From: tjhunt Date: Thu, 20 Nov 2008 09:57:20 +0000 (+0000) Subject: define roles: MDL-16966 etc. polishing the new roles UI following a meeting with... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=bed9cec80bd7b5401f056f365172ebbc1bd289bf;p=moodle.git define roles: MDL-16966 etc. polishing the new roles UI following a meeting with Martin. * Move the show/hide advanced button a bit down the page. * Improve save button caption when creating a role. * Don't show defaults on the basic define roles screen. * Explain the background shading on the advanced roels screen. * Fix the problem with the risks link to Moodle docs. * Help icon by the permissions column heading. * Tables with rotated s, make them vertical-align: bottom. * Rename explain.php and explainhascapability.php to check.php and explain.php * Tool tips on the number headers in the explain table. * Explain table - role names were missing. * Allow link_to_popup_window to work with full URLs. --- diff --git a/admin/roles/assign.php b/admin/roles/assign.php index 4da44d4f16..0b82a78090 100755 --- a/admin/roles/assign.php +++ b/admin/roles/assign.php @@ -324,7 +324,7 @@

-

/> diff --git a/admin/roles/check.php b/admin/roles/check.php new file mode 100755 index 0000000000..59dd8425c3 --- /dev/null +++ b/admin/roles/check.php @@ -0,0 +1,181 @@ +dirroot . '/' . $CFG->admin . '/roles/lib.php'); + + $contextid = required_param('contextid',PARAM_INT); + $contextuserid = optional_param('userid', 0, PARAM_INT); // needed for user tabs + $courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs + + if (! $context = get_context_instance_by_id($contextid)) { + print_error('wrongcontextid', 'error'); + } + $isfrontpage = $context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID; + $contextname = print_context_name($context); + + if ($context->contextlevel == CONTEXT_COURSE) { + $courseid = $context->instanceid; + if (!$course = $DB->get_record('course', array('id'=>$courseid))) { + print_error('invalidcourse', 'error'); + } + + } else if (!empty($courseid)){ // we need this for user tabs in user context + if (!$course = $DB->get_record('course', array('id'=>$courseid))) { + print_error('invalidcourse', 'error'); + } + + } else { + $courseid = SITEID; + $course = clone($SITE); + } + +/// Check login and permissions. + require_login($course); + $canview = has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', + 'moodle/role:override', 'moodle/role:manage'), $context); + if (!$canview) { + print_error('nopermissions', 'error', '', get_string('checkpermissions', 'role')); + } + +/// These are needed early because of tabs.php + $assignableroles = get_assignable_roles($context, ROLENAME_BOTH); + $overridableroles = get_overridable_roles($context, ROLENAME_BOTH); + +/// Get the user_selector we will need. +/// Teachers within a course just get to see the same list of people they can +/// assign roles to. Admins (people with moodle/role:manage) can run this report for any user. + $options = array('context' => $context, 'roleid' => 0); + if ($context->contextlevel > CONTEXT_COURSE && !is_inside_frontpage($context) && !has_capability('moodle/role:manage', $context)) { + $userselector = new potential_assignees_below_course('reportuser', $options); + } else { + $userselector = new potential_assignees_course_and_above('reportuser', $options); + } + $userselector->set_multiselect(false); + $userselector->set_rows(10); + +/// Work out an appropriate page title. + $title = get_string('checkpermissionsin', 'role', $contextname); + $straction = get_string('checkpermissions', 'role'); // Used by tabs.php + +/// Print the header and tabs + if ($context->contextlevel == CONTEXT_USER) { + $contextuser = $DB->get_record('user', array('id' => $contextuserid)); + $fullname = fullname($contextuser, has_capability('moodle/site:viewfullnames', $context)); + + /// course header + $navlinks = array(); + if ($courseid != SITEID) { + if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $courseid))) { + $navlinks[] = array('name' => get_string('participants'), 'link' => "$CFG->wwwroot/user/index.php?id=$courseid", 'type' => 'misc'); + } + $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$contextuserid&course=$courseid", 'type' => 'misc'); + $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc'); + $navigation = build_navigation($navlinks); + + print_header($title, $fullname, $navigation, '', '', true, ' ', navmenu($course)); + + /// site header + } else { + $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$contextuserid&course=$courseid", 'type' => 'misc'); + $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc'); + $navigation = build_navigation($navlinks); + print_header($title, $course->fullname, $navigation, "", "", true, " ", navmenu($course)); + } + + $showroles = 1; + $currenttab = 'check'; + include_once($CFG->dirroot.'/user/tabs.php'); + + } else if ($context->contextlevel == CONTEXT_SYSTEM) { + admin_externalpage_setup('checkpermissions'); + admin_externalpage_print_header(); + + } else if ($context->contextlevel == CONTEXT_COURSE and $context->instanceid == SITEID) { + admin_externalpage_setup('frontpageroles'); + admin_externalpage_print_header(); + $currenttab = 'check'; + include_once('tabs.php'); + + } else { + $currenttab = 'check'; + include_once('tabs.php'); + } + +/// Print heading. + print_heading_with_help($title, 'checkpermissions'); + +/// If a user has been chosen, show all the permissions for this user. + $user = $userselector->get_selected_user(); + if (!is_null($user)) { + print_box_start('generalbox boxaligncenter boxwidthwide'); + print_heading(get_string('permissionsforuser', 'role', fullname($user)), '', 3); + + $table = new explain_capability_table($context, $user, $contextname); + $table->display(); + print_box_end(); + + $selectheading = get_string('selectanotheruser', 'role'); + } else { + $selectheading = get_string('selectauser', 'role'); + } + +/// Show UI for choosing a user to report on. + print_box_start('generalbox boxwidthnormal boxaligncenter', 'chooseuser'); + echo '

