I have collected code that used to be in lib/adminlib.php, lib/accesslib.php and user/selector/lib.php into a new admin/roles/lib.php file.
And I added standard GPL and Moodle comments to all the files in admin/roles.
-<?php
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
/**
* this page defines what roles can access (grant user that role and override that roles'
* capabilities in different context. For example, we can say that Teachers can only grant
* capability moodle/role:assign or moodle/role:manage and this database table roles_deny_grant
* to be able to grant roles. If a user has moodle/role:manage at site level assignment
* then he can modify the roles_allow_assign table via this interface.
- */
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
+
require_once('../../config.php');
require_once($CFG->libdir.'/adminlib.php');
-<?php
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
/**
* this page defines what roles can override (override roles in different context. For example,
* we can say that Admin can override teacher roles in a course
* To be able to override roles. If a user has moodle/role:override at context level
* and be in the roles_allow_override table.
- */
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
+
require_once('../../config.php');
require_once($CFG->libdir.'/adminlib.php');
-<?php // $Id$
- // Script to assign users to contexts
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Lets you assign roles to users in a particular context.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
require_once(dirname(__FILE__) . '/../../config.php');
- require_once($CFG->libdir.'/adminlib.php');
- require_once($CFG->dirroot.'/user/selector/lib.php');
+ require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php');
require_js(array('yui_yahoo', 'yui_dom', 'yui_event'));
require_js($CFG->admin . '/roles/roles.js');
-<?php // $Id$
- // Script to assign users to contexts
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Shows the result of has_capability for every capability for a user in a context.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
require_once(dirname(__FILE__) . '/../../config.php');
- require_once($CFG->libdir.'/adminlib.php');
- require_once($CFG->dirroot.'/user/selector/lib.php');
+ require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php');
$contextid = required_param('contextid',PARAM_INT);
$contextuserid = optional_param('userid', 0, PARAM_INT); // needed for user tabs
/// If a user has been chosen, show all the permissions for this user.
$user = $userselector->get_selected_user();
if (!is_null($user)) {
-
- /// Class for rendering the table.
- class explain_cabability_table extends cabability_table_base {
- protected $user;
- protected $fullname;
- protected $baseurl;
- protected $contextname;
- protected $stryes;
- protected $strno;
- protected $strexplanation;
- private $hascap;
- public function __construct($context, $user, $contextname) {
- global $CFG;
- parent::__construct($context, 'explaincaps');
- $this->user = $user;
- $this->fullname = fullname($user);
- $this->contextname = $contextname;
- $this->baseurl = $CFG->wwwroot . '/' . $CFG->admin .
- '/roles/explainhascapabiltiy.php?user=' . $user->id .
- '&contextid=' . $context->id . '&capability=';
- $this->stryes = get_string('yes');
- $this->strno = get_string('no');
- $this->strexplanation = get_string('explanation');
- }
- protected function add_header_cells() {
- echo '<th>' . get_string('allowed', 'role') . '</th>';
- echo '<th>' . $this->strexplanation . '</th>';
- }
- protected function num_extra_columns() {
- return 2;
- }
- protected function skip_row($capability) {
- return $capability->name != 'moodle/site:doanything' && is_legacy($capability->name);
- }
- protected function get_row_classes($capability) {
- $this->hascap = has_capability($capability->name, $this->context, $this->user->id);
- if ($this->hascap) {
- return array('yes');
- } else {
- return array('no');
- }
- }
- protected function add_row_cells($capability) {
- if ($this->hascap) {
- $result = $this->stryes;
- $tooltip = 'whydoesuserhavecap';
- } else {
- $result = $this->strno;
- $tooltip = 'whydoesusernothavecap';
- }
- $a = new stdClass;
- $a->fullname = $this->fullname;
- $a->capability = $capability->name;
- $a->context = $this->contextname;
- echo '<td>' . $result . '</td>';
- echo '<td>';
- link_to_popup_window($this->baseurl . $capability->name, 'hascapabilityexplanation',
- $this->strexplanation, 600, 600, get_string($tooltip, 'role', $a));
- echo '</td>';
- }
- }
-
- require_js(array('yui_yahoo', 'yui_dom', 'yui_event'));
- require_js($CFG->admin . '/roles/roles.js');
print_box_start('generalbox boxaligncenter boxwidthwide');
print_heading(get_string('permissionsforuser', 'role', fullname($user)), '', 3);
- $table = new explain_cabability_table($context, $user, $contextname);
+ $table = new explain_capability_table($context, $user, $contextname);
$table->display();
print_box_end();
-<?php
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Elucidates what has_capability does for a particular capability/user/context.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
+
require(dirname(__FILE__) . '/../../config.php');
// Get parameters.
