From: martinlanghoff Date: Wed, 19 Sep 2007 07:16:18 +0000 (+0000) Subject: accesslib: drop rdef mangling for default role - check in has_cap_fad() X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3ac81bd159c48c400b6bb4a9b4f2847d8b1b3482;p=moodle.git accesslib: drop rdef mangling for default role - check in has_cap_fad() There are some exceptions when checking for caps that are inherited from the default role. Move the check into has_cap_fad() and stop mangling the data we put in $ad[rdef]. We now also set $ad[dr] to record default roles added. This will later allow us to share rdef across many users in $ACCESS. Affects: load_user_accessdata() has_cap_fad() While at it, document has_cap_fad() a bit. --- diff --git a/lib/accesslib.php b/lib/accesslib.php index 8e08e10c80..861598e6ed 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -565,15 +565,39 @@ function path_inaccessdata($path, $ad) { * The main feature of here is being FAST and with no * side effects. * - * TODO: + * Notes: + * + * Switch Roles exits early + * ----------------------- + * cap checks within a switchrole need to exit early + * in our bottom up processing so they don't "see" that + * there are real RAs that can do all sorts of things. + * + * "Guest default role" exception + * ------------------------------ + * + * See MDL-7513 and $ignoreguest below for details. + * + * The rule is that + * + * IF we are being asked about moodle/legacy:guest + * OR moodle/course:view + * FOR a real, logged-in user + * AND we reached the top of the path in ra and rdef + * AND that role has moodle/legacy:guest === 1... + * THEN we act as if we hadn't seen it. + * + * + * To Do: * - * - Support for multi-enrol * - Document how it works * - Rewrite in ASM :-) * */ function has_cap_fad($capability, $context, $ad, $doanything) { + global $CFG; + $path = $context->path; // build $contexts as a list of "paths" of the current @@ -583,18 +607,29 @@ function has_cap_fad($capability, $context, $ad, $doanything) { $path = $matches[1]; array_unshift($contexts, $path); } - // Add a "default" context for the "default role" - array_unshift($contexts,"$path:def"); + + $ignoreguest = false; + if (isset($ad['dr']) + && ($capability == 'moodle/course:view' + || $capability == 'moodle/legacy:guest')) { + // At the base, ignore rdefs where moodle/legacy:guest + // is set + $ignoreguest = $ad['dr']; + } + $cc = count($contexts); $can = false; + // + // role-switches loop + // if (isset($ad['rsw'])) { // check for isset() is fast // empty() is slow... if (empty($ad['rsw'])) { - unset($ad['rsw']); // keep things fast + unset($ad['rsw']); // keep things fast and unambiguous break; } // From the bottom up... @@ -636,7 +671,10 @@ function has_cap_fad($capability, $context, $ad, $doanything) { } } - // From the bottom up... for non-switchers... + // + // Main loop for normal RAs + // From the bottom up... + // for ($n=$cc-1;$n>=0;$n--) { $ctxp = $contexts[$n]; if (isset($ad['ra'][$ctxp])) { @@ -649,6 +687,15 @@ function has_cap_fad($capability, $context, $ad, $doanything) { // from the bottom up... for ($m=$cc-1;$m>=0;$m--) { $capctxp = $contexts[$m]; + // ignore some guest caps + // at base ra and rdef + if ($ignoreguest == $roleid + && $n === 0 + && $m === 0 + && isset($ad['rdef']["{$capctxp}:$roleid"]['moodle/legacy:guest']) + && $ad['rdef']["{$capctxp}:$roleid"]['moodle/legacy:guest'] > 0) { + continue; + } if (isset($ad['rdef']["{$capctxp}:$roleid"][$capability])) { $perm = $ad['rdef']["{$capctxp}:$roleid"][$capability]; if ($perm === CAP_PROHIBIT) { @@ -1551,19 +1598,16 @@ function load_user_accessdata($userid) { $ad = get_user_access_sitewide($userid); get_role_access($CFG->defaultuserroleid, $ad); - // provide "default" enrolment + // + // provide "default role" (set 'dr'!) + // $base = '/'.SYSCONTEXTID; - $ad['ra']["$base:def"] = array($CFG->defaultuserroleid); - - // guest role mangling - TODO: fix! - if ($CFG->defaultuserroleid === $CFG->guestroleid ) { - if (isset($ad['rdef']["$base:{$CFG->guestroleid}"]['moodle/legacy:guest'])) { - unset($ad['rdef']["$base:{$CFG->guestroleid}"]['moodle/legacy:guest']); - } - if (isset($ad['rdef']["$base:{$CFG->guestroleid}"]['moodle/course:view'])) { - unset($ad['rdef']["$base:{$CFG->guestroleid}"]['moodle/course:view']); - } + if (!isset($ad['ra'][$base])) { + $ad['ra'][$base] = array($CFG->defaultuserroleid); + } else { + array_push($ad['ra'][$base], $CFG->defaultuserroleid); } + $ad['dr'] = $CFG->defaultuserroleid; $ACCESS[$userid] = $ad; return true;