admin/roles/permissions.php

   1 <?php
   2
   3 // This file is part of Moodle - http://moodle.org/
   4 //
   5 // Moodle is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, either version 3 of the License, or
   8 // (at your option) any later version.
   9 //
  10 // Moodle is distributed in the hope that it will be useful,
  11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 // GNU General Public License for more details.
  14 //
  15 // You should have received a copy of the GNU General Public License
  16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 /**
  19  * This script serves draft files of current user
  20  *
  21  * @package    core
  22  * @subpackage role
  23  * @copyright  2009 Petr Skoda (skodak) info@skodak.org
  24  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  25  */
  26
  27 require('../../config.php');
  28 require_once("$CFG->dirroot/$CFG->admin/roles/lib.php");
  29 require_once("permissions_forms.php");
  30
  31 $contextid  = required_param('contextid',PARAM_INT);
  32
  33 $roleid     = optional_param('roleid', 0, PARAM_INT);
  34 $capability = optional_param('capability', false, PARAM_CAPABILITY);
  35 $confirm    = optional_param('confirm', 0, PARAM_BOOL);
  36 $prevent    = optional_param('prevent', 0, PARAM_BOOL);
  37 $allow      = optional_param('allow', 0, PARAM_BOOL);
  38 $unprohibit = optional_param('unprohibit', 0, PARAM_BOOL);
  39 $prohibit   = optional_param('prohibit', 0, PARAM_BOOL);
  40
  41 list($context, $course, $cm) = get_context_info_array($contextid);
  42
  43 $url = new moodle_url('/admin/roles/permissions.php', array('contextid' => $contextid));
  44
  45 if ($course) {
  46     $isfrontpage = ($course->id == SITEID);
  47 } else {
  48     $isfrontpage = false;
  49     if ($context->contextlevel == CONTEXT_USER) {
  50         $course = $DB->get_record('course', array('id'=>optional_param('courseid', SITEID, PARAM_INT)), '*', MUST_EXIST);
  51         $user = $DB->get_record('user', array('id'=>$context->instanceid), '*', MUST_EXIST);
  52         $url->param('courseid', $course->id);
  53         $url->param('userid', $user->id);
  54     } else {
  55         $course = $SITE;
  56     }
  57 }
  58
  59 // security first
  60 require_login($course, false, $cm);
  61 require_capability('moodle/role:review', $context);
  62 $PAGE->set_url($url);
  63 $PAGE->set_context($context);
  64 $courseid = $course->id;
  65
  66
  67 // These are needed early because of tabs.php
  68 $assignableroles = get_assignable_roles($context, ROLENAME_BOTH);
  69 list($overridableroles, $overridecounts, $nameswithcounts) = get_overridable_roles($context, ROLENAME_BOTH, true);
  70 if ($capability) {
  71     $capability = $DB->get_record('capabilities', array('name'=>$capability), '*', MUST_EXIST);
  72 }
  73
  74 $allowoverrides     = has_capability('moodle/role:override', $context);
  75 $allowsafeoverrides = has_capability('moodle/role:safeoverride', $context);
  76
  77 $contextname = print_context_name($context);
  78 $title = get_string('permissionsincontext', 'role', $contextname);
  79 $straction = get_string('permissions', 'role'); // Used by tabs.php
  80 $currenttab = 'permissions';
  81
  82 $PAGE->set_pagelayout('admin');
  83 $PAGE->set_title($title);
  84 switch ($context->contextlevel) {
  85     case CONTEXT_SYSTEM:
  86         print_error('cannotoverridebaserole', 'error');
  87         break;
  88     case CONTEXT_USER:
  89         $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context));
  90         $PAGE->set_heading($fullname);
  91         $showroles = 1;
  92         break;
  93     case CONTEXT_COURSECAT:
  94         $PAGE->set_heading("$SITE->fullname: ".get_string("categories"));
  95         break;
  96     case CONTEXT_COURSE:
  97         if ($isfrontpage) {
  98             admin_externalpage_setup('frontpageroles', '', array(), $PAGE->url);
  99         } else {
 100             $PAGE->set_heading($course->fullname);
 101         }
 102         break;
 103     case CONTEXT_MODULE:
 104         $PAGE->set_heading(print_context_name($context, false));
 105         $PAGE->set_cacheable(false);
 106         break;
 107     case CONTEXT_BLOCK:
 108         $PAGE->set_heading($PAGE->course->fullname);
 109         break;
 110 }
 111
 112 // handle confirmations and actions
 113 // We have a capability and overrides are allowed or safe overrides are allowed and this is safe
 114 if ($capability && ($allowoverrides || ($allowsafeoverrides && is_safe_capability($capability)))) {
 115     // If we already know the the role ID, it is overrideable, and we are setting prevent or unprohibit
 116     if (isset($overridableroles[$roleid]) && ($prevent || $unprohibit)) {
