From: skodak Date: Sun, 24 Sep 2006 11:55:11 +0000 (+0000) Subject: roles fixed in user browsing page; admin section now accepts array of capabilities... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=38d2d43b0122331449f87d930637ab8fda526035;p=moodle.git roles fixed in user browsing page; admin section now accepts array of capabilities for external and settings pages --- diff --git a/admin/roles/manage.php b/admin/roles/manage.php index 7901002ae6..8e42874baf 100755 --- a/admin/roles/manage.php +++ b/admin/roles/manage.php @@ -188,11 +188,7 @@ } else if (confirm_sesskey()){ // show confirmation admin_externalpage_print_header($adminroot); - $optionsyes = new object(); - $optionsyes->action = 'delete'; - $optionsyes->roleid = $roleid; - $optionsyes->sesskey = sesskey(); - $optionsyes->confirm = 1; + $optionsyes = array('action'=>'delete', 'roleid'=>$roleid, 'sesskey'=>sesskey(), 'confirm'=>1); $a = new object(); $a->id = $roleid; $a->name = $roles[$roleid]->name; diff --git a/admin/settings/users.php b/admin/settings/users.php index 9d26d09fae..1c78f4bfa8 100644 --- a/admin/settings/users.php +++ b/admin/settings/users.php @@ -8,8 +8,8 @@ $ADMIN->add('users', new admin_externalpage('userauthentication', get_string('au // stuff under the "accounts" subcategory $ADMIN->add('users', new admin_category('accounts', get_string('accounts', 'admin'))); -$ADMIN->add('accounts', new admin_externalpage('editusers', get_string('userlist','admin'), "$CFG->wwwroot/$CFG->admin/user.php")); -$ADMIN->add('accounts', new admin_externalpage('addnewuser', get_string('addnewuser'), "$CFG->wwwroot/$CFG->admin/user.php?newuser=true")); +$ADMIN->add('accounts', new admin_externalpage('editusers', get_string('userlist','admin'), "$CFG->wwwroot/$CFG->admin/user.php", array('moodle/user:update', 'moodle/user:delete'))); +$ADMIN->add('accounts', new admin_externalpage('addnewuser', get_string('addnewuser'), "$CFG->wwwroot/$CFG->admin/user.php?newuser=true", 'moodle/user:create')); $ADMIN->add('accounts', new admin_externalpage('uploadusers', get_string('uploadusers'), "$CFG->wwwroot/$CFG->admin/uploaduser.php")); diff --git a/admin/user.php b/admin/user.php index 0fe87b73c8..8cedaac3ee 100644 --- a/admin/user.php +++ b/admin/user.php @@ -1,6 +1,7 @@ libdir.'/adminlib.php'); $newuser = optional_param('newuser', 0, PARAM_BOOL); $delete = optional_param('delete', 0, PARAM_INT); @@ -10,40 +11,32 @@ $dir = optional_param('dir', 'ASC', PARAM_ALPHA); $page = optional_param('page', 0, PARAM_INT); $perpage = optional_param('perpage', 30, PARAM_INT); // how many per page - $search = optional_param('search', '', PARAM_RAW); + $search = trim(optional_param('search', '', PARAM_RAW)); $lastinitial = optional_param('lastinitial', '', PARAM_CLEAN); // only show students with this last initial $firstinitial = optional_param('firstinitial', '', PARAM_CLEAN); // only show students with this first initial - $search = trim($search); - - $user = new object(); - $admin = new object(); - $teacher = new object(); - - if (!$context = get_context_instance(CONTEXT_SYSTEM, SITEID)) { // Should never happen + if (!$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID)) { // Should never happen redirect('index.php'); } if (!$CFG->rolesactive) { // No admin user yet. - $user->firstname = get_string("admin"); - $user->lastname = get_string("user"); - $user->username = "admin"; - $user->password = hash_internal_user_password("admin"); - $user->email = "root@localhost"; + $user = new object(); + $user->firstname = get_string('admin'); + $user->lastname = get_string('user'); + $user->username = 'admin'; + $user->password = hash_internal_user_password('admin'); + $user->email = 'root@localhost'; $user->confirmed = 1; $user->lang = $CFG->lang; $user->maildisplay = 1; $user->timemodified = time(); - if (! $user->id = insert_record("user", $user)) { + if (! $user->id = insert_record('user', $user)) { error("SERIOUS ERROR: Could not create admin user record !!!"); } - - $admin->userid = $user->id; - - if (! $user = get_record("user", "id", $user->id)) { // Double check. + if (! $user = get_record('user', 'id', $user->id)) { // Double check. error("User ID was incorrect (can't find it)"); } @@ -53,7 +46,7 @@ error('No admin role could be found'); } foreach ($adminroles as $adminrole) { - role_assign($adminrole->id, $user->id, 0, $context->id); + role_assign($adminrole->id, $user->id, 0, $sitecontext->id); } set_config('rolesactive', 1); @@ -61,14 +54,13 @@ if (! $site = get_site()) { error("Could not find site-level course"); } - + // Log the user in. $USER = $user; $USER->loggedin = true; $USER->sessionIP = md5(getremoteaddr()); // Store the current IP in the session $USER->site = $CFG->wwwroot; $USER->admin = true; - //$USER->teacher["$site->id"] = true; $USER->newadminuser = true; sesskey(); // For added security, used to check script parameters @@ -86,16 +78,24 @@ require_login(); - + $adminroot = admin_get_root(); + + if ($newuser) { + admin_externalpage_setup('addnewuser', $adminroot); + } else { + admin_externalpage_setup('editusers', $adminroot); + } + + if ($newuser) { // Create a new user - - if (!has_capability('moodle/user:create', $context)) { + + if (!has_capability('moodle/user:create', $sitecontext)) { error('You do not have the required permission to create new users.'); } if (!$user = get_record('user', 'username', 'changeme')) { // half finished user from another time - - $user = new object; + + $user = new object(); $user->auth = 'manual'; $user->firstname = ''; $user->lastname = ''; @@ -114,33 +114,21 @@ redirect("$CFG->wwwroot/user/edit.php?id=$user->id&course=$site->id"); } else { // List all users for editing - - if (!has_capability('moodle/user:update', $context)) { - error('You do not have the required permission to edit users.'); - } - - $stredituser = get_string("edituser"); - $stradministration = get_string("administration"); - $strusers = get_string("users"); - $stredit = get_string("edit"); - $strdelete = get_string("delete"); - $strdeletecheck = get_string("deletecheck"); - $strsearch = get_string("search"); - $strshowallusers = get_string("showallusers"); - - if ($firstinitial or $lastinitial or $search or $page) { - print_header("$site->shortname: $stredituser", $site->fullname, - "$stradministration -> ". - "$strusers -> ". - "$stredituser"); - } else { - print_header("$site->shortname: $stredituser", $site->fullname, - "$stradministration -> ". - "$strusers -> $stredituser"); + + if (!has_capability('moodle/user:update', $sitecontext) and !has_capability('moodle/user:delete', $sitecontext)) { + error('You do not have the required permission to edit/delete users.'); } + $stredit = get_string('edit'); + $strdelete = get_string('delete'); + $strdeletecheck = get_string('deletecheck'); + $strsearch = get_string('search'); + $strshowallusers = get_string('showallusers'); + + admin_externalpage_print_header($adminroot); + if ($confirmuser and confirm_sesskey()) { - if (!$user = get_record("user", "id", "$confirmuser")) { + if (!$user = get_record('user', 'id', $confirmuser)) { error("No such user!"); } @@ -149,19 +137,19 @@ $confirmeduser->confirmed = 1; $confirmeduser->timemodified = time(); - if (update_record("user", $confirmeduser)) { - notify(get_string("userconfirmed", "", fullname($user, true)) ); + if (update_record('user', $confirmeduser)) { + notify(get_string('userconfirmed', '', fullname($user, true)) ); } else { - notify(get_string("usernotconfirmed", "", fullname($user, true))); + notify(get_string('usernotconfirmed', '', fullname($user, true))); } } else if ($delete and confirm_sesskey()) { // Delete a selected user, after confirmation - - if (!has_capability('moodle/user:delete', $context)) { + + if (!has_capability('moodle/user:delete', $sitecontext)) { error('You do not have the required permission to delete a user.'); } - - if (!$user = get_record("user", "id", "$delete")) { + + if (!$user = get_record('user', 'id', $delete)) { error("No such user!"); } @@ -172,25 +160,26 @@ if ($confirm != md5($delete)) { $fullname = fullname($user, true); - notice_yesno(get_string("deletecheckfull", "", "'$fullname'"), - "user.php?delete=$delete&confirm=".md5($delete)."&sesskey=$USER->sesskey", "user.php"); - - exit; - } else if (!$user->deleted) { + print_heading(get_string('deleteuser', 'admin')); + $optionsyes = array('delete'=>$delete, 'confirm'=>md5($delete), 'sesskey'=>sesskey()); + notice_yesno(get_string('deletecheckfull', '', "'$fullname'"), 'user.php', 'user.php', $optionsyes, NULL, 'post', 'get'); + admin_externalpage_print_footer($adminroot); + die; + } else if (data_submitted() and !