search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-51167 tool_monitor: fix too strict condition
[moodle.git] / lib / accesslib.php
blobb60be06abc535304a3fce9da4f05c2bbe0535010
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This file contains functions for managing user access
19 *
20 * <b>Public API vs internals</b>
21 *
22 * General users probably only care about
23 *
24 * Context handling
25 * - context_course::instance($courseid), context_module::instance($cm->id), context_coursecat::instance($catid)
26 * - context::instance_by_id($contextid)
27 * - $context->get_parent_contexts();
28 * - $context->get_child_contexts();
29 *
30 * Whether the user can do something...
31 * - has_capability()
32 * - has_any_capability()
33 * - has_all_capabilities()
34 * - require_capability()
35 * - require_login() (from moodlelib)
36 * - is_enrolled()
37 * - is_viewing()
38 * - is_guest()
39 * - is_siteadmin()
40 * - isguestuser()
41 * - isloggedin()
42 *
43 * What courses has this user access to?
44 * - get_enrolled_users()
45 *
46 * What users can do X in this context?
47 * - get_enrolled_users() - at and bellow course context
48 * - get_users_by_capability() - above course context
49 *
50 * Modify roles
51 * - role_assign()
52 * - role_unassign()
53 * - role_unassign_all()
54 *
55 * Advanced - for internal use only
56 * - load_all_capabilities()
57 * - reload_all_capabilities()
58 * - has_capability_in_accessdata()
59 * - get_user_access_sitewide()
60 * - load_course_context()
61 * - load_role_access_by_context()
62 * - etc.
63 *
64 * <b>Name conventions</b>
65 *
66 * "ctx" means context
67 *
68 * <b>accessdata</b>
69 *
70 * Access control data is held in the "accessdata" array
71 * which - for the logged-in user, will be in $USER->access
72 *
73 * For other users can be generated and passed around (but may also be cached
74 * against userid in $ACCESSLIB_PRIVATE->accessdatabyuser).
75 *
76 * $accessdata is a multidimensional array, holding
77 * role assignments (RAs), role-capabilities-perm sets
78 * (role defs) and a list of courses we have loaded
79 * data for.
80 *
81 * Things are keyed on "contextpaths" (the path field of
82 * the context table) for fast walking up/down the tree.
83 * <code>
84 * $accessdata['ra'][$contextpath] = array($roleid=>$roleid)
85 * [$contextpath] = array($roleid=>$roleid)
86 * [$contextpath] = array($roleid=>$roleid)
87 * </code>
88 *
89 * Role definitions are stored like this
90 * (no cap merge is done - so it's compact)
91 *
92 * <code>
93 * $accessdata['rdef']["$contextpath:$roleid"]['mod/forum:viewpost'] = 1
94 * ['mod/forum:editallpost'] = -1
95 * ['mod/forum:startdiscussion'] = -1000
96 * </code>
97 *
98 * See how has_capability_in_accessdata() walks up the tree.
99 *
100 * First we only load rdef and ra down to the course level, but not below.
101 * This keeps accessdata small and compact. Below-the-course ra/rdef
102 * are loaded as needed. We keep track of which courses we have loaded ra/rdef in
103 * <code>
104 * $accessdata['loaded'] = array($courseid1=>1, $courseid2=>1)
105 * </code>
106 *
107 * <b>Stale accessdata</b>
108 *
109 * For the logged-in user, accessdata is long-lived.
110 *
111 * On each pageload we load $ACCESSLIB_PRIVATE->dirtycontexts which lists
112 * context paths affected by changes. Any check at-or-below
113 * a dirty context will trigger a transparent reload of accessdata.
114 *
115 * Changes at the system level will force the reload for everyone.
116 *
117 * <b>Default role caps</b>
118 * The default role assignment is not in the DB, so we
119 * add it manually to accessdata.
120 *
121 * This means that functions that work directly off the
122 * DB need to ensure that the default role caps
123 * are dealt with appropriately.
124 *
125 * @package core_access
126 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
127 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
128 */
129
130 defined('MOODLE_INTERNAL') || die();
131
132 /** No capability change */
133 define('CAP_INHERIT', 0);
134 /** Allow permission, overrides CAP_PREVENT defined in parent contexts */
135 define('CAP_ALLOW', 1);
136 /** Prevent permission, overrides CAP_ALLOW defined in parent contexts */
137 define('CAP_PREVENT', -1);
138 /** Prohibit permission, overrides everything in current and child contexts */
139 define('CAP_PROHIBIT', -1000);
140
141 /** System context level - only one instance in every system */
142 define('CONTEXT_SYSTEM', 10);
143 /** User context level - one instance for each user describing what others can do to user */
144 define('CONTEXT_USER', 30);
145 /** Course category context level - one instance for each category */
146 define('CONTEXT_COURSECAT', 40);
147 /** Course context level - one instances for each course */
148 define('CONTEXT_COURSE', 50);
149 /** Course module context level - one instance for each course module */
150 define('CONTEXT_MODULE', 70);
151 /**
152 * Block context level - one instance for each block, sticky blocks are tricky
153 * because ppl think they should be able to override them at lower contexts.
154 * Any other context level instance can be parent of block context.
155 */
156 define('CONTEXT_BLOCK', 80);
157
158 /** Capability allow management of trusts - NOT IMPLEMENTED YET - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
159 define('RISK_MANAGETRUST', 0x0001);
160 /** Capability allows changes in system configuration - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
161 define('RISK_CONFIG', 0x0002);
162 /** Capability allows user to add scripted content - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
163 define('RISK_XSS', 0x0004);
164 /** Capability allows access to personal user information - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
165 define('RISK_PERSONAL', 0x0008);
166 /** Capability allows users to add content others may see - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
167 define('RISK_SPAM', 0x0010);
168 /** capability allows mass delete of data belonging to other users - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
169 define('RISK_DATALOSS', 0x0020);
170
171 /** rolename displays - the name as defined in the role definition, localised if name empty */
172 define('ROLENAME_ORIGINAL', 0);
173 /** rolename displays - the name as defined by a role alias at the course level, falls back to ROLENAME_ORIGINAL if alias not present */
174 define('ROLENAME_ALIAS', 1);
175 /** rolename displays - Both, like this: Role alias (Original) */
176 define('ROLENAME_BOTH', 2);
177 /** rolename displays - the name as defined in the role definition and the shortname in brackets */
178 define('ROLENAME_ORIGINALANDSHORT', 3);
179 /** rolename displays - the name as defined by a role alias, in raw form suitable for editing */
180 define('ROLENAME_ALIAS_RAW', 4);
181 /** rolename displays - the name is simply short role name */
182 define('ROLENAME_SHORT', 5);
183
184 if (!defined('CONTEXT_CACHE_MAX_SIZE')) {
185 /** maximum size of context cache - it is possible to tweak this config.php or in any script before inclusion of context.php */
186 define('CONTEXT_CACHE_MAX_SIZE', 2500);
187 }
188
189 /**
190 * Although this looks like a global variable, it isn't really.
191 *
192 * It is just a private implementation detail to accesslib that MUST NOT be used elsewhere.
193 * It is used to cache various bits of data between function calls for performance reasons.
194 * Sadly, a PHP global variable is the only way to implement this, without rewriting everything
195 * as methods of a class, instead of functions.
196 *
197 * @access private
198 * @global stdClass $ACCESSLIB_PRIVATE
199 * @name $ACCESSLIB_PRIVATE
200 */
201 global $ACCESSLIB_PRIVATE;
202 $ACCESSLIB_PRIVATE = new stdClass();
203 $ACCESSLIB_PRIVATE->dirtycontexts = null; // Dirty contexts cache, loaded from DB once per page
204 $ACCESSLIB_PRIVATE->accessdatabyuser = array(); // Holds the cache of $accessdata structure for users (including $USER)
205 $ACCESSLIB_PRIVATE->rolepermissions = array(); // role permissions cache - helps a lot with mem usage
206 $ACCESSLIB_PRIVATE->capabilities = null; // detailed information about the capabilities
207
208 /**
209 * Clears accesslib's private caches. ONLY BE USED BY UNIT TESTS
210 *
211 * This method should ONLY BE USED BY UNIT TESTS. It clears all of
212 * accesslib's private caches. You need to do this before setting up test data,
213 * and also at the end of the tests.
214 *
215 * @access private
216 * @return void
217 */
218 function accesslib_clear_all_caches_for_unit_testing() {
219 global $USER;
220 if (!PHPUNIT_TEST) {
221 throw new coding_exception('You must not call clear_all_caches outside of unit tests.');
222 }
223
224 accesslib_clear_all_caches(true);
225
226 unset($USER->access);
227 }
228
229 /**
230 * Clears accesslib's private caches. ONLY BE USED FROM THIS LIBRARY FILE!
231 *
232 * This reset does not touch global $USER.
233 *
234 * @access private
235 * @param bool $resetcontexts
236 * @return void
237 */
238 function accesslib_clear_all_caches($resetcontexts) {
239 global $ACCESSLIB_PRIVATE;
240
241 $ACCESSLIB_PRIVATE->dirtycontexts = null;
242 $ACCESSLIB_PRIVATE->accessdatabyuser = array();
243 $ACCESSLIB_PRIVATE->rolepermissions = array();
244 $ACCESSLIB_PRIVATE->capabilities = null;
245
246 if ($resetcontexts) {
247 context_helper::reset_caches();
248 }
249 }
250
251 /**
252 * Gets the accessdata for role "sitewide" (system down to course)
253 *
254 * @access private
255 * @param int $roleid
256 * @return array
257 */
258 function get_role_access($roleid) {
259 global $DB, $ACCESSLIB_PRIVATE;
260
261 /* Get it in 1 DB query...
262 * - relevant role caps at the root and down
263 * to the course level - but not below
264 */
265
266 //TODO: MUC - this could be cached in shared memory to speed up first page loading, web crawlers, etc.
267
268 $accessdata = get_empty_accessdata();
269
270 $accessdata['ra']['/'.SYSCONTEXTID] = array((int)$roleid => (int)$roleid);
271
272 // Overrides for the role IN ANY CONTEXTS down to COURSE - not below -.
273
274 /*
275 $sql = "SELECT ctx.path,
276 rc.capability, rc.permission
277 FROM {context} ctx
278 JOIN {role_capabilities} rc ON rc.contextid = ctx.id
279 LEFT JOIN {context} cctx
280 ON (cctx.contextlevel = ".CONTEXT_COURSE." AND ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'").")
281 WHERE rc.roleid = ? AND cctx.id IS NULL";
282 $params = array($roleid);
283 */
284
285 // Note: the commented out query is 100% accurate but slow, so let's cheat instead by hardcoding the blocks mess directly.
286
287 $sql = "SELECT COALESCE(ctx.path, bctx.path) AS path, rc.capability, rc.permission
288 FROM {role_capabilities} rc
289 LEFT JOIN {context} ctx ON (ctx.id = rc.contextid AND ctx.contextlevel <= ".CONTEXT_COURSE.")
290 LEFT JOIN ({context} bctx
291 JOIN {block_instances} bi ON (bi.id = bctx.instanceid)
292 JOIN {context} pctx ON (pctx.id = bi.parentcontextid AND pctx.contextlevel < ".CONTEXT_COURSE.")
293 ) ON (bctx.id = rc.contextid AND bctx.contextlevel = ".CONTEXT_BLOCK.")
294 WHERE rc.roleid = :roleid AND (ctx.id IS NOT NULL OR bctx.id IS NOT NULL)";
295 $params = array('roleid'=>$roleid);
296
297 // we need extra caching in CLI scripts and cron
298 $rs = $DB->get_recordset_sql($sql, $params);
299 foreach ($rs as $rd) {
300 $k = "{$rd->path}:{$roleid}";
301 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
302 }
303 $rs->close();
304
305 // share the role definitions
306 foreach ($accessdata['rdef'] as $k=>$unused) {
307 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
308 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
309 }
310 $accessdata['rdef_count']++;
311 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
312 }
313
314 return $accessdata;
315 }
316
317 /**
318 * Get the default guest role, this is used for guest account,
319 * search engine spiders, etc.
320 *
321 * @return stdClass role record
322 */
323 function get_guest_role() {
324 global $CFG, $DB;
325
326 if (empty($CFG->guestroleid)) {
327 if ($roles = $DB->get_records('role', array('archetype'=>'guest'))) {
328 $guestrole = array_shift($roles); // Pick the first one
329 set_config('guestroleid', $guestrole->id);
330 return $guestrole;
331 } else {
332 debugging('Can not find any guest role!');
333 return false;
334 }
335 } else {
336 if ($guestrole = $DB->get_record('role', array('id'=>$CFG->guestroleid))) {
337 return $guestrole;
338 } else {
339 // somebody is messing with guest roles, remove incorrect setting and try to find a new one
340 set_config('guestroleid', '');
341 return get_guest_role();
342 }
343 }
344 }
345
346 /**
347 * Check whether a user has a particular capability in a given context.
348 *
349 * For example:
350 * $context = context_module::instance($cm->id);
351 * has_capability('mod/forum:replypost', $context)
352 *
353 * By default checks the capabilities of the current user, but you can pass a
354 * different userid. By default will return true for admin users, but you can override that with the fourth argument.
355 *
356 * Guest and not-logged-in users can never get any dangerous capability - that is any write capability
357 * or capabilities with XSS, config or data loss risks.
358 *
359 * @category access
360 *
361 * @param string $capability the name of the capability to check. For example mod/forum:view
362 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
363 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
364 * @param boolean $doanything If false, ignores effect of admin role assignment
365 * @return boolean true if the user has this capability. Otherwise false.
366 */
367 function has_capability($capability, context $context, $user = null, $doanything = true) {
368 global $USER, $CFG, $SCRIPT, $ACCESSLIB_PRIVATE;
369
370 if (during_initial_install()) {
371 if ($SCRIPT === "/$CFG->admin/index.php" or $SCRIPT === "/$CFG->admin/cli/install.php" or $SCRIPT === "/$CFG->admin/cli/install_database.php") {
372 // we are in an installer - roles can not work yet
373 return true;
374 } else {
375 return false;
376 }
377 }
378
379 if (strpos($capability, 'moodle/legacy:') === 0) {
380 throw new coding_exception('Legacy capabilities can not be used any more!');
381 }
382
383 if (!is_bool($doanything)) {
384 throw new coding_exception('Capability parameter "doanything" is wierd, only true or false is allowed. This has to be fixed in code.');
385 }
386
387 // capability must exist
388 if (!$capinfo = get_capability_info($capability)) {
389 debugging('Capability "'.$capability.'" was not found! This has to be fixed in code.');
390 return false;
391 }
392
393 if (!isset($USER->id)) {
394 // should never happen
395 $USER->id = 0;
396 debugging('Capability check being performed on a user with no ID.', DEBUG_DEVELOPER);
397 }
398
399 // make sure there is a real user specified
400 if ($user === null) {
401 $userid = $USER->id;
402 } else {
403 $userid = is_object($user) ? $user->id : $user;
404 }
405
406 // make sure forcelogin cuts off not-logged-in users if enabled
407 if (!empty($CFG->forcelogin) and $userid == 0) {
408 return false;
409 }
410
411 // make sure the guest account and not-logged-in users never get any risky caps no matter what the actual settings are.
412 if (($capinfo->captype === 'write') or ($capinfo->riskbitmask & (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))) {
413 if (isguestuser($userid) or $userid == 0) {
414 return false;
415 }
416 }
417
418 // somehow make sure the user is not deleted and actually exists
419 if ($userid != 0) {
420 if ($userid == $USER->id and isset($USER->deleted)) {
421 // this prevents one query per page, it is a bit of cheating,
422 // but hopefully session is terminated properly once user is deleted
423 if ($USER->deleted) {
424 return false;
425 }
426 } else {
427 if (!context_user::instance($userid, IGNORE_MISSING)) {
428 // no user context == invalid userid
429 return false;
430 }
431 }
432 }
433
434 // context path/depth must be valid
435 if (empty($context->path) or $context->depth == 0) {
436 // this should not happen often, each upgrade tries to rebuild the context paths
437 debugging('Context id '.$context->id.' does not have valid path, please use build_context_path()');
438 if (is_siteadmin($userid)) {
439 return true;
440 } else {
441 return false;
442 }
443 }
444
445 // Find out if user is admin - it is not possible to override the doanything in any way
446 // and it is not possible to switch to admin role either.
447 if ($doanything) {
448 if (is_siteadmin($userid)) {
449 if ($userid != $USER->id) {
450 return true;
451 }
452 // make sure switchrole is not used in this context
453 if (empty($USER->access['rsw'])) {
454 return true;
455 }
456 $parts = explode('/', trim($context->path, '/'));
457 $path = '';
458 $switched = false;
459 foreach ($parts as $part) {
460 $path .= '/' . $part;
461 if (!empty($USER->access['rsw'][$path])) {
462 $switched = true;
463 break;
464 }
465 }
466 if (!$switched) {
467 return true;
468 }
469 //ok, admin switched role in this context, let's use normal access control rules
470 }
471 }
472
473 // Careful check for staleness...
474 $context->reload_if_dirty();
475
476 if ($USER->id == $userid) {
477 if (!isset($USER->access)) {
478 load_all_capabilities();
479 }
480 $access =& $USER->access;
481
482 } else {
483 // make sure user accessdata is really loaded
484 get_user_accessdata($userid, true);
485 $access =& $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
486 }
487
488
489 // Load accessdata for below-the-course context if necessary,
490 // all contexts at and above all courses are already loaded
491 if ($context->contextlevel != CONTEXT_COURSE and $coursecontext = $context->get_course_context(false)) {
492 load_course_context($userid, $coursecontext, $access);
493 }
494
495 return has_capability_in_accessdata($capability, $context, $access);
496 }
497
498 /**
499 * Check if the user has any one of several capabilities from a list.
500 *
501 * This is just a utility method that calls has_capability in a loop. Try to put
502 * the capabilities that most users are likely to have first in the list for best
503 * performance.
504 *
505 * @category access
506 * @see has_capability()
507 *
508 * @param array $capabilities an array of capability names.
509 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
510 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
511 * @param boolean $doanything If false, ignore effect of admin role assignment
512 * @return boolean true if the user has any of these capabilities. Otherwise false.
513 */
514 function has_any_capability(array $capabilities, context $context, $user = null, $doanything = true) {
515 foreach ($capabilities as $capability) {
516 if (has_capability($capability, $context, $user, $doanything)) {
517 return true;
518 }
519 }
520 return false;
521 }
522
523 /**
524 * Check if the user has all the capabilities in a list.
525 *
526 * This is just a utility method that calls has_capability in a loop. Try to put
527 * the capabilities that fewest users are likely to have first in the list for best
528 * performance.
529 *
530 * @category access
531 * @see has_capability()
532 *
533 * @param array $capabilities an array of capability names.
534 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
535 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
536 * @param boolean $doanything If false, ignore effect of admin role assignment
537 * @return boolean true if the user has all of these capabilities. Otherwise false.
538 */
539 function has_all_capabilities(array $capabilities, context $context, $user = null, $doanything = true) {
540 foreach ($capabilities as $capability) {
541 if (!has_capability($capability, $context, $user, $doanything)) {
542 return false;
543 }
544 }
545 return true;
546 }
547
548 /**
549 * Is course creator going to have capability in a new course?
550 *
551 * This is intended to be used in enrolment plugins before or during course creation,
552 * do not use after the course is fully created.
553 *
554 * @category access
555 *
556 * @param string $capability the name of the capability to check.
557 * @param context $context course or category context where is course going to be created
558 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
559 * @return boolean true if the user will have this capability.
560 *
561 * @throws coding_exception if different type of context submitted
562 */
563 function guess_if_creator_will_have_course_capability($capability, context $context, $user = null) {
564 global $CFG;
565
566 if ($context->contextlevel != CONTEXT_COURSE and $context->contextlevel != CONTEXT_COURSECAT) {
567 throw new coding_exception('Only course or course category context expected');
568 }
569
570 if (has_capability($capability, $context, $user)) {
571 // User already has the capability, it could be only removed if CAP_PROHIBIT
572 // was involved here, but we ignore that.
573 return true;
574 }
575
576 if (!has_capability('moodle/course:create', $context, $user)) {
577 return false;
578 }
579
580 if (!enrol_is_enabled('manual')) {
581 return false;
582 }
583
584 if (empty($CFG->creatornewroleid)) {
585 return false;
586 }
587
588 if ($context->contextlevel == CONTEXT_COURSE) {
589 if (is_viewing($context, $user, 'moodle/role:assign') or is_enrolled($context, $user, 'moodle/role:assign')) {
590 return false;
591 }
592 } else {
593 if (has_capability('moodle/course:view', $context, $user) and has_capability('moodle/role:assign', $context, $user)) {
594 return false;
595 }
596 }
597
598 // Most likely they will be enrolled after the course creation is finished,
599 // does the new role have the required capability?
600 list($neededroles, $forbiddenroles) = get_roles_with_cap_in_context($context, $capability);
601 return isset($neededroles[$CFG->creatornewroleid]);
602 }
603
604 /**
605 * Check if the user is an admin at the site level.
606 *
607 * Please note that use of proper capabilities is always encouraged,
608 * this function is supposed to be used from core or for temporary hacks.
609 *
610 * @category access
611 *
612 * @param int|stdClass $user_or_id user id or user object
613 * @return bool true if user is one of the administrators, false otherwise
614 */
615 function is_siteadmin($user_or_id = null) {
616 global $CFG, $USER;
617
618 if ($user_or_id === null) {
619 $user_or_id = $USER;
620 }
621
622 if (empty($user_or_id)) {
623 return false;
624 }
625 if (!empty($user_or_id->id)) {
626 $userid = $user_or_id->id;
627 } else {
628 $userid = $user_or_id;
629 }
630
631 // Because this script is called many times (150+ for course page) with
632 // the same parameters, it is worth doing minor optimisations. This static
633 // cache stores the value for a single userid, saving about 2ms from course
634 // page load time without using significant memory. As the static cache
635 // also includes the value it depends on, this cannot break unit tests.
636 static $knownid, $knownresult, $knownsiteadmins;
637 if ($knownid === $userid && $knownsiteadmins === $CFG->siteadmins) {
638 return $knownresult;
639 }
640 $knownid = $userid;
641 $knownsiteadmins = $CFG->siteadmins;
642
643 $siteadmins = explode(',', $CFG->siteadmins);
644 $knownresult = in_array($userid, $siteadmins);
645 return $knownresult;
646 }
647
648 /**
649 * Returns true if user has at least one role assign
650 * of 'coursecontact' role (is potentially listed in some course descriptions).
651 *
652 * @param int $userid
653 * @return bool
654 */
655 function has_coursecontact_role($userid) {
656 global $DB, $CFG;
657
658 if (empty($CFG->coursecontact)) {
659 return false;
660 }
661 $sql = "SELECT 1
662 FROM {role_assignments}
663 WHERE userid = :userid AND roleid IN ($CFG->coursecontact)";
664 return $DB->record_exists_sql($sql, array('userid'=>$userid));
665 }
666
667 /**
668 * Does the user have a capability to do something?
669 *
670 * Walk the accessdata array and return true/false.
671 * Deals with prohibits, role switching, aggregating
672 * capabilities, etc.
673 *
674 * The main feature of here is being FAST and with no
675 * side effects.
676 *
677 * Notes:
678 *
679 * Switch Role merges with default role
680 * ------------------------------------
681 * If you are a teacher in course X, you have at least
682 * teacher-in-X + defaultloggedinuser-sitewide. So in the
683 * course you'll have techer+defaultloggedinuser.
684 * We try to mimic that in switchrole.
685 *
686 * Permission evaluation
687 * ---------------------
688 * Originally there was an extremely complicated way
689 * to determine the user access that dealt with
690 * "locality" or role assignments and role overrides.
691 * Now we simply evaluate access for each role separately
692 * and then verify if user has at least one role with allow
693 * and at the same time no role with prohibit.
694 *
695 * @access private
696 * @param string $capability
697 * @param context $context
698 * @param array $accessdata
699 * @return bool
700 */
701 function has_capability_in_accessdata($capability, context $context, array &$accessdata) {
702 global $CFG;
703
704 // Build $paths as a list of current + all parent "paths" with order bottom-to-top
705 $path = $context->path;
706 $paths = array($path);
707 while($path = rtrim($path, '0123456789')) {
708 $path = rtrim($path, '/');
709 if ($path === '') {
710 break;
711 }
712 $paths[] = $path;
713 }
714
715 $roles = array();
716 $switchedrole = false;
717
718 // Find out if role switched
719 if (!empty($accessdata['rsw'])) {
720 // From the bottom up...
721 foreach ($paths as $path) {
722 if (isset($accessdata['rsw'][$path])) {
723 // Found a switchrole assignment - check for that role _plus_ the default user role
724 $roles = array($accessdata['rsw'][$path]=>null, $CFG->defaultuserroleid=>null);
725 $switchedrole = true;
726 break;
727 }
728 }
729 }
730
731 if (!$switchedrole) {
732 // get all users roles in this context and above
733 foreach ($paths as $path) {
734 if (isset($accessdata['ra'][$path])) {
735 foreach ($accessdata['ra'][$path] as $roleid) {
736 $roles[$roleid] = null;
737 }
738 }
739 }
740 }
741
742 // Now find out what access is given to each role, going bottom-->up direction
743 $allowed = false;
744 foreach ($roles as $roleid => $ignored) {
745 foreach ($paths as $path) {
746 if (isset($accessdata['rdef']["{$path}:$roleid"][$capability])) {
747 $perm = (int)$accessdata['rdef']["{$path}:$roleid"][$capability];
748 if ($perm === CAP_PROHIBIT) {
749 // any CAP_PROHIBIT found means no permission for the user
750 return false;
751 }
752 if (is_null($roles[$roleid])) {
753 $roles[$roleid] = $perm;
754 }
755 }
756 }
757 // CAP_ALLOW in any role means the user has a permission, we continue only to detect prohibits
758 $allowed = ($allowed or $roles[$roleid] === CAP_ALLOW);
759 }
760
761 return $allowed;
762 }
763
764 /**
765 * A convenience function that tests has_capability, and displays an error if
766 * the user does not have that capability.
767 *
768 * NOTE before Moodle 2.0, this function attempted to make an appropriate
769 * require_login call before checking the capability. This is no longer the case.
770 * You must call require_login (or one of its variants) if you want to check the
771 * user is logged in, before you call this function.
772 *
773 * @see has_capability()
774 *
775 * @param string $capability the name of the capability to check. For example mod/forum:view
776 * @param context $context the context to check the capability in. You normally get this with context_xxxx::instance().
777 * @param int $userid A user id. By default (null) checks the permissions of the current user.
778 * @param bool $doanything If false, ignore effect of admin role assignment
779 * @param string $errormessage The error string to to user. Defaults to 'nopermissions'.
780 * @param string $stringfile The language file to load the error string from. Defaults to 'error'.
781 * @return void terminates with an error if the user does not have the given capability.
782 */
783 function require_capability($capability, context $context, $userid = null, $doanything = true,
784 $errormessage = 'nopermissions', $stringfile = '') {
785 if (!has_capability($capability, $context, $userid, $doanything)) {
786 throw new required_capability_exception($context, $capability, $errormessage, $stringfile);
787 }
788 }
789
790 /**
791 * Return a nested array showing role assignments
792 * all relevant role capabilities for the user at
793 * site/course_category/course levels
794 *
795 * We do _not_ delve deeper than courses because the number of
796 * overrides at the module/block levels can be HUGE.
797 *
798 * [ra] => [/path][roleid]=roleid
799 * [rdef] => [/path:roleid][capability]=permission
800 *
801 * @access private
802 * @param int $userid - the id of the user
803 * @return array access info array
804 */
805 function get_user_access_sitewide($userid) {
806 global $CFG, $DB, $ACCESSLIB_PRIVATE;
807
808 /* Get in a few cheap DB queries...