--- /dev/null
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Library code used by the roles administration interfaces.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
+
+require_once($CFG->libdir.'/adminlib.php');
+require_once($CFG->dirroot.'/user/selector/lib.php');
+
+/**
+ * Print a risk icon, as a link to the Risks page on Moodle Docs.
+ *
+ * @param string $type the type of risk, will be one of the keys from the
+ * get_all_risks array. Must start with 'risk'.
+ */
+function print_risk_icon($type) {
+ global $CFG;
+ static $risksurl = null;
+ if (is_null($risksurl)) {
+ $risksurl = get_docs_url(s(get_string('risks', 'role')));
+ }
+ $iconurl = $CFG->pixpath . '/i/' . str_replace('risk', 'risk_', $type) . '.gif';
+ echo '<a onclick="this.target=\'docspopup\'" title="' . get_string($type, 'admin') .
+ '" href="' . $risksurl . '"> <img src="' . $iconurl . '" alt="' .
+ get_string($type . 'short', 'admin') . '" /></a>';
+}
+
+// Classes for producing tables with one row per capability ====================
+
+/**
+ * This class represents a table with one row for each of a list of capabilities
+ * where the first cell in the row contains the capability name, and there is
+ * arbitrary stuff in the rest of the row. This class is used by
+ * admin/roles/manage.php, override.php and explain.php.
+ *
+ * An ajaxy search UI shown at the top, if JavaScript is on.
+ */
+abstract class capability_table_base {
+ /** The context this table relates to. */
+ protected $context;
+
+ /** The capabilities to display. Initialised as fetch_context_capabilities($context). */
+ protected $capabilities = array();
+
+ /** Added as an id="" attribute to the table on output. */
+ protected $id;
+
+ /** Added to the class="" attribute on output. */
+ protected $classes = array('rolecap');
+
+ /** Default number of capabilities in the table for the search UI to be shown. */
+ const NUM_CAPS_FOR_SEARCH = 12;
+
+ /**
+ * Constructor
+ * @param object $context the context this table relates to.
+ * @param string $id what to put in the id="" attribute.
+ */
+ public function __construct($context, $id) {
+ $this->context = $context;
+ $this->capabilities = fetch_context_capabilities($context);
+ $this->id = $id;
+ }
+
+ /**
+ * Use this to add class="" attributes to the table. You get the rolecap by
+ * default.
+ * @param array $classnames of class names.
+ */
+ public function add_classes($classnames) {
+ $this->classes = array_unique(array_merge($this->classes, $classnames));
+ }
+
+ /**
+ * Display the table.
+ */
+ public function display() {
+ echo '<table class="' . implode(' ', $this->classes) . '" id="' . $this->id . '">' . "\n<thead>\n";
+ echo '<tr><th class="name" align="left" scope="col">' . get_string('capability','role') . '</th>';
+ $this->add_header_cells();
+ echo "</tr>\n</thead>\n<tbody>\n";
+
+ /// Loop over capabilities.
+ $contextlevel = 0;
+ $component = '';
+ foreach ($this->capabilities as $capability) {
+ if ($this->skip_row($capability)) {
+ continue;
+ }
+
+ /// Prints a breaker if component or name or context level has changed
+ if (component_level_changed($capability, $component, $contextlevel)) {
+ $this->print_heading_row($capability);
+ }
+ $contextlevel = $capability->contextlevel;
+ $component = $capability->component;
+
+ /// Start the row.
+ echo '<tr class="' . implode(' ', array_unique(array_merge(array('rolecap'),
+ $this->get_row_classes($capability)))) . '">';
+
+ /// Table cell for the capability name.
+ echo '<td class="name"><span class="cap-desc">' . get_capability_docs_link($capability) .
+ '<span class="cap-name">' . $capability->name . '</span></span></td>';
+
+ /// Add the cells specific to this table.
+ $this->add_row_cells($capability);
+
+ /// End the row.
+ echo "</tr>\n";
+ }
+
+ /// End of the table.
+ echo "</tbody>\n</table>\n";
+ if (count($this->capabilities) > capability_table_base::NUM_CAPS_FOR_SEARCH) {
+ global $CFG;
+ require_js(array('yui_yahoo', 'yui_dom', 'yui_event'));
+ require_js($CFG->admin . '/roles/roles.js');
+ print_js_call('cap_table_filter.init',
+ array($this->id, get_string('search'), get_string('clear')));
+ }
+ }
+
+ /**
+ * Used to output a heading rows when the context level or component changes.
