2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
21 * @copyright 2009 Petr Skoda {@link http://skodak.org}
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 require('../../config.php');
27 $contextid = required_param('contextid', PARAM_INT
);
29 $roleid = optional_param('roleid', 0, PARAM_INT
);
30 $capability = optional_param('capability', false, PARAM_CAPABILITY
);
31 $confirm = optional_param('confirm', 0, PARAM_BOOL
);
32 $prevent = optional_param('prevent', 0, PARAM_BOOL
);
33 $allow = optional_param('allow', 0, PARAM_BOOL
);
34 $unprohibit = optional_param('unprohibit', 0, PARAM_BOOL
);
35 $prohibit = optional_param('prohibit', 0, PARAM_BOOL
);
36 $return = optional_param('return', null, PARAM_ALPHANUMEXT
);
38 list($context, $course, $cm) = get_context_info_array($contextid);
40 $url = new moodle_url('/admin/roles/permissions.php', array('contextid' => $contextid));
43 $isfrontpage = ($course->id
== SITEID
);
46 if ($context->contextlevel
== CONTEXT_USER
) {
47 $course = $DB->get_record('course', array('id'=>optional_param('courseid', SITEID
, PARAM_INT
)), '*', MUST_EXIST
);
48 $user = $DB->get_record('user', array('id'=>$context->instanceid
), '*', MUST_EXIST
);
49 $url->param('courseid', $course->id
);
50 $url->param('userid', $user->id
);
57 require_login($course, false, $cm);
58 require_capability('moodle/role:review', $context);
61 if ($context->contextlevel
== CONTEXT_USER
and $USER->id
!= $context->instanceid
) {
62 $PAGE->navigation
->extend_for_user($user);
63 $PAGE->set_context(context_course
::instance($course->id
));
65 $PAGE->set_context($context);
68 $courseid = $course->id
;
71 // These are needed early because of tabs.php.
72 $assignableroles = get_assignable_roles($context, ROLENAME_BOTH
);
73 list($overridableroles, $overridecounts, $nameswithcounts) = get_overridable_roles($context, ROLENAME_BOTH
, true);
75 $capability = $DB->get_record('capabilities', array('name'=>$capability), '*', MUST_EXIST
);
78 $allowoverrides = has_capability('moodle/role:override', $context);
79 $allowsafeoverrides = has_capability('moodle/role:safeoverride', $context);
81 $contextname = $context->get_context_name();
82 $title = get_string('permissionsincontext', 'core_role', $contextname);
83 $straction = get_string('permissions', 'core_role'); // Used by tabs.php.
84 $currenttab = 'permissions';
86 $PAGE->set_pagelayout('admin');
87 $PAGE->set_title($title);
88 switch ($context->contextlevel
) {
90 print_error('cannotoverridebaserole', 'error');
93 $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context));
94 $PAGE->set_heading($fullname);
97 case CONTEXT_COURSECAT
:
98 $PAGE->set_heading($SITE->fullname
);
102 $PAGE->set_heading(get_string('frontpage', 'admin'));
104 $PAGE->set_heading($course->fullname
);
108 $PAGE->set_heading($context->get_context_name(false));
109 $PAGE->set_cacheable(false);
112 $PAGE->set_heading($PAGE->course
->fullname
);
116 // Handle confirmations and actions.
117 // We have a capability and overrides are allowed or safe overrides are allowed and this is safe.
118 if ($capability && ($allowoverrides ||
($allowsafeoverrides && is_safe_capability($capability)))) {
119 // If we already know the the role ID, it is overrideable, and we are setting prevent or unprohibit.
120 if (isset($overridableroles[$roleid]) && ($prevent ||
$unprohibit)) {
121 // We are preventing.