 117         // We are preventing
 118         if ($prevent) {
 119             if ($confirm && data_submitted() && confirm_sesskey()) {
 120                 role_change_permission($roleid, $context, $capability->name, CAP_PREVENT);
 121                 redirect($PAGE->url);
 122
 123             } else {
 124                 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'role'=>$overridableroles[$roleid], 'context'=>$contextname);
 125                 $message = get_string('confirmroleprevent', 'role', $a);
 126                 $continueurl = new moodle_url($PAGE->url, array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability->name, 'prevent'=>1, 'sesskey'=>sesskey(), 'confirm'=>1));
 127             }
 128         }
 129         // We are unprohibiting
 130         if ($unprohibit) {
 131             if ($confirm && data_submitted() && confirm_sesskey()) {
 132                 role_change_permission($roleid, $context, $capability->name, CAP_INHERIT);
 133                 redirect($PAGE->url);
 134             } else {
 135                 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'role'=>$overridableroles[$roleid], 'context'=>$contextname);
 136                 $message = get_string('confirmroleunprohibit', 'role', $a);
 137                 $continueurl = new moodle_url($PAGE->url, array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability->name, 'unprohibit'=>1, 'sesskey'=>sesskey(), 'confirm'=>1));
 138             }
 139         }
 140         // Display and print
 141         echo $OUTPUT->header();
 142         echo $OUTPUT->heading($title);
 143         echo $OUTPUT->confirm($message, $continueurl, $PAGE->url);
 144         echo $OUTPUT->footer();
 145         die;
 146     }
 147
 148     if ($allow || $prohibit) {
 149         if ($allow) {
 150             $mform = new role_allow_form(null, array($context, $capability, $overridableroles));
 151             if ($mform->is_cancelled()) {
 152                 redirect($PAGE->url);
 153             } else if ($data = $mform->get_data() and !empty($data->roleid)) {
 154                 $roleid = $data->roleid;
 155                 if (isset($overridableroles[$roleid])) {
 156                     role_change_permission($roleid, $context, $capability->name, CAP_ALLOW);
 157                 }
 158                 redirect($PAGE->url);
 159             } else {
 160                 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'context'=>$contextname);
 161                 $message = get_string('roleallowinfo', 'role', $a);
 162             }
 163         }
 164         if ($prohibit) {
 165             $mform = new role_prohibit_form(null, array($context, $capability, $overridableroles));
 166             if ($mform->is_cancelled()) {
 167                 redirect($PAGE->url);
 168             } else if ($data = $mform->get_data() and !empty($data->roleid)) {
 169                 $roleid = $data->roleid;
 170                 if (isset($overridableroles[$roleid])) {
 171                     role_change_permission($roleid, $context, $capability->name, CAP_PROHIBIT);
 172                 }
 173                 redirect($PAGE->url);
 174             } else {
 175                 $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'context'=>$contextname);
 176                 $message = get_string('roleprohibitinfo', 'role', $a);
 177             }
 178         }
 179         echo $OUTPUT->header();
 180         echo $OUTPUT->heading($title);
 181         echo $OUTPUT->box($message);
 182         $mform->display();
 183         echo $OUTPUT->footer();
 184         die;
 185     }
 186 }
 187
 188 echo $OUTPUT->header();
 189 echo $OUTPUT->heading($title);
 190
 191 $table = new permissions_table($context, $contextname, $allowoverrides, $allowsafeoverrides, $overridableroles);
 192 echo $OUTPUT->box_start('generalbox capbox');
 193 // print link to advanced override page
 194 if ($overridableroles) {
 195     $overrideurl = new moodle_url('/admin/roles/override.php', array('contextid' => $context->id));
 196     $select = new single_select($overrideurl, 'roleid', $nameswithcounts);
 197     $select->label = get_string('advancedoverride', 'role');
 198     echo html_writer::tag('div', $OUTPUT->render($select), array('class'=>'advancedoverride'));
 199 }
 200 $table->display();
 201 echo $OUTPUT->box_end();
 202
 203
 204 if ($context->contextlevel > CONTEXT_USER) {
 205     echo html_writer::start_tag('div', array('class'=>'backlink'));
 206     echo html_writer::tag('a', get_string('backto', '', $contextname), array('href'=>get_context_url($context)));
 207     echo html_writer::end_tag('div');
 208 }
 209
 210 echo $OUTPUT->footer($course);
 211