+ * @param object $capability gives the new component and contextlevel.
+ */
+ protected function print_heading_row($capability) {
+ echo '<tr class="rolecapheading header"><td colspan="' . (1 + $this->num_extra_columns()) . '" class="header"><strong>' .
+ get_component_string($capability->component, $capability->contextlevel) .
+ '</strong></td></tr>';
+
+ }
+
+ /** For subclasses to override, output header cells, after the initial capability one. */
+ protected abstract function add_header_cells();
+
+ /** For subclasses to override, return the number of cells that add_header_cells/add_row_cells output. */
+ protected abstract function num_extra_columns();
+
+ /**
+ * For subclasses to override. Allows certain capabilties (e.g. legacy capabilities)
+ * to be left out of the table.
+ *
+ * @param object $capability the capability this row relates to.
+ * @return boolean. If true, this row is omitted from the table.
+ */
+ protected function skip_row($capability) {
+ return false;
+ }
+
+ /**
+ * For subclasses to override. A change to reaturn class names that are added
+ * to the class="" attribute on the <tr> for this capability.
+ *
+ * @param object $capability the capability this row relates to.
+ * @return array of class name strings.
+ */
+ protected function get_row_classes($capability) {
+ return array();
+ }
+
+ /**
+ * For subclasses to override. Output the data cells for this capability. The
+ * capability name cell will already have been output.
+ *
+ * You can rely on get_row_classes always being called before add_row_cells.
+ *
+ * @param object $capability the capability this row relates to.
+ */
+ protected abstract function add_row_cells($capability);
+}
+
+/**
+ * Subclass of capability_table_base for use on the Check permissions page.
+ *
+ * We have two additional columns, Allowed, which contains yes/no, and Explanation,
+ * which contains a pop-up link to explainhascapability.php.
+ */
+class explain_capability_table extends capability_table_base {
+ protected $user;
+ protected $fullname;
+ protected $baseurl;
+ protected $contextname;
+ protected $stryes;
+ protected $strno;
+ protected $strexplanation;
+ private $hascap;
+
+ /**
+ * Constructor
+ * @param object $context the context this table relates to.
+ * @param object $user the user we are generating the results for.
+ * @param string $contextname print_context_name($context) - to save recomputing.
+ */
+ public function __construct($context, $user, $contextname) {
+ global $CFG;
+ parent::__construct($context, 'explaincaps');
+ $this->user = $user;
+ $this->fullname = fullname($user);
+ $this->contextname = $contextname;
+ $this->baseurl = $CFG->wwwroot . '/' . $CFG->admin .
+ '/roles/explainhascapabiltiy.php?user=' . $user->id .
+ '&contextid=' . $context->id . '&capability=';
+ $this->stryes = get_string('yes');
+ $this->strno = get_string('no');
+ $this->strexplanation = get_string('explanation');
+ }
+
+ protected function add_header_cells() {
+ echo '<th>' . get_string('allowed', 'role') . '</th>';
+ echo '<th>' . $this->strexplanation . '</th>';
+ }
+
+ protected function num_extra_columns() {
+ return 2;
+ }
+
+ protected function skip_row($capability) {
+ return $capability->name != 'moodle/site:doanything' && is_legacy($capability->name);
+ }
+
+ protected function get_row_classes($capability) {
+ $this->hascap = has_capability($capability->name, $this->context, $this->user->id);
+ if ($this->hascap) {
+ return array('yes');
+ } else {
+ return array('no');
+ }
+ }
+
+ protected function add_row_cells($capability) {
+ if ($this->hascap) {
+ $result = $this->stryes;
+ $tooltip = 'whydoesuserhavecap';
+ } else {
+ $result = $this->strno;
+ $tooltip = 'whydoesusernothavecap';
+ }
+ $a = new stdClass;
+ $a->fullname = $this->fullname;
+ $a->capability = $capability->name;
+ $a->context = $this->contextname;
+ echo '<td>' . $result . '</td>';
+ echo '<td>';
+ link_to_popup_window($this->baseurl . $capability->name, 'hascapabilityexplanation',
+ $this->strexplanation, 600, 600, get_string($tooltip, 'role', $a));
+ echo '</td>';
+ }
+}
+
+// User selectors for managing role assignments ================================
+
+/**
+ * Base class to avoid duplicating code.
+ */
+abstract class role_assign_user_selector_base extends user_selector_base {
+ const MAX_USERS_PER_PAGE = 100;
+
+ protected $roleid;
+ protected $context;
+
+ /**
+ * @param string $name control name
+ * @param array $options should have two elements with keys groupid and courseid.