809 * - role assignments
810 * - relevant role caps
811 * - above and within this user's RAs
812 * - below this user's RAs - limited to course level
813 */
814
815 // raparents collects paths & roles we need to walk up the parenthood to build the minimal rdef
816 $raparents = array();
817 $accessdata = get_empty_accessdata();
818
819 // start with the default role
820 if (!empty($CFG->defaultuserroleid)) {
821 $syscontext = context_system::instance();
822 $accessdata['ra'][$syscontext->path][(int)$CFG->defaultuserroleid] = (int)$CFG->defaultuserroleid;
823 $raparents[$CFG->defaultuserroleid][$syscontext->id] = $syscontext->id;
824 }
825
826 // load the "default frontpage role"
827 if (!empty($CFG->defaultfrontpageroleid)) {
828 $frontpagecontext = context_course::instance(get_site()->id);
829 if ($frontpagecontext->path) {
830 $accessdata['ra'][$frontpagecontext->path][(int)$CFG->defaultfrontpageroleid] = (int)$CFG->defaultfrontpageroleid;
831 $raparents[$CFG->defaultfrontpageroleid][$frontpagecontext->id] = $frontpagecontext->id;
832 }
833 }
834
835 // preload every assigned role at and above course context
836 $sql = "SELECT ctx.path, ra.roleid, ra.contextid
837 FROM {role_assignments} ra
838 JOIN {context} ctx
839 ON ctx.id = ra.contextid
840 LEFT JOIN {block_instances} bi
841 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
842 LEFT JOIN {context} bpctx
843 ON (bpctx.id = bi.parentcontextid)
844 WHERE ra.userid = :userid
845 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")";
846 $params = array('userid'=>$userid);
847 $rs = $DB->get_recordset_sql($sql, $params);
848 foreach ($rs as $ra) {
849 // RAs leafs are arrays to support multi-role assignments...
850 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
851 $raparents[$ra->roleid][$ra->contextid] = $ra->contextid;
852 }
853 $rs->close();
854
855 if (empty($raparents)) {
856 return $accessdata;
857 }
858
859 // now get overrides of interesting roles in all interesting child contexts
860 // hopefully we will not run out of SQL limits here,
861 // users would have to have very many roles at/above course context...
862 $sqls = array();
863 $params = array();
864
865 static $cp = 0;
866 foreach ($raparents as $roleid=>$ras) {
867 $cp++;
868 list($sqlcids, $cids) = $DB->get_in_or_equal($ras, SQL_PARAMS_NAMED, 'c'.$cp.'_');
869 $params = array_merge($params, $cids);
870 $params['r'.$cp] = $roleid;
871 $sqls[] = "(SELECT ctx.path, rc.roleid, rc.capability, rc.permission
872 FROM {role_capabilities} rc
873 JOIN {context} ctx
874 ON (ctx.id = rc.contextid)
875 JOIN {context} pctx
876 ON (pctx.id $sqlcids
877 AND (ctx.id = pctx.id
878 OR ctx.path LIKE ".$DB->sql_concat('pctx.path',"'/%'")."
879 OR pctx.path LIKE ".$DB->sql_concat('ctx.path',"'/%'")."))
880 LEFT JOIN {block_instances} bi
881 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
882 LEFT JOIN {context} bpctx
883 ON (bpctx.id = bi.parentcontextid)
884 WHERE rc.roleid = :r{$cp}
885 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")
886 )";
887 }
888
889 // fixed capability order is necessary for rdef dedupe
890 $rs = $DB->get_recordset_sql(implode("\nUNION\n", $sqls). "ORDER BY capability", $params);
891
892 foreach ($rs as $rd) {
893 $k = $rd->path.':'.$rd->roleid;
894 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
895 }
896 $rs->close();
897
898 // share the role definitions
899 foreach ($accessdata['rdef'] as $k=>$unused) {
900 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
901 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
902 }
903 $accessdata['rdef_count']++;
904 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
905 }
906
907 return $accessdata;
908 }
909
910 /**
911 * Add to the access ctrl array the data needed by a user for a given course.
912 *
913 * This function injects all course related access info into the accessdata array.
914 *
915 * @access private
916 * @param int $userid the id of the user
917 * @param context_course $coursecontext course context
918 * @param array $accessdata accessdata array (modified)
919 * @return void modifies $accessdata parameter
920 */
921 function load_course_context($userid, context_course $coursecontext, &$accessdata) {
922 global $DB, $CFG, $ACCESSLIB_PRIVATE;
923
924 if (empty($coursecontext->path)) {
925 // weird, this should not happen
926 return;
927 }
928
929 if (isset($accessdata['loaded'][$coursecontext->instanceid])) {
930 // already loaded, great!
931 return;
932 }
933
934 $roles = array();
935
936 if (empty($userid)) {
937 if (!empty($CFG->notloggedinroleid)) {
938 $roles[$CFG->notloggedinroleid] = $CFG->notloggedinroleid;
939 }
940
941 } else if (isguestuser($userid)) {
942 if ($guestrole = get_guest_role()) {
943 $roles[$guestrole->id] = $guestrole->id;
944 }
945
946 } else {
947 // Interesting role assignments at, above and below the course context
948 list($parentsaself, $params) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
949 $params['userid'] = $userid;
950 $params['children'] = $coursecontext->path."/%";
951 $sql = "SELECT ra.*, ctx.path
952 FROM {role_assignments} ra
953 JOIN {context} ctx ON ra.contextid = ctx.id
954 WHERE ra.userid = :userid AND (ctx.id $parentsaself OR ctx.path LIKE :children)";
955 $rs = $DB->get_recordset_sql($sql, $params);
956
957 // add missing role definitions
958 foreach ($rs as $ra) {
959 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
960 $roles[$ra->roleid] = $ra->roleid;
961 }
962 $rs->close();
963
964 // add the "default frontpage role" when on the frontpage
965 if (!empty($CFG->defaultfrontpageroleid)) {
966 $frontpagecontext = context_course::instance(get_site()->id);
967 if ($frontpagecontext->id == $coursecontext->id) {
968 $roles[$CFG->defaultfrontpageroleid] = $CFG->defaultfrontpageroleid;
969 }
970 }
971
972 // do not forget the default role
973 if (!empty($CFG->defaultuserroleid)) {
974 $roles[$CFG->defaultuserroleid] = $CFG->defaultuserroleid;
975 }
976 }
977
978 if (!$roles) {
979 // weird, default roles must be missing...
980 $accessdata['loaded'][$coursecontext->instanceid] = 1;
981 return;
982 }
983
984 // now get overrides of interesting roles in all interesting contexts (this course + children + parents)
985 $params = array('c'=>$coursecontext->id);
986 list($parentsaself, $rparams) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
987 $params = array_merge($params, $rparams);
988 list($roleids, $rparams) = $DB->get_in_or_equal($roles, SQL_PARAMS_NAMED, 'r_');
989 $params = array_merge($params, $rparams);
990
991 $sql = "SELECT ctx.path, rc.roleid, rc.capability, rc.permission
992 FROM {role_capabilities} rc
993 JOIN {context} ctx
994 ON (ctx.id = rc.contextid)
995 JOIN {context} cctx
996 ON (cctx.id = :c
997 AND (ctx.id $parentsaself OR ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'")."))
998 WHERE rc.roleid $roleids
999 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
1000 $rs = $DB->get_recordset_sql($sql, $params);
1001
1002 $newrdefs = array();
1003 foreach ($rs as $rd) {
1004 $k = $rd->path.':'.$rd->roleid;
1005 if (isset($accessdata['rdef'][$k])) {
1006 continue;
1007 }
1008 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
1009 }
1010 $rs->close();
1011
1012 // share new role definitions
1013 foreach ($newrdefs as $k=>$unused) {
1014 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
1015 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
1016 }
1017 $accessdata['rdef_count']++;
1018 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1019 }
1020
1021 $accessdata['loaded'][$coursecontext->instanceid] = 1;
1022
1023 // we want to deduplicate the USER->access from time to time, this looks like a good place,
1024 // because we have to do it before the end of session
1025 dedupe_user_access();
1026 }
1027
1028 /**
1029 * Add to the access ctrl array the data needed by a role for a given context.
1030 *
1031 * The data is added in the rdef key.
1032 * This role-centric function is useful for role_switching
1033 * and temporary course roles.
1034 *
1035 * @access private
1036 * @param int $roleid the id of the user
1037 * @param context $context needs path!
1038 * @param array $accessdata accessdata array (is modified)
1039 * @return array
1040 */
1041 function load_role_access_by_context($roleid, context $context, &$accessdata) {
1042 global $DB, $ACCESSLIB_PRIVATE;
1043
1044 /* Get the relevant rolecaps into rdef
1045 * - relevant role caps
1046 * - at ctx and above
1047 * - below this ctx
1048 */
1049
1050 if (empty($context->path)) {
1051 // weird, this should not happen
1052 return;
1053 }
1054
1055 list($parentsaself, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
1056 $params['roleid'] = $roleid;
1057 $params['childpath'] = $context->path.'/%';
1058
1059 $sql = "SELECT ctx.path, rc.capability, rc.permission
1060 FROM {role_capabilities} rc
1061 JOIN {context} ctx ON (rc.contextid = ctx.id)
1062 WHERE rc.roleid = :roleid AND (ctx.id $parentsaself OR ctx.path LIKE :childpath)
1063 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
1064 $rs = $DB->get_recordset_sql($sql, $params);
1065
1066 $newrdefs = array();
1067 foreach ($rs as $rd) {
1068 $k = $rd->path.':'.$roleid;
1069 if (isset($accessdata['rdef'][$k])) {
1070 continue;
1071 }
1072 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
1073 }
1074 $rs->close();
1075
1076 // share new role definitions
1077 foreach ($newrdefs as $k=>$unused) {
1078 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
1079 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
1080 }
1081 $accessdata['rdef_count']++;
1082 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1083 }
1084 }
1085
1086 /**
1087 * Returns empty accessdata structure.
1088 *
1089 * @access private
1090 * @return array empt accessdata
1091 */
1092 function get_empty_accessdata() {
1093 $accessdata = array(); // named list
1094 $accessdata['ra'] = array();
1095 $accessdata['rdef'] = array();
1096 $accessdata['rdef_count'] = 0; // this bloody hack is necessary because count($array) is slooooowwww in PHP
1097 $accessdata['rdef_lcc'] = 0; // rdef_count during the last compression
1098 $accessdata['loaded'] = array(); // loaded course contexts
1099 $accessdata['time'] = time();
1100 $accessdata['rsw'] = array();
1101
1102 return $accessdata;
1103 }
1104
1105 /**
1106 * Get accessdata for a given user.
1107 *
1108 * @access private
1109 * @param int $userid
1110 * @param bool $preloadonly true means do not return access array
1111 * @return array accessdata
1112 */
1113 function get_user_accessdata($userid, $preloadonly=false) {
1114 global $CFG, $ACCESSLIB_PRIVATE, $USER;
1115
1116 if (!empty($USER->access['rdef']) and empty($ACCESSLIB_PRIVATE->rolepermissions)) {
1117 // share rdef from USER session with rolepermissions cache in order to conserve memory
1118 foreach ($USER->access['rdef'] as $k=>$v) {
1119 $ACCESSLIB_PRIVATE->rolepermissions[$k] =& $USER->access['rdef'][$k];
1120 }
1121 $ACCESSLIB_PRIVATE->accessdatabyuser[$USER->id] = $USER->access;
1122 }
1123
1124 if (!isset($ACCESSLIB_PRIVATE->accessdatabyuser[$userid])) {
1125 if (empty($userid)) {
1126 if (!empty($CFG->notloggedinroleid)) {
1127 $accessdata = get_role_access($CFG->notloggedinroleid);
1128 } else {
1129 // weird
1130 return get_empty_accessdata();
1131 }
1132
1133 } else if (isguestuser($userid)) {
1134 if ($guestrole = get_guest_role()) {
1135 $accessdata = get_role_access($guestrole->id);
1136 } else {
1137 //weird
1138 return get_empty_accessdata();
1139 }
1140
1141 } else {
1142 $accessdata = get_user_access_sitewide($userid); // includes default role and frontpage role
1143 }
1144
1145 $ACCESSLIB_PRIVATE->accessdatabyuser[$userid] = $accessdata;
1146 }
1147
1148 if ($preloadonly) {
1149 return;
1150 } else {
1151 return $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
1152 }
1153 }
1154
1155 /**
1156 * Try to minimise the size of $USER->access by eliminating duplicate override storage,
1157 * this function looks for contexts with the same overrides and shares them.
1158 *
1159 * @access private
1160 * @return void
1161 */
1162 function dedupe_user_access() {
1163 global $USER;
1164
1165 if (CLI_SCRIPT) {
1166 // no session in CLI --> no compression necessary
1167 return;
1168 }
1169
1170 if (empty($USER->access['rdef_count'])) {
1171 // weird, this should not happen
1172 return;
1173 }
1174
1175 // the rdef is growing only, we never remove stuff from it, the rdef_lcc helps us to detect new stuff in rdef
1176 if ($USER->access['rdef_count'] - $USER->access['rdef_lcc'] > 10) {
1177 // do not compress after each change, wait till there is more stuff to be done
1178 return;
1179 }
1180
1181 $hashmap = array();
1182 foreach ($USER->access['rdef'] as $k=>$def) {
1183 $hash = sha1(serialize($def));
1184 if (isset($hashmap[$hash])) {
1185 $USER->access['rdef'][$k] =& $hashmap[$hash];
1186 } else {
1187 $hashmap[$hash] =& $USER->access['rdef'][$k];
1188 }
1189 }
1190
1191 $USER->access['rdef_lcc'] = $USER->access['rdef_count'];
1192 }
1193
1194 /**
1195 * A convenience function to completely load all the capabilities
1196 * for the current user. It is called from has_capability() and functions change permissions.
1197 *
1198 * Call it only _after_ you've setup $USER and called check_enrolment_plugins();
1199 * @see check_enrolment_plugins()
1200 *
1201 * @access private
1202 * @return void
1203 */
1204 function load_all_capabilities() {
1205 global $USER;
1206
1207 // roles not installed yet - we are in the middle of installation
1208 if (during_initial_install()) {
1209 return;
1210 }
1211
1212 if (!isset($USER->id)) {
1213 // this should not happen
1214 $USER->id = 0;
1215 }
1216
1217 unset($USER->access);
1218 $USER->access = get_user_accessdata($USER->id);
1219
1220 // deduplicate the overrides to minimize session size
1221 dedupe_user_access();
1222
1223 // Clear to force a refresh
1224 unset($USER->mycourses);
1225
1226 // init/reset internal enrol caches - active course enrolments and temp access
1227 $USER->enrol = array('enrolled'=>array(), 'tempguest'=>array());
1228 }
1229
1230 /**
1231 * A convenience function to completely reload all the capabilities
1232 * for the current user when roles have been updated in a relevant
1233 * context -- but PRESERVING switchroles and loginas.
1234 * This function resets all accesslib and context caches.
1235 *
1236 * That is - completely transparent to the user.
1237 *
1238 * Note: reloads $USER->access completely.
1239 *
1240 * @access private
1241 * @return void
1242 */
1243 function reload_all_capabilities() {
1244 global $USER, $DB, $ACCESSLIB_PRIVATE;
1245
1246 // copy switchroles
1247 $sw = array();
1248 if (!empty($USER->access['rsw'])) {
1249 $sw = $USER->access['rsw'];
1250 }
1251
1252 accesslib_clear_all_caches(true);
1253 unset($USER->access);
1254 $ACCESSLIB_PRIVATE->dirtycontexts = array(); // prevent dirty flags refetching on this page
1255
1256 load_all_capabilities();
1257
1258 foreach ($sw as $path => $roleid) {
1259 if ($record = $DB->get_record('context', array('path'=>$path))) {
1260 $context = context::instance_by_id($record->id);
1261 role_switch($roleid, $context);
1262 }
1263 }
1264 }
1265
1266 /**
1267 * Adds a temp role to current USER->access array.
1268 *
1269 * Useful for the "temporary guest" access we grant to logged-in users.
1270 * This is useful for enrol plugins only.
1271 *
1272 * @since Moodle 2.2
1273 * @param context_course $coursecontext
1274 * @param int $roleid
1275 * @return void
1276 */
1277 function load_temp_course_role(context_course $coursecontext, $roleid) {
1278 global $USER, $SITE;
1279
1280 if (empty($roleid)) {
1281 debugging('invalid role specified in load_temp_course_role()');
1282 return;
1283 }
1284
1285 if ($coursecontext->instanceid == $SITE->id) {
1286 debugging('Can not use temp roles on the frontpage');
1287 return;
1288 }
1289
1290 if (!isset($USER->access)) {
1291 load_all_capabilities();
1292 }
1293
1294 $coursecontext->reload_if_dirty();
1295
1296 if (isset($USER->access['ra'][$coursecontext->path][$roleid])) {
1297 return;
1298 }
1299
1300 // load course stuff first
1301 load_course_context($USER->id, $coursecontext, $USER->access);
1302
1303 $USER->access['ra'][$coursecontext->path][(int)$roleid] = (int)$roleid;
1304
1305 load_role_access_by_context($roleid, $coursecontext, $USER->access);
1306 }
1307
1308 /**
1309 * Removes any extra guest roles from current USER->access array.
1310 * This is useful for enrol plugins only.
1311 *
1312 * @since Moodle 2.2
1313 * @param context_course $coursecontext
1314 * @return void
1315 */
1316 function remove_temp_course_roles(context_course $coursecontext) {
1317 global $DB, $USER, $SITE;
1318
1319 if ($coursecontext->instanceid == $SITE->id) {
1320 debugging('Can not use temp roles on the frontpage');
1321 return;
1322 }
1323
1324 if (empty($USER->access['ra'][$coursecontext->path])) {
1325 //no roles here, weird
1326 return;
1327 }
1328
1329 $sql = "SELECT DISTINCT ra.roleid AS id
1330 FROM {role_assignments} ra
1331 WHERE ra.contextid = :contextid AND ra.userid = :userid";
1332 $ras = $DB->get_records_sql($sql, array('contextid'=>$coursecontext->id, 'userid'=>$USER->id));
1333
1334 $USER->access['ra'][$coursecontext->path] = array();
1335 foreach($ras as $r) {
1336 $USER->access['ra'][$coursecontext->path][(int)$r->id] = (int)$r->id;
1337 }
1338 }
1339
1340 /**
1341 * Returns array of all role archetypes.
1342 *
1343 * @return array
1344 */
1345 function get_role_archetypes() {
1346 return array(
1347 'manager' => 'manager',
1348 'coursecreator' => 'coursecreator',
1349 'editingteacher' => 'editingteacher',
1350 'teacher' => 'teacher',
1351 'student' => 'student',
1352 'guest' => 'guest',
1353 'user' => 'user',
1354 'frontpage' => 'frontpage'
1355 );
1356 }
1357
1358 /**
1359 * Assign the defaults found in this capability definition to roles that have
1360 * the corresponding legacy capabilities assigned to them.
1361 *
1362 * @param string $capability
1363 * @param array $legacyperms an array in the format (example):
1364 * 'guest' => CAP_PREVENT,
1365 * 'student' => CAP_ALLOW,
1366 * 'teacher' => CAP_ALLOW,
1367 * 'editingteacher' => CAP_ALLOW,
1368 * 'coursecreator' => CAP_ALLOW,
1369 * 'manager' => CAP_ALLOW
1370 * @return boolean success or failure.
1371 */
1372 function assign_legacy_capabilities($capability, $legacyperms) {
1373
1374 $archetypes = get_role_archetypes();
1375
1376 foreach ($legacyperms as $type => $perm) {
1377
1378 $systemcontext = context_system::instance();
1379 if ($type === 'admin') {
1380 debugging('Legacy type admin in access.php was renamed to manager, please update the code.');
1381 $type = 'manager';
1382 }
1383
1384 if (!array_key_exists($type, $archetypes)) {
1385 print_error('invalidlegacy', '', '', $type);
1386 }
1387
1388 if ($roles = get_archetype_roles($type)) {
1389 foreach ($roles as $role) {
1390 // Assign a site level capability.
1391 if (!assign_capability($capability, $perm, $role->id, $systemcontext->id)) {
1392 return false;
1393 }
1394 }
1395 }
1396 }
1397 return true;
1398 }
1399
1400 /**
1401 * Verify capability risks.
1402 *
1403 * @param stdClass $capability a capability - a row from the capabilities table.
1404 * @return boolean whether this capability is safe - that is, whether people with the
1405 * safeoverrides capability should be allowed to change it.
1406 */
1407 function is_safe_capability($capability) {
1408 return !((RISK_DATALOSS | RISK_MANAGETRUST | RISK_CONFIG | RISK_XSS | RISK_PERSONAL) & $capability->riskbitmask);
1409 }
1410
1411 /**
1412 * Get the local override (if any) for a given capability in a role in a context
1413 *
1414 * @param int $roleid
1415 * @param int $contextid
1416 * @param string $capability
1417 * @return stdClass local capability override
1418 */
1419 function get_local_override($roleid, $contextid, $capability) {
1420 global $DB;
1421 return $DB->get_record('role_capabilities', array('roleid'=>$roleid, 'capability'=>$capability, 'contextid'=>$contextid));
1422 }
1423
1424 /**
1425 * Returns context instance plus related course and cm instances
1426 *
1427 * @param int $contextid
1428 * @return array of ($context, $course, $cm)
1429 */
1430 function get_context_info_array($contextid) {
1431 global $DB;
1432
1433 $context = context::instance_by_id($contextid, MUST_EXIST);
1434 $course = null;
1435 $cm = null;
1436
1437 if ($context->contextlevel == CONTEXT_COURSE) {
1438 $course = $DB->get_record('course', array('id'=>$context->instanceid), '*', MUST_EXIST);
1439
1440 } else if ($context->contextlevel == CONTEXT_MODULE) {
1441 $cm = get_coursemodule_from_id('', $context->instanceid, 0, false, MUST_EXIST);
1442 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1443
1444 } else if ($context->contextlevel == CONTEXT_BLOCK) {
1445 $parent = $context->get_parent_context();
1446
1447 if ($parent->contextlevel == CONTEXT_COURSE) {
1448 $course = $DB->get_record('course', array('id'=>$parent->instanceid), '*', MUST_EXIST);
1449 } else if ($parent->contextlevel == CONTEXT_MODULE) {
1450 $cm = get_coursemodule_from_id('', $parent->instanceid, 0, false, MUST_EXIST);
1451 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1452 }
1453 }
1454
1455 return array($context, $course, $cm);
1456 }
1457
1458 /**
1459 * Function that creates a role
1460 *
1461 * @param string $name role name
1462 * @param string $shortname role short name
1463 * @param string $description role description
1464 * @param string $archetype
1465 * @return int id or dml_exception
1466 */
1467 function create_role($name, $shortname, $description, $archetype = '') {
1468 global $DB;
1469
1470 if (strpos($archetype, 'moodle/legacy:') !== false) {
1471 throw new coding_exception('Use new role archetype parameter in create_role() instead of old legacy capabilities.');
1472 }
1473
1474 // verify role archetype actually exists
1475 $archetypes = get_role_archetypes();
1476 if (empty($archetypes[$archetype])) {
1477 $archetype = '';
1478 }
1479
1480 // Insert the role record.
1481 $role = new stdClass();
1482 $role->name = $name;
1483 $role->shortname = $shortname;
1484 $role->description = $description;
1485 $role->archetype = $archetype;
1486
1487 //find free sortorder number
1488 $role->sortorder = $DB->get_field('role', 'MAX(sortorder) + 1', array());
1489 if (empty($role->sortorder)) {
1490 $role->sortorder = 1;
1491 }
1492 $id = $DB->insert_record('role', $role);
1493
1494 return $id;
1495 }
1496
1497 /**
1498 * Function that deletes a role and cleanups up after it
1499 *
1500 * @param int $roleid id of role to delete
1501 * @return bool always true
1502 */
1503 function delete_role($roleid) {
1504 global $DB;
1505
1506 // first unssign all users
1507 role_unassign_all(array('roleid'=>$roleid));
1508
1509 // cleanup all references to this role, ignore errors
1510 $DB->delete_records('role_capabilities', array('roleid'=>$roleid));
1511 $DB->delete_records('role_allow_assign', array('roleid'=>$roleid));
1512 $DB->delete_records('role_allow_assign', array('allowassign'=>$roleid));
1513 $DB->delete_records('role_allow_override', array('roleid'=>$roleid));
1514 $DB->delete_records('role_allow_override', array('allowoverride'=>$roleid));
1515 $DB->delete_records('role_names', array('roleid'=>$roleid));
1516 $DB->delete_records('role_context_levels', array('roleid'=>$roleid));
1517
1518 // Get role record before it's deleted.
1519 $role = $DB->get_record('role', array('id'=>$roleid));
1520
1521 // Finally delete the role itself.
1522 $DB->delete_records('role', array('id'=>$roleid));
1523
1524 // Trigger event.
1525 $event = \core\event\role_deleted::create(
1526 array(
1527 'context' => context_system::instance(),
1528 'objectid' => $roleid,
1529 'other' =>
1530 array(
1531 'shortname' => $role->shortname,
1532 'description' => $role->description,
1533 'archetype' => $role->archetype
1534 )
1535 )
1536 );
1537 $event->add_record_snapshot('role', $role);
1538 $event->trigger();
1539
1540 return true;
1541 }
1542
1543 /**
1544 * Function to write context specific overrides, or default capabilities.
1545 *
1546 * NOTE: use $context->mark_dirty() after this
1547 *
1548 * @param string $capability string name
1549 * @param int $permission CAP_ constants
1550 * @param int $roleid role id
1551 * @param int|context $contextid context id
1552 * @param bool $overwrite
1553 * @return bool always true or exception
1554 */
1555 function assign_capability($capability, $permission, $roleid, $contextid, $overwrite = false) {
1556 global $USER, $DB;
1557
1558 if ($contextid instanceof context) {
1559 $context = $contextid;
1560 } else {
1561 $context = context::instance_by_id($contextid);
1562 }
1563
1564 if (empty($permission) || $permission == CAP_INHERIT) { // if permission is not set
1565 unassign_capability($capability, $roleid, $context->id);
1566 return true;
1567 }
1568
1569 $existing = $DB->get_record('role_capabilities', array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability));
1570
1571 if ($existing and !$overwrite) { // We want to keep whatever is there already
1572 return true;
1573 }
1574
1575 $cap = new stdClass();
1576 $cap->contextid = $context->id;
1577 $cap->roleid = $roleid;
1578 $cap->capability = $capability;
1579 $cap->permission = $permission;
1580 $cap->timemodified = time();
1581 $cap->modifierid = empty($USER->id) ? 0 : $USER->id;
1582
1583 if ($existing) {
1584 $cap->id = $existing->id;
1585 $DB->update_record('role_capabilities', $cap);
1586 } else {
1587 if ($DB->record_exists('context', array('id'=>$context->id))) {
1588 $DB->insert_record('role_capabilities', $cap);
1589 }
1590 }
1591 return true;
1592 }
1593
1594 /**
1595 * Unassign a capability from a role.
1596 *
1597 * NOTE: use $context->mark_dirty() after this
1598 *
1599 * @param string $capability the name of the capability
1600 * @param int $roleid the role id
1601 * @param int|context $contextid null means all contexts
1602 * @return boolean true or exception
1603 */
1604 function unassign_capability($capability, $roleid, $contextid = null) {
1605 global $DB;
1606
1607 if (!empty($contextid)) {
1608 if ($contextid instanceof context) {
1609 $context = $contextid;
1610 } else {
1611 $context = context::instance_by_id($contextid);
1612 }
1613 // delete from context rel, if this is the last override in this context
1614 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid, 'contextid'=>$context->id));
1615 } else {
1616 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid));
1617 }
1618 return true;
1619 }
1620
1621 /**
1622 * Get the roles that have a given capability assigned to it
1623 *
1624 * This function does not resolve the actual permission of the capability.
1625 * It just checks for permissions and overrides.
1626 * Use get_roles_with_cap_in_context() if resolution is required.
1627 *
1628 * @param string $capability capability name (string)
1629 * @param string $permission optional, the permission defined for this capability
1630 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT. Defaults to null which means any.