'; + +/// Hidden fields. + echo ''; + if (!empty($contextuserid)) { + echo ''; + } + if ($courseid && $courseid != SITEID) { + echo ''; + } + +/// User selector. + print_heading('', '', 3); + $userselector->display(); + +/// Submit button and the end of the form. + echo '

'; + echo '
'; + print_box_end(); + +/// Appropriate back link. + if (!$isfrontpage && ($url = get_context_url($context))) { + echo '
' . + get_string('backto', '', $contextname) . '
'; + } + + print_footer($course); +?> diff --git a/admin/roles/define.php b/admin/roles/define.php index 2714c13016..78be6bd9b0 100755 --- a/admin/roles/define.php +++ b/admin/roles/define.php @@ -123,16 +123,11 @@ print_heading_with_help($title, 'roles'); /// Work out some button labels. - if ($action == 'add') { - $submitlabel = get_string('addrole', 'role'); + if ($action == 'add' || $action == 'duplicate') { + $submitlabel = get_string('createthisrole', 'role'); } else { $submitlabel = get_string('savechanges'); } - if ($showadvanced) { - $showadvancedlabel = get_string('hideadvanced', 'form'); - } else { - $showadvancedlabel = get_string('showadvanced', 'form'); - } /// On the view page, show some extra controls at the top. if ($action == 'view') { @@ -161,9 +156,6 @@ ?>
-
- -
diff --git a/admin/roles/explain.php b/admin/roles/explain.php index 5c51491be8..021c3d1812 100755 --- a/admin/roles/explain.php +++ b/admin/roles/explain.php @@ -24,158 +24,256 @@ /////////////////////////////////////////////////////////////////////////// /** - * Shows the result of has_capability for every capability for a user in a context. + * Elucidates what has_capability does for a particular capability/user/context. * * @license http://www.gnu.org/copyleft/gpl.html GNU Public License * @package roles *//** */ - require_once(dirname(__FILE__) . '/../../config.php'); - require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php'); +require(dirname(__FILE__) . '/../../config.php'); - $contextid = required_param('contextid',PARAM_INT); - $contextuserid = optional_param('userid', 0, PARAM_INT); // needed for user tabs - $courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs +// Get parameters. +$userid = required_param('user', PARAM_INTEGER); // We use 0 here to mean not-logged-in. +$contextid = required_param('contextid', PARAM_INTEGER); +$capability = required_param('capability', PARAM_CAPABILITY); - if (! $context = get_context_instance_by_id($contextid)) { - print_error('wrongcontextid', 'error'); - } - $isfrontpage = $context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID; - $contextname = print_context_name($context); +// Get the context and its parents. +$context = get_context_instance_by_id($contextid); +if (!$context) { + print_error('unknowncontext'); +} +$contextids = get_parent_contexts($context); +array_unshift($contextids, $context->id); +$contexts = array(); +$number = count($contextids); +foreach ($contextids as $contextid) { + $contexts[$contextid] = get_context_instance_by_id($contextid); + $contexts[$contextid]->name = print_context_name($contexts[$contextid], true, true); + $contexts[$contextid]->number = $number--; +} - if ($context->contextlevel == CONTEXT_COURSE) { - $courseid = $context->instanceid; - if (!$course = $DB->get_record('course', array('id'=>$courseid))) { - print_error('invalidcourse', 'error'); - } +// Validate the user id. +if ($userid) { + $user = $DB->get_record('user', array('id' => $userid)); + if (!$user) { + print_error('nosuchuser'); + } +} else { + $frontpagecontext = get_context_instance(CONTEXT_COURSE, SITEID); + if (!empty($CFG->forcelogin) || + ($context->contextlevel >= CONTEXT_COURSE && !in_array($frontpagecontext->id, $contextids))) { + print_error('cannotgetherewithoutloggingin', 'role'); + } +} - } else if (!empty($courseid)){ // we need this for user tabs in user context - if (!$course = $DB->get_record('course', array('id'=>$courseid))) { - print_error('invalidcourse', 'error'); - } +// Check access permissions. +require_login(); +if (!has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', + 'moodle/role:override', 'moodle/role:assign'), $context)) { + print_error('nopermissions', '', get_string('explainpermissions')); +} +// This duplicates code in load_all_capabilities and has_capability. +$systempath = '/' . SYSCONTEXTID; +if ($userid == 0) { + if (!empty($CFG->notloggedinroleid)) { + $accessdata = get_role_access($CFG->notloggedinroleid); + $accessdata['ra'][$systempath] = array($CFG->notloggedinroleid); } else { - $courseid = SITEID; - $course = clone($SITE); - } - -/// Check login and permissions. - require_login($course); - $canview = has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', - 'moodle/role:override', 'moodle/role:manage'), $context); - if (!$canview) { - print_error('nopermissions', 'error', '', get_string('checkpermissions', 'role')); + $accessdata = array(); + $accessdata['ra'] = array(); + $accessdata['rdef'] = array(); + $accessdata['loaded'] = array(); } +} else if (isguestuser($user)) { + $guestrole = get_guest_role(); + $accessdata = get_role_access($guestrole->id); + $accessdata['ra'][$systempath] = array($guestrole->id); +} else { + load_user_accessdata($userid); + $accessdata = $ACCESS[$userid]; +} +if ($context->contextlevel > CONTEXT_COURSE && !path_inaccessdata($context->path, $accessdata)) { + load_subcontext($userid, $context, $accessdata); +} -/// These are needed early because of tabs.php - $assignableroles = get_assignable_roles($context, ROLENAME_BOTH); - $overridableroles = get_overridable_roles($context, ROLENAME_BOTH); +// Load the roles we need. +$roleids = array(); +foreach ($accessdata['ra'] as $roleassignments) { + $roleids = array_merge($roleassignments, $roleids); +} +$roles = $DB->get_records_list('role', 'id', $roleids); +$rolenames = array(); +foreach ($roles as $role) { + $rolenames[$role->id] = $role->name; +} +$rolenames = role_fix_names($rolenames, $context); -/// Get the user_selector we will need. -/// Teachers within a course just get to see the same list of people they can -/// assign roles to. Admins (people with moodle/role:manage) can run this report for any user. - $options = array('context' => $context, 'roleid' => 0); - if ($context->contextlevel > CONTEXT_COURSE && !is_inside_frontpage($context) && !has_capability('moodle/role:manage', $context)) { - $userselector = new potential_assignees_below_course('reportuser', $options); +// Pass over the data once, to find the cell that determines the result. +$userhascapability = has_capability($capability, $context, $userid, false); +$areprohibits = false; +$decisiveassigncon = 0; +$decisiveoverridecon = 0; +foreach ($contexts as $con) { + if (!empty($accessdata['ra'][$con->path])) { + // The array_unique here is to work around bug MDL-14817. Once that bug is + // fixed, it can be removed + $ras = array_unique($accessdata['ra'][$con->path]); } else { - $userselector = new potential_assignees_course_and_above('reportuser', $options); + $ras = array(); } - $userselector->set_multiselect(false); - $userselector->set_rows(10); - -/// Work out an appropriate page title. - $title = get_string('checkpermissionsin', 'role', $contextname); - $straction = get_string('checkpermissions', 'role'); // Used by tabs.php - -/// Print the header and tabs - if ($context->contextlevel == CONTEXT_USER) { - $contextuser = $DB->get_record('user', array('id' => $contextuserid)); - $fullname = fullname($contextuser, has_capability('moodle/site:viewfullnames', $context)); - - /// course header - $navlinks = array(); - if ($courseid != SITEID) { - if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $courseid))) { - $navlinks[] = array('name' => get_string('participants'), 'link' => "$CFG->wwwroot/user/index.php?id=$courseid", 'type' => 'misc'); + $con->firstoverride = 0; + foreach ($contexts as $ocon) { + $summedpermission = 0; + $gotsomething = false; + foreach ($ras as $roleid) { + if (isset($accessdata['rdef'][$ocon->path . ':' . $roleid][$capability])) { + $perm = $accessdata['rdef'][$ocon->path . ':' . $roleid][$capability]; + } else { + $perm = CAP_INHERIT; + } + if ($perm && !$gotsomething) { + $gotsomething = true; + $con->firstoverride = $ocon->id; } - $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$contextuserid&course=$courseid", 'type' => 'misc'); - $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc'); - $navigation = build_navigation($navlinks); - - print_header($title, $fullname, $navigation, '', '', true, ' ', navmenu($course)); - - /// site header - } else { - $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$contextuserid&course=$courseid", 'type' => 'misc'); - $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc'); - $navigation = build_navigation($navlinks); - print_header($title, $course->fullname, $navigation, "", "", true, " ", navmenu($course)); + if ($perm == CAP_PROHIBIT) { + $areprohibits = true; + $decisiveassigncon = 0; + $decisiveoverridecon = 0; + break; + } + $summedpermission += $perm; + } + if (!$areprohibits && !$decisiveassigncon && $summedpermission) { + $decisiveassigncon = $con->id; + $decisiveoverridecon = $ocon->id; + break; + } else if ($gotsomething) { + break; } - - $showroles = 1; - $currenttab = 'check'; - include_once($CFG->dirroot.'/user/tabs.php'); - - } else if ($context->contextlevel == CONTEXT_SYSTEM) { - admin_externalpage_setup('checkpermissions'); - admin_externalpage_print_header(); - - } else if ($context->contextlevel == CONTEXT_COURSE and $context->instanceid == SITEID) { - admin_externalpage_setup('frontpageroles'); - admin_externalpage_print_header(); - $currenttab = 'check'; - include_once('tabs.php'); - - } else { - $currenttab = 'check'; - include_once('tabs.php'); } +} +if (!$areprohibits && !$decisiveassigncon) { + $decisiveassigncon = SYSCONTEXTID; + $decisiveoverridecon = SYSCONTEXTID; +} -/// Print heading. - print_heading_with_help($title, 'checkpermissions'); +// Make a fake role to simplify rendering the table below. +$rolenames[0] = get_string('none'); -/// If a user has been chosen, show all the permissions for this user. - $user = $userselector->get_selected_user(); - if (!is_null($user)) { - print_box_start('generalbox boxaligncenter boxwidthwide'); - print_heading(get_string('permissionsforuser', 'role', fullname($user)), '', 3); +// Prepare some arrays of strings. +$cssclasses = array( + CAP_INHERIT => 'inherit', + CAP_ALLOW => 'allow', + CAP_PREVENT => 'prevent', + CAP_PROHIBIT => 'prohibit', + '' => '' +); +$strperm = array( + CAP_INHERIT => get_string('inherit', 'role'), + CAP_ALLOW => get_string('allow', 'role'), + CAP_PREVENT => get_string('prevent', 'role'), + CAP_PROHIBIT => get_string('prohibit', 'role'), + '' => '' +); - $table = new explain_capability_table($context, $user, $contextname); - $table->display(); - print_box_end(); +// Start the output. +print_header(get_string('explainpermission', 'role')); +print_heading(get_string('explainpermission', 'role')); - $selectheading = get_string('selectanotheruser', 'role'); - } else { - $selectheading = get_string('selectauser', 'role'); - } +// Print a summary of what we are doing. +$a = new stdClass; +if ($userid) { + $a->fullname = fullname($user); +} else { + $a->fullname = get_string('nobody'); +} +$a->capability = $capability; +$a->context = reset($contexts)->name; +if ($userhascapability) { + echo '

