From f4acee5d78ed04d5f3d2d28cbcd0bc60a43efb52 Mon Sep 17 00:00:00 2001 From: tjhunt Date: Fri, 14 Nov 2008 11:46:01 +0000 Subject: [PATCH] role manage ui: MDL-8313 First version of the basic/advanced role define page. This is being separated from manage.php. This code is only partly working. It displays (most) of a role definition, but does not yet let you save changes. However, I wanted to commit it before going home on Friday night. Since this is new code, it won't break anything. --- admin/roles/define.php | 390 +++++++++++++++++++++++++++++++ admin/roles/lib.php | 77 +++++- lang/en_utf8/role.php | 5 +- theme/standard/styles_color.css | 2 +- theme/standard/styles_layout.css | 1 + 5 files changed, 467 insertions(+), 8 deletions(-) create mode 100755 admin/roles/define.php diff --git a/admin/roles/define.php b/admin/roles/define.php new file mode 100755 index 0000000000..2e45ed6165 --- /dev/null +++ b/admin/roles/define.php @@ -0,0 +1,390 @@ +dirroot . '/' . $CFG->admin . '/roles/lib.php'); + + $action = required_param('action', PARAM_ALPHA); + if ($action != 'add') { + $roleid = required_param('roleid', PARAM_INTEGER); + } else { + $roleid = 0; + } + +/// Get the base URL for this and related pages into a convenient variable. + $manageurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/manage.php'; + $baseurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/define.php'; + +/// Check access permissions. + $systemcontext = get_context_instance(CONTEXT_SYSTEM); + require_login(); + require_capability('moodle/role:manage', $systemcontext); + admin_externalpage_setup('defineroles'); + +/// Handle the cancel button. + if (optional_param('cancel', false, PARAM_BOOL)) { + redirect($manageurl); + } + +/// Handle the toggle advanced mode button. + $showadvanced = get_user_preferences('definerole_showadvanced', false); + if (optional_param('toggleadvanced', false, PARAM_BOOL)) { + $showadvanced = !$showadvanced; + set_user_preference('definerole_showadvanced', $showadvanced); + } + +/// Get some basic data we are going to need. + $roles = get_all_roles(); + $rolescount = count($roles); + + $allcontextlevels = array( + CONTEXT_SYSTEM => get_string('coresystem'), + CONTEXT_USER => get_string('user'), + CONTEXT_COURSECAT => get_string('category'), + CONTEXT_COURSE => get_string('course'), + CONTEXT_MODULE => get_string('activitymodule'), + CONTEXT_BLOCK => get_string('block') + ); + +/// Create the table object. + if ($action == 'view') { + $definitiontable = new view_role_definition_table($systemcontext, $roleid); + } else if ($showadvanced) { + $definitiontable = new define_role_table_advanced($systemcontext, $roleid); + } else { + $definitiontable = new define_role_table_basic($systemcontext, $roleid); + } + $definitiontable->read_submitted_permissions(); + +/// form processing, editing a role, adding a role, deleting a role etc. + $errors = array(); + $newrole = false; + + $name = optional_param('name', '', PARAM_MULTILANG); // new role name + $shortname = optional_param('shortname', '', PARAM_RAW); // new role shortname, special cleaning before storage + $description = optional_param('description', '', PARAM_CLEAN); // new role desc + + if (optional_param('savechanges', false, PARAM_BOOL) && confirm_sesskey()) { + switch ($action) { + case 'add': + + $shortname = textlib_get_instance()->specialtoascii($shortname); + + $shortname = moodle_strtolower(clean_param($shortname, PARAM_ALPHANUMEXT)); // only lowercase safe ASCII characters + $legacytype = required_param('legacytype', PARAM_RAW); + + $legacyroles = get_legacy_roles(); + if (!array_key_exists($legacytype, $legacyroles)) { + $legacytype = ''; + } + + if (empty($name)) { + $errors['name'] = get_string('errorbadrolename', 'role'); + } else if ($DB->count_records('role', array('name'=>$name))) { + $errors['name'] = get_string('errorexistsrolename', 'role'); + } + + if (empty($shortname)) { + $errors['shortname'] = get_string('errorbadroleshortname', 'role'); + } else if ($DB->count_records('role', array('shortname'=>$shortname))) { + $errors['shortname'] = get_string('errorexistsroleshortname', 'role'); + } + + if (empty($errors)) { + $newroleid = create_role($name, $shortname, $description); + + // set proper legacy type + if (!empty($legacytype)) { + assign_capability($legacyroles[$legacytype], CAP_ALLOW, $newroleid, $systemcontext->id); + } + + } else { + $newrole = new object(); + $newrole->name = $name; + $newrole->shortname = $shortname; + $newrole->description = $description; + $newrole->legacytype = $legacytype; + } + + $newcontextlevels = array(); + foreach (array_keys($allcontextlevels) as $cl) { + if (optional_param('contextlevel' . $cl, false, PARAM_BOOL)) { + $newcontextlevels[$cl] = $cl; + } + } + if (empty($errors)) { + set_role_contextlevels($newroleid, $newcontextlevels); + } + + $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT); + $capabilities = fetch_context_capabilities($systemcontext); // capabilities applicable in this context + + foreach ($capabilities as $cap) { + if (!isset($data->{$cap->name})) { + continue; + } + + // legacy caps have their own selector + if (is_legacy($data->{$cap->name})) { + continue; + } + + $capname = $cap->name; + $value = clean_param($data->{$cap->name}, PARAM_INT); + if (!in_array($value, $allowed_values)) { + continue; + } + + if (empty($errors)) { + assign_capability($capname, $value, $newroleid, $systemcontext->id); + } else { + $newrole->$capname = $value; + } + } + + // added a role sitewide... + mark_context_dirty($systemcontext->path); + + if (empty($errors)) { + $rolename = $DB->get_field('role', 'name', array('id'=>$newroleid)); + add_to_log(SITEID, 'role', 'add', 'admin/roles/manage.php?action=add', $rolename, '', $USER->id); + redirect('manage.php'); + } + + break; + + case 'edit': + $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters + $legacytype = required_param('legacytype', PARAM_RAW); + + $legacyroles = get_legacy_roles(); + if (!array_key_exists($legacytype, $legacyroles)) { + $legacytype = ''; + } + + if (empty($name)) { + $errors['name'] = get_string('errorbadrolename', 'role'); + } else if ($rs = $DB->get_records('role', array('name'=>$name))) { + unset($rs[$roleid]); + if (!empty($rs)) { + $errors['name'] = get_string('errorexistsrolename', 'role'); + } + } + + if (empty($shortname)) { + $errors['shortname'] = get_string('errorbadroleshortname', 'role'); + } else if ($rs = $DB->get_records('role', array('shortname'=>$shortname))) { + unset($rs[$roleid]); + if (!empty($rs)) { + $errors['shortname'] = get_string('errorexistsroleshortname', 'role'); + } + } + if (!empty($errors)) { + $newrole = new object(); + $newrole->name = $name; + $newrole->shortname = $shortname; + $newrole->description = $description; + $newrole->legacytype = $legacytype; + } + + $newcontextlevels = array(); + foreach (array_keys($allcontextlevels) as $cl) { + if (optional_param('contextlevel' . $cl, false, PARAM_BOOL)) { + $newcontextlevels[$cl] = $cl; + } + } + if (empty($errors)) { + set_role_contextlevels($roleid, $newcontextlevels); + } + + $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT); + $capabilities = fetch_context_capabilities($systemcontext); // capabilities applicable in this context + + foreach ($capabilities as $cap) { + if (!isset($data->{$cap->name})) { + continue; + } + + // legacy caps have their own selector + if (is_legacy($data->{$cap->name}) === 0 ) { + continue; + } + + $capname = $cap->name; + $value = clean_param($data->{$cap->name}, PARAM_INT); + if (!in_array($value, $allowed_values)) { + continue; + } + + if (!empty($errors)) { + $newrole->$capname = $value; + continue; + } + + // edit default caps + $SQL = "SELECT * + FROM {role_capabilities} + WHERE roleid = ? AND capability = ? + AND contextid = ?"; + $params = array($roleid, $capname, $systemcontext->id); + + $localoverride = $DB->get_record_sql($SQL, $params); + + if ($localoverride) { // update current overrides + if ($value == CAP_INHERIT) { // inherit = delete + unassign_capability($capname, $roleid, $systemcontext->id); + + } else { + $localoverride->permission = $value; + $localoverride->timemodified = time(); + $localoverride->modifierid = $USER->id; + $DB->update_record('role_capabilities', $localoverride); + } + } else { // insert a record + if ($value != CAP_INHERIT) { + assign_capability($capname, $value, $roleid, $systemcontext->id); + } + } + + } + + if (empty($errors)) { + // update normal role settings + $role->id = $roleid; + $role->name = $name; + $role->shortname = $shortname; + $role->description = $description; + + if (!$DB->update_record('role', $role)) { + print_error('cannotupdaterole', 'error'); + } + + // set proper legacy type + foreach($legacyroles as $ltype=>$lcap) { + if ($ltype == $legacytype) { + assign_capability($lcap, CAP_ALLOW, $roleid, $systemcontext->id); + } else { + unassign_capability($lcap, $roleid); + } + } + + // edited a role sitewide... + mark_context_dirty($systemcontext->path); + add_to_log(SITEID, 'role', 'edit', 'admin/roles/manage.php?action=edit&roleid='.