From 283ebb71479bb2f7b84e0a8a93989ae44a33a8fd Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Sun, 30 Nov 2008 15:42:48 +0000
Subject: [PATCH] MDL-11984 blocks: new capability block/online_users:viewlist
 which may be used to restrict viewing of list of online users, if cap not
 allowed only number of users dispalyed, I hope this will be also faster
 because only one query used now (insetad of two); for BC reasons enabled by
 default in all legacy roles

---
 blocks/online_users/block_online_users.php | 100 +++++++++++++--------
 blocks/online_users/db/access.php          |  43 +++++++++
 lang/en_utf8/block_online_users.php        |   1 +
 version.php                                |   2 +-
 4 files changed, 107 insertions(+), 39 deletions(-)
 create mode 100644 blocks/online_users/db/access.php

diff --git a/blocks/online_users/block_online_users.php b/blocks/online_users/block_online_users.php
index 135d5874fe..caa25307e7 100644
--- a/blocks/online_users/block_online_users.php
+++ b/blocks/online_users/block_online_users.php
@@ -8,7 +8,7 @@
 class block_online_users extends block_base {
     function init() {
         $this->title = get_string('blockname','block_online_users');
-        $this->version = 2007101509;
+        $this->version = 2007101510;
     }
 
     function has_config() {return true;}
@@ -23,7 +23,7 @@ class block_online_users extends block_base {
         $this->content = new stdClass;
         $this->content->text = '';
         $this->content->footer = '';
-        
+
         if (empty($this->instance)) {
             return $this->content;
         }
@@ -37,8 +37,14 @@ class block_online_users extends block_base {
         // Get context so we can check capabilities.
         $context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
 
+        if (empty($this->instance->pinned)) {
+            $blockcontext = get_context_instance(CONTEXT_BLOCK, $this->instance->id);
+        } else {
+            $blockcontext = get_context_instance(CONTEXT_SYSTEM); // pinned blocks do not have own context
+        }
+
         //Calculate if we are in separate groups
-        $isseparategroups = ($COURSE->groupmode == SEPARATEGROUPS 
+        $isseparategroups = ($COURSE->groupmode == SEPARATEGROUPS
                              && $COURSE->groupmodeforce
                              && !has_capability('moodle/site:accessallgroups', $context));
 
@@ -46,7 +52,9 @@ class block_online_users extends block_base {
         $currentgroup = $isseparategroups ? groups_get_course_group($COURSE) : NULL;
 
         $groupmembers = "";
-        $groupselect = "";
+        $groupselect  = "";
+        $rafrom       = "";
+        $rawhere      = "";
         $params = array();
 
         //Add this to the SQL to show only group users
@@ -63,52 +71,68 @@ class block_online_users extends block_base {
                            $groupselect
                   GROUP BY u.id, u.username, u.firstname, u.lastname, u.picture
                   ORDER BY lastaccess DESC ";
-            
+
+           $csql = "SELECT COUNT(u.id), u.id
+                      FROM {user} u $groupmembers
+                     WHERE u.lastaccess > $timefrom
+                           $groupselect
+                  GROUP BY u.id";
+
         } else { // Course-level
+            if (!has_capability('moodle/role:viewhiddenassigns', $context)) {
+                $pcontext = get_related_contexts_string($context);
+                $rafrom  = ", {role_assignments} ra";
+                $rawhere = " AND ra.userid = u.id AND ra.contextid $pcontext AND ra.hidden = 0";
+            }
+
             $sql = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, MAX(ul.timeaccess) AS lastaccess
-                      FROM {user_lastaccess} ul, {user} u $groupmembers
+                      FROM {user_lastaccess} ul, {user} u $groupmembers $rafrom
                      WHERE ul.timeaccess > $timefrom
                            AND u.id = ul.userid
                            AND ul.courseid = :courseid
-                           $groupselect
+                           $groupselect $rawhere
                   GROUP BY u.id, u.username, u.firstname, u.lastname, u.picture
                   ORDER BY lastaccess DESC";
+
+           $csql = "SELECT u.id
+                      FROM {user_lastaccess} ul, {user} u $groupmembers $rafrom
+                     WHERE ul.timeaccess > $timefrom
+                           AND u.id = ul.userid
+                           AND ul.courseid = :courseid
+                           $groupselect $rawhere
+                  GROUP BY u.id";
+
             $params['courseid'] = $COURSE->id;
         }
-        
-        $users = array();        
-        $pcontext = get_related_contexts_string($context);
-    
-        if ($pusers = $DB->get_records_sql($sql, $params, 0, 50)) {   // We'll just take the most recent 50 maximum
-            $hidden = false;
 
-            if (!has_capability('moodle/role:viewhiddenassigns', $context)) {
-                // if current user can't view hidden role assignment in this context and 
-                // user has a hidden role assigned at this context or any parent contexts,
-                // ignore this user
-                $userids = array_keys($pusers);
-                $userids = implode(',', $userids);
-                $sql = "SELECT userid
-                          FROM {role_assignments}
-                         WHERE userid IN ($userids) AND contextid $pcontext AND hidden = 1
-                      GROUP BY userid";
-                $hidden = $DB->get_records_sql($sql);
-            }
+        //Calculate minutes
+        $minutes  = floor($timetoshowusers/60);
 
-            foreach ($pusers as $puser) {
-                if ($hidden and isset($hidden[$puser->id])) {
-                    continue;
-                }
+        // Verify if we can see the list of users, if not just print number of users
+        if (!has_capability('block/online_users:viewlist', $blockcontext)) {
+            if (!$usercount = $DB->count_records_sql($csql, $params)) {
+                $usercount = get_string("none");
+            }
+            $this->content->text = "<div class=\"info\">".get_string("periodnminutes","block_online_users",$minutes).": $usercount</div>";
+            return $this->content;
+        }
 