' . get_string('whydoesuserhavecap', 'role', $a) . '

'; +} else { + echo '

' . get_string('whydoesusernothavecap', 'role', $a) . '

'; +} -/// Show UI for choosing a user to report on. - print_box_start('generalbox boxwidthnormal boxaligncenter', 'chooseuser'); - echo ''; +// Print the table header rows. +echo ''; +echo ''; +if (count($contexts) > 1) { + echo ''; +} +echo ''; +echo ''; +echo ''; +foreach (array_slice($contexts, 0, count($contexts) - 1) as $con) { + echo ''; +} +echo ''; -/// Hidden fields. - echo ''; - if (!empty($contextuserid)) { - echo ''; - } - if ($courseid && $courseid != SITEID) { - echo ''; +// Now print the bulk of the table. +foreach ($contexts as $con) { + if (!empty($accessdata['ra'][$con->path])) { + // The array_unique here is to work around bug MDL-14817. Once that bug is + // fixed, it can be removed + $ras = array_unique($accessdata['ra'][$con->path]); + } else { + $ras = array(0); } - -/// User selector. - print_heading('', '', 3); - $userselector->display(); - -/// Submit button and the end of the form. - echo '

'; - echo ''; - print_box_end(); - -/// Appropriate back link. - if (!$isfrontpage && ($url = get_context_url($context))) { - echo '
' . - get_string('backto', '', $contextname) . '
'; + $firstcell = ''; + $rowclass = ' class="newcontext"'; + foreach ($ras as $roleid) { + $extraclass = ''; + if (!$roleid) { + $extraclass = ' noroles'; + } + echo '' . $firstcell . ''; + $overridden = false; + foreach ($contexts as $ocon) { + if ($roleid == 0) { + $perm = ''; + } else { + if (isset($accessdata['rdef'][$ocon->path . ':' . $roleid][$capability])) { + $perm = $accessdata['rdef'][$ocon->path . ':' . $roleid][$capability]; + } else { + $perm = CAP_INHERIT; + } + } + if ($perm === CAP_INHERIT && $ocon->id == SYSCONTEXTID) { + $permission = get_string('notset', 'role'); + } else { + $permission = $strperm[$perm]; + } + $classes = $cssclasses[$perm]; + if (!$areprohibits && $decisiveassigncon == $con->id && $decisiveoverridecon == $ocon->id) { + $classes .= ' decisive'; + if ($userhascapability) { + $classes .= ' has'; + } else { + $classes .= ' hasnot'; + } + } + if ($overridden) { + $classes .= ' overridden'; + } + echo ''; + if ($con->firstoverride == $ocon->id) { + $overridden = true; + } + } + echo ''; + $firstcell = ''; + $rowclass = ''; } +} +echo '
' . get_string('roleassignments', 'role') . '' . get_string('overridesbycontext', 'role') . '' . get_string('roledefinitions', 'role') . '
' . get_string('context', 'role') . + '' . get_string('role') . '' . $con->number . '
' . $con->number . '. ' . $con->name . '' . $rolenames[$roleid] . '' . $permission . '
'; - print_footer($course); -?> +// Finish the page. +echo get_string('explainpermissionsinfo', 'role'); +if ($userid && $capability != 'moodle/site:doanything' && !$userhascapability && + has_capability('moodle/site:doanything', $context, $userid)) { + echo '

' . get_string('explainpermissionsdoanything', 'role', $capability) . '

