accesslib: Introducing is_siteadmin() to reliably check for siteadmins

is_siteadmin checks a few key capabilities to suss out if the user is
an admin. The main virtue of the function is that it does not use
the accesslib infrastructure -- it reads directly from the DB, which
is useful for the 1.9 accesslib upgrade.

diff --git a/lib/accesslib.php b/lib/accesslib.php
index 1ecffe5fa996a1896ac771249a719a2d18db76f5..5bbeeca0c400a3e8af9c3700ceeb785fc15d2761 100755 (executable)
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -399,6 +399,38 @@ function has_capability($capability, $context=NULL, $userid=NULL, $doanything=tr
                        $ACCESS[$userid], $doanything);
 }
 
+/*
+ * Uses 1 DB query to answer whether a user is an admin at the sitelevel.
+ * It depends on DB schema >=1.7 but does not depend on the new datastructures
+ * in v1.9 (context.path, or $USER->access)
+ *
+ * Will return true if the userid has any of
+ *  - moodle/site:config
+ *  - moodle/legacy:admin
+ *  - moodle/site:doanything
+ *
+ * @param   int  $userid
+ * @returns bool $isadmin
+ */
+function is_siteadmin($userid) {
+    global $CFG;
+
+    $sql = "SELECT COUNT(u.id)
+            FROM mdl_user u
+            JOIN mdl_role_assignments ra
+              ON ra.userid=u.id
+            JOIN mdl_context ctx 
+              ON ctx.id=ra.contextid
+            JOIN mdl_role_capabilities rc
+              ON (ra.roleid=rc.roleid AND rc.contextid=ctx.id)
+            WHERE ctx.contextlevel=10
+              AND rc.capability IN ('moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything')       
+              AND u.id={$USER->id}";
+
+    $isadmin = (get_field_sql($sql) == 0);
+    return $isadmin;
+}
+
 function get_course_from_path ($path) {
     // assume that nothing is more than 1 course deep
     if (preg_match('!^(/.+)/\d+$!', $path, $matches)) {