123 if ($confirm && data_submitted() && confirm_sesskey()) {
124 role_change_permission($roleid, $context, $capability->name
, CAP_PREVENT
);
125 redirect($PAGE->url
);
128 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'role'=>$overridableroles[$roleid], 'context'=>$contextname);
129 $message = get_string('confirmroleprevent', 'core_role', $a);
130 $continueurl = new moodle_url($PAGE->url
,
131 array('contextid'=>$context->id
, 'roleid'=>$roleid, 'capability'=>$capability->name
, 'prevent'=>1, 'sesskey'=>sesskey(), 'confirm'=>1));
134 // We are unprohibiting.
136 if ($confirm && data_submitted() && confirm_sesskey()) {
137 role_change_permission($roleid, $context, $capability->name
, CAP_INHERIT
);
138 redirect($PAGE->url
);
140 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'role'=>$overridableroles[$roleid], 'context'=>$contextname);
141 $message = get_string('confirmroleunprohibit', 'core_role', $a);
142 $continueurl = new moodle_url($PAGE->url
,
143 array('contextid'=>$context->id
, 'roleid'=>$roleid, 'capability'=>$capability->name
, 'unprohibit'=>1, 'sesskey'=>sesskey(), 'confirm'=>1));
146 // Display and print.
147 echo $OUTPUT->header();
148 echo $OUTPUT->heading($title);
149 echo $OUTPUT->confirm($message, $continueurl, $PAGE->url
);
150 echo $OUTPUT->footer();
154 if ($allow ||
$prohibit) {
156 $mform = new core_role_permission_allow_form(null, array($context, $capability, $overridableroles));
157 if ($mform->is_cancelled()) {
158 redirect($PAGE->url
);
159 } else if ($data = $mform->get_data() and !empty($data->roleid
)) {
160 $roleid = $data->roleid
;
161 if (isset($overridableroles[$roleid])) {
162 role_change_permission($roleid, $context, $capability->name
, CAP_ALLOW
);
164 redirect($PAGE->url
);
166 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'context'=>$contextname);
167 $message = get_string('roleallowinfo', 'core_role', $a);
171 $mform = new core_role_permission_prohibit_form(null, array($context, $capability, $overridableroles));
172 if ($mform->is_cancelled()) {
173 redirect($PAGE->url
);
174 } else if ($data = $mform->get_data() and !empty($data->roleid
)) {
175 $roleid = $data->roleid
;
176 if (isset($overridableroles[$roleid])) {
177 role_change_permission($roleid, $context, $capability->name
, CAP_PROHIBIT
);
179 redirect($PAGE->url
);
181 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'context'=>$contextname);
182 $message = get_string('roleprohibitinfo', 'core_role', $a);
185 echo $OUTPUT->header();
186 echo $OUTPUT->heading($title);
187 echo $OUTPUT->box($message);
189 echo $OUTPUT->footer();
194 echo $OUTPUT->header();
195 echo $OUTPUT->heading($title);
197 $table = new core_role_permissions_table($context, $contextname, $allowoverrides, $allowsafeoverrides, $overridableroles);
198 echo $OUTPUT->box_start('generalbox capbox');
199 // Print link to advanced override page.
200 if ($overridableroles) {
201 $overrideurl = new moodle_url('/admin/roles/override.php', array('contextid' => $context->id
));
202 $select = new single_select($overrideurl, 'roleid', $nameswithcounts);
203 $select->label
= get_string('advancedoverride', 'core_role');
204 echo html_writer
::tag('div', $OUTPUT->render($select), array('class'=>'advancedoverride'));
207 echo $OUTPUT->box_end();
210 if ($context->contextlevel
> CONTEXT_USER
) {
212 if ($context->contextlevel
=== CONTEXT_COURSECAT
&& $return === 'management') {
213 $url = new moodle_url('/course/management.php', array('categoryid' => $context->instanceid
));
215 $url = $context->get_url();
218 echo html_writer
::start_tag('div', array('class'=>'backlink'));
219 echo html_writer
::tag('a', get_string('backto', '', $contextname), array('href' => $url));
220 echo html_writer
::end_tag('div');
223 echo $OUTPUT->footer($course);