'; +} +close_window_button(); +print_footer('empty'); +?> \ No newline at end of file diff --git a/admin/roles/explainhascapabiltiy.php b/admin/roles/explainhascapabiltiy.php deleted file mode 100644 index 9be9674ad8..0000000000 --- a/admin/roles/explainhascapabiltiy.php +++ /dev/null @@ -1,279 +0,0 @@ -id); -$contexts = array(); -$number = count($contextids); -foreach ($contextids as $contextid) { - $contexts[$contextid] = get_context_instance_by_id($contextid); - $contexts[$contextid]->name = print_context_name($contexts[$contextid], true, true); - $contexts[$contextid]->number = $number--; -} - -// Validate the user id. -if ($userid) { - $user = $DB->get_record('user', array('id' => $userid)); - if (!$user) { - print_error('nosuchuser'); - } -} else { - $frontpagecontext = get_context_instance(CONTEXT_COURSE, SITEID); - if (!empty($CFG->forcelogin) || - ($context->contextlevel >= CONTEXT_COURSE && !in_array($frontpagecontext->id, $contextids))) { - print_error('cannotgetherewithoutloggingin', 'role'); - } -} - -// Check access permissions. -require_login(); -if (!has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', - 'moodle/role:override', 'moodle/role:assign'), $context)) { - print_error('nopermissions', '', get_string('explainpermissions')); -} - -// This duplicates code in load_all_capabilities and has_capability. -$systempath = '/' . SYSCONTEXTID; -if ($userid == 0) { - if (!empty($CFG->notloggedinroleid)) { - $accessdata = get_role_access($CFG->notloggedinroleid); - $accessdata['ra'][$systempath] = array($CFG->notloggedinroleid); - } else { - $accessdata = array(); - $accessdata['ra'] = array(); - $accessdata['rdef'] = array(); - $accessdata['loaded'] = array(); - } -} else if (isguestuser($user)) { - $guestrole = get_guest_role(); - $accessdata = get_role_access($guestrole->id); - $accessdata['ra'][$systempath] = array($guestrole->id); -} else { - load_user_accessdata($userid); - $accessdata = $ACCESS[$userid]; -} -if ($context->contextlevel > CONTEXT_COURSE && !path_inaccessdata($context->path, $accessdata)) { - load_subcontext($userid, $context, $accessdata); -} - -// Load the roles we need. -$roleids = array(); -foreach ($accessdata['ra'] as $roleassignments) { - $roleids = array_merge($roleassignments, $roleids); -} -$roles = $DB->get_records_list('role', 'id', $roleids); -$rolenames = array(); -foreach ($roles as $role) { - $rolenames[$role->id] = $role->name; -} -$rolenames = role_fix_names($rolenames, $context); - -// Pass over the data once, to find the cell that determines the result. -$userhascapability = has_capability($capability, $context, $userid, false); -$areprohibits = false; -$decisiveassigncon = 0; -$decisiveoverridecon = 0; -foreach ($contexts as $con) { - if (!empty($accessdata['ra'][$con->path])) { - // The array_unique here is to work around bug MDL-14817. Once that bug is - // fixed, it can be removed - $ras = array_unique($accessdata['ra'][$con->path]); - } else { - $ras = array(); - } - $con->firstoverride = 0; - foreach ($contexts as $ocon) { - $summedpermission = 0; - $gotsomething = false; - foreach ($ras as $roleid) { - if (isset($accessdata['rdef'][$ocon->path . ':' . $roleid][$capability])) { - $perm = $accessdata['rdef'][$ocon->path . ':' . $roleid][$capability]; - } else { - $perm = CAP_INHERIT; - } - if ($perm && !$gotsomething) { - $gotsomething = true; - $con->firstoverride = $ocon->id; - } - if ($perm == CAP_PROHIBIT) { - $areprohibits = true; - $decisiveassigncon = 0; - $decisiveoverridecon = 0; - break; - } - $summedpermission += $perm; - } - if (!$areprohibits && !$decisiveassigncon && $summedpermission) { - $decisiveassigncon = $con->id; - $decisiveoverridecon = $ocon->id; - break; - } else if ($gotsomething) { - break; - } - } -} -if (!$areprohibits && !$decisiveassigncon) { - $decisiveassigncon = SYSCONTEXTID; - $decisiveoverridecon = SYSCONTEXTID; -} - -// Make a fake role to simplify rendering the table below. -$rolenames[0] = get_string('none'); - -// Prepare some arrays of strings. -$cssclasses = array( - CAP_INHERIT => 'inherit', - CAP_ALLOW => 'allow', - CAP_PREVENT => 'prevent', - CAP_PROHIBIT => 'prohibit', - '' => '' -); -$strperm = array( - CAP_INHERIT => get_string('inherit', 'role'), - CAP_ALLOW => get_string('allow', 'role'), - CAP_PREVENT => get_string('prevent', 'role'), - CAP_PROHIBIT => get_string('prohibit', 'role'), - '' => '' -); - -// Start the output. -print_header(get_string('explainpermission', 'role')); -print_heading(get_string('explainpermission', 'role')); - -// Print a summary of what we are doing. -$a = new stdClass; -if ($userid) { - $a->fullname = fullname($user); -} else { - $a->fullname = get_string('nobody'); -} -$a->capability = $capability; -$a->context = reset($contexts)->name; -if ($userhascapability) { - echo '