1631 * @param stdClass $context null means any
1632 * @return array of role records
1633 */
1634 function get_roles_with_capability($capability, $permission = null, $context = null) {
1635 global $DB;
1636
1637 if ($context) {
1638 $contexts = $context->get_parent_context_ids(true);
1639 list($insql, $params) = $DB->get_in_or_equal($contexts, SQL_PARAMS_NAMED, 'ctx');
1640 $contextsql = "AND rc.contextid $insql";
1641 } else {
1642 $params = array();
1643 $contextsql = '';
1644 }
1645
1646 if ($permission) {
1647 $permissionsql = " AND rc.permission = :permission";
1648 $params['permission'] = $permission;
1649 } else {
1650 $permissionsql = '';
1651 }
1652
1653 $sql = "SELECT r.*
1654 FROM {role} r
1655 WHERE r.id IN (SELECT rc.roleid
1656 FROM {role_capabilities} rc
1657 WHERE rc.capability = :capname
1658 $contextsql
1659 $permissionsql)";
1660 $params['capname'] = $capability;
1661
1662
1663 return $DB->get_records_sql($sql, $params);
1664 }
1665
1666 /**
1667 * This function makes a role-assignment (a role for a user in a particular context)
1668 *
1669 * @param int $roleid the role of the id
1670 * @param int $userid userid
1671 * @param int|context $contextid id of the context
1672 * @param string $component example 'enrol_ldap', defaults to '' which means manual assignment,
1673 * @param int $itemid id of enrolment/auth plugin
1674 * @param string $timemodified defaults to current time
1675 * @return int new/existing id of the assignment
1676 */
1677 function role_assign($roleid, $userid, $contextid, $component = '', $itemid = 0, $timemodified = '') {
1678 global $USER, $DB;
1679
1680 // first of all detect if somebody is using old style parameters
1681 if ($contextid === 0 or is_numeric($component)) {
1682 throw new coding_exception('Invalid call to role_assign(), code needs to be updated to use new order of parameters');
1683 }
1684
1685 // now validate all parameters
1686 if (empty($roleid)) {
1687 throw new coding_exception('Invalid call to role_assign(), roleid can not be empty');
1688 }
1689
1690 if (empty($userid)) {
1691 throw new coding_exception('Invalid call to role_assign(), userid can not be empty');
1692 }
1693
1694 if ($itemid) {
1695 if (strpos($component, '_') === false) {
1696 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as"enrol_" when itemid specified', 'component:'.$component);
1697 }
1698 } else {
1699 $itemid = 0;
1700 if ($component !== '' and strpos($component, '_') === false) {
1701 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1702 }
1703 }
1704
1705 if (!$DB->record_exists('user', array('id'=>$userid, 'deleted'=>0))) {
1706 throw new coding_exception('User ID does not exist or is deleted!', 'userid:'.$userid);
1707 }
1708
1709 if ($contextid instanceof context) {
1710 $context = $contextid;
1711 } else {
1712 $context = context::instance_by_id($contextid, MUST_EXIST);
1713 }
1714
1715 if (!$timemodified) {
1716 $timemodified = time();
1717 }
1718
1719 // Check for existing entry
1720 $ras = $DB->get_records('role_assignments', array('roleid'=>$roleid, 'contextid'=>$context->id, 'userid'=>$userid, 'component'=>$component, 'itemid'=>$itemid), 'id');
1721
1722 if ($ras) {
1723 // role already assigned - this should not happen
1724 if (count($ras) > 1) {
1725 // very weird - remove all duplicates!
1726 $ra = array_shift($ras);
1727 foreach ($ras as $r) {
1728 $DB->delete_records('role_assignments', array('id'=>$r->id));
1729 }
1730 } else {
1731 $ra = reset($ras);
1732 }
1733
1734 // actually there is no need to update, reset anything or trigger any event, so just return
1735 return $ra->id;
1736 }
1737
1738 // Create a new entry
1739 $ra = new stdClass();
1740 $ra->roleid = $roleid;
1741 $ra->contextid = $context->id;
1742 $ra->userid = $userid;
1743 $ra->component = $component;
1744 $ra->itemid = $itemid;
1745 $ra->timemodified = $timemodified;
1746 $ra->modifierid = empty($USER->id) ? 0 : $USER->id;
1747 $ra->sortorder = 0;
1748
1749 $ra->id = $DB->insert_record('role_assignments', $ra);
1750
1751 // mark context as dirty - again expensive, but needed
1752 $context->mark_dirty();
1753
1754 if (!empty($USER->id) && $USER->id == $userid) {
1755 // If the user is the current user, then do full reload of capabilities too.
1756 reload_all_capabilities();
1757 }
1758
1759 $event = \core\event\role_assigned::create(array(
1760 'context' => $context,
1761 'objectid' => $ra->roleid,
1762 'relateduserid' => $ra->userid,
1763 'other' => array(
1764 'id' => $ra->id,
1765 'component' => $ra->component,
1766 'itemid' => $ra->itemid
1767 )
1768 ));
1769 $event->add_record_snapshot('role_assignments', $ra);
1770 $event->trigger();
1771
1772 return $ra->id;
1773 }
1774
1775 /**
1776 * Removes one role assignment
1777 *
1778 * @param int $roleid
1779 * @param int $userid
1780 * @param int $contextid
1781 * @param string $component
1782 * @param int $itemid
1783 * @return void
1784 */
1785 function role_unassign($roleid, $userid, $contextid, $component = '', $itemid = 0) {
1786 // first make sure the params make sense
1787 if ($roleid == 0 or $userid == 0 or $contextid == 0) {
1788 throw new coding_exception('Invalid call to role_unassign(), please use role_unassign_all() when removing multiple role assignments');
1789 }
1790
1791 if ($itemid) {
1792 if (strpos($component, '_') === false) {
1793 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as "enrol_" when itemid specified', 'component:'.$component);
1794 }
1795 } else {
1796 $itemid = 0;
1797 if ($component !== '' and strpos($component, '_') === false) {
1798 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1799 }
1800 }
1801
1802 role_unassign_all(array('roleid'=>$roleid, 'userid'=>$userid, 'contextid'=>$contextid, 'component'=>$component, 'itemid'=>$itemid), false, false);
1803 }
1804
1805 /**
1806 * Removes multiple role assignments, parameters may contain:
1807 * 'roleid', 'userid', 'contextid', 'component', 'enrolid'.
1808 *
1809 * @param array $params role assignment parameters
1810 * @param bool $subcontexts unassign in subcontexts too
1811 * @param bool $includemanual include manual role assignments too
1812 * @return void
1813 */
1814 function role_unassign_all(array $params, $subcontexts = false, $includemanual = false) {
1815 global $USER, $CFG, $DB;
1816
1817 if (!$params) {
1818 throw new coding_exception('Missing parameters in role_unsassign_all() call');
1819 }
1820
1821 $allowed = array('roleid', 'userid', 'contextid', 'component', 'itemid');
1822 foreach ($params as $key=>$value) {
1823 if (!in_array($key, $allowed)) {
1824 throw new coding_exception('Unknown role_unsassign_all() parameter key', 'key:'.$key);
1825 }
1826 }
1827
1828 if (isset($params['component']) and $params['component'] !== '' and strpos($params['component'], '_') === false) {
1829 throw new coding_exception('Invalid component paramter in role_unsassign_all() call', 'component:'.$params['component']);
1830 }
1831
1832 if ($includemanual) {
1833 if (!isset($params['component']) or $params['component'] === '') {
1834 throw new coding_exception('include manual parameter requires component parameter in role_unsassign_all() call');
1835 }
1836 }
1837
1838 if ($subcontexts) {
1839 if (empty($params['contextid'])) {
1840 throw new coding_exception('subcontexts paramtere requires component parameter in role_unsassign_all() call');
1841 }
1842 }
1843
1844 $ras = $DB->get_records('role_assignments', $params);
1845 foreach($ras as $ra) {
1846 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1847 if ($context = context::instance_by_id($ra->contextid, IGNORE_MISSING)) {
1848 // this is a bit expensive but necessary
1849 $context->mark_dirty();
1850 // If the user is the current user, then do full reload of capabilities too.
1851 if (!empty($USER->id) && $USER->id == $ra->userid) {
1852 reload_all_capabilities();
1853 }
1854 $event = \core\event\role_unassigned::create(array(
1855 'context' => $context,
1856 'objectid' => $ra->roleid,
1857 'relateduserid' => $ra->userid,
1858 'other' => array(
1859 'id' => $ra->id,
1860 'component' => $ra->component,
1861 'itemid' => $ra->itemid
1862 )
1863 ));
1864 $event->add_record_snapshot('role_assignments', $ra);
1865 $event->trigger();
1866 }
1867 }
1868 unset($ras);
1869
1870 // process subcontexts
1871 if ($subcontexts and $context = context::instance_by_id($params['contextid'], IGNORE_MISSING)) {
1872 if ($params['contextid'] instanceof context) {
1873 $context = $params['contextid'];
1874 } else {
1875 $context = context::instance_by_id($params['contextid'], IGNORE_MISSING);
1876 }
1877
1878 if ($context) {
1879 $contexts = $context->get_child_contexts();
1880 $mparams = $params;
1881 foreach($contexts as $context) {
1882 $mparams['contextid'] = $context->id;
1883 $ras = $DB->get_records('role_assignments', $mparams);
1884 foreach($ras as $ra) {
1885 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1886 // this is a bit expensive but necessary
1887 $context->mark_dirty();
1888 // If the user is the current user, then do full reload of capabilities too.
1889 if (!empty($USER->id) && $USER->id == $ra->userid) {
1890 reload_all_capabilities();
1891 }
1892 $event = \core\event\role_unassigned::create(
1893 array('context'=>$context, 'objectid'=>$ra->roleid, 'relateduserid'=>$ra->userid,
1894 'other'=>array('id'=>$ra->id, 'component'=>$ra->component, 'itemid'=>$ra->itemid)));
1895 $event->add_record_snapshot('role_assignments', $ra);
1896 $event->trigger();
1897 }
1898 }
1899 }
1900 }
1901
1902 // do this once more for all manual role assignments
1903 if ($includemanual) {
1904 $params['component'] = '';
1905 role_unassign_all($params, $subcontexts, false);
1906 }
1907 }
1908
1909 /**
1910 * Determines if a user is currently logged in
1911 *
1912 * @category access
1913 *
1914 * @return bool
1915 */
1916 function isloggedin() {
1917 global $USER;
1918
1919 return (!empty($USER->id));
1920 }
1921
1922 /**
1923 * Determines if a user is logged in as real guest user with username 'guest'.
1924 *
1925 * @category access
1926 *
1927 * @param int|object $user mixed user object or id, $USER if not specified
1928 * @return bool true if user is the real guest user, false if not logged in or other user
1929 */
1930 function isguestuser($user = null) {
1931 global $USER, $DB, $CFG;
1932
1933 // make sure we have the user id cached in config table, because we are going to use it a lot
1934 if (empty($CFG->siteguest)) {
1935 if (!$guestid = $DB->get_field('user', 'id', array('username'=>'guest', 'mnethostid'=>$CFG->mnet_localhost_id))) {
1936 // guest does not exist yet, weird
1937 return false;
1938 }
1939 set_config('siteguest', $guestid);
1940 }
1941 if ($user === null) {
1942 $user = $USER;
1943 }
1944
1945 if ($user === null) {
1946 // happens when setting the $USER
1947 return false;
1948
1949 } else if (is_numeric($user)) {
1950 return ($CFG->siteguest == $user);
1951
1952 } else if (is_object($user)) {
1953 if (empty($user->id)) {
1954 return false; // not logged in means is not be guest
1955 } else {
1956 return ($CFG->siteguest == $user->id);
1957 }
1958
1959 } else {
1960 throw new coding_exception('Invalid user parameter supplied for isguestuser() function!');
1961 }
1962 }
1963
1964 /**
1965 * Does user have a (temporary or real) guest access to course?
1966 *
1967 * @category access
1968 *
1969 * @param context $context
1970 * @param stdClass|int $user
1971 * @return bool
1972 */
1973 function is_guest(context $context, $user = null) {
1974 global $USER;
1975
1976 // first find the course context
1977 $coursecontext = $context->get_course_context();
1978
1979 // make sure there is a real user specified
1980 if ($user === null) {
1981 $userid = isset($USER->id) ? $USER->id : 0;
1982 } else {
1983 $userid = is_object($user) ? $user->id : $user;
1984 }
1985
1986 if (isguestuser($userid)) {
1987 // can not inspect or be enrolled
1988 return true;
1989 }
1990
1991 if (has_capability('moodle/course:view', $coursecontext, $user)) {
1992 // viewing users appear out of nowhere, they are neither guests nor participants
1993 return false;
1994 }
1995
1996 // consider only real active enrolments here
1997 if (is_enrolled($coursecontext, $user, '', true)) {
1998 return false;
1999 }
2000
2001 return true;
2002 }
2003
2004 /**
2005 * Returns true if the user has moodle/course:view capability in the course,
2006 * this is intended for admins, managers (aka small admins), inspectors, etc.
2007 *
2008 * @category access
2009 *
2010 * @param context $context
2011 * @param int|stdClass $user if null $USER is used
2012 * @param string $withcapability extra capability name
2013 * @return bool
2014 */
2015 function is_viewing(context $context, $user = null, $withcapability = '') {
2016 // first find the course context
2017 $coursecontext = $context->get_course_context();
2018
2019 if (isguestuser($user)) {
2020 // can not inspect
2021 return false;
2022 }
2023
2024 if (!has_capability('moodle/course:view', $coursecontext, $user)) {
2025 // admins are allowed to inspect courses
2026 return false;
2027 }
2028
2029 if ($withcapability and !has_capability($withcapability, $context, $user)) {
2030 // site admins always have the capability, but the enrolment above blocks
2031 return false;
2032 }
2033
2034 return true;
2035 }
2036
2037 /**
2038 * Returns true if user is enrolled (is participating) in course
2039 * this is intended for students and teachers.
2040 *
2041 * Since 2.2 the result for active enrolments and current user are cached.
2042 *
2043 * @package core_enrol
2044 * @category access
2045 *
2046 * @param context $context
2047 * @param int|stdClass $user if null $USER is used, otherwise user object or id expected
2048 * @param string $withcapability extra capability name
2049 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2050 * @return bool
2051 */
2052 function is_enrolled(context $context, $user = null, $withcapability = '', $onlyactive = false) {
2053 global $USER, $DB;
2054
2055 // first find the course context
2056 $coursecontext = $context->get_course_context();
2057
2058 // make sure there is a real user specified
2059 if ($user === null) {
2060 $userid = isset($USER->id) ? $USER->id : 0;
2061 } else {
2062 $userid = is_object($user) ? $user->id : $user;
2063 }
2064
2065 if (empty($userid)) {
2066 // not-logged-in!
2067 return false;
2068 } else if (isguestuser($userid)) {
2069 // guest account can not be enrolled anywhere
2070 return false;
2071 }
2072
2073 if ($coursecontext->instanceid == SITEID) {
2074 // everybody participates on frontpage
2075 } else {
2076 // try cached info first - the enrolled flag is set only when active enrolment present
2077 if ($USER->id == $userid) {
2078 $coursecontext->reload_if_dirty();
2079 if (isset($USER->enrol['enrolled'][$coursecontext->instanceid])) {
2080 if ($USER->enrol['enrolled'][$coursecontext->instanceid] > time()) {
2081 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2082 return false;
2083 }
2084 return true;
2085 }
2086 }
2087 }
2088
2089 if ($onlyactive) {
2090 // look for active enrolments only
2091 $until = enrol_get_enrolment_end($coursecontext->instanceid, $userid);
2092
2093 if ($until === false) {
2094 return false;
2095 }
2096
2097 if ($USER->id == $userid) {
2098 if ($until == 0) {
2099 $until = ENROL_MAX_TIMESTAMP;
2100 }
2101 $USER->enrol['enrolled'][$coursecontext->instanceid] = $until;
2102 if (isset($USER->enrol['tempguest'][$coursecontext->instanceid])) {
2103 unset($USER->enrol['tempguest'][$coursecontext->instanceid]);
2104 remove_temp_course_roles($coursecontext);
2105 }
2106 }
2107
2108 } else {
2109 // any enrolment is good for us here, even outdated, disabled or inactive
2110 $sql = "SELECT 'x'
2111 FROM {user_enrolments} ue
2112 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :courseid)
2113 JOIN {user} u ON u.id = ue.userid
2114 WHERE ue.userid = :userid AND u.deleted = 0";
2115 $params = array('userid'=>$userid, 'courseid'=>$coursecontext->instanceid);
2116 if (!$DB->record_exists_sql($sql, $params)) {
2117 return false;
2118 }
2119 }
2120 }
2121
2122 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2123 return false;
2124 }
2125
2126 return true;
2127 }
2128
2129 /**
2130 * Returns true if the user is able to access the course.
2131 *
2132 * This function is in no way, shape, or form a substitute for require_login.
2133 * It should only be used in circumstances where it is not possible to call require_login
2134 * such as the navigation.
2135 *
2136 * This function checks many of the methods of access to a course such as the view
2137 * capability, enrollments, and guest access. It also makes use of the cache
2138 * generated by require_login for guest access.
2139 *
2140 * The flags within the $USER object that are used here should NEVER be used outside
2141 * of this function can_access_course and require_login. Doing so WILL break future
2142 * versions.
2143 *
2144 * @param stdClass $course record
2145 * @param stdClass|int|null $user user record or id, current user if null
2146 * @param string $withcapability Check for this capability as well.
2147 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2148 * @return boolean Returns true if the user is able to access the course
2149 */
2150 function can_access_course(stdClass $course, $user = null, $withcapability = '', $onlyactive = false) {
2151 global $DB, $USER;
2152
2153 // this function originally accepted $coursecontext parameter
2154 if ($course instanceof context) {
2155 if ($course instanceof context_course) {
2156 debugging('deprecated context parameter, please use $course record');
2157 $coursecontext = $course;
2158 $course = $DB->get_record('course', array('id'=>$coursecontext->instanceid));
2159 } else {
2160 debugging('Invalid context parameter, please use $course record');
2161 return false;
2162 }
2163 } else {
2164 $coursecontext = context_course::instance($course->id);
2165 }
2166
2167 if (!isset($USER->id)) {
2168 // should never happen
2169 $USER->id = 0;
2170 debugging('Course access check being performed on a user with no ID.', DEBUG_DEVELOPER);
2171 }
2172
2173 // make sure there is a user specified
2174 if ($user === null) {
2175 $userid = $USER->id;
2176 } else {
2177 $userid = is_object($user) ? $user->id : $user;
2178 }
2179 unset($user);
2180
2181 if ($withcapability and !has_capability($withcapability, $coursecontext, $userid)) {
2182 return false;
2183 }
2184
2185 if ($userid == $USER->id) {
2186 if (!empty($USER->access['rsw'][$coursecontext->path])) {
2187 // the fact that somebody switched role means they can access the course no matter to what role they switched
2188 return true;
2189 }
2190 }
2191
2192 if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext, $userid)) {
2193 return false;
2194 }
2195
2196 if (is_viewing($coursecontext, $userid)) {
2197 return true;
2198 }
2199
2200 if ($userid != $USER->id) {
2201 // for performance reasons we do not verify temporary guest access for other users, sorry...
2202 return is_enrolled($coursecontext, $userid, '', $onlyactive);
2203 }
2204
2205 // === from here we deal only with $USER ===
2206
2207 $coursecontext->reload_if_dirty();
2208
2209 if (isset($USER->enrol['enrolled'][$course->id])) {
2210 if ($USER->enrol['enrolled'][$course->id] > time()) {
2211 return true;
2212 }
2213 }
2214 if (isset($USER->enrol['tempguest'][$course->id])) {
2215 if ($USER->enrol['tempguest'][$course->id] > time()) {
2216 return true;
2217 }
2218 }
2219
2220 if (is_enrolled($coursecontext, $USER, '', $onlyactive)) {
2221 return true;
2222 }
2223
2224 // if not enrolled try to gain temporary guest access
2225 $instances = $DB->get_records('enrol', array('courseid'=>$course->id, 'status'=>ENROL_INSTANCE_ENABLED), 'sortorder, id ASC');
2226 $enrols = enrol_get_plugins(true);
2227 foreach($instances as $instance) {
2228 if (!isset($enrols[$instance->enrol])) {
2229 continue;
2230 }
2231 // Get a duration for the guest access, a timestamp in the future, 0 (always) or false.
2232 $until = $enrols[$instance->enrol]->try_guestaccess($instance);
2233 if ($until !== false and $until > time()) {
2234 $USER->enrol['tempguest'][$course->id] = $until;
2235 return true;
2236 }
2237 }
2238 if (isset($USER->enrol['tempguest'][$course->id])) {
2239 unset($USER->enrol['tempguest'][$course->id]);
2240 remove_temp_course_roles($coursecontext);
2241 }
2242
2243 return false;
2244 }
2245
2246 /**
2247 * Returns array with sql code and parameters returning all ids
2248 * of users enrolled into course.
2249 *
2250 * This function is using 'eu[0-9]+_' prefix for table names and parameters.
2251 *
2252 * @package core_enrol
2253 * @category access
2254 *
2255 * @param context $context
2256 * @param string $withcapability
2257 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2258 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2259 * @param bool $onlysuspended inverse of onlyactive, consider only suspended enrolments
2260 * @return array list($sql, $params)
2261 */
2262 function get_enrolled_sql(context $context, $withcapability = '', $groupid = 0, $onlyactive = false, $onlysuspended = false) {
2263 global $DB, $CFG;
2264
2265 // use unique prefix just in case somebody makes some SQL magic with the result
2266 static $i = 0;
2267 $i++;
2268 $prefix = 'eu'.$i.'_';
2269
2270 // first find the course context
2271 $coursecontext = $context->get_course_context();
2272
2273 $isfrontpage = ($coursecontext->instanceid == SITEID);
2274
2275 if ($onlyactive && $onlysuspended) {
2276 throw new coding_exception("Both onlyactive and onlysuspended are set, this is probably not what you want!");
2277 }
2278 if ($isfrontpage && $onlysuspended) {
2279 throw new coding_exception("onlysuspended is not supported on frontpage; please add your own early-exit!");
2280 }
2281
2282 $joins = array();
2283 $wheres = array();
2284 $params = array();
2285
2286 list($contextids, $contextpaths) = get_context_info_list($context);
2287
2288 // get all relevant capability info for all roles
2289 if ($withcapability) {
2290 list($incontexts, $cparams) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'ctx');
2291 $cparams['cap'] = $withcapability;
2292
2293 $defs = array();
2294 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.path
2295 FROM {role_capabilities} rc
2296 JOIN {context} ctx on rc.contextid = ctx.id
2297 WHERE rc.contextid $incontexts AND rc.capability = :cap";
2298 $rcs = $DB->get_records_sql($sql, $cparams);
2299 foreach ($rcs as $rc) {
2300 $defs[$rc->path][$rc->roleid] = $rc->permission;
2301 }
2302
2303 $access = array();
2304 if (!empty($defs)) {
2305 foreach ($contextpaths as $path) {
2306 if (empty($defs[$path])) {
2307 continue;
2308 }
2309 foreach($defs[$path] as $roleid => $perm) {
2310 if ($perm == CAP_PROHIBIT) {
2311 $access[$roleid] = CAP_PROHIBIT;
2312 continue;
2313 }
2314 if (!isset($access[$roleid])) {
2315 $access[$roleid] = (int)$perm;
2316 }
2317 }
2318 }
2319 }
2320
2321 unset($defs);
2322
2323 // make lists of roles that are needed and prohibited
2324 $needed = array(); // one of these is enough
2325 $prohibited = array(); // must not have any of these
2326 foreach ($access as $roleid => $perm) {
2327 if ($perm == CAP_PROHIBIT) {
2328 unset($needed[$roleid]);
2329 $prohibited[$roleid] = true;
2330 } else if ($perm == CAP_ALLOW and empty($prohibited[$roleid])) {
2331 $needed[$roleid] = true;
2332 }
2333 }
2334
2335 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
2336 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
2337
2338 $nobody = false;
2339
2340 if ($isfrontpage) {
2341 if (!empty($prohibited[$defaultuserroleid]) or !empty($prohibited[$defaultfrontpageroleid])) {
2342 $nobody = true;
2343 } else if (!empty($needed[$defaultuserroleid]) or !empty($needed[$defaultfrontpageroleid])) {
2344 // everybody not having prohibit has the capability
2345 $needed = array();
2346 } else if (empty($needed)) {
2347 $nobody = true;
2348 }
2349 } else {
2350 if (!empty($prohibited[$defaultuserroleid])) {
2351 $nobody = true;
2352 } else if (!empty($needed[$defaultuserroleid])) {
2353 // everybody not having prohibit has the capability
2354 $needed = array();
2355 } else if (empty($needed)) {
2356 $nobody = true;
2357 }
2358 }
2359
2360 if ($nobody) {
2361 // nobody can match so return some SQL that does not return any results
2362 $wheres[] = "1 = 2";
2363
2364 } else {
2365
2366 if ($needed) {
2367 $ctxids = implode(',', $contextids);
2368 $roleids = implode(',', array_keys($needed));
2369 $joins[] = "JOIN {role_assignments} {$prefix}ra3 ON ({$prefix}ra3.userid = {$prefix}u.id AND {$prefix}ra3.roleid IN ($roleids) AND {$prefix}ra3.contextid IN ($ctxids))";
2370 }
2371
2372 if ($prohibited) {
2373 $ctxids = implode(',', $contextids);
2374 $roleids = implode(',', array_keys($prohibited));
2375 $joins[] = "LEFT JOIN {role_assignments} {$prefix}ra4 ON ({$prefix}ra4.userid = {$prefix}u.id AND {$prefix}ra4.roleid IN ($roleids) AND {$prefix}ra4.contextid IN ($ctxids))";
2376 $wheres[] = "{$prefix}ra4.id IS NULL";
2377 }
2378
2379 if ($groupid) {
2380 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2381 $params["{$prefix}gmid"] = $groupid;
2382 }
2383 }
2384
2385 } else {
2386 if ($groupid) {
2387 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2388 $params["{$prefix}gmid"] = $groupid;
2389 }
2390 }
2391
2392 $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
2393 $params["{$prefix}guestid"] = $CFG->siteguest;
2394
2395 if ($isfrontpage) {
2396 // all users are "enrolled" on the frontpage
2397 } else {
2398 $where1 = "{$prefix}ue.status = :{$prefix}active AND {$prefix}e.status = :{$prefix}enabled";
2399 $where2 = "{$prefix}ue.timestart < :{$prefix}now1 AND ({$prefix}ue.timeend = 0 OR {$prefix}ue.timeend > :{$prefix}now2)";
2400 $ejoin = "JOIN {enrol} {$prefix}e ON ({$prefix}e.id = {$prefix}ue.enrolid AND {$prefix}e.courseid = :{$prefix}courseid)";
2401 $params[$prefix.'courseid'] = $coursecontext->instanceid;
2402
2403 if (!$onlysuspended) {
2404 $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$prefix}u.id";
2405 $joins[] = $ejoin;
2406 if ($onlyactive) {
2407 $wheres[] = "$where1 AND $where2";
2408 }
2409 } else {
2410 // Suspended only where there is enrolment but ALL are suspended.
2411 // Consider multiple enrols where one is not suspended or plain role_assign.
2412 $enrolselect = "SELECT DISTINCT {$prefix}ue.userid FROM {user_enrolments} {$prefix}ue $ejoin WHERE $where1 AND $where2";
2413 $joins[] = "JOIN {user_enrolments} {$prefix}ue1 ON {$prefix}ue1.userid = {$prefix}u.id";
2414 $joins[] = "JOIN {enrol} {$prefix}e1 ON ({$prefix}e1.id = {$prefix}ue1.enrolid AND {$prefix}e1.courseid = :{$prefix}_e1_courseid)";
2415 $params["{$prefix}_e1_courseid"] = $coursecontext->instanceid;
2416 $wheres[] = "{$prefix}u.id NOT IN ($enrolselect)";
2417 }
2418
2419 if ($onlyactive || $onlysuspended) {
2420 $now = round(time(), -2); // rounding helps caching in DB
2421 $params = array_merge($params, array($prefix.'enabled'=>ENROL_INSTANCE_ENABLED,
2422 $prefix.'active'=>ENROL_USER_ACTIVE,
2423 $prefix.'now1'=>$now, $prefix.'now2'=>$now));
2424 }
2425 }
2426
2427 $joins = implode("\n", $joins);
2428 $wheres = "WHERE ".implode(" AND ", $wheres);
2429
2430 $sql = "SELECT DISTINCT {$prefix}u.id
2431 FROM {user} {$prefix}u
2432 $joins
2433 $wheres";
2434
2435 return array($sql, $params);
2436 }
2437
2438 /**
2439 * Returns list of users enrolled into course.