$role->id, $role->name, '', $USER->id); + + redirect('manage.php'); + } + + // edited a role sitewide - with errors, but still... + mark_context_dirty($systemcontext->path); + } + } + + $rolenames = role_fix_names($roles, $systemcontext, ROLENAME_ORIGINAL); + +/// Print the page header and tabs. + admin_externalpage_print_header(); + + $currenttab = 'manage'; + include_once('managetabs.php'); + + if ($action == 'add') { + $title = get_string('addinganewrole', 'role'); + } else if ($action == 'view') { + $title = get_string('viewingdefinitionofrolex', 'role', $rolenames[$roleid]->localname); + } else if ($action == 'edit') { + $title = get_string('editingrolex', 'role', $rolenames[$roleid]->localname); + } + print_heading_with_help($title, 'roles'); + +/// Display the role definition, either read-only, or for editing. + if ($action == 'add') { + $roleid = 0; + if (empty($errors) or empty($newrole)) { + $role = new object(); + $role->name = ''; + $role->shortname = ''; + $role->description = ''; + $role->legacytype = ''; + $rolecontextlevels = array(); + } else { + $role = $newrole; + $rolecontextlevels = $newcontextlevels; + } + } else if ($action == 'edit' and !empty($errors) and !empty($newrole)) { + $role = $newrole; + $rolecontextlevels = $newcontextlevels; + } else { + if(!$role = $DB->get_record('role', array('id'=>$roleid))) { + print_error('wrongroleid', 'error'); + } + $role->legacytype = get_legacy_type($role->id); + $rolecontextlevels = get_role_contextlevels($roleid); + } + + + if ($action == 'view') { + echo '
'; + popup_form('manage.php?action=view&roleid=', $roleoptions, 'switchrole', $roleid, '', '', '', + false, 'self', get_string('selectrole', 'role')); + + echo '
'; + + $legacytype = get_legacy_type($roleid); + $options = array(); + $options['roleid'] = $roleid; + $options['action'] = 'edit'; + print_single_button('manage.php', $options, get_string('edit')); + $options['action'] = 'reset'; + if (empty($legacytype)) { + print_single_button('manage.php', $options, get_string('resetrolenolegacy', 'role')); + } else { + print_single_button('manage.php', $options, get_string('resetrole', 'role')); + } + $options['action'] = 'duplicate'; + print_single_button('manage.php', $options, get_string('duplicaterole', 'role')); + print_single_button('manage.php', null, get_string('listallroles', 'role')); + echo '
'; + echo '
'; + } + + print_box_start('generalbox boxwidthwide boxaligncenter'); + $definitiontable->display(); + print_box_end(); + + admin_externalpage_print_footer(); +?> diff --git a/admin/roles/lib.php b/admin/roles/lib.php index 0813b3da29..ae375e228f 100644 --- a/admin/roles/lib.php +++ b/admin/roles/lib.php @@ -400,14 +400,14 @@ abstract class capability_table_with_risks extends capability_table_base { } } -class define_roles_table_advanced extends capability_table_with_risks { +class define_role_table_advanced extends capability_table_with_risks { protected $roleid; public function __construct($context, $roleid) { $this->roleid = $roleid; parent::__construct($context, 'defineroletable'); $this->displaypermissions = $this->allpermissions; - $this->displaypermissions[CAP_INHERIT] = get_string('notset', 'role'); + $this->strperms[$this->allpermissions[CAP_INHERIT]] = get_string('notset', 'role'); } protected function load_current_permissions() { @@ -420,8 +420,14 @@ class define_roles_table_advanced extends capability_table_with_risks { protected function load_parent_permissions() { /// Get the default permissions, based on legacy role type. - if (!empty($this->role->legacytype)) { - $this->parentpermissions = get_default_capabilities($role->legacytype); + // TODO + if ($this->roleid) { + $legacy = get_legacy_type($this->roleid); + } else { + $legacy = ''; + } + if (!empty($legacy)) { + $this->parentpermissions = get_default_capabilities($legacy); } else { $this->parentpermissions = array(); } @@ -445,11 +451,71 @@ class define_roles_table_advanced extends capability_table_with_risks { } protected function add_permission_cells($capability) { + /// One cell for each possible permission. + foreach ($this->displaypermissions as $perm => $permname) { + $strperm = $this->strperms[$permname]; + $extraclass = ''; + if ($perm == $this->parentpermissions[$capability->name]) { + $extraclass = ' capdefault'; + } + $checked = ''; + if ($this->permissions[$capability->name] == $perm) { + $checked = ' checked="checked"'; + } + echo ''; + echo ''; + } + } +} + +class define_role_table_basic