' . get_string('whydoesuserhavecap', 'role', $a) . '

'; -} else { - echo '

' . get_string('whydoesusernothavecap', 'role', $a) . '

'; -} - -// Print the table header rows. -echo ''; -echo ''; -if (count($contexts) > 1) { - echo ''; -} -echo ''; -echo ''; -echo ''; -foreach (array_slice($contexts, 0, count($contexts) - 1) as $con) { - echo ''; -} -echo ''; - -// Now print the bulk of the table. -foreach ($contexts as $con) { - if (!empty($accessdata['ra'][$con->path])) { - // The array_unique here is to work around bug MDL-14817. Once that bug is - // fixed, it can be removed - $ras = array_unique($accessdata['ra'][$con->path]); - } else { - $ras = array(0); - } - $firstcell = ''; - $rowclass = ' class="newcontext"'; - foreach ($ras as $roleid) { - $extraclass = ''; - if (!$roleid) { - $extraclass = ' noroles'; - } - echo '' . $firstcell . ''; - $overridden = false; - foreach ($contexts as $ocon) { - if ($roleid == 0) { - $perm = ''; - } else { - if (isset($accessdata['rdef'][$ocon->path . ':' . $roleid][$capability])) { - $perm = $accessdata['rdef'][$ocon->path . ':' . $roleid][$capability]; - } else { - $perm = CAP_INHERIT; - } - } - if ($perm === CAP_INHERIT && $ocon->id == SYSCONTEXTID) { - $permission = get_string('notset', 'role'); - } else { - $permission = $strperm[$perm]; - } - $classes = $cssclasses[$perm]; - if (!$areprohibits && $decisiveassigncon == $con->id && $decisiveoverridecon == $ocon->id) { - $classes .= ' decisive'; - if ($userhascapability) { - $classes .= ' has'; - } else { - $classes .= ' hasnot'; - } - } - if ($overridden) { - $classes .= ' overridden'; - } - echo ''; - if ($con->firstoverride == $ocon->id) { - $overridden = true; - } - } - echo ''; - $firstcell = ''; - $rowclass = ''; - } -} -echo '
' . get_string('roleassignments', 'role') . '' . get_string('overridesbycontext', 'role') . '' . get_string('roledefinitions', 'role') . '
' . get_string('context', 'role') . - '' . get_string('role') . '' . $con->number . '
' . $con->number . '. ' . $con->name . '' . $rolenames[$roleid] . '' . $permission . '
'; - -// Finish the page. -echo get_string('explainpermissionsinfo', 'role'); -if ($userid && $capability != 'moodle/site:doanything' && !$userhascapability && - has_capability('moodle/site:doanything', $context, $userid)) { - echo '

' . get_string('explainpermissionsdoanything', 'role', $capability) . '

'; -} -close_window_button(); -print_footer('empty'); -?> \ No newline at end of file diff --git a/admin/roles/lib.php b/admin/roles/lib.php index a2874e00c7..9f8088d5ca 100644 --- a/admin/roles/lib.php +++ b/admin/roles/lib.php @@ -39,7 +39,7 @@ require_once($CFG->dirroot.'/user/selector/lib.php'); * This class represents a table with one row for each of a list of capabilities * where the first cell in the row contains the capability name, and there is * arbitrary stuff in the rest of the row. This class is used by - * admin/roles/manage.php, override.php and explain.php. + * admin/roles/manage.php, override.php and check.php. * * An ajaxy search UI shown at the top, if JavaScript is on. */ @@ -125,7 +125,7 @@ abstract class capability_table_base { require_js(array('yui_yahoo', 'yui_dom', 'yui_event')); require_js($CFG->admin . '/roles/roles.js'); print_js_call('cap_table_filter.init', - array($this->id, get_string('search'), get_string('clear'))); + array($this->id, get_string('filter'), get_string('clear'))); } } @@ -208,7 +208,7 @@ class explain_capability_table extends capability_table_base { $this->fullname = fullname($user); $this->contextname = $contextname; $this->baseurl = $CFG->wwwroot . '/' . $CFG->admin . - '/roles/explainhascapabiltiy.php?user=' . $user->id . + '/roles/explain.php?user=' . $user->id . '&contextid=' . $context->id . '&capability='; $this->stryes = get_string('yes'); $this->strno = get_string('no'); @@ -373,7 +373,8 @@ abstract class capability_table_with_risks extends capability_table_base { } protected function add_header_cells() { - echo '' . get_string('permission', 'role') . ''; + echo '' . + get_string('permission', 'role') . ' ' . helpbutton('permissions', get_string('permissions', 'role'), '', true, false, '', true) . ''; echo '' . get_string('risks','role') . ''; } @@ -680,6 +681,13 @@ class define_role_table_advanced extends capability_table_with_risks { echo '
'; } + protected function print_show_hide_advanced_button() { + echo '

' . get_string('highlightedcellsshowdefault', 'role') . '

