From e836a7ddd8ec433b97ec7d40a60473ce79b8be52 Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Sun, 24 Sep 2006 16:14:39 +0000
Subject: [PATCH] When getting users by capability then exclude those with
 doanything at site level

---
 lib/accesslib.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/lib/accesslib.php b/lib/accesslib.php
index 7e7421704a..4d5a68dd83 100755
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -2613,11 +2613,19 @@ function get_users_by_capability($context, $capability, $fields='', $sort='',
 
 /// Sorting out roles with this capability set
     if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) {
+        if (!$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID)) {  // Something is seriously wrong
+            return false;
+        }
+        $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
+
         $validroleids = array();
-        foreach ($possibleroles as $prole) {
-            $caps = role_context_capabilities($prole->id, $context, $capability); // resolved list
+        foreach ($possibleroles as $possiblerole) {
+            if (isset($doanythingroles[$possiblerole->id])) {  // We don't want these included
+                continue;
+            }
+            $caps = role_context_capabilities($possiblerole->id, $context, $capability); // resolved list
             if ($caps[$capability] > 0) { // resolved capability > 0
-                $validroleids[] = $prole->id;
+                $validroleids[] = $possiblerole->id;
             }
         }
         $roleids =  '('.implode(',', $validroleids).')';
-- 
2.39.5