2440 *
2441 * @package core_enrol
2442 * @category access
2443 *
2444 * @param context $context
2445 * @param string $withcapability
2446 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2447 * @param string $userfields requested user record fields
2448 * @param string $orderby
2449 * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
2450 * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
2451 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2452 * @return array of user records
2453 */
2454 function get_enrolled_users(context $context, $withcapability = '', $groupid = 0, $userfields = 'u.*', $orderby = null,
2455 $limitfrom = 0, $limitnum = 0, $onlyactive = false) {
2456 global $DB;
2457
2458 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid, $onlyactive);
2459 $sql = "SELECT $userfields
2460 FROM {user} u
2461 JOIN ($esql) je ON je.id = u.id
2462 WHERE u.deleted = 0";
2463
2464 if ($orderby) {
2465 $sql = "$sql ORDER BY $orderby";
2466 } else {
2467 list($sort, $sortparams) = users_order_by_sql('u');
2468 $sql = "$sql ORDER BY $sort";
2469 $params = array_merge($params, $sortparams);
2470 }
2471
2472 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
2473 }
2474
2475 /**
2476 * Counts list of users enrolled into course (as per above function)
2477 *
2478 * @package core_enrol
2479 * @category access
2480 *
2481 * @param context $context
2482 * @param string $withcapability
2483 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2484 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2485 * @return array of user records
2486 */
2487 function count_enrolled_users(context $context, $withcapability = '', $groupid = 0, $onlyactive = false) {
2488 global $DB;
2489
2490 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid, $onlyactive);
2491 $sql = "SELECT count(u.id)
2492 FROM {user} u
2493 JOIN ($esql) je ON je.id = u.id
2494 WHERE u.deleted = 0";
2495
2496 return $DB->count_records_sql($sql, $params);
2497 }
2498
2499 /**
2500 * Loads the capability definitions for the component (from file).
2501 *
2502 * Loads the capability definitions for the component (from file). If no
2503 * capabilities are defined for the component, we simply return an empty array.
2504 *
2505 * @access private
2506 * @param string $component full plugin name, examples: 'moodle', 'mod_forum'
2507 * @return array array of capabilities
2508 */
2509 function load_capability_def($component) {
2510 $defpath = core_component::get_component_directory($component).'/db/access.php';
2511
2512 $capabilities = array();
2513 if (file_exists($defpath)) {
2514 require($defpath);
2515 if (!empty(${$component.'_capabilities'})) {
2516 // BC capability array name
2517 // since 2.0 we prefer $capabilities instead - it is easier to use and matches db/* files
2518 debugging('componentname_capabilities array is deprecated, please use $capabilities array only in access.php files');
2519 $capabilities = ${$component.'_capabilities'};
2520 }
2521 }
2522
2523 return $capabilities;
2524 }
2525
2526 /**
2527 * Gets the capabilities that have been cached in the database for this component.
2528 *
2529 * @access private
2530 * @param string $component - examples: 'moodle', 'mod_forum'
2531 * @return array array of capabilities
2532 */
2533 function get_cached_capabilities($component = 'moodle') {
2534 global $DB;
2535 return $DB->get_records('capabilities', array('component'=>$component));
2536 }
2537
2538 /**
2539 * Returns default capabilities for given role archetype.
2540 *
2541 * @param string $archetype role archetype
2542 * @return array
2543 */
2544 function get_default_capabilities($archetype) {
2545 global $DB;
2546
2547 if (!$archetype) {
2548 return array();
2549 }
2550
2551 $alldefs = array();
2552 $defaults = array();
2553 $components = array();
2554 $allcaps = $DB->get_records('capabilities');
2555
2556 foreach ($allcaps as $cap) {
2557 if (!in_array($cap->component, $components)) {
2558 $components[] = $cap->component;
2559 $alldefs = array_merge($alldefs, load_capability_def($cap->component));
2560 }
2561 }
2562 foreach($alldefs as $name=>$def) {
2563 // Use array 'archetypes if available. Only if not specified, use 'legacy'.
2564 if (isset($def['archetypes'])) {
2565 if (isset($def['archetypes'][$archetype])) {
2566 $defaults[$name] = $def['archetypes'][$archetype];
2567 }
2568 // 'legacy' is for backward compatibility with 1.9 access.php
2569 } else {
2570 if (isset($def['legacy'][$archetype])) {
2571 $defaults[$name] = $def['legacy'][$archetype];
2572 }
2573 }
2574 }
2575
2576 return $defaults;
2577 }
2578
2579 /**
2580 * Return default roles that can be assigned, overridden or switched
2581 * by give role archetype.
2582 *
2583 * @param string $type assign|override|switch
2584 * @param string $archetype
2585 * @return array of role ids
2586 */
2587 function get_default_role_archetype_allows($type, $archetype) {
2588 global $DB;
2589
2590 if (empty($archetype)) {
2591 return array();
2592 }
2593
2594 $roles = $DB->get_records('role');
2595 $archetypemap = array();
2596 foreach ($roles as $role) {
2597 if ($role->archetype) {
2598 $archetypemap[$role->archetype][$role->id] = $role->id;
2599 }
2600 }
2601
2602 $defaults = array(
2603 'assign' => array(
2604 'manager' => array('manager', 'coursecreator', 'editingteacher', 'teacher', 'student'),
2605 'coursecreator' => array(),
2606 'editingteacher' => array('teacher', 'student'),
2607 'teacher' => array(),
2608 'student' => array(),
2609 'guest' => array(),
2610 'user' => array(),
2611 'frontpage' => array(),
2612 ),
2613 'override' => array(
2614 'manager' => array('manager', 'coursecreator', 'editingteacher', 'teacher', 'student', 'guest', 'user', 'frontpage'),
2615 'coursecreator' => array(),
2616 'editingteacher' => array('teacher', 'student', 'guest'),
2617 'teacher' => array(),
2618 'student' => array(),
2619 'guest' => array(),
2620 'user' => array(),
2621 'frontpage' => array(),
2622 ),
2623 'switch' => array(
2624 'manager' => array('editingteacher', 'teacher', 'student', 'guest'),
2625 'coursecreator' => array(),
2626 'editingteacher' => array('teacher', 'student', 'guest'),
2627 'teacher' => array('student', 'guest'),
2628 'student' => array(),
2629 'guest' => array(),
2630 'user' => array(),
2631 'frontpage' => array(),
2632 ),
2633 );
2634
2635 if (!isset($defaults[$type][$archetype])) {
2636 debugging("Unknown type '$type'' or archetype '$archetype''");
2637 return array();
2638 }
2639
2640 $return = array();
2641 foreach ($defaults[$type][$archetype] as $at) {
2642 if (isset($archetypemap[$at])) {
2643 foreach ($archetypemap[$at] as $roleid) {
2644 $return[$roleid] = $roleid;
2645 }
2646 }
2647 }
2648
2649 return $return;
2650 }
2651
2652 /**
2653 * Reset role capabilities to default according to selected role archetype.
2654 * If no archetype selected, removes all capabilities.
2655 *
2656 * This applies to capabilities that are assigned to the role (that you could
2657 * edit in the 'define roles' interface), and not to any capability overrides
2658 * in different locations.
2659 *
2660 * @param int $roleid ID of role to reset capabilities for
2661 */
2662 function reset_role_capabilities($roleid) {
2663 global $DB;
2664
2665 $role = $DB->get_record('role', array('id'=>$roleid), '*', MUST_EXIST);
2666 $defaultcaps = get_default_capabilities($role->archetype);
2667
2668 $systemcontext = context_system::instance();
2669
2670 $DB->delete_records('role_capabilities',
2671 array('roleid' => $roleid, 'contextid' => $systemcontext->id));
2672
2673 foreach($defaultcaps as $cap=>$permission) {
2674 assign_capability($cap, $permission, $roleid, $systemcontext->id);
2675 }
2676
2677 // Mark the system context dirty.
2678 context_system::instance()->mark_dirty();
2679 }
2680
2681 /**
2682 * Updates the capabilities table with the component capability definitions.
2683 * If no parameters are given, the function updates the core moodle
2684 * capabilities.
2685 *
2686 * Note that the absence of the db/access.php capabilities definition file
2687 * will cause any stored capabilities for the component to be removed from
2688 * the database.
2689 *
2690 * @access private
2691 * @param string $component examples: 'moodle', 'mod/forum', 'block/quiz_results'
2692 * @return boolean true if success, exception in case of any problems
2693 */
2694 function update_capabilities($component = 'moodle') {
2695 global $DB, $OUTPUT;
2696
2697 $storedcaps = array();
2698
2699 $filecaps = load_capability_def($component);
2700 foreach($filecaps as $capname=>$unused) {
2701 if (!preg_match('|^[a-z]+/[a-z_0-9]+:[a-z_0-9]+$|', $capname)) {
2702 debugging("Coding problem: Invalid capability name '$capname', use 'clonepermissionsfrom' field for migration.");
2703 }
2704 }
2705
2706 $cachedcaps = get_cached_capabilities($component);
2707 if ($cachedcaps) {
2708 foreach ($cachedcaps as $cachedcap) {
2709 array_push($storedcaps, $cachedcap->name);
2710 // update risk bitmasks and context levels in existing capabilities if needed
2711 if (array_key_exists($cachedcap->name, $filecaps)) {
2712 if (!array_key_exists('riskbitmask', $filecaps[$cachedcap->name])) {
2713 $filecaps[$cachedcap->name]['riskbitmask'] = 0; // no risk if not specified
2714 }
2715 if ($cachedcap->captype != $filecaps[$cachedcap->name]['captype']) {
2716 $updatecap = new stdClass();
2717 $updatecap->id = $cachedcap->id;
2718 $updatecap->captype = $filecaps[$cachedcap->name]['captype'];
2719 $DB->update_record('capabilities', $updatecap);
2720 }
2721 if ($cachedcap->riskbitmask != $filecaps[$cachedcap->name]['riskbitmask']) {
2722 $updatecap = new stdClass();
2723 $updatecap->id = $cachedcap->id;
2724 $updatecap->riskbitmask = $filecaps[$cachedcap->name]['riskbitmask'];
2725 $DB->update_record('capabilities', $updatecap);
2726 }
2727
2728 if (!array_key_exists('contextlevel', $filecaps[$cachedcap->name])) {
2729 $filecaps[$cachedcap->name]['contextlevel'] = 0; // no context level defined
2730 }
2731 if ($cachedcap->contextlevel != $filecaps[$cachedcap->name]['contextlevel']) {
2732 $updatecap = new stdClass();
2733 $updatecap->id = $cachedcap->id;
2734 $updatecap->contextlevel = $filecaps[$cachedcap->name]['contextlevel'];
2735 $DB->update_record('capabilities', $updatecap);
2736 }
2737 }
2738 }
2739 }
2740
2741 // Are there new capabilities in the file definition?
2742 $newcaps = array();
2743
2744 foreach ($filecaps as $filecap => $def) {
2745 if (!$storedcaps ||
2746 ($storedcaps && in_array($filecap, $storedcaps) === false)) {
2747 if (!array_key_exists('riskbitmask', $def)) {
2748 $def['riskbitmask'] = 0; // no risk if not specified
2749 }
2750 $newcaps[$filecap] = $def;
2751 }
2752 }
2753 // Add new capabilities to the stored definition.
2754 $existingcaps = $DB->get_records_menu('capabilities', array(), 'id', 'id, name');
2755 foreach ($newcaps as $capname => $capdef) {
2756 $capability = new stdClass();
2757 $capability->name = $capname;
2758 $capability->captype = $capdef['captype'];
2759 $capability->contextlevel = $capdef['contextlevel'];
2760 $capability->component = $component;
2761 $capability->riskbitmask = $capdef['riskbitmask'];
2762
2763 $DB->insert_record('capabilities', $capability, false);
2764
2765 if (isset($capdef['clonepermissionsfrom']) && in_array($capdef['clonepermissionsfrom'], $existingcaps)){
2766 if ($rolecapabilities = $DB->get_records('role_capabilities', array('capability'=>$capdef['clonepermissionsfrom']))){
2767 foreach ($rolecapabilities as $rolecapability){
2768 //assign_capability will update rather than insert if capability exists
2769 if (!assign_capability($capname, $rolecapability->permission,
2770 $rolecapability->roleid, $rolecapability->contextid, true)){
2771 echo $OUTPUT->notification('Could not clone capabilities for '.$capname);
2772 }
2773 }
2774 }
2775 // we ignore archetype key if we have cloned permissions
2776 } else if (isset($capdef['archetypes']) && is_array($capdef['archetypes'])) {
2777 assign_legacy_capabilities($capname, $capdef['archetypes']);
2778 // 'legacy' is for backward compatibility with 1.9 access.php
2779 } else if (isset($capdef['legacy']) && is_array($capdef['legacy'])) {
2780 assign_legacy_capabilities($capname, $capdef['legacy']);
2781 }
2782 }
2783 // Are there any capabilities that have been removed from the file
2784 // definition that we need to delete from the stored capabilities and
2785 // role assignments?
2786 capabilities_cleanup($component, $filecaps);
2787
2788 // reset static caches
2789 accesslib_clear_all_caches(false);
2790
2791 return true;
2792 }
2793
2794 /**
2795 * Deletes cached capabilities that are no longer needed by the component.
2796 * Also unassigns these capabilities from any roles that have them.
2797 * NOTE: this function is called from lib/db/upgrade.php
2798 *
2799 * @access private
2800 * @param string $component examples: 'moodle', 'mod_forum', 'block_quiz_results'
2801 * @param array $newcapdef array of the new capability definitions that will be
2802 * compared with the cached capabilities
2803 * @return int number of deprecated capabilities that have been removed
2804 */
2805 function capabilities_cleanup($component, $newcapdef = null) {
2806 global $DB;
2807
2808 $removedcount = 0;
2809
2810 if ($cachedcaps = get_cached_capabilities($component)) {
2811 foreach ($cachedcaps as $cachedcap) {
2812 if (empty($newcapdef) ||
2813 array_key_exists($cachedcap->name, $newcapdef) === false) {
2814
2815 // Remove from capabilities cache.
2816 $DB->delete_records('capabilities', array('name'=>$cachedcap->name));
2817 $removedcount++;
2818 // Delete from roles.
2819 if ($roles = get_roles_with_capability($cachedcap->name)) {
2820 foreach($roles as $role) {
2821 if (!unassign_capability($cachedcap->name, $role->id)) {
2822 print_error('cannotunassigncap', 'error', '', (object)array('cap'=>$cachedcap->name, 'role'=>$role->name));
2823 }
2824 }
2825 }
2826 } // End if.
2827 }
2828 }
2829 return $removedcount;
2830 }
2831
2832 /**
2833 * Returns an array of all the known types of risk
2834 * The array keys can be used, for example as CSS class names, or in calls to
2835 * print_risk_icon. The values are the corresponding RISK_ constants.
2836 *
2837 * @return array all the known types of risk.
2838 */
2839 function get_all_risks() {
2840 return array(
2841 'riskmanagetrust' => RISK_MANAGETRUST,
2842 'riskconfig' => RISK_CONFIG,
2843 'riskxss' => RISK_XSS,
2844 'riskpersonal' => RISK_PERSONAL,
2845 'riskspam' => RISK_SPAM,
2846 'riskdataloss' => RISK_DATALOSS,
2847 );
2848 }
2849
2850 /**
2851 * Return a link to moodle docs for a given capability name
2852 *
2853 * @param stdClass $capability a capability - a row from the mdl_capabilities table.
2854 * @return string the human-readable capability name as a link to Moodle Docs.
2855 */
2856 function get_capability_docs_link($capability) {
2857 $url = get_docs_url('Capabilities/' . $capability->name);
2858 return '<a onclick="this.target=\'docspopup\'" href="' . $url . '">' . get_capability_string($capability->name) . '</a>';
2859 }
2860
2861 /**
2862 * This function pulls out all the resolved capabilities (overrides and
2863 * defaults) of a role used in capability overrides in contexts at a given
2864 * context.
2865 *
2866 * @param int $roleid
2867 * @param context $context
2868 * @param string $cap capability, optional, defaults to ''
2869 * @return array Array of capabilities
2870 */
2871 function role_context_capabilities($roleid, context $context, $cap = '') {
2872 global $DB;
2873
2874 $contexts = $context->get_parent_context_ids(true);
2875 $contexts = '('.implode(',', $contexts).')';
2876
2877 $params = array($roleid);
2878
2879 if ($cap) {
2880 $search = " AND rc.capability = ? ";
2881 $params[] = $cap;
2882 } else {
2883 $search = '';
2884 }
2885
2886 $sql = "SELECT rc.*
2887 FROM {role_capabilities} rc, {context} c
2888 WHERE rc.contextid in $contexts
2889 AND rc.roleid = ?
2890 AND rc.contextid = c.id $search
2891 ORDER BY c.contextlevel DESC, rc.capability DESC";
2892
2893 $capabilities = array();
2894
2895 if ($records = $DB->get_records_sql($sql, $params)) {
2896 // We are traversing via reverse order.
2897 foreach ($records as $record) {
2898 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
2899 if (!isset($capabilities[$record->capability]) || $record->permission<-500) {
2900 $capabilities[$record->capability] = $record->permission;
2901 }
2902 }
2903 }
2904 return $capabilities;
2905 }
2906
2907 /**
2908 * Constructs array with contextids as first parameter and context paths,
2909 * in both cases bottom top including self.
2910 *
2911 * @access private
2912 * @param context $context
2913 * @return array
2914 */
2915 function get_context_info_list(context $context) {
2916 $contextids = explode('/', ltrim($context->path, '/'));
2917 $contextpaths = array();
2918 $contextids2 = $contextids;
2919 while ($contextids2) {
2920 $contextpaths[] = '/' . implode('/', $contextids2);
2921 array_pop($contextids2);
2922 }
2923 return array($contextids, $contextpaths);
2924 }
2925
2926 /**
2927 * Check if context is the front page context or a context inside it
2928 *
2929 * Returns true if this context is the front page context, or a context inside it,
2930 * otherwise false.
2931 *
2932 * @param context $context a context object.
2933 * @return bool
2934 */
2935 function is_inside_frontpage(context $context) {
2936 $frontpagecontext = context_course::instance(SITEID);
2937 return strpos($context->path . '/', $frontpagecontext->path . '/') === 0;
2938 }
2939
2940 /**
2941 * Returns capability information (cached)
2942 *
2943 * @param string $capabilityname
2944 * @return stdClass or null if capability not found
2945 */
2946 function get_capability_info($capabilityname) {
2947 global $ACCESSLIB_PRIVATE, $DB; // one request per page only
2948
2949 //TODO: MUC - this could be cached in shared memory, it would eliminate 1 query per page
2950
2951 if (empty($ACCESSLIB_PRIVATE->capabilities)) {
2952 $ACCESSLIB_PRIVATE->capabilities = array();
2953 $caps = $DB->get_records('capabilities', array(), '', 'id, name, captype, riskbitmask');
2954 foreach ($caps as $cap) {
2955 $capname = $cap->name;
2956 unset($cap->id);
2957 unset($cap->name);
2958 $cap->riskbitmask = (int)$cap->riskbitmask;
2959 $ACCESSLIB_PRIVATE->capabilities[$capname] = $cap;
2960 }
2961 }
2962
2963 return isset($ACCESSLIB_PRIVATE->capabilities[$capabilityname]) ? $ACCESSLIB_PRIVATE->capabilities[$capabilityname] : null;
2964 }
2965
2966 /**
2967 * Returns the human-readable, translated version of the capability.
2968 * Basically a big switch statement.
2969 *
2970 * @param string $capabilityname e.g. mod/choice:readresponses
2971 * @return string
2972 */
2973 function get_capability_string($capabilityname) {
2974
2975 // Typical capability name is 'plugintype/pluginname:capabilityname'
2976 list($type, $name, $capname) = preg_split('|[/:]|', $capabilityname);
2977
2978 if ($type === 'moodle') {
2979 $component = 'core_role';
2980 } else if ($type === 'quizreport') {
2981 //ugly hack!!
2982 $component = 'quiz_'.$name;
2983 } else {
2984 $component = $type.'_'.$name;
2985 }
2986
2987 $stringname = $name.':'.$capname;
2988
2989 if ($component === 'core_role' or get_string_manager()->string_exists($stringname, $component)) {
2990 return get_string($stringname, $component);
2991 }
2992
2993 $dir = core_component::get_component_directory($component);
2994 if (!file_exists($dir)) {
2995 // plugin broken or does not exist, do not bother with printing of debug message
2996 return $capabilityname.' ???';
2997 }
2998
2999 // something is wrong in plugin, better print debug
3000 return get_string($stringname, $component);
3001 }
3002
3003 /**
3004 * This gets the mod/block/course/core etc strings.
3005 *
3006 * @param string $component
3007 * @param int $contextlevel
3008 * @return string|bool String is success, false if failed
3009 */
3010 function get_component_string($component, $contextlevel) {
3011
3012 if ($component === 'moodle' or $component === 'core') {
3013 switch ($contextlevel) {
3014 // TODO MDL-46123: this should probably use context level names instead
3015 case CONTEXT_SYSTEM: return get_string('coresystem');
3016 case CONTEXT_USER: return get_string('users');
3017 case CONTEXT_COURSECAT: return get_string('categories');
3018 case CONTEXT_COURSE: return get_string('course');
3019 case CONTEXT_MODULE: return get_string('activities');
3020 case CONTEXT_BLOCK: return get_string('block');
3021 default: print_error('unknowncontext');
3022 }
3023 }
3024
3025 list($type, $name) = core_component::normalize_component($component);
3026 $dir = core_component::get_plugin_directory($type, $name);
3027 if (!file_exists($dir)) {
3028 // plugin not installed, bad luck, there is no way to find the name
3029 return $component.' ???';
3030 }
3031
3032 switch ($type) {
3033 // TODO MDL-46123: this is really hacky and should be improved.
3034 case 'quiz': return get_string($name.':componentname', $component);// insane hack!!!
3035 case 'repository': return get_string('repository', 'repository').': '.get_string('pluginname', $component);
3036 case 'gradeimport': return get_string('gradeimport', 'grades').': '.get_string('pluginname', $component);
3037 case 'gradeexport': return get_string('gradeexport', 'grades').': '.get_string('pluginname', $component);
3038 case 'gradereport': return get_string('gradereport', 'grades').': '.get_string('pluginname', $component);
3039 case 'webservice': return get_string('webservice', 'webservice').': '.get_string('pluginname', $component);
3040 case 'block': return get_string('block').': '.get_string('pluginname', basename($component));
3041 case 'mod':
3042 if (get_string_manager()->string_exists('pluginname', $component)) {
3043 return get_string('activity').': '.get_string('pluginname', $component);
3044 } else {
3045 return get_string('activity').': '.get_string('modulename', $component);
3046 }
3047 default: return get_string('pluginname', $component);
3048 }
3049 }
3050
3051 /**
3052 * Gets the list of roles assigned to this context and up (parents)
3053 * from the list of roles that are visible on user profile page
3054 * and participants page.
3055 *
3056 * @param context $context
3057 * @return array
3058 */
3059 function get_profile_roles(context $context) {
3060 global $CFG, $DB;
3061
3062 if (empty($CFG->profileroles)) {
3063 return array();
3064 }
3065
3066 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
3067 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
3068 $params = array_merge($params, $cparams);
3069
3070 if ($coursecontext = $context->get_course_context(false)) {
3071 $params['coursecontext'] = $coursecontext->id;
3072 } else {
3073 $params['coursecontext'] = 0;
3074 }
3075
3076 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3077 FROM {role_assignments} ra, {role} r
3078 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3079 WHERE r.id = ra.roleid
3080 AND ra.contextid $contextlist
3081 AND r.id $rallowed
3082 ORDER BY r.sortorder ASC";
3083
3084 return $DB->get_records_sql($sql, $params);
3085 }
3086
3087 /**
3088 * Gets the list of roles assigned to this context and up (parents)
3089 *
3090 * @param context $context
3091 * @return array
3092 */
3093 function get_roles_used_in_context(context $context) {
3094 global $DB;
3095
3096 list($contextlist, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'cl');
3097
3098 if ($coursecontext = $context->get_course_context(false)) {
3099 $params['coursecontext'] = $coursecontext->id;
3100 } else {
3101 $params['coursecontext'] = 0;
3102 }
3103
3104 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3105 FROM {role_assignments} ra, {role} r
3106 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3107 WHERE r.id = ra.roleid
3108 AND ra.contextid $contextlist
3109 ORDER BY r.sortorder ASC";
3110
3111 return $DB->get_records_sql($sql, $params);
3112 }
3113
3114 /**
3115 * This function is used to print roles column in user profile page.
3116 * It is using the CFG->profileroles to limit the list to only interesting roles.
3117 * (The permission tab has full details of user role assignments.)
3118 *
3119 * @param int $userid
3120 * @param int $courseid
3121 * @return string
3122 */
3123 function get_user_roles_in_course($userid, $courseid) {
3124 global $CFG, $DB;
3125
3126 if (empty($CFG->profileroles)) {
3127 return '';
3128 }
3129
3130 if ($courseid == SITEID) {
3131 $context = context_system::instance();
3132 } else {
3133 $context = context_course::instance($courseid);
3134 }
3135
3136 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
3137 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
3138 $params = array_merge($params, $cparams);
3139
3140 if ($coursecontext = $context->get_course_context(false)) {
3141 $params['coursecontext'] = $coursecontext->id;
3142 } else {
3143 $params['coursecontext'] = 0;
3144 }
3145
3146 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3147 FROM {role_assignments} ra, {role} r
3148 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3149 WHERE r.id = ra.roleid
3150 AND ra.contextid $contextlist
3151 AND r.id $rallowed
3152 AND ra.userid = :userid
3153 ORDER BY r.sortorder ASC";
3154 $params['userid'] = $userid;
3155
3156 $rolestring = '';
3157
3158 if ($roles = $DB->get_records_sql($sql, $params)) {
3159 $rolenames = role_fix_names($roles, $context, ROLENAME_ALIAS, true); // Substitute aliases
3160
3161 foreach ($rolenames as $roleid => $rolename) {
3162 $rolenames[$roleid] = '<a href="'.$CFG->wwwroot.'/user/index.php?contextid='.$context->id.'&amp;roleid='.$roleid.'">'.$rolename.'</a>';
3163 }
3164 $rolestring = implode(',', $rolenames);
3165 }
3166
3167 return $rolestring;
3168 }
3169
3170 /**
3171 * Checks if a user can assign users to a particular role in this context
3172 *
3173 * @param context $context
3174 * @param int $targetroleid - the id of the role you want to assign users to
3175 * @return boolean
3176 */
3177 function user_can_assign(context $context, $targetroleid) {
3178 global $DB;
3179
3180 // First check to see if the user is a site administrator.
3181 if (is_siteadmin()) {
3182 return true;
3183 }
3184
3185 // Check if user has override capability.
3186 // If not return false.
3187 if (!has_capability('moodle/role:assign', $context)) {
3188 return false;
3189 }
3190 // pull out all active roles of this user from this context(or above)
3191 if ($userroles = get_user_roles($context)) {
3192 foreach ($userroles as $userrole) {
3193 // if any in the role_allow_override table, then it's ok
3194 if ($DB->get_record('role_allow_assign', array('roleid'=>$userrole->roleid, 'allowassign'=>$targetroleid))) {
3195 return true;
3196 }
3197 }
3198 }
3199
3200 return false;
3201 }
3202
3203 /**
3204 * Returns all site roles in correct sort order.
3205 *
3206 * Note: this method does not localise role names or descriptions,
3207 * use role_get_names() if you need role names.
3208 *
3209 * @param context $context optional context for course role name aliases
3210 * @return array of role records with optional coursealias property
3211 */
3212 function get_all_roles(context $context = null) {
3213 global $DB;
3214
3215 if (!$context or !$coursecontext = $context->get_course_context(false)) {
3216 $coursecontext = null;
3217 }
3218
3219 if ($coursecontext) {
3220 $sql = "SELECT r.*, rn.name AS coursealias
3221 FROM {role} r
3222 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3223 ORDER BY r.sortorder ASC";
3224 return $DB->get_records_sql($sql, array('coursecontext'=>$coursecontext->id));
3225
3226 } else {
3227 return $DB->get_records('role', array(), 'sortorder ASC');
3228 }
3229 }
3230
3231 /**
3232 * Returns roles of a specified archetype
3233 *
3234 * @param string $archetype
3235 * @return array of full role records
3236 */
3237 function get_archetype_roles($archetype) {
3238 global $DB;
3239 return $DB->get_records('role', array('archetype'=>$archetype), 'sortorder ASC');
3240 }
3241
3242 /**
3243 * Gets all the user roles assigned in this context, or higher contexts
3244 * this is mainly used when checking if a user can assign a role, or overriding a role
3245 * i.e. we need to know what this user holds, in order to verify against allow_assign and
3246 * allow_override tables
3247 *
3248 * @param context $context
3249 * @param int $userid
3250 * @param bool $checkparentcontexts defaults to true
3251 * @param string $order defaults to 'c.contextlevel DESC, r.sortorder ASC'
3252 * @return array
3253 */
3254 function get_user_roles(context $context, $userid = 0, $checkparentcontexts = true, $order = 'c.contextlevel DESC, r.sortorder ASC') {
3255 global $USER, $DB;
3256
3257 if (empty($userid)) {
3258 if (empty($USER->id)) {
3259 return array();
3260 }
3261 $userid = $USER->id;
3262 }
3263
3264 if ($checkparentcontexts) {
3265 $contextids = $context->get_parent_context_ids();
3266 } else {
3267 $contextids = array();
3268 }
3269 $contextids[] = $context->id;
3270
3271 list($contextids, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_QM);
3272
3273 array_unshift($params, $userid);
3274
3275 $sql = "SELECT ra.*, r.name, r.shortname
3276 FROM {role_assignments} ra, {role} r, {context} c
3277 WHERE ra.userid = ?
3278 AND ra.roleid = r.id
3279 AND ra.contextid = c.id
3280 AND ra.contextid $contextids
3281 ORDER BY $order";
3282
3283 return $DB->get_records_sql($sql ,$params);
3284 }
3285
3286 /**
3287 * Like get_user_roles, but adds in the authenticated user role, and the front
3288 * page roles, if applicable.