-                $puser->fullname = fullname($puser);
-                $users[$puser->id] = $puser;  
+        if ($users = $DB->get_records_sql($sql, $params, 0, 50)) {   // We'll just take the most recent 50 maximum
+            foreach ($users as $user) {
+                $users[$user->id]->fullname = fullname($user);
             }
-        }  
-           
-        //Calculate minutes
-        $minutes  = floor($timetoshowusers/60);
+        } else {
+            $users = array();
+        }
+
+        if (count($users) < 50) {
+            $usercount = "";
+        } else {
+            $usercount = $DB->count_records_sql($csql, $params);
+            $usercount = ": $usercount";
+        }
 
-        $this->content->text = "<div class=\"info\">(".get_string("periodnminutes","block_online_users",$minutes).")</div>";
+        $this->content->text = "<div class=\"info\">(".get_string("periodnminutes","block_online_users",$minutes)."$usercount)</div>";
 
         //Now, we have in users, the list of users to show
         //Because they are online
@@ -118,7 +142,7 @@ class block_online_users extends block_base {
             $this->content->text .= "<ul class='list'>\n";
             foreach ($users as $user) {
                 $this->content->text .= '<li class="listentry">';
-                $timeago = format_time(time() - $user->lastaccess); //bruno to calculate correctly on frontpage 
+                $timeago = format_time(time() - $user->lastaccess); //bruno to calculate correctly on frontpage
                 if ($user->username == 'guest') {
                     $this->content->text .= '<div class="user">'.print_user_picture($user->id, $COURSE->id, $user->picture, 16, true, false, '', false);
                     $this->content->text .= get_string('guestuser').'</div>';
@@ -128,7 +152,7 @@ class block_online_users extends block_base {
                     $this->content->text .= print_user_picture($user->id, $COURSE->id, $user->picture, 16, true, false, '', false);
                     $this->content->text .= $user->fullname.'</a></div>';
                 }
-                if (!empty($USER->id) and ($USER->id != $user->id) and !empty($CFG->messaging) and 
+                if (!empty($USER->id) and ($USER->id != $user->id) and !empty($CFG->messaging) and
                     !isguest() and $user->username != 'guest') {  // Only when logged in and messaging active etc
                     $this->content->text .= '<div class="message"><a title="'.get_string('messageselectadd').'" href="'.$CFG->wwwroot.'/message/discussion.php?id='.$user->id.'" onclick="this.target=\'message_'.$user->id.'\';return openpopup(\'/message/discussion.php?id='.$user->id.'\', \'message_'.$user->id.'\', \'menubar=0,location=0,scrollbars,status,resizable,width=400,height=500\', 0);">'
                         .'<img class="iconsmall" src="'.$CFG->pixpath.'/t/message.gif" alt="'. get_string('messageselectadd') .'" /></a></div>';
diff --git a/blocks/online_users/db/access.php b/blocks/online_users/db/access.php
new file mode 100644
index 0000000000..d22923f320
--- /dev/null
+++ b/blocks/online_users/db/access.php
@@ -0,0 +1,43 @@
+<?php  // $Id$
+
+///////////////////////////////////////////////////////////////////////////
+//                                                                       //
+// NOTICE OF COPYRIGHT                                                   //
+//                                                                       //
+// Moodle - Modular Object-Oriented Dynamic Learning Environment         //
+//          http://moodle.com                                            //
+//                                                                       //
+// Copyright (C) 1999 onwards  Martin Dougiamas  http://moodle.com       //
+//                                                                       //
+// This program is free software; you can redistribute it and/or modify  //
+// it under the terms of the GNU General Public License as published by  //
+// the Free Software Foundation; either version 2 of the License, or     //
+// (at your option) any later version.                                   //
+//                                                                       //
+// This program is distributed in the hope that it will be useful,       //
+// but WITHOUT ANY WARRANTY; without even the implied warranty of        //
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         //
+// GNU General Public License for more details:                          //
+//                                                                       //
+//          http://www.gnu.org/copyleft/gpl.html                         //
+//                                                                       //
+///////////////////////////////////////////////////////////////////////////
+
+$block_online_users_capabilities = array(
+
+    'block/online_users:viewlist' => array(
+
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_BLOCK,
+        'legacy' => array(
+            'user' => CAP_ALLOW,
+            'guest' => CAP_ALLOW,
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    )
+);
+
+?>
diff --git a/lang/en_utf8/block_online_users.php b/lang/en_utf8/block_online_users.php
index 7dd1e70b62..f9c40f3e01 100644
--- a/lang/en_utf8/block_online_users.php
+++ b/lang/en_utf8/block_online_users.php
@@ -4,6 +4,7 @@
 
 $string['blockname'] = 'Online Users';
 $string['configtimetosee'] = 'Number of minutes determining the period of inactivity after which a user is no longer considered to be online.';
+$string['online_users:viewlist'] = 'View list of online users';
 $string['periodnminutes'] = 'last $a minutes';
 $string['timetosee'] = 'Remove after inactivity (minutes)';
 
diff --git a/version.php b/version.php
index c672ba7105..d1b115d901 100644
--- a/version.php
+++ b/version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-    $version = 2008113000;  // YYYYMMDD   = date of the last version bump
+    $version = 2008113001;  // YYYYMMDD   = date of the last version bump
                             //         XX = daily increments
 
     $release = '2.0 dev (Build: 20081128)';  // Human-friendly version name
-- 
2.39.5