$user->deleted) { $updateuser = new object(); $updateuser->id = $user->id; - $updateuser->deleted = "1"; + $updateuser->deleted = 1; $updateuser->username = "$user->email.".time(); // Remember it just in case - $updateuser->email = ""; // Clear this field to free it up - $updateuser->idnumber = ""; // Clear this field to free it up + $updateuser->email = ''; // Clear this field to free it up + $updateuser->idnumber = ''; // Clear this field to free it up $updateuser->timemodified = time(); - if (update_record("user", $updateuser)) { + if (update_record('user', $updateuser)) { // not sure if this is needed. unenrol_student($user->id); // From all courses delete_records('role_assignments', 'userid', $user->id); // unassign all roles - // remove all context assigned on this user? - notify(get_string("deletedactivity", "", fullname($user, true)) ); + // remove all context assigned on this user? + notify(get_string('deletedactivity', '', fullname($user, true)) ); } else { - notify(get_string("deletednot", "", fullname($user, true))); + notify(get_string('deletednot', '', fullname($user, true))); } } } @@ -230,14 +219,14 @@ $usersearchcount = get_users(false, $search, true, "", "", $firstinitial, $lastinitial); if ($search or $firstinitial or $lastinitial) { - print_heading("$usersearchcount / $usercount ".get_string("users")); + print_heading("$usersearchcount / $usercount ".get_string('users')); $usercount = $usersearchcount; } else { - print_heading("$usercount ".get_string("users")); + print_heading("$usercount ".get_string('users')); } $alphabet = explode(',', get_string('alphabet')); - $strall = get_string("all"); + $strall = get_string('all'); /// Bar of first initials @@ -292,13 +281,13 @@ $match[] = s($search); } if ($firstinitial) { - $match[] = get_string("firstname").": $firstinitial"."___"; + $match[] = get_string('firstname').": $firstinitial"."___"; } if ($lastinitial) { - $match[] = get_string("lastname").": $lastinitial"."___"; + $match[] = get_string('lastname').": $lastinitial"."___"; } $matchstring = implode(", ", $match); - print_heading(get_string("nousersmatching", "", $matchstring)); + print_heading(get_string('nousersmatching', '', $matchstring)); $table = NULL; @@ -326,46 +315,51 @@ $table->align = array ("left", "left", "left", "left", "left", "center", "center", "center"); $table->width = "95%"; foreach ($users as $user) { - if ($user->id == $USER->id or $user->username == "changeme") { + if ($user->username == 'changeme') { + continue; // do not dispaly dummy new user + } + + if ($user->id == $USER->id) { $deletebutton = ""; } else { - if (has_capability('moodle/user:delete', $context)) { - $deletebutton = "id&sesskey=$USER->sesskey\">$strdelete"; } else { - $deletebutton =""; + if (has_capability('moodle/user:delete', $sitecontext)) { + $deletebutton = "id&sesskey=$USER->sesskey\">$strdelete"; + } else { + $deletebutton =""; } } - if ($user->lastaccess) { - $strlastaccess = format_time(time() - $user->lastaccess); + + if (has_capability('moodle/user:update', $sitecontext)) { + $editbutton = "id&course=$site->id\">$stredit"; + if ($user->confirmed == 0) { + $confirmbutton = "id&sesskey=$USER->sesskey\">" . get_string('confirm') . ""; + } else { + $confirmbutton = ""; + } } else { - $strlastaccess = get_string("never"); + $editbutton =""; + if ($user->confirmed == 0) { + $confirmbutton = "".get_string('confirm').""; + } else { + $confirmbutton = ""; + } } - if ($user->confirmed == 0) { - $confirmbutton = "id&sesskey=$USER->sesskey\">" . get_string("confirm") . ""; + + if ($user->lastaccess) { + $strlastaccess = format_time(time() - $user->lastaccess); } else { - $confirmbutton = ""; + $strlastaccess = get_string('never'); } $fullname = fullname($user, true); - - if (has_capability('moodle/user:editprofile', $context)) { - - $table->data[] = array ("id&course=$site->id\">$fullname", - "$user->email", - "$user->city", - "$user->country", - $strlastaccess, - "id&course=$site->id\">$stredit", - $deletebutton, - $confirmbutton); - } else { - $table->data[] = array ("id&course=$site->id\">$fullname", - "$user->email", - "$user->city", - "$user->country", - $strlastaccess, - $deletebutton, - $confirmbutton); - - } + + $table->data[] = array ("id&course=$site->id\">$fullname", + "$user->email", + "$user->city", + "$user->country", + $strlastaccess, + $editbutton, + $deletebutton, + $confirmbutton); } } @@ -378,22 +372,22 @@ } echo ""; echo ""; - - if (has_capability('moodle/user:create', $context)) { - print_heading("sesskey\">".get_string("addnewuser").""); + + if (has_capability('moodle/user:create', $sitecontext)) { + print_heading("sesskey\">".get_string('addnewuser').""); } if (!empty($table)) { print_table($table); print_paging_bar($usercount, $page, $perpage, "user.php?sort=$sort&dir=$dir&perpage=$perpage". "&firstinitial=$firstinitial&lastinitial=$lastinitial&search=".urlencode(stripslashes($search))."&"); - if (has_capability('moodle/user:create', $context)) { + if (has_capability('moodle/user:create', $sitecontext)) { print_heading("sesskey\">".get_string("addnewuser").""); } } - print_footer(); + admin_externalpage_print_footer($adminroot); } ?> diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index bbdc1d253b..fd006624cf 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -315,6 +315,7 @@ $string['debugminimal'] = 'MINIMAL: Show only fatal errors'; $string['debugnormal'] = 'NORMAL: Show errors, warnings and notices'; $string['debugall'] = 'ALL: Show all reasonable PHP debug messages'; $string['debugdeveloper'] = 'DEVELOPER: extra Moodle debug messages for developers'; +$string['deleteuser'] = 'Delete user'; $string['density'] = 'Density'; $string['download'] = 'Download'; $string['edithelpdocs'] = 'Edit help documents'; @@ -437,4 +438,4 @@ $string['updateaccounts'] = 'Update existing accounts'; $string['updatetimezones'] = 'Update timezones'; $string['upwards'] = 'upwards'; -?> +?> \ No newline at end of file diff --git a/lib/adminlib.php b/lib/adminlib.php index 35d61a800e..3160639e01 100644 --- a/lib/adminlib.php +++ b/lib/adminlib.php @@ -1032,13 +1032,17 @@ class admin_externalpage extends part_of_admin_tree { * @param string $name The internal name for this external page. Must be unique amongst ALL part_of_admin_tree objects. * @param string $visiblename The displayed name for this external page. Usually obtained through get_string(). * @param string $url The external URL that we should link to when someone requests this external page. - * @param string $req_capability The role capability/permission a user must have to access this external page. Defaults to 'moodle/site:config'. + * @param mixed $req_capability The role capability/permission a user must have to access this external page. Defaults to 'moodle/site:config'. */ function admin_externalpage($name, $visiblename, $url, $req_capability = 'moodle/site:config') { $this->name = $name; $this->visiblename = $visiblename; $this->url = $url; - $this->req_capability = $req_capability; + if (is_array($req_capability)) { + $this->req_capability = $req_capability; + } else { + $this->req_capability = array($req_capability); + } } /** @@ -1084,7 +1088,12 @@ class admin_externalpage extends part_of_admin_tree { return true; // no access check before site is fully set up } $context = get_context_instance(CONTEXT_SYSTEM, SITEID); - return has_capability($this->req_capability, $context); + foreach($this->req_capability as $cap) { + if (has_capability($cap, $context)) { + return true; + } + } + return false; } } @@ -1142,7 +1151,11 @@ class admin_settingpage extends part_of_admin_tree { $this->settings = new stdClass(); $this->name = $name; $this->visiblename = $visiblename; - $this->req_capability = $req_capability; + if (is_array($req_capability)) { + $this->req_capability = $req_capability; + } else { + $this->req_capability = array($req_capability); + } } // not the same as add for admin_category. adds an admin_setting to this admin_settingpage. settings appear (on the settingpage) in the order in which they're added @@ -1163,7 +1176,12 @@ class admin_settingpage extends part_of_admin_tree { return true; // no access check before site is fully set up } $context = get_context_instance(CONTEXT_SYSTEM, SITEID); - return has_capability($this->req_capability, $context); + foreach($this->req_capability as $cap) { + if (has_capability($cap, $context)) { + return true; + } + } + return false; } // outputs this page as html in a table (suitable for inclusion in an admin pagetype) @@ -2140,8 +2158,8 @@ class admin_setting_special_debug extends admin_setting_configselect { $choices = array( DEBUG_NONE => get_string('debugnone', 'admin'), DEBUG_MINIMAL => get_string('debugminimal', 'admin'), DEBUG_NORMAL => get_string('debugnormal', 'admin'), - DEBUG_ALL => get_string('debugall', 'admin'), - DEBUG_DEVELOPER => get_string('debugdeveloper', 'admin') + DEBUG_ALL => get_string('debugall', 'admin'), + DEBUG_DEVELOPER => get_string('debugdeveloper', 'admin') ); parent::admin_setting_configselect($name, $visiblename, $description, '', $choices); } @@ -2413,4 +2431,4 @@ function format_admin_setting($name, $title='', $form='', $description='') { return $output; } -?> +?> \ No newline at end of file diff --git a/version.php b/version.php index 98b417565b..3e566fb028 100644 --- a/version.php +++ b/version.php @@ -6,7 +6,7 @@ // This is compared against the values stored in the database to determine // whether upgrades should be performed (see lib/db/*.php) - $version = 2006092302; // YYYYMMDD = date + $version = 2006092400; // YYYYMMDD = date // XY = increments within a single day $release = '1.7 dev'; // Human-friendly version name