$classid = $record->classid;
return trackpage::_has_capability('block/curr_admin:associate', $trackid) && cmclasspage::_has_capability('block/curr_admin:associate', $classid);
}
function can_do_updatemultiple()
{
//todo: allow multi-update for non-admins
$id = $this->required_param('id');
return cmclasspage::_has_capability('block/curr_admin:track:enrol', $id);
}
function can_do_default()
{
global $USER;
$id = $this->required_param('id', PARAM_INT);
return cmclasspage::_has_capability('block/curr_admin:viewreports', $id) || instructor::user_is_instructor_of_class(cm_get_crlmuserid($USER->id), $id);
}
/**
* Determines whether the current user is allowed to create, edit, and delete associations
* between a user and a class
*
* @param int $userid The id of the user being associated to the class
* @param int $classid The id of the class we are associating the user to
*
* @return boolean True if the current user has the required permissions, otherwise false
*/
public static function can_manage_assoc($userid, $classid)
{
global $USER;
if (!cmclasspage::can_enrol_into_class($classid)) {
//the users who satisfty this condition are a superset of those who can manage associations
return false;
} else {
if (cmclasspage::_has_capability('block/curr_admin:track:enrol', $classid)) {
//current user has the direct capability
return true;
}
}
//get the context for the "indirect" capability
$context = cm_context_set::for_user_with_capability('cluster', 'block/curr_admin:class:enrol_cluster_user', $USER->id);
$allowed_clusters = array();
$allowed_clusters = cmclass::get_allowed_clusters($classid);
//query to get users associated to at least one enabling cluster
$cluster_select = '';
if (empty($allowed_clusters)) {
$cluster_select = '0=1';
} else {
$cluster_select = 'clusterid IN (' . implode(',', $allowed_clusters) . ')';
}
$select = "userid = {$userid} AND {$cluster_select}";
//user just needs to be in one of the possible clusters
if (record_exists_select(CLSTUSERTABLE, $select)) {
return true;
}
return false;
}
/**
* Returns an array of cluster ids that are associated to the supplied class through tracks and
* the current user has access to enrol users into
*
* @param int $clsid The class whose association ids we care about
* @return int array The array of accessible cluster ids
*/
public static function get_allowed_clusters($clsid)
{
global $USER;
$context = cm_context_set::for_user_with_capability('cluster', 'block/curr_admin:class:enrol_cluster_user', $USER->id);
$allowed_clusters = array();
if (cmclasspage::_has_capability('block/curr_admin:class:enrol_cluster_user', $clsid)) {
global $CURMAN;
require_once CURMAN_DIRLOCATION . '/lib/usercluster.class.php';
$cmuserid = cm_get_crlmuserid($USER->id);
$userclusters = $CURMAN->db->get_records(CLSTUSERTABLE, 'userid', $cmuserid);
foreach ($userclusters as $usercluster) {
$allowed_clusters[] = $usercluster->clusterid;
}
}
//we first need to go through tracks to get to clusters
$track_listing = new trackassignmentclass(array('classid' => $clsid));
$tracks = $track_listing->get_assigned_tracks();
//iterate over the track ides, which are the keys of the array
if (!empty($tracks)) {
foreach (array_keys($tracks) as $track) {
//get the clusters and check the context against them
$clusters = clustertrack::get_clusters($track);
$allowed_track_clusters = $context->get_allowed_instances($clusters, 'cluster', 'clusterid');
//append all clusters that are allowed by the available clusters contexts
foreach ($allowed_track_clusters as $allowed_track_cluster) {
$allowed_clusters[] = $allowed_track_cluster;
}
}
}
return $allowed_clusters;
}