3289 *
3290 * @param context $context the context.
3291 * @param int $userid optional. Defaults to $USER->id
3292 * @return array of objects with fields ->userid, ->contextid and ->roleid.
3293 */
3294 function get_user_roles_with_special(context $context, $userid = 0) {
3295 global $CFG, $USER;
3296
3297 if (empty($userid)) {
3298 if (empty($USER->id)) {
3299 return array();
3300 }
3301 $userid = $USER->id;
3302 }
3303
3304 $ras = get_user_roles($context, $userid);
3305
3306 // Add front-page role if relevant.
3307 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3308 $isfrontpage = ($context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID) ||
3309 is_inside_frontpage($context);
3310 if ($defaultfrontpageroleid && $isfrontpage) {
3311 $frontpagecontext = context_course::instance(SITEID);
3312 $ra = new stdClass();
3313 $ra->userid = $userid;
3314 $ra->contextid = $frontpagecontext->id;
3315 $ra->roleid = $defaultfrontpageroleid;
3316 $ras[] = $ra;
3317 }
3318
3319 // Add authenticated user role if relevant.
3320 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3321 if ($defaultuserroleid && !isguestuser($userid)) {
3322 $systemcontext = context_system::instance();
3323 $ra = new stdClass();
3324 $ra->userid = $userid;
3325 $ra->contextid = $systemcontext->id;
3326 $ra->roleid = $defaultuserroleid;
3327 $ras[] = $ra;
3328 }
3329
3330 return $ras;
3331 }
3332
3333 /**
3334 * Creates a record in the role_allow_override table
3335 *
3336 * @param int $sroleid source roleid
3337 * @param int $troleid target roleid
3338 * @return void
3339 */
3340 function allow_override($sroleid, $troleid) {
3341 global $DB;
3342
3343 $record = new stdClass();
3344 $record->roleid = $sroleid;
3345 $record->allowoverride = $troleid;
3346 $DB->insert_record('role_allow_override', $record);
3347 }
3348
3349 /**
3350 * Creates a record in the role_allow_assign table
3351 *
3352 * @param int $fromroleid source roleid
3353 * @param int $targetroleid target roleid
3354 * @return void
3355 */
3356 function allow_assign($fromroleid, $targetroleid) {
3357 global $DB;
3358
3359 $record = new stdClass();
3360 $record->roleid = $fromroleid;
3361 $record->allowassign = $targetroleid;
3362 $DB->insert_record('role_allow_assign', $record);
3363 }
3364
3365 /**
3366 * Creates a record in the role_allow_switch table
3367 *
3368 * @param int $fromroleid source roleid
3369 * @param int $targetroleid target roleid
3370 * @return void
3371 */
3372 function allow_switch($fromroleid, $targetroleid) {
3373 global $DB;
3374
3375 $record = new stdClass();
3376 $record->roleid = $fromroleid;
3377 $record->allowswitch = $targetroleid;
3378 $DB->insert_record('role_allow_switch', $record);
3379 }
3380
3381 /**
3382 * Gets a list of roles that this user can assign in this context
3383 *
3384 * @param context $context the context.
3385 * @param int $rolenamedisplay the type of role name to display. One of the
3386 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3387 * @param bool $withusercounts if true, count the number of users with each role.
3388 * @param integer|object $user A user id or object. By default (null) checks the permissions of the current user.
3389 * @return array if $withusercounts is false, then an array $roleid => $rolename.
3390 * if $withusercounts is true, returns a list of three arrays,
3391 * $rolenames, $rolecounts, and $nameswithcounts.
3392 */
3393 function get_assignable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withusercounts = false, $user = null) {
3394 global $USER, $DB;
3395
3396 // make sure there is a real user specified
3397 if ($user === null) {
3398 $userid = isset($USER->id) ? $USER->id : 0;
3399 } else {
3400 $userid = is_object($user) ? $user->id : $user;
3401 }
3402
3403 if (!has_capability('moodle/role:assign', $context, $userid)) {
3404 if ($withusercounts) {
3405 return array(array(), array(), array());
3406 } else {
3407 return array();
3408 }
3409 }
3410
3411 $params = array();
3412 $extrafields = '';
3413
3414 if ($withusercounts) {
3415 $extrafields = ', (SELECT count(u.id)
3416 FROM {role_assignments} cra JOIN {user} u ON cra.userid = u.id
3417 WHERE cra.roleid = r.id AND cra.contextid = :conid AND u.deleted = 0
3418 ) AS usercount';
3419 $params['conid'] = $context->id;
3420 }
3421
3422 if (is_siteadmin($userid)) {
3423 // show all roles allowed in this context to admins
3424 $assignrestriction = "";
3425 } else {
3426 $parents = $context->get_parent_context_ids(true);
3427 $contexts = implode(',' , $parents);
3428 $assignrestriction = "JOIN (SELECT DISTINCT raa.allowassign AS id
3429 FROM {role_allow_assign} raa
3430 JOIN {role_assignments} ra ON ra.roleid = raa.roleid
3431 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3432 ) ar ON ar.id = r.id";
3433 $params['userid'] = $userid;
3434 }
3435 $params['contextlevel'] = $context->contextlevel;
3436
3437 if ($coursecontext = $context->get_course_context(false)) {
3438 $params['coursecontext'] = $coursecontext->id;
3439 } else {
3440 $params['coursecontext'] = 0; // no course aliases
3441 $coursecontext = null;
3442 }
3443 $sql = "SELECT r.id, r.name, r.shortname, rn.name AS coursealias $extrafields
3444 FROM {role} r
3445 $assignrestriction
3446 JOIN {role_context_levels} rcl ON (rcl.contextlevel = :contextlevel AND r.id = rcl.roleid)
3447 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3448 ORDER BY r.sortorder ASC";
3449 $roles = $DB->get_records_sql($sql, $params);
3450
3451 $rolenames = role_fix_names($roles, $coursecontext, $rolenamedisplay, true);
3452
3453 if (!$withusercounts) {
3454 return $rolenames;
3455 }
3456
3457 $rolecounts = array();
3458 $nameswithcounts = array();
3459 foreach ($roles as $role) {
3460 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->usercount . ')';
3461 $rolecounts[$role->id] = $roles[$role->id]->usercount;
3462 }
3463 return array($rolenames, $rolecounts, $nameswithcounts);
3464 }
3465
3466 /**
3467 * Gets a list of roles that this user can switch to in a context
3468 *
3469 * Gets a list of roles that this user can switch to in a context, for the switchrole menu.
3470 * This function just process the contents of the role_allow_switch table. You also need to
3471 * test the moodle/role:switchroles to see if the user is allowed to switch in the first place.
3472 *
3473 * @param context $context a context.
3474 * @return array an array $roleid => $rolename.
3475 */
3476 function get_switchable_roles(context $context) {
3477 global $USER, $DB;
3478
3479 $params = array();
3480 $extrajoins = '';
3481 $extrawhere = '';
3482 if (!is_siteadmin()) {
3483 // Admins are allowed to switch to any role with.
3484 // Others are subject to the additional constraint that the switch-to role must be allowed by
3485 // 'role_allow_switch' for some role they have assigned in this context or any parent.
3486 $parents = $context->get_parent_context_ids(true);
3487 $contexts = implode(',' , $parents);
3488
3489 $extrajoins = "JOIN {role_allow_switch} ras ON ras.allowswitch = rc.roleid
3490 JOIN {role_assignments} ra ON ra.roleid = ras.roleid";
3491 $extrawhere = "WHERE ra.userid = :userid AND ra.contextid IN ($contexts)";
3492 $params['userid'] = $USER->id;
3493 }
3494
3495 if ($coursecontext = $context->get_course_context(false)) {
3496 $params['coursecontext'] = $coursecontext->id;
3497 } else {
3498 $params['coursecontext'] = 0; // no course aliases
3499 $coursecontext = null;
3500 }
3501
3502 $query = "
3503 SELECT r.id, r.name, r.shortname, rn.name AS coursealias
3504 FROM (SELECT DISTINCT rc.roleid
3505 FROM {role_capabilities} rc
3506 $extrajoins
3507 $extrawhere) idlist
3508 JOIN {role} r ON r.id = idlist.roleid
3509 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3510 ORDER BY r.sortorder";
3511 $roles = $DB->get_records_sql($query, $params);
3512
3513 return role_fix_names($roles, $context, ROLENAME_ALIAS, true);
3514 }
3515
3516 /**
3517 * Gets a list of roles that this user can override in this context.
3518 *
3519 * @param context $context the context.
3520 * @param int $rolenamedisplay the type of role name to display. One of the
3521 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3522 * @param bool $withcounts if true, count the number of overrides that are set for each role.
3523 * @return array if $withcounts is false, then an array $roleid => $rolename.
3524 * if $withusercounts is true, returns a list of three arrays,
3525 * $rolenames, $rolecounts, and $nameswithcounts.
3526 */
3527 function get_overridable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withcounts = false) {
3528 global $USER, $DB;
3529
3530 if (!has_any_capability(array('moodle/role:safeoverride', 'moodle/role:override'), $context)) {
3531 if ($withcounts) {
3532 return array(array(), array(), array());
3533 } else {
3534 return array();
3535 }
3536 }
3537
3538 $parents = $context->get_parent_context_ids(true);
3539 $contexts = implode(',' , $parents);
3540
3541 $params = array();
3542 $extrafields = '';
3543
3544 $params['userid'] = $USER->id;
3545 if ($withcounts) {
3546 $extrafields = ', (SELECT COUNT(rc.id) FROM {role_capabilities} rc
3547 WHERE rc.roleid = ro.id AND rc.contextid = :conid) AS overridecount';
3548 $params['conid'] = $context->id;
3549 }
3550
3551 if ($coursecontext = $context->get_course_context(false)) {
3552 $params['coursecontext'] = $coursecontext->id;
3553 } else {
3554 $params['coursecontext'] = 0; // no course aliases
3555 $coursecontext = null;
3556 }
3557
3558 if (is_siteadmin()) {
3559 // show all roles to admins
3560 $roles = $DB->get_records_sql("
3561 SELECT ro.id, ro.name, ro.shortname, rn.name AS coursealias $extrafields
3562 FROM {role} ro
3563 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = ro.id)
3564 ORDER BY ro.sortorder ASC", $params);
3565
3566 } else {
3567 $roles = $DB->get_records_sql("
3568 SELECT ro.id, ro.name, ro.shortname, rn.name AS coursealias $extrafields
3569 FROM {role} ro
3570 JOIN (SELECT DISTINCT r.id
3571 FROM {role} r
3572 JOIN {role_allow_override} rao ON r.id = rao.allowoverride
3573 JOIN {role_assignments} ra ON rao.roleid = ra.roleid
3574 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3575 ) inline_view ON ro.id = inline_view.id
3576 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = ro.id)
3577 ORDER BY ro.sortorder ASC", $params);
3578 }
3579
3580 $rolenames = role_fix_names($roles, $context, $rolenamedisplay, true);
3581
3582 if (!$withcounts) {
3583 return $rolenames;
3584 }
3585
3586 $rolecounts = array();
3587 $nameswithcounts = array();
3588 foreach ($roles as $role) {
3589 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->overridecount . ')';
3590 $rolecounts[$role->id] = $roles[$role->id]->overridecount;
3591 }
3592 return array($rolenames, $rolecounts, $nameswithcounts);
3593 }
3594
3595 /**
3596 * Create a role menu suitable for default role selection in enrol plugins.
3597 *
3598 * @package core_enrol
3599 *
3600 * @param context $context
3601 * @param int $addroleid current or default role - always added to list
3602 * @return array roleid=>localised role name
3603 */
3604 function get_default_enrol_roles(context $context, $addroleid = null) {
3605 global $DB;
3606
3607 $params = array('contextlevel'=>CONTEXT_COURSE);
3608
3609 if ($coursecontext = $context->get_course_context(false)) {
3610 $params['coursecontext'] = $coursecontext->id;
3611 } else {
3612 $params['coursecontext'] = 0; // no course names
3613 $coursecontext = null;
3614 }
3615
3616 if ($addroleid) {
3617 $addrole = "OR r.id = :addroleid";
3618 $params['addroleid'] = $addroleid;
3619 } else {
3620 $addrole = "";
3621 }
3622
3623 $sql = "SELECT r.id, r.name, r.shortname, rn.name AS coursealias
3624 FROM {role} r
3625 LEFT JOIN {role_context_levels} rcl ON (rcl.roleid = r.id AND rcl.contextlevel = :contextlevel)
3626 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3627 WHERE rcl.id IS NOT NULL $addrole
3628 ORDER BY sortorder DESC";
3629
3630 $roles = $DB->get_records_sql($sql, $params);
3631
3632 return role_fix_names($roles, $context, ROLENAME_BOTH, true);
3633 }
3634
3635 /**
3636 * Return context levels where this role is assignable.
3637 *
3638 * @param integer $roleid the id of a role.
3639 * @return array list of the context levels at which this role may be assigned.
3640 */
3641 function get_role_contextlevels($roleid) {
3642 global $DB;
3643 return $DB->get_records_menu('role_context_levels', array('roleid' => $roleid),
3644 'contextlevel', 'id,contextlevel');
3645 }
3646
3647 /**
3648 * Return roles suitable for assignment at the specified context level.
3649 *
3650 * NOTE: this function name looks like a typo, should be probably get_roles_for_contextlevel()
3651 *
3652 * @param integer $contextlevel a contextlevel.
3653 * @return array list of role ids that are assignable at this context level.
3654 */
3655 function get_roles_for_contextlevels($contextlevel) {
3656 global $DB;
3657 return $DB->get_records_menu('role_context_levels', array('contextlevel' => $contextlevel),
3658 '', 'id,roleid');
3659 }
3660
3661 /**
3662 * Returns default context levels where roles can be assigned.
3663 *
3664 * @param string $rolearchetype one of the role archetypes - that is, one of the keys
3665 * from the array returned by get_role_archetypes();
3666 * @return array list of the context levels at which this type of role may be assigned by default.
3667 */
3668 function get_default_contextlevels($rolearchetype) {
3669 static $defaults = array(
3670 'manager' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE),
3671 'coursecreator' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT),
3672 'editingteacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3673 'teacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3674 'student' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3675 'guest' => array(),
3676 'user' => array(),
3677 'frontpage' => array());
3678
3679 if (isset($defaults[$rolearchetype])) {
3680 return $defaults[$rolearchetype];
3681 } else {
3682 return array();
3683 }
3684 }
3685
3686 /**
3687 * Set the context levels at which a particular role can be assigned.
3688 * Throws exceptions in case of error.
3689 *
3690 * @param integer $roleid the id of a role.
3691 * @param array $contextlevels the context levels at which this role should be assignable,
3692 * duplicate levels are removed.
3693 * @return void
3694 */
3695 function set_role_contextlevels($roleid, array $contextlevels) {
3696 global $DB;
3697 $DB->delete_records('role_context_levels', array('roleid' => $roleid));
3698 $rcl = new stdClass();
3699 $rcl->roleid = $roleid;
3700 $contextlevels = array_unique($contextlevels);
3701 foreach ($contextlevels as $level) {
3702 $rcl->contextlevel = $level;
3703 $DB->insert_record('role_context_levels', $rcl, false, true);
3704 }
3705 }
3706
3707 /**
3708 * Who has this capability in this context?
3709 *
3710 * This can be a very expensive call - use sparingly and keep
3711 * the results if you are going to need them again soon.
3712 *
3713 * Note if $fields is empty this function attempts to get u.*
3714 * which can get rather large - and has a serious perf impact
3715 * on some DBs.
3716 *
3717 * @param context $context
3718 * @param string|array $capability - capability name(s)
3719 * @param string $fields - fields to be pulled. The user table is aliased to 'u'. u.id MUST be included.
3720 * @param string $sort - the sort order. Default is lastaccess time.
3721 * @param mixed $limitfrom - number of records to skip (offset)
3722 * @param mixed $limitnum - number of records to fetch
3723 * @param string|array $groups - single group or array of groups - only return
3724 * users who are in one of these group(s).
3725 * @param string|array $exceptions - list of users to exclude, comma separated or array
3726 * @param bool $doanything_ignored not used any more, admin accounts are never returned
3727 * @param bool $view_ignored - use get_enrolled_sql() instead
3728 * @param bool $useviewallgroups if $groups is set the return users who
3729 * have capability both $capability and moodle/site:accessallgroups
3730 * in this context, as well as users who have $capability and who are
3731 * in $groups.
3732 * @return array of user records
3733 */
3734 function get_users_by_capability(context $context, $capability, $fields = '', $sort = '', $limitfrom = '', $limitnum = '',
3735 $groups = '', $exceptions = '', $doanything_ignored = null, $view_ignored = null, $useviewallgroups = false) {
3736 global $CFG, $DB;
3737
3738 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3739 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3740
3741 $ctxids = trim($context->path, '/');
3742 $ctxids = str_replace('/', ',', $ctxids);
3743
3744 // Context is the frontpage
3745 $iscoursepage = false; // coursepage other than fp
3746 $isfrontpage = false;
3747 if ($context->contextlevel == CONTEXT_COURSE) {
3748 if ($context->instanceid == SITEID) {
3749 $isfrontpage = true;
3750 } else {
3751 $iscoursepage = true;
3752 }
3753 }
3754 $isfrontpage = ($isfrontpage || is_inside_frontpage($context));
3755
3756 $caps = (array)$capability;
3757
3758 // construct list of context paths bottom-->top
3759 list($contextids, $paths) = get_context_info_list($context);
3760
3761 // we need to find out all roles that have these capabilities either in definition or in overrides
3762 $defs = array();
3763 list($incontexts, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'con');
3764 list($incaps, $params2) = $DB->get_in_or_equal($caps, SQL_PARAMS_NAMED, 'cap');
3765 $params = array_merge($params, $params2);
3766 $sql = "SELECT rc.id, rc.roleid, rc.permission, rc.capability, ctx.path
3767 FROM {role_capabilities} rc
3768 JOIN {context} ctx on rc.contextid = ctx.id
3769 WHERE rc.contextid $incontexts AND rc.capability $incaps";
3770
3771 $rcs = $DB->get_records_sql($sql, $params);
3772 foreach ($rcs as $rc) {
3773 $defs[$rc->capability][$rc->path][$rc->roleid] = $rc->permission;
3774 }
3775
3776 // go through the permissions bottom-->top direction to evaluate the current permission,
3777 // first one wins (prohibit is an exception that always wins)
3778 $access = array();
3779 foreach ($caps as $cap) {
3780 foreach ($paths as $path) {
3781 if (empty($defs[$cap][$path])) {
3782 continue;
3783 }
3784 foreach($defs[$cap][$path] as $roleid => $perm) {
3785 if ($perm == CAP_PROHIBIT) {
3786 $access[$cap][$roleid] = CAP_PROHIBIT;
3787 continue;
3788 }
3789 if (!isset($access[$cap][$roleid])) {
3790 $access[$cap][$roleid] = (int)$perm;
3791 }
3792 }
3793 }
3794 }
3795
3796 // make lists of roles that are needed and prohibited in this context
3797 $needed = array(); // one of these is enough
3798 $prohibited = array(); // must not have any of these
3799 foreach ($caps as $cap) {
3800 if (empty($access[$cap])) {
3801 continue;
3802 }
3803 foreach ($access[$cap] as $roleid => $perm) {
3804 if ($perm == CAP_PROHIBIT) {
3805 unset($needed[$cap][$roleid]);
3806 $prohibited[$cap][$roleid] = true;
3807 } else if ($perm == CAP_ALLOW and empty($prohibited[$cap][$roleid])) {
3808 $needed[$cap][$roleid] = true;
3809 }
3810 }
3811 if (empty($needed[$cap]) or !empty($prohibited[$cap][$defaultuserroleid])) {
3812 // easy, nobody has the permission
3813 unset($needed[$cap]);
3814 unset($prohibited[$cap]);
3815 } else if ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid])) {
3816 // everybody is disqualified on the frontpage
3817 unset($needed[$cap]);
3818 unset($prohibited[$cap]);
3819 }
3820 if (empty($prohibited[$cap])) {
3821 unset($prohibited[$cap]);
3822 }
3823 }
3824
3825 if (empty($needed)) {
3826 // there can not be anybody if no roles match this request
3827 return array();
3828 }
3829
3830 if (empty($prohibited)) {
3831 // we can compact the needed roles
3832 $n = array();
3833 foreach ($needed as $cap) {
3834 foreach ($cap as $roleid=>$unused) {
3835 $n[$roleid] = true;
3836 }
3837 }
3838 $needed = array('any'=>$n);
3839 unset($n);
3840 }
3841
3842 // ***** Set up default fields ******
3843 if (empty($fields)) {
3844 if ($iscoursepage) {
3845 $fields = 'u.*, ul.timeaccess AS lastaccess';
3846 } else {
3847 $fields = 'u.*';
3848 }
3849 } else {
3850 if ($CFG->debugdeveloper && strpos($fields, 'u.*') === false && strpos($fields, 'u.id') === false) {
3851 debugging('u.id must be included in the list of fields passed to get_users_by_capability().', DEBUG_DEVELOPER);
3852 }
3853 }
3854
3855 // Set up default sort
3856 if (empty($sort)) { // default to course lastaccess or just lastaccess
3857 if ($iscoursepage) {
3858 $sort = 'ul.timeaccess';
3859 } else {
3860 $sort = 'u.lastaccess';
3861 }
3862 }
3863
3864 // Prepare query clauses
3865 $wherecond = array();
3866 $params = array();
3867 $joins = array();
3868
3869 // User lastaccess JOIN
3870 if ((strpos($sort, 'ul.timeaccess') === false) and (strpos($fields, 'ul.timeaccess') === false)) {
3871 // user_lastaccess is not required MDL-13810
3872 } else {
3873 if ($iscoursepage) {
3874 $joins[] = "LEFT OUTER JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = {$context->instanceid})";
3875 } else {
3876 throw new coding_exception('Invalid sort in get_users_by_capability(), ul.timeaccess allowed only for course contexts.');
3877 }
3878 }
3879
3880 // We never return deleted users or guest account.
3881 $wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
3882 $params['guestid'] = $CFG->siteguest;
3883
3884 // Groups
3885 if ($groups) {
3886 $groups = (array)$groups;
3887 list($grouptest, $grpparams) = $DB->get_in_or_equal($groups, SQL_PARAMS_NAMED, 'grp');
3888 $grouptest = "u.id IN (SELECT userid FROM {groups_members} gm WHERE gm.groupid $grouptest)";
3889 $params = array_merge($params, $grpparams);
3890
3891 if ($useviewallgroups) {
3892 $viewallgroupsusers = get_users_by_capability($context, 'moodle/site:accessallgroups', 'u.id, u.id', '', '', '', '', $exceptions);
3893 if (!empty($viewallgroupsusers)) {
3894 $wherecond[] = "($grouptest OR u.id IN (" . implode(',', array_keys($viewallgroupsusers)) . '))';
3895 } else {
3896 $wherecond[] = "($grouptest)";
3897 }
3898 } else {
3899 $wherecond[] = "($grouptest)";
3900 }
3901 }
3902
3903 // User exceptions
3904 if (!empty($exceptions)) {
3905 $exceptions = (array)$exceptions;
3906 list($exsql, $exparams) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'exc', false);
3907 $params = array_merge($params, $exparams);
3908 $wherecond[] = "u.id $exsql";
3909 }
3910
3911 // now add the needed and prohibited roles conditions as joins
3912 if (!empty($needed['any'])) {
3913 // simple case - there are no prohibits involved
3914 if (!empty($needed['any'][$defaultuserroleid]) or ($isfrontpage and !empty($needed['any'][$defaultfrontpageroleid]))) {
3915 // everybody
3916 } else {
3917 $joins[] = "JOIN (SELECT DISTINCT userid
3918 FROM {role_assignments}
3919 WHERE contextid IN ($ctxids)
3920 AND roleid IN (".implode(',', array_keys($needed['any'])) .")
3921 ) ra ON ra.userid = u.id";
3922 }
3923 } else {
3924 $unions = array();
3925 $everybody = false;
3926 foreach ($needed as $cap=>$unused) {
3927 if (empty($prohibited[$cap])) {
3928 if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3929 $everybody = true;
3930 break;
3931 } else {
3932 $unions[] = "SELECT userid
3933 FROM {role_assignments}
3934 WHERE contextid IN ($ctxids)
3935 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")";
3936 }
3937 } else {
3938 if (!empty($prohibited[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid]))) {
3939 // nobody can have this cap because it is prevented in default roles
3940 continue;
3941
3942 } else if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3943 // everybody except the prohibitted - hiding does not matter
3944 $unions[] = "SELECT id AS userid
3945 FROM {user}
3946 WHERE id NOT IN (SELECT userid
3947 FROM {role_assignments}
3948 WHERE contextid IN ($ctxids)
3949 AND roleid IN (".implode(',', array_keys($prohibited[$cap])) ."))";
3950
3951 } else {
3952 $unions[] = "SELECT userid
3953 FROM {role_assignments}
3954 WHERE contextid IN ($ctxids)
3955 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")
3956 AND roleid NOT IN (".implode(',', array_keys($prohibited[$cap])) .")";
3957 }
3958 }
3959 }
3960 if (!$everybody) {
3961 if ($unions) {
3962 $joins[] = "JOIN (SELECT DISTINCT userid FROM ( ".implode(' UNION ', $unions)." ) us) ra ON ra.userid = u.id";
3963 } else {
3964 // only prohibits found - nobody can be matched
3965 $wherecond[] = "1 = 2";
3966 }
3967 }
3968 }
3969
3970 // Collect WHERE conditions and needed joins
3971 $where = implode(' AND ', $wherecond);
3972 if ($where !== '') {
3973 $where = 'WHERE ' . $where;
3974 }
3975 $joins = implode("\n", $joins);
3976
3977 // Ok, let's get the users!
3978 $sql = "SELECT $fields
3979 FROM {user} u
3980 $joins
3981 $where
3982 ORDER BY $sort";
3983
3984 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
3985 }
3986
3987 /**
3988 * Re-sort a users array based on a sorting policy
3989 *
3990 * Will re-sort a $users results array (from get_users_by_capability(), usually)
3991 * based on a sorting policy. This is to support the odd practice of
3992 * sorting teachers by 'authority', where authority was "lowest id of the role
3993 * assignment".
3994 *
3995 * Will execute 1 database query. Only suitable for small numbers of users, as it
3996 * uses an u.id IN() clause.
3997 *
3998 * Notes about the sorting criteria.
3999 *
4000 * As a default, we cannot rely on role.sortorder because then
4001 * admins/coursecreators will always win. That is why the sane
4002 * rule "is locality matters most", with sortorder as 2nd
4003 * consideration.
4004 *
4005 * If you want role.sortorder, use the 'sortorder' policy, and
4006 * name explicitly what roles you want to cover. It's probably
4007 * a good idea to see what roles have the capabilities you want
4008 * (array_diff() them against roiles that have 'can-do-anything'
4009 * to weed out admin-ish roles. Or fetch a list of roles from
4010 * variables like $CFG->coursecontact .