extends define_role_table_advanced { + protected $stradvmessage; + protected $strallow; + + public function __construct($context, $roleid) { + parent::__construct($context, $roleid); + $this->displaypermissions = array(CAP_ALLOW => $this->allpermissions[CAP_ALLOW]); + $this->stradvmessage = get_string('useshowadvancedtochange', 'role'); + $this->strallow = $this->strperms[$this->allpermissions[CAP_ALLOW]]; + } + + protected function add_permission_cells($capability) { + $perm = $this->permissions[$capability->name]; + $permname = $this->allpermissions[$perm]; + echo ''; + if ($perm == CAP_ALLOW || $perm == CAP_INHERIT) { + $checked = ''; + if ($perm == CAP_ALLOW) { + $checked = 'checked="checked" '; + } + echo ''; + echo ''; + } else { + echo ''; + echo $this->strperms[$permname] . '' . $this->stradvmessage . ''; + } + echo ''; + } +} +class view_role_definition_table extends define_role_table_advanced { + public function __construct($context, $roleid) { + parent::__construct($context, $roleid); + $this->displaypermissions = array(CAP_ALLOW => $this->allpermissions[CAP_ALLOW]); + } + + protected function add_permission_cells($capability) { + $perm = $this->permissions[$capability->name]; + $permname = $this->allpermissions[$perm]; + echo '' . $this->strperms[$permname] . ''; } } -class override_permissions_table_advanced extends capability_table_with_risks { +class override_permissions_table_advanced extends define_role_table_basic { protected $roleid; protected $strnotset; protected $haslockedcapabiltites = false; @@ -551,7 +617,6 @@ class override_permissions_table_basic extends override_permissions_table_advanc protected $stradvmessage; public function __construct($context, $roleid, $safeoverridesonly) { - global $DB; parent::__construct($context, $roleid, $safeoverridesonly); unset($this->displaypermissions[CAP_PROHIBIT]); $this->stradvmessage = get_string('useshowadvancedtochange', 'role'); diff --git a/lang/en_utf8/role.php b/lang/en_utf8/role.php index 00030661fd..8a87037951 100644 --- a/lang/en_utf8/role.php +++ b/lang/en_utf8/role.php @@ -2,6 +2,7 @@ // role.php - created with Moodle 1.7 beta + (2006101003) +$string['addinganewrole'] = 'Adding a new role'; $string['addrole'] = 'Add a new role'; $string['allow'] = 'Allow'; $string['allowassign'] = 'Allow role assignments'; @@ -72,6 +73,7 @@ $string['deletelocalroles'] = 'Delete all local role assignments'; $string['deleterolesure'] = 'Are you sure that you want to delete role \"$a->name ($a->shortname)\"?

Currently this role is assigned to $a->count users.'; $string['duplicaterolesure'] = 'Are you sure that you want to duplicate role \"$a->name ($a->shortname)\"?

'; $string['duplicaterole'] = 'Duplicate role'; +$string['editingrolex'] = 'Editing role \'$a\''; $string['editrole'] = 'Edit role'; $string['errorbadrolename'] = 'Incorrect role name'; $string['errorbadroleshortname'] = 'Incorrect role name'; @@ -219,11 +221,12 @@ $string['userswiththisrole'] = 'Users with role'; $string['userswithrole'] = 'All users with a role'; $string['useshowadvancedtochange'] = 'Use \'Show advanced\' to change'; $string['viewrole'] = 'View role details'; +$string['viewingdefinitionofrolex'] = 'Viewing the definition of role \'$a\''; $string['whydoesuserhavecap'] = 'Why does $a->fullname have capability $a->capability in context $a->context?'; $string['whydoesusernothavecap'] = 'Why does $a->fullname not have capability $a->capability in context $a->context?'; $string['xuserswiththerole'] = 'Users with the role \"$a->role\"'; -// MNET +// MNETviewingdefinitionofrolex $string['site:mnetlogintoremote'] = 'Roam to a remote Moodle'; $string['site:mnetloginfromremote'] = 'Login from a remote Moodle'; diff --git a/theme/standard/styles_color.css b/theme/standard/styles_color.css index 4b8cd81048..7a06032cf5 100644 --- a/theme/standard/styles_color.css +++ b/theme/standard/styles_color.css @@ -1185,7 +1185,7 @@ table.explainpermissions .decisive { table.explainpermissions .overridden { text-decoration: line-through; } -#admin-roles-manage .capdefault { +#admin-roles-define .capdefault { background-color:#dddddd; border: 1px solid #cecece; } diff --git a/theme/standard/styles_layout.css b/theme/standard/styles_layout.css index 846fd41808..2170276ea4 100644 --- a/theme/standard/styles_layout.css +++ b/theme/standard/styles_layout.css @@ -1164,6 +1164,7 @@ table.rolecap label { table.rolecap .cap-desc .cap-name, .rolecap .note { display: block; + padding: 0 0.5em; } #admin-roles-override .cell.c1, -- 2.39.5