+ */
+ public function __construct($name, $options) {
+ global $CFG;
+ parent::__construct($name, $options);
+ $this->roleid = $options['roleid'];
+ if (isset($options['context'])) {
+ $this->context = $options['context'];
+ } else {
+ $this->context = get_context_instance_by_id($options['contextid']);
+ }
+ require_once($CFG->dirroot . '/group/lib.php');
+ }
+
+ protected function get_options() {
+ $options = parent::get_options();
+ $options['roleid'] = $this->roleid;
+ $options['contextid'] = $this->context->id;
+ return $options;
+ }
+}
+
+/**
+ * User selector subclass for the list of potential users on the assign roles page,
+ * when we are assigning in a context below the course level. (CONTEXT_MODULE and
+ * CONTEXT_BLOCK).
+ *
+ * In this case we replicate part of get_users_by_capability() get the users
+ * with moodle/course:view (or moodle/site:doanything). We can't use
+ * get_users_by_capability() becuase
+ * 1) get_users_by_capability() does not deal with searching by name
+ * 2) exceptions array can be potentially large for large courses
+ */
+class potential_assignees_below_course extends role_assign_user_selector_base {
+ public function find_users($search) {
+ global $DB;
+
+ // Get roles with some assignement to the 'moodle/course:view' capability.
+ $possibleroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $this->context);
+ if (empty($possibleroles)) {
+ // If there aren't any, we are done.
+ return array();
+ }
+
+ // Now exclude the admin roles, and check the actual permission on
+ // 'moodle/course:view' to make sure it is allow.
+ $doanythingroles = get_roles_with_capability('moodle/site:doanything',
+ CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM));
+ $validroleids = array();
+
+ foreach ($possibleroles as $possiblerole) {
+ if (isset($doanythingroles[$possiblerole->id])) {
+ continue;
+ }
+
+ if ($caps = role_context_capabilities($possiblerole->id, $this->context, 'moodle/course:view')) { // resolved list
+ if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) { // resolved capability > 0
+ $validroleids[] = $possiblerole->id;
+ }
+ }
+ }
+
+ // If there are no valid roles, we are done.
+ if (!$validroleids) {
+ return array();
+ }
+
+ // Now we have to go to the database.
+ list($wherecondition, $params) = $this->search_sql($search, 'u');
+ if ($wherecondition) {
+ $wherecondition = ' AND ' . $wherecondition;
+ }
+ $roleids = '('.implode(',', $validroleids).')';
+
+ $fields = 'SELECT ' . $this->required_fields_sql('u');
+ $countfields = 'SELECT COUNT(1)';
+
+ $sql = " FROM {user} u
+ JOIN {role_assignments} ra ON ra.userid = u.id
+ JOIN {role} r ON r.id = ra.roleid
+ WHERE ra.contextid " . get_related_contexts_string($this->context)."
+ $wherecondition
+ AND ra.roleid IN $roleids
+ AND u.id NOT IN (
+ SELECT u.id
+ FROM {role_assignments} r, {user} u
+ WHERE r.contextid = ?
+ AND u.id = r.userid
+ AND r.roleid = ?)";
+ $order = ' ORDER BY lastname ASC, firstname ASC';
+
+ $params[] = $this->context->id;
+ $params[] = $this->roleid;
+
+ // Check to see if there are too many to show sensibly.
+ if (!$this->is_validating()) {
+ $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params);
+ if ($potentialmemberscount > role_assign_user_selector_base::MAX_USERS_PER_PAGE) {
+ return $this->too_many_results($search, $potentialmemberscount);
+ }
+ }
+
+ // If not, show them.
+ $availableusers = $DB->get_records_sql($fields . $sql . $order, $params);
+
+ if (empty($availableusers)) {
+ return array();
+ }
+
+ if ($search) {
+ $groupname = get_string('potusersmatching', 'role', $search);
+ } else {
+ $groupname = get_string('potusers', 'role');
+ }
+
+ return array($groupname => $availableusers);
+ }
+}
+
+/**
+ * User selector subclass for the list of potential users on the assign roles page,
+ * when we are assigning in a context at or above the course level. In this case we
+ * show all the users in the system who do not already have the role.
+ */
+class potential_assignees_course_and_above extends role_assign_user_selector_base {
+ public function find_users($search) {
+ global $DB;
+
+ list($wherecondition, $params) = $this->search_sql($search, '');
+
+ $fields = 'SELECT ' . $this->required_fields_sql('');
+ $countfields = 'SELECT COUNT(1)';
+
+ $sql = " FROM {user}
+ WHERE $wherecondition
+ AND id NOT IN (
+ SELECT u.id
+ FROM {role_assignments} r, {user} u
+ WHERE r.contextid = ?