'; + echo '
'; + echo ''; + echo '
'; + } + public function display() { // Extra fields at the top of the page. echo '
'; @@ -690,6 +698,8 @@ class define_role_table_advanced extends capability_table_with_risks { $this->print_field('', get_string('maybeassignedin', 'role'), $this->get_assignable_levels_control()); echo "
"; + $this->print_show_hide_advanced_button(); + // Now the permissions table. parent::display(); } @@ -726,6 +736,12 @@ class define_role_table_basic extends define_role_table_advanced { $this->strallow = $this->strperms[$this->allpermissions[CAP_ALLOW]]; } + protected function print_show_hide_advanced_button() { + echo '
'; + echo ''; + echo '
'; + } + protected function add_permission_cells($capability) { $perm = $this->permissions[$capability->name]; $permname = $this->allpermissions[$perm]; @@ -738,8 +754,7 @@ class define_role_table_basic extends define_role_table_advanced { } echo ''; echo ''; + '" value="' . CAP_ALLOW . '"' . $checked . ' /> ' . $this->strallow . ''; } else { echo ''; echo $this->strperms[$permname] . '' . $this->stradvmessage . ''; @@ -778,6 +793,10 @@ class view_role_definition_table extends define_role_table_advanced { } } + protected function print_show_hide_advanced_button() { + // Do nothing. + } + protected function add_permission_cells($capability) { $perm = $this->permissions[$capability->name]; $permname = $this->allpermissions[$perm]; diff --git a/admin/roles/override.php b/admin/roles/override.php index 637721b441..b6cdc99429 100755 --- a/admin/roles/override.php +++ b/admin/roles/override.php @@ -204,7 +204,7 @@
' . get_string('highlightedcellshowsinherit', 'role') . '

'; + echo '

' . get_string('highlightedcellsshowinherit', 'role') . '