4011 *
4012 * @param array $users Users array, keyed on userid
4013 * @param context $context
4014 * @param array $roles ids of the roles to include, optional
4015 * @param string $sortpolicy defaults to locality, more about
4016 * @return array sorted copy of the array
4017 */
4018 function sort_by_roleassignment_authority($users, context $context, $roles = array(), $sortpolicy = 'locality') {
4019 global $DB;
4020
4021 $userswhere = ' ra.userid IN (' . implode(',',array_keys($users)) . ')';
4022 $contextwhere = 'AND ra.contextid IN ('.str_replace('/', ',',substr($context->path, 1)).')';
4023 if (empty($roles)) {
4024 $roleswhere = '';
4025 } else {
4026 $roleswhere = ' AND ra.roleid IN ('.implode(',',$roles).')';
4027 }
4028
4029 $sql = "SELECT ra.userid
4030 FROM {role_assignments} ra
4031 JOIN {role} r
4032 ON ra.roleid=r.id
4033 JOIN {context} ctx
4034 ON ra.contextid=ctx.id
4035 WHERE $userswhere
4036 $contextwhere
4037 $roleswhere";
4038
4039 // Default 'locality' policy -- read PHPDoc notes
4040 // about sort policies...
4041 $orderby = 'ORDER BY '
4042 .'ctx.depth DESC, ' /* locality wins */
4043 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
4044 .'ra.id'; /* role assignment order tie-breaker */
4045 if ($sortpolicy === 'sortorder') {
4046 $orderby = 'ORDER BY '
4047 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
4048 .'ra.id'; /* role assignment order tie-breaker */
4049 }
4050
4051 $sortedids = $DB->get_fieldset_sql($sql . $orderby);
4052 $sortedusers = array();
4053 $seen = array();
4054
4055 foreach ($sortedids as $id) {
4056 // Avoid duplicates
4057 if (isset($seen[$id])) {
4058 continue;
4059 }
4060 $seen[$id] = true;
4061
4062 // assign
4063 $sortedusers[$id] = $users[$id];
4064 }
4065 return $sortedusers;
4066 }
4067
4068 /**
4069 * Gets all the users assigned this role in this context or higher
4070 *
4071 * Note that moodle is based on capabilities and it is usually better
4072 * to check permissions than to check role ids as the capabilities
4073 * system is more flexible. If you really need, you can to use this
4074 * function but consider has_capability() as a possible substitute.
4075 *
4076 * The caller function is responsible for including all the
4077 * $sort fields in $fields param.
4078 *
4079 * If $roleid is an array or is empty (all roles) you need to set $fields
4080 * (and $sort by extension) params according to it, as the first field
4081 * returned by the database should be unique (ra.id is the best candidate).
4082 *
4083 * @param int $roleid (can also be an array of ints!)
4084 * @param context $context
4085 * @param bool $parent if true, get list of users assigned in higher context too
4086 * @param string $fields fields from user (u.) , role assignment (ra) or role (r.)
4087 * @param string $sort sort from user (u.) , role assignment (ra.) or role (r.).
4088 * null => use default sort from users_order_by_sql.
4089 * @param bool $all true means all, false means limit to enrolled users
4090 * @param string $group defaults to ''
4091 * @param mixed $limitfrom defaults to ''
4092 * @param mixed $limitnum defaults to ''
4093 * @param string $extrawheretest defaults to ''
4094 * @param array $whereorsortparams any paramter values used by $sort or $extrawheretest.
4095 * @return array
4096 */
4097 function get_role_users($roleid, context $context, $parent = false, $fields = '',
4098 $sort = null, $all = true, $group = '',
4099 $limitfrom = '', $limitnum = '', $extrawheretest = '', $whereorsortparams = array()) {
4100 global $DB;
4101
4102 if (empty($fields)) {
4103 $allnames = get_all_user_name_fields(true, 'u');
4104 $fields = 'u.id, u.confirmed, u.username, '. $allnames . ', ' .
4105 'u.maildisplay, u.mailformat, u.maildigest, u.email, u.emailstop, u.city, '.
4106 'u.country, u.picture, u.idnumber, u.department, u.institution, '.
4107 'u.lang, u.timezone, u.lastaccess, u.mnethostid, r.name AS rolename, r.sortorder, '.
4108 'r.shortname AS roleshortname, rn.name AS rolecoursealias';
4109 }
4110
4111 // Prevent wrong function uses.
4112 if ((empty($roleid) || is_array($roleid)) && strpos($fields, 'ra.id') !== 0) {
4113 debugging('get_role_users() without specifying one single roleid needs to be called prefixing ' .
4114 'role assignments id (ra.id) as unique field, you can use $fields param for it.');
4115
4116 if (!empty($roleid)) {
4117 // Solving partially the issue when specifying multiple roles.
4118 $users = array();
4119 foreach ($roleid as $id) {
4120 // Ignoring duplicated keys keeping the first user appearance.
4121 $users = $users + get_role_users($id, $context, $parent, $fields, $sort, $all, $group,
4122 $limitfrom, $limitnum, $extrawheretest, $whereorsortparams);
4123 }
4124 return $users;
4125 }
4126 }
4127
4128 $parentcontexts = '';
4129 if ($parent) {
4130 $parentcontexts = substr($context->path, 1); // kill leading slash
4131 $parentcontexts = str_replace('/', ',', $parentcontexts);
4132 if ($parentcontexts !== '') {
4133 $parentcontexts = ' OR ra.contextid IN ('.$parentcontexts.' )';
4134 }
4135 }
4136
4137 if ($roleid) {
4138 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_NAMED, 'r');
4139 $roleselect = "AND ra.roleid $rids";
4140 } else {
4141 $params = array();
4142 $roleselect = '';
4143 }
4144
4145 if ($coursecontext = $context->get_course_context(false)) {
4146 $params['coursecontext'] = $coursecontext->id;
4147 } else {
4148 $params['coursecontext'] = 0;
4149 }
4150
4151 if ($group) {
4152 $groupjoin = "JOIN {groups_members} gm ON gm.userid = u.id";
4153 $groupselect = " AND gm.groupid = :groupid ";
4154 $params['groupid'] = $group;
4155 } else {
4156 $groupjoin = '';
4157 $groupselect = '';
4158 }
4159
4160 $params['contextid'] = $context->id;
4161
4162 if ($extrawheretest) {
4163 $extrawheretest = ' AND ' . $extrawheretest;
4164 }
4165
4166 if ($whereorsortparams) {
4167 $params = array_merge($params, $whereorsortparams);
4168 }
4169
4170 if (!$sort) {
4171 list($sort, $sortparams) = users_order_by_sql('u');
4172 $params = array_merge($params, $sortparams);
4173 }
4174
4175 if ($all === null) {
4176 // Previously null was used to indicate that parameter was not used.
4177 $all = true;
4178 }
4179 if (!$all and $coursecontext) {
4180 // Do not use get_enrolled_sql() here for performance reasons.
4181 $ejoin = "JOIN {user_enrolments} ue ON ue.userid = u.id
4182 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :ecourseid)";
4183 $params['ecourseid'] = $coursecontext->instanceid;
4184 } else {
4185 $ejoin = "";
4186 }
4187
4188 $sql = "SELECT DISTINCT $fields, ra.roleid
4189 FROM {role_assignments} ra
4190 JOIN {user} u ON u.id = ra.userid
4191 JOIN {role} r ON ra.roleid = r.id
4192 $ejoin
4193 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
4194 $groupjoin
4195 WHERE (ra.contextid = :contextid $parentcontexts)
4196 $roleselect
4197 $groupselect
4198 $extrawheretest
4199 ORDER BY $sort"; // join now so that we can just use fullname() later
4200
4201 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
4202 }
4203
4204 /**
4205 * Counts all the users assigned this role in this context or higher
4206 *
4207 * @param int|array $roleid either int or an array of ints
4208 * @param context $context
4209 * @param bool $parent if true, get list of users assigned in higher context too
4210 * @return int Returns the result count
4211 */
4212 function count_role_users($roleid, context $context, $parent = false) {
4213 global $DB;
4214
4215 if ($parent) {
4216 if ($contexts = $context->get_parent_context_ids()) {
4217 $parentcontexts = ' OR r.contextid IN ('.implode(',', $contexts).')';
4218 } else {
4219 $parentcontexts = '';
4220 }
4221 } else {
4222 $parentcontexts = '';
4223 }
4224
4225 if ($roleid) {
4226 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_QM);
4227 $roleselect = "AND r.roleid $rids";
4228 } else {
4229 $params = array();
4230 $roleselect = '';
4231 }
4232
4233 array_unshift($params, $context->id);
4234
4235 $sql = "SELECT COUNT(DISTINCT u.id)
4236 FROM {role_assignments} r
4237 JOIN {user} u ON u.id = r.userid
4238 WHERE (r.contextid = ? $parentcontexts)
4239 $roleselect
4240 AND u.deleted = 0";
4241
4242 return $DB->count_records_sql($sql, $params);
4243 }
4244
4245 /**
4246 * This function gets the list of courses that this user has a particular capability in.
4247 * It is still not very efficient.
4248 *
4249 * @param string $capability Capability in question
4250 * @param int $userid User ID or null for current user
4251 * @param bool $doanything True if 'doanything' is permitted (default)
4252 * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records;
4253 * otherwise use a comma-separated list of the fields you require, not including id
4254 * @param string $orderby If set, use a comma-separated list of fields from course
4255 * table with sql modifiers (DESC) if needed
4256 * @return array|bool Array of courses, if none found false is returned.
4257 */
4258 function get_user_capability_course($capability, $userid = null, $doanything = true, $fieldsexceptid = '', $orderby = '') {
4259 global $DB;
4260
4261 // Convert fields list and ordering
4262 $fieldlist = '';
4263 if ($fieldsexceptid) {
4264 $fields = explode(',', $fieldsexceptid);
4265 foreach($fields as $field) {
4266 $fieldlist .= ',c.'.$field;
4267 }
4268 }
4269 if ($orderby) {
4270 $fields = explode(',', $orderby);
4271 $orderby = '';
4272 foreach($fields as $field) {
4273 if ($orderby) {
4274 $orderby .= ',';
4275 }
4276 $orderby .= 'c.'.$field;
4277 }
4278 $orderby = 'ORDER BY '.$orderby;
4279 }
4280
4281 // Obtain a list of everything relevant about all courses including context.
4282 // Note the result can be used directly as a context (we are going to), the course
4283 // fields are just appended.
4284
4285 $contextpreload = context_helper::get_preload_record_columns_sql('x');
4286
4287 $courses = array();
4288 $rs = $DB->get_recordset_sql("SELECT c.id $fieldlist, $contextpreload
4289 FROM {course} c
4290 JOIN {context} x ON (c.id=x.instanceid AND x.contextlevel=".CONTEXT_COURSE.")
4291 $orderby");
4292 // Check capability for each course in turn
4293 foreach ($rs as $course) {
4294 context_helper::preload_from_record($course);
4295 $context = context_course::instance($course->id);
4296 if (has_capability($capability, $context, $userid, $doanything)) {
4297 // We've got the capability. Make the record look like a course record
4298 // and store it
4299 $courses[] = $course;
4300 }
4301 }
4302 $rs->close();
4303 return empty($courses) ? false : $courses;
4304 }
4305
4306 /**
4307 * This function finds the roles assigned directly to this context only
4308 * i.e. no roles in parent contexts
4309 *
4310 * @param context $context
4311 * @return array
4312 */
4313 function get_roles_on_exact_context(context $context) {
4314 global $DB;
4315
4316 return $DB->get_records_sql("SELECT r.*
4317 FROM {role_assignments} ra, {role} r
4318 WHERE ra.roleid = r.id AND ra.contextid = ?",
4319 array($context->id));
4320 }
4321
4322 /**
4323 * Switches the current user to another role for the current session and only
4324 * in the given context.
4325 *
4326 * The caller *must* check
4327 * - that this op is allowed
4328 * - that the requested role can be switched to in this context (use get_switchable_roles)
4329 * - that the requested role is NOT $CFG->defaultuserroleid
4330 *
4331 * To "unswitch" pass 0 as the roleid.
4332 *
4333 * This function *will* modify $USER->access - beware
4334 *
4335 * @param integer $roleid the role to switch to.
4336 * @param context $context the context in which to perform the switch.
4337 * @return bool success or failure.
4338 */
4339 function role_switch($roleid, context $context) {
4340 global $USER;
4341
4342 //
4343 // Plan of action
4344 //
4345 // - Add the ghost RA to $USER->access
4346 // as $USER->access['rsw'][$path] = $roleid
4347 //
4348 // - Make sure $USER->access['rdef'] has the roledefs
4349 // it needs to honour the switcherole
4350 //
4351 // Roledefs will get loaded "deep" here - down to the last child
4352 // context. Note that
4353 //
4354 // - When visiting subcontexts, our selective accessdata loading
4355 // will still work fine - though those ra/rdefs will be ignored
4356 // appropriately while the switch is in place
4357 //
4358 // - If a switcherole happens at a category with tons of courses
4359 // (that have many overrides for switched-to role), the session
4360 // will get... quite large. Sometimes you just can't win.
4361 //
4362 // To un-switch just unset($USER->access['rsw'][$path])
4363 //
4364 // Note: it is not possible to switch to roles that do not have course:view
4365
4366 if (!isset($USER->access)) {
4367 load_all_capabilities();
4368 }
4369
4370
4371 // Add the switch RA
4372 if ($roleid == 0) {
4373 unset($USER->access['rsw'][$context->path]);
4374 return true;
4375 }
4376
4377 $USER->access['rsw'][$context->path] = $roleid;
4378
4379 // Load roledefs
4380 load_role_access_by_context($roleid, $context, $USER->access);
4381
4382 return true;
4383 }
4384
4385 /**
4386 * Checks if the user has switched roles within the given course.
4387 *
4388 * Note: You can only switch roles within the course, hence it takes a course id
4389 * rather than a context. On that note Petr volunteered to implement this across
4390 * all other contexts, all requests for this should be forwarded to him ;)
4391 *
4392 * @param int $courseid The id of the course to check
4393 * @return bool True if the user has switched roles within the course.
4394 */
4395 function is_role_switched($courseid) {
4396 global $USER;
4397 $context = context_course::instance($courseid, MUST_EXIST);
4398 return (!empty($USER->access['rsw'][$context->path]));
4399 }
4400
4401 /**
4402 * Get any role that has an override on exact context
4403 *
4404 * @param context $context The context to check
4405 * @return array An array of roles
4406 */
4407 function get_roles_with_override_on_context(context $context) {
4408 global $DB;
4409
4410 return $DB->get_records_sql("SELECT r.*
4411 FROM {role_capabilities} rc, {role} r
4412 WHERE rc.roleid = r.id AND rc.contextid = ?",
4413 array($context->id));
4414 }
4415
4416 /**
4417 * Get all capabilities for this role on this context (overrides)
4418 *
4419 * @param stdClass $role
4420 * @param context $context
4421 * @return array
4422 */
4423 function get_capabilities_from_role_on_context($role, context $context) {
4424 global $DB;
4425
4426 return $DB->get_records_sql("SELECT *
4427 FROM {role_capabilities}
4428 WHERE contextid = ? AND roleid = ?",
4429 array($context->id, $role->id));
4430 }
4431
4432 /**
4433 * Find out which roles has assignment on this context
4434 *
4435 * @param context $context
4436 * @return array
4437 *
4438 */
4439 function get_roles_with_assignment_on_context(context $context) {
4440 global $DB;
4441
4442 return $DB->get_records_sql("SELECT r.*
4443 FROM {role_assignments} ra, {role} r
4444 WHERE ra.roleid = r.id AND ra.contextid = ?",
4445 array($context->id));
4446 }
4447
4448 /**
4449 * Find all user assignment of users for this role, on this context
4450 *
4451 * @param stdClass $role
4452 * @param context $context
4453 * @return array
4454 */
4455 function get_users_from_role_on_context($role, context $context) {
4456 global $DB;
4457
4458 return $DB->get_records_sql("SELECT *
4459 FROM {role_assignments}
4460 WHERE contextid = ? AND roleid = ?",
4461 array($context->id, $role->id));
4462 }
4463
4464 /**
4465 * Simple function returning a boolean true if user has roles
4466 * in context or parent contexts, otherwise false.
4467 *
4468 * @param int $userid
4469 * @param int $roleid
4470 * @param int $contextid empty means any context
4471 * @return bool
4472 */
4473 function user_has_role_assignment($userid, $roleid, $contextid = 0) {
4474 global $DB;
4475
4476 if ($contextid) {
4477 if (!$context = context::instance_by_id($contextid, IGNORE_MISSING)) {
4478 return false;
4479 }
4480 $parents = $context->get_parent_context_ids(true);
4481 list($contexts, $params) = $DB->get_in_or_equal($parents, SQL_PARAMS_NAMED, 'r');
4482 $params['userid'] = $userid;
4483 $params['roleid'] = $roleid;
4484
4485 $sql = "SELECT COUNT(ra.id)
4486 FROM {role_assignments} ra
4487 WHERE ra.userid = :userid AND ra.roleid = :roleid AND ra.contextid $contexts";
4488
4489 $count = $DB->get_field_sql($sql, $params);
4490 return ($count > 0);
4491
4492 } else {
4493 return $DB->record_exists('role_assignments', array('userid'=>$userid, 'roleid'=>$roleid));
4494 }
4495 }
4496
4497 /**
4498 * Get localised role name or alias if exists and format the text.
4499 *
4500 * @param stdClass $role role object
4501 * - optional 'coursealias' property should be included for performance reasons if course context used
4502 * - description property is not required here
4503 * @param context|bool $context empty means system context
4504 * @param int $rolenamedisplay type of role name
4505 * @return string localised role name or course role name alias
4506 */
4507 function role_get_name(stdClass $role, $context = null, $rolenamedisplay = ROLENAME_ALIAS) {
4508 global $DB;
4509
4510 if ($rolenamedisplay == ROLENAME_SHORT) {
4511 return $role->shortname;
4512 }
4513
4514 if (!$context or !$coursecontext = $context->get_course_context(false)) {
4515 $coursecontext = null;
4516 }
4517
4518 if ($coursecontext and !property_exists($role, 'coursealias') and ($rolenamedisplay == ROLENAME_ALIAS or $rolenamedisplay == ROLENAME_BOTH or $rolenamedisplay == ROLENAME_ALIAS_RAW)) {
4519 $role = clone($role); // Do not modify parameters.
4520 if ($r = $DB->get_record('role_names', array('roleid'=>$role->id, 'contextid'=>$coursecontext->id))) {
4521 $role->coursealias = $r->name;
4522 } else {
4523 $role->coursealias = null;
4524 }
4525 }
4526
4527 if ($rolenamedisplay == ROLENAME_ALIAS_RAW) {
4528 if ($coursecontext) {
4529 return $role->coursealias;
4530 } else {
4531 return null;
4532 }
4533 }
4534
4535 if (trim($role->name) !== '') {
4536 // For filtering always use context where was the thing defined - system for roles here.
4537 $original = format_string($role->name, true, array('context'=>context_system::instance()));
4538
4539 } else {
4540 // Empty role->name means we want to see localised role name based on shortname,
4541 // only default roles are supposed to be localised.
4542 switch ($role->shortname) {
4543 case 'manager': $original = get_string('manager', 'role'); break;
4544 case 'coursecreator': $original = get_string('coursecreators'); break;
4545 case 'editingteacher': $original = get_string('defaultcourseteacher'); break;
4546 case 'teacher': $original = get_string('noneditingteacher'); break;
4547 case 'student': $original = get_string('defaultcoursestudent'); break;
4548 case 'guest': $original = get_string('guest'); break;
4549 case 'user': $original = get_string('authenticateduser'); break;
4550 case 'frontpage': $original = get_string('frontpageuser', 'role'); break;
4551 // We should not get here, the role UI should require the name for custom roles!
4552 default: $original = $role->shortname; break;
4553 }
4554 }
4555
4556 if ($rolenamedisplay == ROLENAME_ORIGINAL) {
4557 return $original;
4558 }
4559
4560 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) {
4561 return "$original ($role->shortname)";
4562 }
4563
4564 if ($rolenamedisplay == ROLENAME_ALIAS) {
4565 if ($coursecontext and trim($role->coursealias) !== '') {
4566 return format_string($role->coursealias, true, array('context'=>$coursecontext));
4567 } else {
4568 return $original;
4569 }
4570 }
4571
4572 if ($rolenamedisplay == ROLENAME_BOTH) {
4573 if ($coursecontext and trim($role->coursealias) !== '') {
4574 return format_string($role->coursealias, true, array('context'=>$coursecontext)) . " ($original)";
4575 } else {
4576 return $original;
4577 }
4578 }
4579
4580 throw new coding_exception('Invalid $rolenamedisplay parameter specified in role_get_name()');
4581 }
4582
4583 /**
4584 * Returns localised role description if available.
4585 * If the name is empty it tries to find the default role name using
4586 * hardcoded list of default role names or other methods in the future.
4587 *
4588 * @param stdClass $role
4589 * @return string localised role name
4590 */
4591 function role_get_description(stdClass $role) {
4592 if (!html_is_blank($role->description)) {
4593 return format_text($role->description, FORMAT_HTML, array('context'=>context_system::instance()));
4594 }
4595
4596 switch ($role->shortname) {
4597 case 'manager': return get_string('managerdescription', 'role');
4598 case 'coursecreator': return get_string('coursecreatorsdescription');
4599 case 'editingteacher': return get_string('defaultcourseteacherdescription');
4600 case 'teacher': return get_string('noneditingteacherdescription');
4601 case 'student': return get_string('defaultcoursestudentdescription');
4602 case 'guest': return get_string('guestdescription');
4603 case 'user': return get_string('authenticateduserdescription');
4604 case 'frontpage': return get_string('frontpageuserdescription', 'role');
4605 default: return '';
4606 }
4607 }
4608
4609 /**
4610 * Get all the localised role names for a context.
4611 *
4612 * In new installs default roles have empty names, this function
4613 * add localised role names using current language pack.
4614 *
4615 * @param context $context the context, null means system context
4616 * @param array of role objects with a ->localname field containing the context-specific role name.
4617 * @param int $rolenamedisplay
4618 * @param bool $returnmenu true means id=>localname, false means id=>rolerecord
4619 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4620 */
4621 function role_get_names(context $context = null, $rolenamedisplay = ROLENAME_ALIAS, $returnmenu = null) {
4622 return role_fix_names(get_all_roles($context), $context, $rolenamedisplay, $returnmenu);
4623 }
4624
4625 /**
4626 * Prepare list of roles for display, apply aliases and localise default role names.
4627 *
4628 * @param array $roleoptions array roleid => roleobject (with optional coursealias), strings are accepted for backwards compatibility only
4629 * @param context $context the context, null means system context
4630 * @param int $rolenamedisplay
4631 * @param bool $returnmenu null means keep the same format as $roleoptions, true means id=>localname, false means id=>rolerecord
4632 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4633 */
4634 function role_fix_names($roleoptions, context $context = null, $rolenamedisplay = ROLENAME_ALIAS, $returnmenu = null) {
4635 global $DB;
4636
4637 if (empty($roleoptions)) {
4638 return array();
4639 }
4640
4641 if (!$context or !$coursecontext = $context->get_course_context(false)) {
4642 $coursecontext = null;
4643 }
4644
4645 // We usually need all role columns...
4646 $first = reset($roleoptions);
4647 if ($returnmenu === null) {
4648 $returnmenu = !is_object($first);
4649 }
4650
4651 if (!is_object($first) or !property_exists($first, 'shortname')) {
4652 $allroles = get_all_roles($context);
4653 foreach ($roleoptions as $rid => $unused) {
4654 $roleoptions[$rid] = $allroles[$rid];
4655 }
4656 }
4657
4658 // Inject coursealias if necessary.
4659 if ($coursecontext and ($rolenamedisplay == ROLENAME_ALIAS_RAW or $rolenamedisplay == ROLENAME_ALIAS or $rolenamedisplay == ROLENAME_BOTH)) {
4660 $first = reset($roleoptions);
4661 if (!property_exists($first, 'coursealias')) {
4662 $aliasnames = $DB->get_records('role_names', array('contextid'=>$coursecontext->id));
4663 foreach ($aliasnames as $alias) {
4664 if (isset($roleoptions[$alias->roleid])) {
4665 $roleoptions[$alias->roleid]->coursealias = $alias->name;
4666 }
4667 }
4668 }
4669 }
4670
4671 // Add localname property.
4672 foreach ($roleoptions as $rid => $role) {
4673 $roleoptions[$rid]->localname = role_get_name($role, $coursecontext, $rolenamedisplay);
4674 }
4675
4676 if (!$returnmenu) {
4677 return $roleoptions;
4678 }
4679
4680 $menu = array();
4681 foreach ($roleoptions as $rid => $role) {
4682 $menu[$rid] = $role->localname;
4683 }
4684
4685 return $menu;
4686 }
4687
4688 /**
4689 * Aids in detecting if a new line is required when reading a new capability
4690 *
4691 * This function helps admin/roles/manage.php etc to detect if a new line should be printed
4692 * when we read in a new capability.
4693 * Most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client)
4694 * but when we are in grade, all reports/import/export capabilities should be together
4695 *
4696 * @param string $cap component string a
4697 * @param string $comp component string b
4698 * @param int $contextlevel
4699 * @return bool whether 2 component are in different "sections"
4700 */
4701 function component_level_changed($cap, $comp, $contextlevel) {
4702
4703 if (strstr($cap->component, '/') && strstr($comp, '/')) {
4704 $compsa = explode('/', $cap->component);
4705 $compsb = explode('/', $comp);
4706
4707 // list of system reports
4708 if (($compsa[0] == 'report') && ($compsb[0] == 'report')) {
4709 return false;
4710 }
4711
4712 // we are in gradebook, still
4713 if (($compsa[0] == 'gradeexport' || $compsa[0] == 'gradeimport' || $compsa[0] == 'gradereport') &&
4714 ($compsb[0] == 'gradeexport' || $compsb[0] == 'gradeimport' || $compsb[0] == 'gradereport')) {
4715 return false;
4716 }
4717
4718 if (($compsa[0] == 'coursereport') && ($compsb[0] == 'coursereport')) {
4719 return false;
4720 }
4721 }
4722
4723 return ($cap->component != $comp || $cap->contextlevel != $contextlevel);
4724 }
4725
4726 /**
4727 * Fix the roles.sortorder field in the database, so it contains sequential integers,
4728 * and return an array of roleids in order.
4729 *
4730 * @param array $allroles array of roles, as returned by get_all_roles();
4731 * @return array $role->sortorder =-> $role->id with the keys in ascending order.
4732 */
4733 function fix_role_sortorder($allroles) {
4734 global $DB;
4735
4736 $rolesort = array();
4737 $i = 0;
4738 foreach ($allroles as $role) {
4739 $rolesort[$i] = $role->id;
4740 if ($role->sortorder != $i) {
4741 $r = new stdClass();
4742 $r->id = $role->id;
4743 $r->sortorder = $i;
4744 $DB->update_record('role', $r);
4745 $allroles[$role->id]->sortorder = $i;
4746 }
4747 $i++;
4748 }
4749 return $rolesort;
4750 }
4751
4752 /**
4753 * Switch the sort order of two roles (used in admin/roles/manage.php).
4754 *
4755 * @param stdClass $first The first role. Actually, only ->sortorder is used.
4756 * @param stdClass $second The second role. Actually, only ->sortorder is used.
4757 * @return boolean success or failure
4758 */
4759 function switch_roles($first, $second) {
4760 global $DB;
4761 $temp = $DB->get_field('role', 'MAX(sortorder) + 1', array());
4762 $result = $DB->set_field('role', 'sortorder', $temp, array('sortorder' => $first->sortorder));
4763 $result = $result && $DB->set_field('role', 'sortorder', $first->sortorder, array('sortorder' => $second->sortorder));
4764 $result = $result && $DB->set_field('role', 'sortorder', $second->sortorder, array('sortorder' => $temp));
4765 return $result;
4766 }
4767
4768 /**
4769 * Duplicates all the base definitions of a role
4770 *
4771 * @param stdClass $sourcerole role to copy from
4772 * @param int $targetrole id of role to copy to
4773 */
4774 function role_cap_duplicate($sourcerole, $targetrole) {
4775 global $DB;
4776
4777 $systemcontext = context_system::instance();
4778 $caps = $DB->get_records_sql("SELECT *
4779 FROM {role_capabilities}
4780 WHERE roleid = ? AND contextid = ?",
4781 array($sourcerole->id, $systemcontext->id));
4782 // adding capabilities
4783 foreach ($caps as $cap) {
4784 unset($cap->id);
4785 $cap->roleid = $targetrole;
4786 $DB->insert_record('role_capabilities', $cap);
4787 }
4788 }
4789
4790 /**
4791 * Returns two lists, this can be used to find out if user has capability.
4792 * Having any needed role and no forbidden role in this context means
4793 * user has this capability in this context.