+ AND u.id = r.userid
+ AND r.roleid = ?)";
+ $order = ' ORDER BY lastname ASC, firstname ASC';
+
+ $params[] = $this->context->id;
+ $params[] = $this->roleid;
+
+ if (!$this->is_validating()) {
+ $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params);
+ if ($potentialmemberscount > role_assign_user_selector_base::MAX_USERS_PER_PAGE) {
+ return $this->too_many_results($search, $potentialmemberscount);
+ }
+ }
+
+ $availableusers = $DB->get_records_sql($fields . $sql . $order, $params);
+
+ if (empty($availableusers)) {
+ return array();
+ }
+
+ if ($search) {
+ $groupname = get_string('potusersmatching', 'role', $search);
+ } else {
+ $groupname = get_string('potusers', 'role');
+ }
+
+ return array($groupname => $availableusers);
+ }
+}
+
+/**
+ * User selector subclass for the list of users who already have the role in
+ * question on the assign roles page.
+ */
+class existing_role_holders extends role_assign_user_selector_base {
+ protected $strhidden;
+
+ public function __construct($name, $options) {
+ parent::__construct($name, $options);
+ $this->strhidden = get_string('hiddenassign');
+ }
+
+ public function find_users($search) {
+ list($wherecondition, $params) = $this->search_sql($search, 'u');
+ $contextusers = get_role_users($this->roleid, $this->context, false,
+ $this->required_fields_sql('u') . ', ra.hidden', 'u.lastname, u.firstname',
+ true, '', '', '', $wherecondition, $params);
+
+ if (empty($contextusers)) {
+ return array();
+ }
+
+ if ($search) {
+ $groupname = get_string('extusersmatching', 'role', $search);
+ } else {
+ $groupname = get_string('extusers', 'role');
+ }
+
+ return array($groupname => $contextusers);
+ }
+
+ // Override to add (hidden) to hidden role assignments.
+ public function output_user($user) {
+ $output = parent::output_user($user);
+ if ($user->hidden) {
+ $output .= ' (' . $this->strhidden . ')';
+ }
+ return $output;
+ }
+}
+
+/**
+ * A special subclass to use when unassigning admins at site level. Disables
+ * the option for admins to unassign themselves.
+ */
+class existing_role_holders_site_admin extends existing_role_holders {
+ public function find_users($search) {
+ global $USER;
+ $groupedusers = parent::find_users($search);
+ foreach ($groupedusers as $group) {
+ foreach ($group as &$user) {
+ if ($user->id == $USER->id) {
+ $user->disabled = true;
+ }
+ }
+ }
+ return $groupedusers;
+ }
+}
+
+?>
\ No newline at end of file
-<?php //$Id$
-
- require_once('../../config.php');
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Lets the user define and edit roles.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
+
+ require_once(dirname(__FILE__) . '/../../config.php');
+ require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php');
require_once($CFG->libdir.'/adminlib.php');
-<?php
-// this page deals with the 2 tabs for manage.php and grant.php
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Defines the tab bar used on the manage/allow assign/allow overrides pages.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
if (!defined('MOODLE_INTERNAL')) {
- die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
+ die('Direct access to this script is forbidden.'); // It must be included from a Moodle page
}
$toprow = array();
-<?php //$Id$
-
- require_once('../../config.php');
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Lets you override role definitions in contexts.
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
+
+ require_once(dirname(__FILE__) . '/../../config.php');
+ require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php');
$contextid = required_param('contextid', PARAM_INT); // context id
$roleid = optional_param('roleid', 0, PARAM_INT); // requested role id
-<?php // $Id$
-
-// Handles headers and tabs for the roles control at any level apart from SYSTEM level
-// We also assume that $currenttab, $assignableroles and $overridableroles are defined
+<?php // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+// //
+// NOTICE OF COPYRIGHT //
+// //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment //
+// http://moodle.org //
+// //
+// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
+// //
+// This program is free software; you can redistribute it and/or modify //
+// it under the terms of the GNU General Public License as published by //
+// the Free Software Foundation; either version 2 of the License, or //
+// (at your option) any later version. //
+// //
+// This program is distributed in the hope that it will be useful, //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
+// GNU General Public License for more details: //
+// //
+// http://www.gnu.org/copyleft/gpl.html //
+// //
+///////////////////////////////////////////////////////////////////////////
+
+/**
+ * Handles headers and tabs for the roles control at any level apart from SYSTEM level
+ * We assume that $currenttab, $assignableroles and $overridableroles are defined
+ *
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
+ *//** */
if (!defined('MOODLE_INTERNAL')) {
- die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
+ die('Direct access to this script is forbidden.'); // It must be included from a Moodle page
}
$navlinks = array();
* DB need to ensure that the default role caps
* are dealt with appropriately.