'; $overridestable->display(); if ($overridestable->has_locked_capabiltites()) { diff --git a/admin/roles/tabs.php b/admin/roles/tabs.php index 2087ac13a8..bebfb77c0b 100755 --- a/admin/roles/tabs.php +++ b/admin/roles/tabs.php @@ -204,7 +204,7 @@ if ($context->contextlevel != CONTEXT_SYSTEM) { // Print tabs for anything ex if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:assign'), $context)) { $toprow[] = new tabobject('check', - $CFG->wwwroot.'/'.$CFG->admin.'/roles/explain.php?contextid='.$context->id, + $CFG->wwwroot.'/'.$CFG->admin.'/roles/check.php?contextid='.$context->id, get_string('checkpermissions', 'role'), '', true); diff --git a/admin/settings/users.php b/admin/settings/users.php index 39d983bc5d..8c440c09ac 100644 --- a/admin/settings/users.php +++ b/admin/settings/users.php @@ -171,7 +171,7 @@ if ($hassiteconfig $ADMIN->add('roles', new admin_externalpage('defineroles', get_string('defineroles', 'role'), "$CFG->wwwroot/$CFG->admin/roles/manage.php", 'moodle/role:manage')); $ADMIN->add('roles', new admin_externalpage('assignroles', get_string('assignglobalroles', 'role'), "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=".$systemcontext->id, 'moodle/role:assign')); - $ADMIN->add('roles', new admin_externalpage('checkpermissions', get_string('checkglobalpermissions', 'role'), "$CFG->wwwroot/$CFG->admin/roles/explain.php?contextid=".$systemcontext->id, array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'))); + $ADMIN->add('roles', new admin_externalpage('checkpermissions', get_string('checkglobalpermissions', 'role'), "$CFG->wwwroot/$CFG->admin/roles/check.php?contextid=".$systemcontext->id, array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'))); } // end of speedup diff --git a/lang/en_utf8/moodle.php b/lang/en_utf8/moodle.php index d999d2b80b..b400be7c8f 100644 --- a/lang/en_utf8/moodle.php +++ b/lang/en_utf8/moodle.php @@ -657,6 +657,7 @@ $string['filemissing'] = '$a is missing'; $string['files'] = 'Files'; $string['filesfolders'] = 'Files/folders'; $string['filloutallfields'] = 'Please fill out all fields in this form'; +$string['filter'] = 'Filter'; $string['findmorecourses'] = 'Find more courses...'; $string['firstdayofweek'] = '0'; $string['firstname'] = 'First name'; diff --git a/lang/en_utf8/role.php b/lang/en_utf8/role.php index d5b9daa59b..18a28ece88 100644 --- a/lang/en_utf8/role.php +++ b/lang/en_utf8/role.php @@ -68,6 +68,7 @@ $string['course:viewscales'] = 'View scales'; $string['course:visibility'] = 'Hide/show courses'; $string['createhiddenassign'] = 'Create hidden role assignments'; $string['createrolebycopying'] = 'Create a new role by copying $a'; +$string['createthisrole'] = 'Create this role'; $string['currentcontext'] = 'Current context'; $string['currentrole'] = 'Current role'; $string['defaultrole'] = 'Default role'; @@ -82,6 +83,7 @@ $string['duplicaterole'] = 'Duplicate role'; $string['editingrolex'] = 'Editing role \'$a\''; $string['editrole'] = 'Edit role'; $string['editxrole'] = 'Edit $a role'; +$string['enrolmentoptions'] = 'Enrolment options'; $string['errorbadrolename'] = 'Incorrect role name'; $string['errorbadroleshortname'] = 'Incorrect role short name'; $string['errorexistsrolename'] = 'Role name already exists'; @@ -109,8 +111,8 @@ $string['grade:view'] = 'View own grades'; $string['grade:viewall'] = 'View grades of other users'; $string['grade:viewhidden'] = 'View hidden grades for owner'; $string['hidden'] = 'Hidden'; -$string['highlightedcellshowsinherit'] = 'The highlighted cells in the table below show the permission (if any) that will be inherited. Apart from the capabilties whose permission you actually want to alter, you should leave everything set to Inherit.'; -$string['highlightedcellshowsdefault'] = 'The highlighted cells in the table below show the default permission for this type of role.'; +$string['highlightedcellsshowinherit'] = 'The highlighted cells in the table below show the permission (if any) that will be inherited. Apart from the capabilties whose permission you actually want to alter, you should leave everything set to Inherit.'; +$string['highlightedcellsshowdefault'] = 'The highlighted cells in the table below show the default permission for this type of role, based on the \'Legacy role type above\'.'; $string['inactiveformorethan'] = 'inactive for more than $a->timeperiod'; $string['ingroup'] = 'in the group \"$a->group\"'; $string['inherit'] = 'Inherit'; diff --git a/lib/accesslib.php b/lib/accesslib.php index bf20bbe818..451cc1f2c1 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -157,8 +157,8 @@ define('RISK_DATALOSS', 0x0020); define('ROLENAME_ORIGINAL', 0);// the name as defined in the role definition define('ROLENAME_ALIAS', 1); // the name as defined by a role alias define('ROLENAME_BOTH', 2); // Both, like this: Role alias (Original) -define('ROLENAME_ORIGINALANDSHORT', 0); // the name as defined in the role definition and the shortname in brackets -define('ROLENAME_ALIAS_RAW', 1); // the name as defined by a role alias, in raw form suitable for editing +define('ROLENAME_ORIGINALANDSHORT', 3); // the name as defined in the role definition and the shortname in brackets +define('ROLENAME_ALIAS_RAW', 4); // the name as defined by a role alias, in raw form suitable for editing $context_cache = array(); // Cache of all used context objects for performance (by level and instance) $context_cache_id = array(); // Index to above cache by id diff --git a/lib/javascript-static.js b/lib/javascript-static.js index bdb3c2564c..2e83272751 100644 --- a/lib/javascript-static.js +++ b/lib/javascript-static.js @@ -514,7 +514,10 @@ function getElementsByClassName(oElm, strTagName, oClassNames){ } function openpopup(url, name, options, fullscreen) { - var fullurl = moodle_cfg.wwwroot + url; + var fullurl = url; + if (!url.match(/https?:\/\//)) { + var fullurl = moodle_cfg.wwwroot + url; + } var windowobj = window.open(fullurl,name,options); if (fullscreen) { windowobj.moveTo(0,0); diff --git a/lib/weblib.php b/lib/weblib.php index d0f99e07b1..d801e819ef 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -527,7 +527,7 @@ function break_up_long_words($string, $maxsize=20, $cutchar=' ') { * All parameters default to null, only $type and $url are mandatory. * * $url must be relative to home page eg /mod/survey/stuff.php - * @param string $url Web link relative to home page + * @param string $url Web link. Either relative to $CFG->wwwroot, or a full URL. * @param string $name Name to be assigned to the popup window (this is used by * client-side scripts to "talk" to the popup window) * @param string $linkname Text to be displayed as web link @@ -592,16 +592,16 @@ function element_to_popup_window ($type=null, $url=null, $name=null, $linkname=n $element = ''; switch ($type) { - case 'button' : + case 'button': $element = '\n"; break; - case 'link' : - // some log url entries contain _SERVER[HTTP_REFERRER] in which case wwwroot is already there. - if (!(strpos($url,$CFG->wwwroot) === false)) { - $url = substr($url, strlen($CFG->wwwroot)); + case 'link': + // Add wwwroot only if the URL does not already start with http:// or https:// + if (!preg_match('|https?://|', $url)) { + $url = $CFG->wwwroot . $url; } - $element = '$linkname"; break; default : @@ -4955,7 +4955,7 @@ function print_table($table, $return=false) { $wrapperend = ''; } - $output .= ''. $wrapperstart . $heading . $wrapperend . ''; } diff --git a/theme/standard/styles_layout.css b/theme/standard/styles_layout.css index cd1afd546c..1c27ceae1f 100644 --- a/theme/standard/styles_layout.css +++ b/theme/standard/styles_layout.css @@ -299,6 +299,12 @@ div.collapsibleregion div.collapsibleregioncaption a { border-style: solid; border-collapse: collapse; } +.generaltable th.header { + vertical-align: top; +} +table.rotateheaders th.header { + vertical-align: bottom; +} #participationreport .reporttable { text-align: center; @@ -1163,7 +1169,8 @@ table.rolecap label { padding-top: 0.75em; } -#admin-roles-override .overridenotice { +#admin-roles-override .overridenotice, +#admin-roles-define .definenotice { margin: 1em 10% 2em; text-align: left; }