4794 * Use get_role_names_with_cap_in_context() if you need role names to display in the UI
4795 *
4796 * @param stdClass $context
4797 * @param string $capability
4798 * @return array($neededroles, $forbiddenroles)
4799 */
4800 function get_roles_with_cap_in_context($context, $capability) {
4801 global $DB;
4802
4803 $ctxids = trim($context->path, '/'); // kill leading slash
4804 $ctxids = str_replace('/', ',', $ctxids);
4805
4806 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.depth
4807 FROM {role_capabilities} rc
4808 JOIN {context} ctx ON ctx.id = rc.contextid
4809 WHERE rc.capability = :cap AND ctx.id IN ($ctxids)
4810 ORDER BY rc.roleid ASC, ctx.depth DESC";
4811 $params = array('cap'=>$capability);
4812
4813 if (!$capdefs = $DB->get_records_sql($sql, $params)) {
4814 // no cap definitions --> no capability
4815 return array(array(), array());
4816 }
4817
4818 $forbidden = array();
4819 $needed = array();
4820 foreach($capdefs as $def) {
4821 if (isset($forbidden[$def->roleid])) {
4822 continue;
4823 }
4824 if ($def->permission == CAP_PROHIBIT) {
4825 $forbidden[$def->roleid] = $def->roleid;
4826 unset($needed[$def->roleid]);
4827 continue;
4828 }
4829 if (!isset($needed[$def->roleid])) {
4830 if ($def->permission == CAP_ALLOW) {
4831 $needed[$def->roleid] = true;
4832 } else if ($def->permission == CAP_PREVENT) {
4833 $needed[$def->roleid] = false;
4834 }
4835 }
4836 }
4837 unset($capdefs);
4838
4839 // remove all those roles not allowing
4840 foreach($needed as $key=>$value) {
4841 if (!$value) {
4842 unset($needed[$key]);
4843 } else {
4844 $needed[$key] = $key;
4845 }
4846 }
4847
4848 return array($needed, $forbidden);
4849 }
4850
4851 /**
4852 * Returns an array of role IDs that have ALL of the the supplied capabilities
4853 * Uses get_roles_with_cap_in_context(). Returns $allowed minus $forbidden
4854 *
4855 * @param stdClass $context
4856 * @param array $capabilities An array of capabilities
4857 * @return array of roles with all of the required capabilities
4858 */
4859 function get_roles_with_caps_in_context($context, $capabilities) {
4860 $neededarr = array();
4861 $forbiddenarr = array();
4862 foreach($capabilities as $caprequired) {
4863 list($neededarr[], $forbiddenarr[]) = get_roles_with_cap_in_context($context, $caprequired);
4864 }
4865
4866 $rolesthatcanrate = array();
4867 if (!empty($neededarr)) {
4868 foreach ($neededarr as $needed) {
4869 if (empty($rolesthatcanrate)) {
4870 $rolesthatcanrate = $needed;
4871 } else {
4872 //only want roles that have all caps
4873 $rolesthatcanrate = array_intersect_key($rolesthatcanrate,$needed);
4874 }
4875 }
4876 }
4877 if (!empty($forbiddenarr) && !empty($rolesthatcanrate)) {
4878 foreach ($forbiddenarr as $forbidden) {
4879 //remove any roles that are forbidden any of the caps
4880 $rolesthatcanrate = array_diff($rolesthatcanrate, $forbidden);
4881 }
4882 }
4883 return $rolesthatcanrate;
4884 }
4885
4886 /**
4887 * Returns an array of role names that have ALL of the the supplied capabilities
4888 * Uses get_roles_with_caps_in_context(). Returns $allowed minus $forbidden
4889 *
4890 * @param stdClass $context
4891 * @param array $capabilities An array of capabilities
4892 * @return array of roles with all of the required capabilities
4893 */
4894 function get_role_names_with_caps_in_context($context, $capabilities) {
4895 global $DB;
4896
4897 $rolesthatcanrate = get_roles_with_caps_in_context($context, $capabilities);
4898 $allroles = $DB->get_records('role', null, 'sortorder DESC');
4899
4900 $roles = array();
4901 foreach ($rolesthatcanrate as $r) {
4902 $roles[$r] = $allroles[$r];
4903 }
4904
4905 return role_fix_names($roles, $context, ROLENAME_ALIAS, true);
4906 }
4907
4908 /**
4909 * This function verifies the prohibit comes from this context
4910 * and there are no more prohibits in parent contexts.
4911 *
4912 * @param int $roleid
4913 * @param context $context
4914 * @param string $capability name
4915 * @return bool
4916 */
4917 function prohibit_is_removable($roleid, context $context, $capability) {
4918 global $DB;
4919
4920 $ctxids = trim($context->path, '/'); // kill leading slash
4921 $ctxids = str_replace('/', ',', $ctxids);
4922
4923 $params = array('roleid'=>$roleid, 'cap'=>$capability, 'prohibit'=>CAP_PROHIBIT);
4924
4925 $sql = "SELECT ctx.id
4926 FROM {role_capabilities} rc
4927 JOIN {context} ctx ON ctx.id = rc.contextid
4928 WHERE rc.roleid = :roleid AND rc.permission = :prohibit AND rc.capability = :cap AND ctx.id IN ($ctxids)
4929 ORDER BY ctx.depth DESC";
4930
4931 if (!$prohibits = $DB->get_records_sql($sql, $params)) {
4932 // no prohibits == nothing to remove
4933 return true;
4934 }
4935
4936 if (count($prohibits) > 1) {
4937 // more prohibits can not be removed
4938 return false;
4939 }
4940
4941 return !empty($prohibits[$context->id]);
4942 }
4943
4944 /**
4945 * More user friendly role permission changing,
4946 * it should produce as few overrides as possible.
4947 *
4948 * @param int $roleid
4949 * @param stdClass $context
4950 * @param string $capname capability name
4951 * @param int $permission
4952 * @return void
4953 */
4954 function role_change_permission($roleid, $context, $capname, $permission) {
4955 global $DB;
4956
4957 if ($permission == CAP_INHERIT) {
4958 unassign_capability($capname, $roleid, $context->id);
4959 $context->mark_dirty();
4960 return;
4961 }
4962
4963 $ctxids = trim($context->path, '/'); // kill leading slash
4964 $ctxids = str_replace('/', ',', $ctxids);
4965
4966 $params = array('roleid'=>$roleid, 'cap'=>$capname);
4967
4968 $sql = "SELECT ctx.id, rc.permission, ctx.depth
4969 FROM {role_capabilities} rc
4970 JOIN {context} ctx ON ctx.id = rc.contextid
4971 WHERE rc.roleid = :roleid AND rc.capability = :cap AND ctx.id IN ($ctxids)
4972 ORDER BY ctx.depth DESC";
4973
4974 if ($existing = $DB->get_records_sql($sql, $params)) {
4975 foreach($existing as $e) {
4976 if ($e->permission == CAP_PROHIBIT) {
4977 // prohibit can not be overridden, no point in changing anything
4978 return;
4979 }
4980 }
4981 $lowest = array_shift($existing);
4982 if ($lowest->permission == $permission) {
4983 // permission already set in this context or parent - nothing to do
4984 return;
4985 }
4986 if ($existing) {
4987 $parent = array_shift($existing);
4988 if ($parent->permission == $permission) {
4989 // permission already set in parent context or parent - just unset in this context
4990 // we do this because we want as few overrides as possible for performance reasons
4991 unassign_capability($capname, $roleid, $context->id);
4992 $context->mark_dirty();
4993 return;
4994 }
4995 }
4996
4997 } else {
4998 if ($permission == CAP_PREVENT) {
4999 // nothing means role does not have permission
5000 return;
5001 }
5002 }
5003
5004 // assign the needed capability
5005 assign_capability($capname, $permission, $roleid, $context->id, true);
5006
5007 // force cap reloading
5008 $context->mark_dirty();
5009 }
5010
5011
5012 /**
5013 * Basic moodle context abstraction class.
5014 *
5015 * Google confirms that no other important framework is using "context" class,
5016 * we could use something else like mcontext or moodle_context, but we need to type
5017 * this very often which would be annoying and it would take too much space...
5018 *
5019 * This class is derived from stdClass for backwards compatibility with
5020 * odl $context record that was returned from DML $DB->get_record()
5021 *
5022 * @package core_access
5023 * @category access
5024 * @copyright Petr Skoda {@link http://skodak.org}
5025 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5026 * @since Moodle 2.2
5027 *
5028 * @property-read int $id context id
5029 * @property-read int $contextlevel CONTEXT_SYSTEM, CONTEXT_COURSE, etc.
5030 * @property-read int $instanceid id of related instance in each context
5031 * @property-read string $path path to context, starts with system context
5032 * @property-read int $depth
5033 */
5034 abstract class context extends stdClass implements IteratorAggregate {
5035
5036 /**
5037 * The context id
5038 * Can be accessed publicly through $context->id
5039 * @var int
5040 */
5041 protected $_id;
5042
5043 /**
5044 * The context level
5045 * Can be accessed publicly through $context->contextlevel
5046 * @var int One of CONTEXT_* e.g. CONTEXT_COURSE, CONTEXT_MODULE
5047 */
5048 protected $_contextlevel;
5049
5050 /**
5051 * Id of the item this context is related to e.g. COURSE_CONTEXT => course.id
5052 * Can be accessed publicly through $context->instanceid
5053 * @var int
5054 */
5055 protected $_instanceid;
5056
5057 /**
5058 * The path to the context always starting from the system context
5059 * Can be accessed publicly through $context->path
5060 * @var string
5061 */
5062 protected $_path;
5063
5064 /**
5065 * The depth of the context in relation to parent contexts
5066 * Can be accessed publicly through $context->depth
5067 * @var int
5068 */
5069 protected $_depth;
5070
5071 /**
5072 * @var array Context caching info
5073 */
5074 private static $cache_contextsbyid = array();
5075
5076 /**
5077 * @var array Context caching info
5078 */
5079 private static $cache_contexts = array();
5080
5081 /**
5082 * Context count
5083 * Why do we do count contexts? Because count($array) is horribly slow for large arrays
5084 * @var int
5085 */
5086 protected static $cache_count = 0;
5087
5088 /**
5089 * @var array Context caching info
5090 */
5091 protected static $cache_preloaded = array();
5092
5093 /**
5094 * @var context_system The system context once initialised
5095 */
5096 protected static $systemcontext = null;
5097
5098 /**
5099 * Resets the cache to remove all data.
5100 * @static
5101 */
5102 protected static function reset_caches() {
5103 self::$cache_contextsbyid = array();
5104 self::$cache_contexts = array();
5105 self::$cache_count = 0;
5106 self::$cache_preloaded = array();
5107
5108 self::$systemcontext = null;
5109 }
5110
5111 /**
5112 * Adds a context to the cache. If the cache is full, discards a batch of
5113 * older entries.
5114 *
5115 * @static
5116 * @param context $context New context to add
5117 * @return void
5118 */
5119 protected static function cache_add(context $context) {
5120 if (isset(self::$cache_contextsbyid[$context->id])) {
5121 // already cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
5122 return;
5123 }
5124
5125 if (self::$cache_count >= CONTEXT_CACHE_MAX_SIZE) {
5126 $i = 0;
5127 foreach(self::$cache_contextsbyid as $ctx) {
5128 $i++;
5129 if ($i <= 100) {
5130 // we want to keep the first contexts to be loaded on this page, hopefully they will be needed again later
5131 continue;
5132 }
5133 if ($i > (CONTEXT_CACHE_MAX_SIZE / 3)) {
5134 // we remove oldest third of the contexts to make room for more contexts
5135 break;
5136 }
5137 unset(self::$cache_contextsbyid[$ctx->id]);
5138 unset(self::$cache_contexts[$ctx->contextlevel][$ctx->instanceid]);
5139 self::$cache_count--;
5140 }
5141 }
5142
5143 self::$cache_contexts[$context->contextlevel][$context->instanceid] = $context;
5144 self::$cache_contextsbyid[$context->id] = $context;
5145 self::$cache_count++;
5146 }
5147
5148 /**
5149 * Removes a context from the cache.
5150 *
5151 * @static
5152 * @param context $context Context object to remove
5153 * @return void
5154 */
5155 protected static function cache_remove(context $context) {
5156 if (!isset(self::$cache_contextsbyid[$context->id])) {
5157 // not cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
5158 return;
5159 }
5160 unset(self::$cache_contexts[$context->contextlevel][$context->instanceid]);
5161 unset(self::$cache_contextsbyid[$context->id]);
5162
5163 self::$cache_count--;
5164
5165 if (self::$cache_count < 0) {
5166 self::$cache_count = 0;
5167 }
5168 }
5169
5170 /**
5171 * Gets a context from the cache.
5172 *
5173 * @static
5174 * @param int $contextlevel Context level
5175 * @param int $instance Instance ID
5176 * @return context|bool Context or false if not in cache
5177 */
5178 protected static function cache_get($contextlevel, $instance) {
5179 if (isset(self::$cache_contexts[$contextlevel][$instance])) {
5180 return self::$cache_contexts[$contextlevel][$instance];
5181 }
5182 return false;
5183 }
5184
5185 /**
5186 * Gets a context from the cache based on its id.
5187 *
5188 * @static
5189 * @param int $id Context ID
5190 * @return context|bool Context or false if not in cache
5191 */
5192 protected static function cache_get_by_id($id) {
5193 if (isset(self::$cache_contextsbyid[$id])) {
5194 return self::$cache_contextsbyid[$id];
5195 }
5196 return false;
5197 }
5198
5199 /**
5200 * Preloads context information from db record and strips the cached info.
5201 *
5202 * @static
5203 * @param stdClass $rec
5204 * @return void (modifies $rec)
5205 */
5206 protected static function preload_from_record(stdClass $rec) {
5207 if (empty($rec->ctxid) or empty($rec->ctxlevel) or !isset($rec->ctxinstance) or empty($rec->ctxpath) or empty($rec->ctxdepth)) {
5208 // $rec does not have enough data, passed here repeatedly or context does not exist yet
5209 return;
5210 }
5211
5212 // note: in PHP5 the objects are passed by reference, no need to return $rec
5213 $record = new stdClass();
5214 $record->id = $rec->ctxid; unset($rec->ctxid);
5215 $record->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel);
5216 $record->instanceid = $rec->ctxinstance; unset($rec->ctxinstance);
5217 $record->path = $rec->ctxpath; unset($rec->ctxpath);
5218 $record->depth = $rec->ctxdepth; unset($rec->ctxdepth);
5219
5220 return context::create_instance_from_record($record);
5221 }
5222
5223
5224 // ====== magic methods =======
5225
5226 /**
5227 * Magic setter method, we do not want anybody to modify properties from the outside
5228 * @param string $name
5229 * @param mixed $value
5230 */
5231 public function __set($name, $value) {
5232 debugging('Can not change context instance properties!');
5233 }
5234
5235 /**
5236 * Magic method getter, redirects to read only values.
5237 * @param string $name
5238 * @return mixed
5239 */
5240 public function __get($name) {
5241 switch ($name) {
5242 case 'id': return $this->_id;
5243 case 'contextlevel': return $this->_contextlevel;
5244 case 'instanceid': return $this->_instanceid;
5245 case 'path': return $this->_path;
5246 case 'depth': return $this->_depth;
5247
5248 default:
5249 debugging('Invalid context property accessed! '.$name);
5250 return null;
5251 }
5252 }
5253
5254 /**
5255 * Full support for isset on our magic read only properties.
5256 * @param string $name
5257 * @return bool
5258 */
5259 public function __isset($name) {
5260 switch ($name) {
5261 case 'id': return isset($this->_id);
5262 case 'contextlevel': return isset($this->_contextlevel);
5263 case 'instanceid': return isset($this->_instanceid);
5264 case 'path': return isset($this->_path);
5265 case 'depth': return isset($this->_depth);
5266
5267 default: return false;
5268 }
5269
5270 }
5271
5272 /**
5273 * ALl properties are read only, sorry.
5274 * @param string $name
5275 */
5276 public function __unset($name) {
5277 debugging('Can not unset context instance properties!');
5278 }
5279
5280 // ====== implementing method from interface IteratorAggregate ======
5281
5282 /**
5283 * Create an iterator because magic vars can't be seen by 'foreach'.
5284 *
5285 * Now we can convert context object to array using convert_to_array(),
5286 * and feed it properly to json_encode().
5287 */
5288 public function getIterator() {
5289 $ret = array(
5290 'id' => $this->id,
5291 'contextlevel' => $this->contextlevel,
5292 'instanceid' => $this->instanceid,
5293 'path' => $this->path,
5294 'depth' => $this->depth
5295 );
5296 return new ArrayIterator($ret);
5297 }
5298
5299 // ====== general context methods ======
5300
5301 /**
5302 * Constructor is protected so that devs are forced to
5303 * use context_xxx::instance() or context::instance_by_id().
5304 *
5305 * @param stdClass $record
5306 */
5307 protected function __construct(stdClass $record) {
5308 $this->_id = (int)$record->id;
5309 $this->_contextlevel = (int)$record->contextlevel;
5310 $this->_instanceid = $record->instanceid;
5311 $this->_path = $record->path;
5312 $this->_depth = $record->depth;
5313 }
5314
5315 /**
5316 * This function is also used to work around 'protected' keyword problems in context_helper.
5317 * @static
5318 * @param stdClass $record
5319 * @return context instance
5320 */
5321 protected static function create_instance_from_record(stdClass $record) {
5322 $classname = context_helper::get_class_for_level($record->contextlevel);
5323
5324 if ($context = context::cache_get_by_id($record->id)) {
5325 return $context;
5326 }
5327
5328 $context = new $classname($record);
5329 context::cache_add($context);
5330
5331 return $context;
5332 }
5333
5334 /**
5335 * Copy prepared new contexts from temp table to context table,
5336 * we do this in db specific way for perf reasons only.
5337 * @static
5338 */
5339 protected static function merge_context_temp_table() {
5340 global $DB;
5341
5342 /* MDL-11347:
5343 * - mysql does not allow to use FROM in UPDATE statements
5344 * - using two tables after UPDATE works in mysql, but might give unexpected
5345 * results in pg 8 (depends on configuration)
5346 * - using table alias in UPDATE does not work in pg < 8.2
5347 *
5348 * Different code for each database - mostly for performance reasons
5349 */
5350
5351 $dbfamily = $DB->get_dbfamily();
5352 if ($dbfamily == 'mysql') {
5353 $updatesql = "UPDATE {context} ct, {context_temp} temp
5354 SET ct.path = temp.path,
5355 ct.depth = temp.depth
5356 WHERE ct.id = temp.id";
5357 } else if ($dbfamily == 'oracle') {
5358 $updatesql = "UPDATE {context} ct
5359 SET (ct.path, ct.depth) =
5360 (SELECT temp.path, temp.depth
5361 FROM {context_temp} temp
5362 WHERE temp.id=ct.id)
5363 WHERE EXISTS (SELECT 'x'
5364 FROM {context_temp} temp
5365 WHERE temp.id = ct.id)";
5366 } else if ($dbfamily == 'postgres' or $dbfamily == 'mssql') {
5367 $updatesql = "UPDATE {context}
5368 SET path = temp.path,
5369 depth = temp.depth
5370 FROM {context_temp} temp
5371 WHERE temp.id={context}.id";
5372 } else {
5373 // sqlite and others
5374 $updatesql = "UPDATE {context}
5375 SET path = (SELECT path FROM {context_temp} WHERE id = {context}.id),
5376 depth = (SELECT depth FROM {context_temp} WHERE id = {context}.id)
5377 WHERE id IN (SELECT id FROM {context_temp})";
5378 }
5379
5380 $DB->execute($updatesql);
5381 }
5382
5383 /**
5384 * Get a context instance as an object, from a given context id.
5385 *
5386 * @static
5387 * @param int $id context id
5388 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
5389 * MUST_EXIST means throw exception if no record found
5390 * @return context|bool the context object or false if not found
5391 */
5392 public static function instance_by_id($id, $strictness = MUST_EXIST) {
5393 global $DB;
5394
5395 if (get_called_class() !== 'context' and get_called_class() !== 'context_helper') {
5396 // some devs might confuse context->id and instanceid, better prevent these mistakes completely
5397 throw new coding_exception('use only context::instance_by_id() for real context levels use ::instance() methods');
5398 }
5399
5400 if ($id == SYSCONTEXTID) {
5401 return context_system::instance(0, $strictness);
5402 }
5403
5404 if (is_array($id) or is_object($id) or empty($id)) {
5405 throw new coding_exception('Invalid context id specified context::instance_by_id()');
5406 }
5407
5408 if ($context = context::cache_get_by_id($id)) {
5409 return $context;
5410 }
5411
5412 if ($record = $DB->get_record('context', array('id'=>$id), '*', $strictness)) {
5413 return context::create_instance_from_record($record);
5414 }
5415
5416 return false;
5417 }
5418
5419 /**
5420 * Update context info after moving context in the tree structure.
5421 *
5422 * @param context $newparent
5423 * @return void
5424 */
5425 public function update_moved(context $newparent) {
5426 global $DB;
5427
5428 $frompath = $this->_path;
5429 $newpath = $newparent->path . '/' . $this->_id;
5430
5431 $trans = $DB->start_delegated_transaction();
5432
5433 $this->mark_dirty();
5434
5435 $setdepth = '';
5436 if (($newparent->depth +1) != $this->_depth) {
5437 $diff = $newparent->depth - $this->_depth + 1;
5438 $setdepth = ", depth = depth + $diff";
5439 }
5440 $sql = "UPDATE {context}
5441 SET path = ?
5442 $setdepth
5443 WHERE id = ?";
5444 $params = array($newpath, $this->_id);
5445 $DB->execute($sql, $params);
5446
5447 $this->_path = $newpath;
5448 $this->_depth = $newparent->depth + 1;
5449
5450 $sql = "UPDATE {context}
5451 SET path = ".$DB->sql_concat("?", $DB->sql_substr("path", strlen($frompath)+1))."
5452 $setdepth
5453 WHERE path LIKE ?";
5454 $params = array($newpath, "{$frompath}/%");
5455 $DB->execute($sql, $params);
5456
5457 $this->mark_dirty();
5458
5459 context::reset_caches();
5460
5461 $trans->allow_commit();
5462 }
5463
5464 /**
5465 * Remove all context path info and optionally rebuild it.
5466 *
5467 * @param bool $rebuild
5468 * @return void
5469 */
5470 public function reset_paths($rebuild = true) {
5471 global $DB;
5472
5473 if ($this->_path) {
5474 $this->mark_dirty();
5475 }
5476 $DB->set_field_select('context', 'depth', 0, "path LIKE '%/$this->_id/%'");
5477 $DB->set_field_select('context', 'path', NULL, "path LIKE '%/$this->_id/%'");
5478 if ($this->_contextlevel != CONTEXT_SYSTEM) {
5479 $DB->set_field('context', 'depth', 0, array('id'=>$this->_id));
5480 $DB->set_field('context', 'path', NULL, array('id'=>$this->_id));
5481 $this->_depth = 0;
5482 $this->_path = null;
5483 }
5484
5485 if ($rebuild) {
5486 context_helper::build_all_paths(false);
5487 }
5488
5489 context::reset_caches();
5490 }
5491
5492 /**
5493 * Delete all data linked to content, do not delete the context record itself
5494 */
5495 public function delete_content() {
5496 global $CFG, $DB;
5497
5498 blocks_delete_all_for_context($this->_id);
5499 filter_delete_all_for_context($this->_id);
5500
5501 require_once($CFG->dirroot . '/comment/lib.php');
5502 comment::delete_comments(array('contextid'=>$this->_id));
5503
5504 require_once($CFG->dirroot.'/rating/lib.php');
5505 $delopt = new stdclass();
5506 $delopt->contextid = $this->_id;
5507 $rm = new rating_manager();
5508 $rm->delete_ratings($delopt);
5509
5510 // delete all files attached to this context
5511 $fs = get_file_storage();
5512 $fs->delete_area_files($this->_id);
5513
5514 // Delete all repository instances attached to this context.
5515 require_once($CFG->dirroot . '/repository/lib.php');
5516 repository::delete_all_for_context($this->_id);
5517
5518 // delete all advanced grading data attached to this context
5519 require_once($CFG->dirroot.'/grade/grading/lib.php');
5520 grading_manager::delete_all_for_context($this->_id);
5521
5522 // now delete stuff from role related tables, role_unassign_all
5523 // and unenrol should be called earlier to do proper cleanup
5524 $DB->delete_records('role_assignments', array('contextid'=>$this->_id));
5525 $DB->delete_records('role_capabilities', array('contextid'=>$this->_id));
5526 $DB->delete_records('role_names', array('contextid'=>$this->_id));
5527 }
5528
5529 /**
5530 * Delete the context content and the context record itself
5531 */
5532 public function delete() {
5533 global $DB;
5534
5535 if ($this->_contextlevel <= CONTEXT_SYSTEM) {
5536 throw new coding_exception('Cannot delete system context');
5537 }
5538
5539 // double check the context still exists
5540 if (!$DB->record_exists('context', array('id'=>$this->_id))) {
5541 context::cache_remove($this);
5542 return;
5543 }
5544
5545 $this->delete_content();
5546 $DB->delete_records('context', array('id'=>$this->_id));
5547 // purge static context cache if entry present
5548 context::cache_remove($this);
5549
5550 // do not mark dirty contexts if parents unknown
5551 if (!is_null($this->_path) and $this->_depth > 0) {
5552 $this->mark_dirty();
5553 }
5554 }
5555
5556 // ====== context level related methods ======
5557
5558 /**
5559 * Utility method for context creation
5560 *
5561 * @static
5562 * @param int $contextlevel
5563 * @param int $instanceid
5564 * @param string $parentpath
5565 * @return stdClass context record
5566 */
5567 protected static function insert_context_record($contextlevel, $instanceid, $parentpath) {
5568 global $DB;
5569
5570 $record = new stdClass();
5571 $record->contextlevel = $contextlevel;
5572 $record->instanceid = $instanceid;
5573 $record->depth = 0;
5574 $record->path = null; //not known before insert
5575
5576 $record->id = $DB->insert_record('context', $record);
5577
5578 // now add path if known - it can be added later
5579 if (!is_null($parentpath)) {
5580 $record->path = $parentpath.'/'.$record->id;
5581 $record->depth = substr_count($record->path, '/');
5582 $DB->update_record('context', $record);
5583 }
5584
5585 return $record;
5586 }
5587
5588 /**
5589 * Returns human readable context identifier.
5590 *
5591 * @param boolean $withprefix whether to prefix the name of the context with the
5592 * type of context, e.g. User, Course, Forum, etc.
5593 * @param boolean $short whether to use the short name of the thing. Only applies
5594 * to course contexts
5595 * @return string the human readable context name.
5596 */
5597 public function get_context_name($withprefix = true, $short = false) {
5598 // must be implemented in all context levels
5599 throw new coding_exception('can not get name of abstract context');
5600 }
5601
5602 /**
5603 * Returns the most relevant URL for this context.
5604 *
5605 * @return moodle_url
5606 */
5607 public abstract function get_url();
5608
5609 /**
5610 * Returns array of relevant context capability records.
5611 *
5612 * @return array
5613 */
5614 public abstract function get_capabilities();
5615
5616 /**
5617 * Recursive function which, given a context, find all its children context ids.
5618 *
5619 * For course category contexts it will return immediate children and all subcategory contexts.
5620 * It will NOT recurse into courses or subcategories categories.
5621 * If you want to do that, call it on the returned courses/categories.
5622 *
5623 * When called for a course context, it will return the modules and blocks
5624 * displayed in the course page and blocks displayed on the module pages.
5625 *
5626 * If called on a user/course/module context it _will_ populate the cache with the appropriate
5627 * contexts ;-)
5628 *
5629 * @return array Array of child records
5630 */
5631 public function get_child_contexts() {
5632 global $DB;
5633
5634 if (empty($this->_path) or empty($this->_depth)) {
5635 debugging('Can not find child contexts of context '.$this->_id.' try rebuilding of context paths');
5636 return array();
5637 }
5638
5639 $sql = "SELECT ctx.*
5640 FROM {context} ctx
5641 WHERE ctx.path LIKE ?";
5642 $params = array($this->_path.'/%');
5643 $records = $DB->get_records_sql($sql, $params);
5644
5645 $result = array();
5646 foreach ($records as $record) {
5647 $result[$record->id] = context::create_instance_from_record($record);
5648 }
5649
5650 return $result;
5651 }
5652
5653 /**
5654 * Returns parent contexts of this context in reversed order, i.e. parent first,
5655 * then grand parent, etc.