*
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package roles
*/
require_once $CFG->dirroot.'/lib/blocklib.php';
return $url;
}
-/**
- * Print a risk icon, as a link to the Risks page on Moodle Docs.
- *
- * @param string $type the type of risk, will be one of the keys from the
- * get_all_risks array. Must start with 'risk'.
- */
-function print_risk_icon($type) {
- global $CFG;
- static $risksurl = null;
- if (is_null($risksurl)) {
- $risksurl = get_docs_url(s(get_string('risks', 'role')));
- }
- $iconurl = $CFG->pixpath . '/i/' . str_replace('risk', 'risk_', $type) . '.gif';
- echo '<a onclick="this.target=\'docspopup\'" title="' . get_string($type, 'admin') .
- '" href="' . $risksurl . '"> <img src="' . $iconurl . '" alt="' .
- get_string($type . 'short', 'admin') . '" /></a>';
-}
-
/**
* @return array all the known types of risk. The array keys can be used, for example
* as CSS class names, or in calls to print_risk_icon. The values are the
return highlight($query, $output);
}
}
-
-/**
- * This class represents a table with one row for each of a list of capabilities
- * where the first cell in the row contains the capability name, and there is
- * arbitrary stuff in the rest of the row. This class is used by
- * admin/roles/manage.php, override.php and explain.php. There is also some
- * ajaxy search UI shown at the top, if JavaScript is on.
- */
-abstract class cabability_table_base {
- protected $context;
- protected $capabilities = array();
- protected $id;
- protected $classes = array('rolecap');
- const NUM_CAPS_FOR_SEARCH = 12;
-
- /**
- * Constructor
- * @param object $context the context this table relates to.
- * @param string $id what to put in the id="" attribute.
- */
- public function __construct($context, $id) {
- $this->context = $context;
- $this->capabilities = fetch_context_capabilities($context);
- $this->id = $id;
- }
-
- /**
- * Use this to add class="" attributes to the table. You get the rolecap by
- * default.
- * @param array $classnames of class names.
- */
- public function add_classes($classnames) {
- $this->classes = array_unique(array_merge($this->classes, $classnames));
- }
-
- /**
- * Display the table.
- */
- public function display() {
- echo '<table class="' . implode(' ', $this->classes) . '" id="' . $this->id . '">' . "\n<thead>\n";
- echo '<tr><th class="name" align="left" scope="col">' . get_string('capability','role') . '</th>';
- $this->add_header_cells();
- echo "</tr>\n</thead>\n<tbody>\n";
-
- /// Loop over capabilities.
- $contextlevel = 0;
- $component = '';
- foreach ($this->capabilities as $capability) {
- if ($this->skip_row($capability)) {
- continue;
- }
-
- /// Prints a breaker if component or name or context level has changed
- if (component_level_changed($capability, $component, $contextlevel)) {
- $this->print_heading_row($capability);
- }
- $contextlevel = $capability->contextlevel;
- $component = $capability->component;
-
- /// Start the row.
- echo '<tr class="' . implode(' ', array_unique(array_merge(array('rolecap'),
- $this->get_row_classes($capability)))) . '">';
-
- /// Table cell for the capability name.
- echo '<td class="name"><span class="cap-desc">' . get_capability_docs_link($capability) .
- '<span class="cap-name">' . $capability->name . '</span></span></td>';
-
- /// Add the cells specific to this table.
- $this->add_row_cells($capability);
-
- /// End the row.
- echo "</tr>\n";
- }
-
- /// End of the table.
- echo "</tbody>\n</table>\n";
- if (count($this->capabilities) > cabability_table_base::NUM_CAPS_FOR_SEARCH) {
- print_js_call('cap_table_filter.init',
- array($this->id, get_string('search'), get_string('clear')));
- }
- }
-
- /**
- * Used to output a heading rows when the context level or component changes.
- * @param object $capability gives the new component and contextlevel.
- */
- protected function print_heading_row($capability) {
- echo '<tr class="rolecapheading header"><td colspan="' . (1 + $this->num_extra_columns()) . '" class="header"><strong>' .
- get_component_string($capability->component, $capability->contextlevel) .
- '</strong></td></tr>';
-
- }
-
- /** For subclasses to override, output header cells, after the initial capability one. */
- protected abstract function add_header_cells();
-
- /** For subclasses to override, return the number of cells that add_header_cells/add_row_cells output. */
- protected abstract function num_extra_columns();
-
- /**
- * For subclasses to override. Allows certain capabilties (e.g. legacy capabilities)
- * to be left out of the table.
- *
- * @param object $capability the capability this row relates to.
- * @return boolean. If true, this row is omitted from the table.
- */
- protected function skip_row($capability) {
- return false;
- }
-
- /**
- * For subclasses to override. A change to reaturn class names that are added
- * to the class="" attribute on the <tr> for this capability.
- *
- * @param object $capability the capability this row relates to.
- * @return array of class name strings.
- */
- protected function get_row_classes($capability) {
- return array();
- }
-
- /**
- * For subclasses to override. Output the data cells for this capability. The
- * capability name cell will already have been output.
- *
- * You can rely on get_row_classes always being called before add_row_cells.
- *
- * @param object $capability the capability this row relates to.
- */
- protected abstract function add_row_cells($capability);
-}
\ No newline at end of file
* should not do this when validating.
*
* If you are writing a new user_selector subclass, I strongly recommend you
- * look at some of the subclasses later in this file. They should help you
- * see exactly what you have to do.
+ * look at some of the subclasses later in this file and in admin/roles/lib.php.
+ * They should help you see exactly what you have to do.
*
* @param string $search the search string.
* @return array An array of arrays of users. The array keys of the outer
}
}
-// User selectors for managing role assignments ================================
-
-/**
- * Base class to avoid duplicating code.
- */
-abstract class role_assign_user_selector_base extends user_selector_base {
- const MAX_USERS_PER_PAGE = 100;
-
- protected $roleid;
- protected $context;
-
- /**
- * @param string $name control name
- * @param array $options should have two elements with keys groupid and courseid.
- */
- public function __construct($name, $options) {
- global $CFG;
- parent::__construct($name, $options);
- $this->roleid = $options['roleid'];
- if (isset($options['context'])) {
- $this->context = $options['context'];
- } else {
- $this->context = get_context_instance_by_id($options['contextid']);
- }
- require_once($CFG->dirroot . '/group/lib.php');
- }
-
- protected function get_options() {
- $options = parent::get_options();
- $options['roleid'] = $this->roleid;
- $options['contextid'] = $this->context->id;
- return $options;
- }
-}
-
-/**
- * User selector subclass for the list of potential users on the assign roles page,
- * when we are assigning in a context below the course level. (CONTEXT_MODULE and
- * CONTEXT_BLOCK).
- *
- * In this case we replicate part of get_users_by_capability() get the users
- * with moodle/course:view (or moodle/site:doanything). We can't use
- * get_users_by_capability() becuase
- * 1) get_users_by_capability() does not deal with searching by name
- * 2) exceptions array can be potentially large for large courses
- */
-class potential_assignees_below_course extends role_assign_user_selector_base {
- public function find_users($search) {
- global $DB;
-
- // Get roles with some assignement to the 'moodle/course:view' capability.
- $possibleroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $this->context);
- if (empty($possibleroles)) {
- // If there aren't any, we are done.
- return array();
- }
-
- // Now exclude the admin roles, and check the actual permission on
- // 'moodle/course:view' to make sure it is allow.
- $doanythingroles = get_roles_with_capability('moodle/site:doanything',
- CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM));
- $validroleids = array();
-
- foreach ($possibleroles as $possiblerole) {
- if (isset($doanythingroles[$possiblerole->id])) {
- continue;
- }
-
- if ($caps = role_context_capabilities($possiblerole->id, $this->context, 'moodle/course:view')) { // resolved list
- if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) { // resolved capability > 0
- $validroleids[] = $possiblerole->id;
- }
- }
- }
-
- // If there are no valid roles, we are done.
- if (!$validroleids) {
- return array();
- }
-
- // Now we have to go to the database.
- list($wherecondition, $params) = $this->search_sql($search, 'u');
- if ($wherecondition) {
- $wherecondition = ' AND ' . $wherecondition;
- }
- $roleids = '('.implode(',', $validroleids).')';
-
- $fields = 'SELECT ' . $this->required_fields_sql('u');
- $countfields = 'SELECT COUNT(1)';
-
- $sql = " FROM {user} u
- JOIN {role_assignments} ra ON ra.userid = u.id
- JOIN {role} r ON r.id = ra.roleid
- WHERE ra.contextid " . get_related_contexts_string($this->context)."
- $wherecondition
- AND ra.roleid IN $roleids
- AND u.id NOT IN (
- SELECT u.id
- FROM {role_assignments} r, {user} u
- WHERE r.contextid = ?
- AND u.id = r.userid
- AND r.roleid = ?)";
- $order = ' ORDER BY lastname ASC, firstname ASC';
-
- $params[] = $this->context->id;
- $params[] = $this->roleid;
-
- // Check to see if there are too many to show sensibly.
- if (!$this->is_validating()) {
- $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params);
- if ($potentialmemberscount > role_assign_user_selector_base::MAX_USERS_PER_PAGE) {
- return $this->too_many_results($search, $potentialmemberscount);
- }
- }
-
- // If not, show them.
- $availableusers = $DB->get_records_sql($fields . $sql . $order, $params);
-
- if (empty($availableusers)) {
- return array();
- }
-
- if ($search) {
- $groupname = get_string('potusersmatching', 'role', $search);
- } else {
- $groupname = get_string('potusers', 'role');
- }
-
- return array($groupname => $availableusers);
- }
-}
-
-/**
- * User selector subclass for the list of potential users on the assign roles page,
- * when we are assigning in a context at or above the course level. In this case we
- * show all the users in the system who do not already have the role.
- */
-class potential_assignees_course_and_above extends role_assign_user_selector_base {
- public function find_users($search) {
- global $DB;
-
- list($wherecondition, $params) = $this->search_sql($search, '');
-
- $fields = 'SELECT ' . $this->required_fields_sql('');
- $countfields = 'SELECT COUNT(1)';
-
- $sql = " FROM {user}
- WHERE $wherecondition
- AND id NOT IN (
- SELECT u.id
- FROM {role_assignments} r, {user} u
- WHERE r.contextid = ?
- AND u.id = r.userid
- AND r.roleid = ?)";
- $order = ' ORDER BY lastname ASC, firstname ASC';
-
- $params[] = $this->context->id;
- $params[] = $this->roleid;
-
- if (!$this->is_validating()) {
- $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params);
- if ($potentialmemberscount > role_assign_user_selector_base::MAX_USERS_PER_PAGE) {
- return $this->too_many_results($search, $potentialmemberscount);
- }
- }
-
- $availableusers = $DB->get_records_sql($fields . $sql . $order, $params);
-
- if (empty($availableusers)) {
- return array();
- }
-
- if ($search) {
- $groupname = get_string('potusersmatching', 'role', $search);
- } else {
- $groupname = get_string('potusers', 'role');
- }
-
- return array($groupname => $availableusers);
- }
-}
-
-/**
- * User selector subclass for the list of users who already have the role in
- * question on the assign roles page.
- */
-class existing_role_holders extends role_assign_user_selector_base {
- protected $strhidden;
-
- public function __construct($name, $options) {
- parent::__construct($name, $options);
- $this->strhidden = get_string('hiddenassign');
- }
-
- public function find_users($search) {
- list($wherecondition, $params) = $this->search_sql($search, 'u');
- $contextusers = get_role_users($this->roleid, $this->context, false,
- $this->required_fields_sql('u') . ', ra.hidden', 'u.lastname, u.firstname',
- true, '', '', '', $wherecondition, $params);
-
- if (empty($contextusers)) {
- return array();
- }
-
- if ($search) {
- $groupname = get_string('extusersmatching', 'role', $search);
- } else {
- $groupname = get_string('extusers', 'role');
- }
-
- return array($groupname => $contextusers);
- }
-
- // Override to add (hidden) to hidden role assignments.
- public function output_user($user) {
- $output = parent::output_user($user);
- if ($user->hidden) {
- $output .= ' (' . $this->strhidden . ')';
- }
- return $output;
- }
-}
-
-/**
- * A special subclass to use when unassigning admins at site level. Disables
- * the option for admins to unassign themselves.
- */
-class existing_role_holders_site_admin extends existing_role_holders {
- public function find_users($search) {
- global $USER;
- $groupedusers = parent::find_users($search);
- foreach ($groupedusers as $group) {
- foreach ($group as &$user) {
- if ($user->id == $USER->id) {
- $user->disabled = true;
- }
- }
- }
- return $groupedusers;
- }
-}
-
// User selectors for managing group memebers ==================================
/**
*
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package userselector
- */
+ *//** */
require_once(dirname(__FILE__) . '/../../config.php');
require_once($CFG->dirroot . '/user/selector/lib.php');
projects / moodle.git / commitdiff