5656 *
5657 * @param bool $includeself tre means include self too
5658 * @return array of context instances
5659 */
5660 public function get_parent_contexts($includeself = false) {
5661 if (!$contextids = $this->get_parent_context_ids($includeself)) {
5662 return array();
5663 }
5664
5665 $result = array();
5666 foreach ($contextids as $contextid) {
5667 $parent = context::instance_by_id($contextid, MUST_EXIST);
5668 $result[$parent->id] = $parent;
5669 }
5670
5671 return $result;
5672 }
5673
5674 /**
5675 * Returns parent contexts of this context in reversed order, i.e. parent first,
5676 * then grand parent, etc.
5677 *
5678 * @param bool $includeself tre means include self too
5679 * @return array of context ids
5680 */
5681 public function get_parent_context_ids($includeself = false) {
5682 if (empty($this->_path)) {
5683 return array();
5684 }
5685
5686 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5687 $parentcontexts = explode('/', $parentcontexts);
5688 if (!$includeself) {
5689 array_pop($parentcontexts); // and remove its own id
5690 }
5691
5692 return array_reverse($parentcontexts);
5693 }
5694
5695 /**
5696 * Returns parent context
5697 *
5698 * @return context
5699 */
5700 public function get_parent_context() {
5701 if (empty($this->_path) or $this->_id == SYSCONTEXTID) {
5702 return false;
5703 }
5704
5705 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5706 $parentcontexts = explode('/', $parentcontexts);
5707 array_pop($parentcontexts); // self
5708 $contextid = array_pop($parentcontexts); // immediate parent
5709
5710 return context::instance_by_id($contextid, MUST_EXIST);
5711 }
5712
5713 /**
5714 * Is this context part of any course? If yes return course context.
5715 *
5716 * @param bool $strict true means throw exception if not found, false means return false if not found
5717 * @return context_course context of the enclosing course, null if not found or exception
5718 */
5719 public function get_course_context($strict = true) {
5720 if ($strict) {
5721 throw new coding_exception('Context does not belong to any course.');
5722 } else {
5723 return false;
5724 }
5725 }
5726
5727 /**
5728 * Returns sql necessary for purging of stale context instances.
5729 *
5730 * @static
5731 * @return string cleanup SQL
5732 */
5733 protected static function get_cleanup_sql() {
5734 throw new coding_exception('get_cleanup_sql() method must be implemented in all context levels');
5735 }
5736
5737 /**
5738 * Rebuild context paths and depths at context level.
5739 *
5740 * @static
5741 * @param bool $force
5742 * @return void
5743 */
5744 protected static function build_paths($force) {
5745 throw new coding_exception('build_paths() method must be implemented in all context levels');
5746 }
5747
5748 /**
5749 * Create missing context instances at given level
5750 *
5751 * @static
5752 * @return void
5753 */
5754 protected static function create_level_instances() {
5755 throw new coding_exception('create_level_instances() method must be implemented in all context levels');
5756 }
5757
5758 /**
5759 * Reset all cached permissions and definitions if the necessary.
5760 * @return void
5761 */
5762 public function reload_if_dirty() {
5763 global $ACCESSLIB_PRIVATE, $USER;
5764
5765 // Load dirty contexts list if needed
5766 if (CLI_SCRIPT) {
5767 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5768 // we do not load dirty flags in CLI and cron
5769 $ACCESSLIB_PRIVATE->dirtycontexts = array();
5770 }
5771 } else {
5772 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5773 if (!isset($USER->access['time'])) {
5774 // nothing was loaded yet, we do not need to check dirty contexts now
5775 return;
5776 }
5777 // no idea why -2 is there, server cluster time difference maybe... (skodak)
5778 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5779 }
5780 }
5781
5782 foreach ($ACCESSLIB_PRIVATE->dirtycontexts as $path=>$unused) {
5783 if ($path === $this->_path or strpos($this->_path, $path.'/') === 0) {
5784 // reload all capabilities of USER and others - preserving loginas, roleswitches, etc
5785 // and then cleanup any marks of dirtyness... at least from our short term memory! :-)
5786 reload_all_capabilities();
5787 break;
5788 }
5789 }
5790 }
5791
5792 /**
5793 * Mark a context as dirty (with timestamp) so as to force reloading of the context.
5794 */
5795 public function mark_dirty() {
5796 global $CFG, $USER, $ACCESSLIB_PRIVATE;
5797
5798 if (during_initial_install()) {
5799 return;
5800 }
5801
5802 // only if it is a non-empty string
5803 if (is_string($this->_path) && $this->_path !== '') {
5804 set_cache_flag('accesslib/dirtycontexts', $this->_path, 1, time()+$CFG->sessiontimeout);
5805 if (isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5806 $ACCESSLIB_PRIVATE->dirtycontexts[$this->_path] = 1;
5807 } else {
5808 if (CLI_SCRIPT) {
5809 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5810 } else {
5811 if (isset($USER->access['time'])) {
5812 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5813 } else {
5814 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5815 }
5816 // flags not loaded yet, it will be done later in $context->reload_if_dirty()
5817 }
5818 }
5819 }
5820 }
5821 }
5822
5823
5824 /**
5825 * Context maintenance and helper methods.
5826 *
5827 * This is "extends context" is a bloody hack that tires to work around the deficiencies
5828 * in the "protected" keyword in PHP, this helps us to hide all the internals of context
5829 * level implementation from the rest of code, the code completion returns what developers need.
5830 *
5831 * Thank you Tim Hunt for helping me with this nasty trick.
5832 *
5833 * @package core_access
5834 * @category access
5835 * @copyright Petr Skoda {@link http://skodak.org}
5836 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5837 * @since Moodle 2.2
5838 */
5839 class context_helper extends context {
5840
5841 /**
5842 * @var array An array mapping context levels to classes
5843 */
5844 private static $alllevels;
5845
5846 /**
5847 * Instance does not make sense here, only static use
5848 */
5849 protected function __construct() {
5850 }
5851
5852 /**
5853 * Reset internal context levels array.
5854 */
5855 public static function reset_levels() {
5856 self::$alllevels = null;
5857 }
5858
5859 /**
5860 * Initialise context levels, call before using self::$alllevels.
5861 */
5862 private static function init_levels() {
5863 global $CFG;
5864
5865 if (isset(self::$alllevels)) {
5866 return;
5867 }
5868 self::$alllevels = array(
5869 CONTEXT_SYSTEM => 'context_system',
5870 CONTEXT_USER => 'context_user',
5871 CONTEXT_COURSECAT => 'context_coursecat',
5872 CONTEXT_COURSE => 'context_course',
5873 CONTEXT_MODULE => 'context_module',
5874 CONTEXT_BLOCK => 'context_block',
5875 );
5876
5877 if (empty($CFG->custom_context_classes)) {
5878 return;
5879 }
5880
5881 $levels = $CFG->custom_context_classes;
5882 if (!is_array($levels)) {
5883 $levels = @unserialize($levels);
5884 }
5885 if (!is_array($levels)) {
5886 debugging('Invalid $CFG->custom_context_classes detected, value ignored.', DEBUG_DEVELOPER);
5887 return;
5888 }
5889
5890 // Unsupported custom levels, use with care!!!
5891 foreach ($levels as $level => $classname) {
5892 self::$alllevels[$level] = $classname;
5893 }
5894 ksort(self::$alllevels);
5895 }
5896
5897 /**
5898 * Returns a class name of the context level class
5899 *
5900 * @static
5901 * @param int $contextlevel (CONTEXT_SYSTEM, etc.)
5902 * @return string class name of the context class
5903 */
5904 public static function get_class_for_level($contextlevel) {
5905 self::init_levels();
5906 if (isset(self::$alllevels[$contextlevel])) {
5907 return self::$alllevels[$contextlevel];
5908 } else {
5909 throw new coding_exception('Invalid context level specified');
5910 }
5911 }
5912
5913 /**
5914 * Returns a list of all context levels
5915 *
5916 * @static
5917 * @return array int=>string (level=>level class name)
5918 */
5919 public static function get_all_levels() {
5920 self::init_levels();
5921 return self::$alllevels;
5922 }
5923
5924 /**
5925 * Remove stale contexts that belonged to deleted instances.
5926 * Ideally all code should cleanup contexts properly, unfortunately accidents happen...
5927 *
5928 * @static
5929 * @return void
5930 */
5931 public static function cleanup_instances() {
5932 global $DB;
5933 self::init_levels();
5934
5935 $sqls = array();
5936 foreach (self::$alllevels as $level=>$classname) {
5937 $sqls[] = $classname::get_cleanup_sql();
5938 }
5939
5940 $sql = implode(" UNION ", $sqls);
5941
5942 // it is probably better to use transactions, it might be faster too
5943 $transaction = $DB->start_delegated_transaction();
5944
5945 $rs = $DB->get_recordset_sql($sql);
5946 foreach ($rs as $record) {
5947 $context = context::create_instance_from_record($record);
5948 $context->delete();
5949 }
5950 $rs->close();
5951
5952 $transaction->allow_commit();
5953 }
5954
5955 /**
5956 * Create all context instances at the given level and above.
5957 *
5958 * @static
5959 * @param int $contextlevel null means all levels
5960 * @param bool $buildpaths
5961 * @return void
5962 */
5963 public static function create_instances($contextlevel = null, $buildpaths = true) {
5964 self::init_levels();
5965 foreach (self::$alllevels as $level=>$classname) {
5966 if ($contextlevel and $level > $contextlevel) {
5967 // skip potential sub-contexts
5968 continue;
5969 }
5970 $classname::create_level_instances();
5971 if ($buildpaths) {
5972 $classname::build_paths(false);
5973 }
5974 }
5975 }
5976
5977 /**
5978 * Rebuild paths and depths in all context levels.
5979 *
5980 * @static
5981 * @param bool $force false means add missing only
5982 * @return void
5983 */
5984 public static function build_all_paths($force = false) {
5985 self::init_levels();
5986 foreach (self::$alllevels as $classname) {
5987 $classname::build_paths($force);
5988 }
5989
5990 // reset static course cache - it might have incorrect cached data
5991 accesslib_clear_all_caches(true);
5992 }
5993
5994 /**
5995 * Resets the cache to remove all data.
5996 * @static
5997 */
5998 public static function reset_caches() {
5999 context::reset_caches();
6000 }
6001
6002 /**
6003 * Returns all fields necessary for context preloading from user $rec.
6004 *
6005 * This helps with performance when dealing with hundreds of contexts.
6006 *
6007 * @static
6008 * @param string $tablealias context table alias in the query
6009 * @return array (table.column=>alias, ...)
6010 */
6011 public static function get_preload_record_columns($tablealias) {
6012 return array("$tablealias.id"=>"ctxid", "$tablealias.path"=>"ctxpath", "$tablealias.depth"=>"ctxdepth", "$tablealias.contextlevel"=>"ctxlevel", "$tablealias.instanceid"=>"ctxinstance");
6013 }
6014
6015 /**
6016 * Returns all fields necessary for context preloading from user $rec.
6017 *
6018 * This helps with performance when dealing with hundreds of contexts.
6019 *
6020 * @static
6021 * @param string $tablealias context table alias in the query
6022 * @return string
6023 */
6024 public static function get_preload_record_columns_sql($tablealias) {
6025 return "$tablealias.id AS ctxid, $tablealias.path AS ctxpath, $tablealias.depth AS ctxdepth, $tablealias.contextlevel AS ctxlevel, $tablealias.instanceid AS ctxinstance";
6026 }
6027
6028 /**
6029 * Preloads context information from db record and strips the cached info.
6030 *
6031 * The db request has to contain all columns from context_helper::get_preload_record_columns().
6032 *
6033 * @static
6034 * @param stdClass $rec
6035 * @return void (modifies $rec)
6036 */
6037 public static function preload_from_record(stdClass $rec) {
6038 context::preload_from_record($rec);
6039 }
6040
6041 /**
6042 * Preload all contexts instances from course.
6043 *
6044 * To be used if you expect multiple queries for course activities...
6045 *
6046 * @static
6047 * @param int $courseid
6048 */
6049 public static function preload_course($courseid) {
6050 // Users can call this multiple times without doing any harm
6051 if (isset(context::$cache_preloaded[$courseid])) {
6052 return;
6053 }
6054 $coursecontext = context_course::instance($courseid);
6055 $coursecontext->get_child_contexts();
6056
6057 context::$cache_preloaded[$courseid] = true;
6058 }
6059
6060 /**
6061 * Delete context instance
6062 *
6063 * @static
6064 * @param int $contextlevel
6065 * @param int $instanceid
6066 * @return void
6067 */
6068 public static function delete_instance($contextlevel, $instanceid) {
6069 global $DB;
6070
6071 // double check the context still exists
6072 if ($record = $DB->get_record('context', array('contextlevel'=>$contextlevel, 'instanceid'=>$instanceid))) {
6073 $context = context::create_instance_from_record($record);
6074 $context->delete();
6075 } else {
6076 // we should try to purge the cache anyway
6077 }
6078 }
6079
6080 /**
6081 * Returns the name of specified context level
6082 *
6083 * @static
6084 * @param int $contextlevel
6085 * @return string name of the context level
6086 */
6087 public static function get_level_name($contextlevel) {
6088 $classname = context_helper::get_class_for_level($contextlevel);
6089 return $classname::get_level_name();
6090 }
6091
6092 /**
6093 * not used
6094 */
6095 public function get_url() {
6096 }
6097
6098 /**
6099 * not used
6100 */
6101 public function get_capabilities() {
6102 }
6103 }
6104
6105
6106 /**
6107 * System context class
6108 *
6109 * @package core_access
6110 * @category access
6111 * @copyright Petr Skoda {@link http://skodak.org}
6112 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6113 * @since Moodle 2.2
6114 */
6115 class context_system extends context {
6116 /**
6117 * Please use context_system::instance() if you need the instance of context.
6118 *
6119 * @param stdClass $record
6120 */
6121 protected function __construct(stdClass $record) {
6122 parent::__construct($record);
6123 if ($record->contextlevel != CONTEXT_SYSTEM) {
6124 throw new coding_exception('Invalid $record->contextlevel in context_system constructor.');
6125 }
6126 }
6127
6128 /**
6129 * Returns human readable context level name.
6130 *
6131 * @static
6132 * @return string the human readable context level name.
6133 */
6134 public static function get_level_name() {
6135 return get_string('coresystem');
6136 }
6137
6138 /**
6139 * Returns human readable context identifier.
6140 *
6141 * @param boolean $withprefix does not apply to system context
6142 * @param boolean $short does not apply to system context
6143 * @return string the human readable context name.
6144 */
6145 public function get_context_name($withprefix = true, $short = false) {
6146 return self::get_level_name();
6147 }
6148
6149 /**
6150 * Returns the most relevant URL for this context.
6151 *
6152 * @return moodle_url
6153 */
6154 public function get_url() {
6155 return new moodle_url('/');
6156 }
6157
6158 /**
6159 * Returns array of relevant context capability records.
6160 *
6161 * @return array
6162 */
6163 public function get_capabilities() {
6164 global $DB;
6165
6166 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6167
6168 $params = array();
6169 $sql = "SELECT *
6170 FROM {capabilities}";
6171
6172 return $DB->get_records_sql($sql.' '.$sort, $params);
6173 }
6174
6175 /**
6176 * Create missing context instances at system context
6177 * @static
6178 */
6179 protected static function create_level_instances() {
6180 // nothing to do here, the system context is created automatically in installer
6181 self::instance(0);
6182 }
6183
6184 /**
6185 * Returns system context instance.
6186 *
6187 * @static
6188 * @param int $instanceid
6189 * @param int $strictness
6190 * @param bool $cache
6191 * @return context_system context instance
6192 */
6193 public static function instance($instanceid = 0, $strictness = MUST_EXIST, $cache = true) {
6194 global $DB;
6195
6196 if ($instanceid != 0) {
6197 debugging('context_system::instance(): invalid $id parameter detected, should be 0');
6198 }
6199
6200 if (defined('SYSCONTEXTID') and $cache) { // dangerous: define this in config.php to eliminate 1 query/page
6201 if (!isset(context::$systemcontext)) {
6202 $record = new stdClass();
6203 $record->id = SYSCONTEXTID;
6204 $record->contextlevel = CONTEXT_SYSTEM;
6205 $record->instanceid = 0;
6206 $record->path = '/'.SYSCONTEXTID;
6207 $record->depth = 1;
6208 context::$systemcontext = new context_system($record);
6209 }
6210 return context::$systemcontext;
6211 }
6212
6213
6214 try {
6215 // We ignore the strictness completely because system context must exist except during install.
6216 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
6217 } catch (dml_exception $e) {
6218 //table or record does not exist
6219 if (!during_initial_install()) {
6220 // do not mess with system context after install, it simply must exist
6221 throw $e;
6222 }
6223 $record = null;
6224 }
6225
6226 if (!$record) {
6227 $record = new stdClass();
6228 $record->contextlevel = CONTEXT_SYSTEM;
6229 $record->instanceid = 0;
6230 $record->depth = 1;
6231 $record->path = null; //not known before insert
6232
6233 try {
6234 if ($DB->count_records('context')) {
6235 // contexts already exist, this is very weird, system must be first!!!
6236 return null;
6237 }
6238 if (defined('SYSCONTEXTID')) {
6239 // this would happen only in unittest on sites that went through weird 1.7 upgrade
6240 $record->id = SYSCONTEXTID;
6241 $DB->import_record('context', $record);
6242 $DB->get_manager()->reset_sequence('context');
6243 } else {
6244 $record->id = $DB->insert_record('context', $record);
6245 }
6246 } catch (dml_exception $e) {
6247 // can not create context - table does not exist yet, sorry
6248 return null;
6249 }
6250 }
6251
6252 if ($record->instanceid != 0) {
6253 // this is very weird, somebody must be messing with context table
6254 debugging('Invalid system context detected');
6255 }
6256
6257 if ($record->depth != 1 or $record->path != '/'.$record->id) {
6258 // fix path if necessary, initial install or path reset
6259 $record->depth = 1;
6260 $record->path = '/'.$record->id;
6261 $DB->update_record('context', $record);
6262 }
6263
6264 if (!defined('SYSCONTEXTID')) {
6265 define('SYSCONTEXTID', $record->id);
6266 }
6267
6268 context::$systemcontext = new context_system($record);
6269 return context::$systemcontext;
6270 }
6271
6272 /**
6273 * Returns all site contexts except the system context, DO NOT call on production servers!!
6274 *
6275 * Contexts are not cached.
6276 *
6277 * @return array
6278 */
6279 public function get_child_contexts() {
6280 global $DB;
6281
6282 debugging('Fetching of system context child courses is strongly discouraged on production servers (it may eat all available memory)!');
6283
6284 // Just get all the contexts except for CONTEXT_SYSTEM level
6285 // and hope we don't OOM in the process - don't cache
6286 $sql = "SELECT c.*
6287 FROM {context} c
6288 WHERE contextlevel > ".CONTEXT_SYSTEM;
6289 $records = $DB->get_records_sql($sql);
6290
6291 $result = array();
6292 foreach ($records as $record) {
6293 $result[$record->id] = context::create_instance_from_record($record);
6294 }
6295
6296 return $result;
6297 }
6298
6299 /**
6300 * Returns sql necessary for purging of stale context instances.
6301 *
6302 * @static
6303 * @return string cleanup SQL
6304 */
6305 protected static function get_cleanup_sql() {
6306 $sql = "
6307 SELECT c.*
6308 FROM {context} c
6309 WHERE 1=2
6310 ";
6311
6312 return $sql;
6313 }
6314
6315 /**
6316 * Rebuild context paths and depths at system context level.
6317 *
6318 * @static
6319 * @param bool $force
6320 */
6321 protected static function build_paths($force) {
6322 global $DB;
6323
6324 /* note: ignore $force here, we always do full test of system context */
6325
6326 // exactly one record must exist
6327 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
6328
6329 if ($record->instanceid != 0) {
6330 debugging('Invalid system context detected');
6331 }
6332
6333 if (defined('SYSCONTEXTID') and $record->id != SYSCONTEXTID) {
6334 debugging('Invalid SYSCONTEXTID detected');
6335 }
6336
6337 if ($record->depth != 1 or $record->path != '/'.$record->id) {
6338 // fix path if necessary, initial install or path reset
6339 $record->depth = 1;
6340 $record->path = '/'.$record->id;
6341 $DB->update_record('context', $record);
6342 }
6343 }
6344 }
6345
6346
6347 /**
6348 * User context class
6349 *
6350 * @package core_access
6351 * @category access
6352 * @copyright Petr Skoda {@link http://skodak.org}
6353 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6354 * @since Moodle 2.2
6355 */
6356 class context_user extends context {
6357 /**
6358 * Please use context_user::instance($userid) if you need the instance of context.
6359 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6360 *
6361 * @param stdClass $record
6362 */
6363 protected function __construct(stdClass $record) {
6364 parent::__construct($record);
6365 if ($record->contextlevel != CONTEXT_USER) {
6366 throw new coding_exception('Invalid $record->contextlevel in context_user constructor.');
6367 }
6368 }
6369
6370 /**
6371 * Returns human readable context level name.
6372 *
6373 * @static
6374 * @return string the human readable context level name.
6375 */
6376 public static function get_level_name() {
6377 return get_string('user');
6378 }
6379
6380 /**
6381 * Returns human readable context identifier.
6382 *
6383 * @param boolean $withprefix whether to prefix the name of the context with User
6384 * @param boolean $short does not apply to user context
6385 * @return string the human readable context name.
6386 */
6387 public function get_context_name($withprefix = true, $short = false) {
6388 global $DB;
6389
6390 $name = '';
6391 if ($user = $DB->get_record('user', array('id'=>$this->_instanceid, 'deleted'=>0))) {
6392 if ($withprefix){
6393 $name = get_string('user').': ';
6394 }
6395 $name .= fullname($user);
6396 }
6397 return $name;
6398 }
6399
6400 /**
6401 * Returns the most relevant URL for this context.
6402 *
6403 * @return moodle_url
6404 */
6405 public function get_url() {
6406 global $COURSE;
6407
6408 if ($COURSE->id == SITEID) {
6409 $url = new moodle_url('/user/profile.php', array('id'=>$this->_instanceid));
6410 } else {
6411 $url = new moodle_url('/user/view.php', array('id'=>$this->_instanceid, 'courseid'=>$COURSE->id));
6412 }
6413 return $url;
6414 }
6415
6416 /**
6417 * Returns array of relevant context capability records.
6418 *
6419 * @return array
6420 */
6421 public function get_capabilities() {
6422 global $DB;
6423
6424 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6425
6426 $extracaps = array('moodle/grade:viewall');
6427 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
6428 $sql = "SELECT *
6429 FROM {capabilities}
6430 WHERE contextlevel = ".CONTEXT_USER."
6431 OR name $extra";
6432
6433 return $records = $DB->get_records_sql($sql.' '.$sort, $params);
6434 }
6435
6436 /**
6437 * Returns user context instance.
6438 *
6439 * @static
6440 * @param int $instanceid
6441 * @param int $strictness
6442 * @return context_user context instance
6443 */
6444 public static function instance($instanceid, $strictness = MUST_EXIST) {
6445 global $DB;
6446
6447 if ($context = context::cache_get(CONTEXT_USER, $instanceid)) {
6448 return $context;
6449 }
6450
6451 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_USER, 'instanceid'=>$instanceid))) {
6452 if ($user = $DB->get_record('user', array('id'=>$instanceid, 'deleted'=>0), 'id', $strictness)) {
6453 $record = context::insert_context_record(CONTEXT_USER, $user->id, '/'.SYSCONTEXTID, 0);
6454 }
6455 }
6456
6457 if ($record) {
6458 $context = new context_user($record);
6459 context::cache_add($context);
6460 return $context;
6461 }
6462
6463 return false;
6464 }
6465
6466 /**
6467 * Create missing context instances at user context level
6468 * @static
6469 */
6470 protected static function create_level_instances() {
6471 global $DB;
6472
6473 $sql = "SELECT ".CONTEXT_USER.", u.id
6474 FROM {user} u
6475 WHERE u.deleted = 0
6476 AND NOT EXISTS (SELECT 'x'
6477 FROM {context} cx
6478 WHERE u.id = cx.instanceid AND cx.contextlevel=".CONTEXT_USER.")";
6479 $contextdata = $DB->get_recordset_sql($sql);
6480 foreach ($contextdata as $context) {
6481 context::insert_context_record(CONTEXT_USER, $context->id, null);
6482 }
6483 $contextdata->close();
6484 }
6485
6486 /**
6487 * Returns sql necessary for purging of stale context instances.
6488 *
6489 * @static
6490 * @return string cleanup SQL
6491 */
6492 protected static function get_cleanup_sql() {
6493 $sql = "
6494 SELECT c.*
6495 FROM {context} c
6496 LEFT OUTER JOIN {user} u ON (c.instanceid = u.id AND u.deleted = 0)
6497 WHERE u.id IS NULL AND c.contextlevel = ".CONTEXT_USER."
6498 ";
6499
6500 return $sql;
6501 }
6502
6503 /**
6504 * Rebuild context paths and depths at user context level.
6505 *
6506 * @static
6507 * @param bool $force
6508 */
6509 protected static function build_paths($force) {
6510 global $DB;
6511
6512 // First update normal users.
6513 $path = $DB->sql_concat('?', 'id');
6514 $pathstart = '/' . SYSCONTEXTID . '/';
6515 $params = array($pathstart);
6516
6517 if ($force) {
6518 $where = "depth <> 2 OR path IS NULL OR path <> ({$path})";
6519 $params[] = $pathstart;
6520 } else {
6521 $where = "depth = 0 OR path IS NULL";
6522 }
6523
6524 $sql = "UPDATE {context}
6525 SET depth = 2,
6526 path = {$path}
6527 WHERE contextlevel = " . CONTEXT_USER . "
6528 AND ($where)";
6529 $DB->execute($sql, $params);
6530 }
6531 }
6532
6533
6534 /**
6535 * Course category context class
6536 *
6537 * @package core_access
6538 * @category access
6539 * @copyright Petr Skoda {@link http://skodak.org}
6540 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6541 * @since Moodle 2.2
6542 */
6543 class context_coursecat extends context {
6544 /**
6545 * Please use context_coursecat::instance($coursecatid) if you need the instance of context.
6546 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6547 *
6548 * @param stdClass $record
6549 */
6550 protected function __construct(stdClass $record) {
6551 parent::__construct($record);
6552 if ($record->contextlevel != CONTEXT_COURSECAT) {
6553 throw new coding_exception('Invalid $record->contextlevel in context_coursecat constructor.');
6554 }
6555 }
6556
6557 /**
6558 * Returns human readable context level name.
6559 *
6560 * @static
6561 * @return string the human readable context level name.
6562 */
6563 public static function get_level_name() {
6564 return get_string('category');
6565 }
6566
6567 /**
6568 * Returns human readable context identifier.
6569 *
6570 * @param boolean $withprefix whether to prefix the name of the context with Category
6571 * @param boolean $short does not apply to course categories
6572 * @return string the human readable context name.
6573 */
6574 public function get_context_name($withprefix = true, $short = false) {
6575 global $DB;
6576
6577 $name = '';
6578 if ($category = $DB->get_record('course_categories', array('id'=>$this->_instanceid))) {
6579 if ($withprefix){
6580 $name = get_string('category').': ';
6581 }
6582 $name .= format_string($category->name, true, array('context' => $this));
6583 }
6584 return $name;
6585 }
6586
6587 /**
6588 * Returns the most relevant URL for this context.
6589 *
6590 * @return moodle_url
6591 */
6592 public function get_url() {
6593 return new moodle_url('/course/index.php', array('categoryid' => $this->_instanceid));
6594 }
6595
6596 /**
6597 * Returns array of relevant context capability records.
6598 *
6599 * @return array
6600 */
6601 public function get_capabilities() {
6602 global $DB;
6603
6604 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6605
6606 $params = array();
6607 $sql = "SELECT *
6608 FROM {capabilities}
6609 WHERE contextlevel IN (".CONTEXT_COURSECAT.",".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6610
6611 return $DB->get_records_sql($sql.' '.$sort, $params);
6612 }
6613
6614 /**
6615 * Returns course category context instance.
6616 *
6617 * @static
6618 * @param int $instanceid
6619 * @param int $strictness
6620 * @return context_coursecat context instance
6621 */
6622 public static function instance($instanceid, $strictness = MUST_EXIST) {
6623 global $DB;
6624
6625 if ($context = context::cache_get(CONTEXT_COURSECAT, $instanceid)) {
6626 return $context;
6627 }
6628
6629 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSECAT, 'instanceid'=>$instanceid))) {
6630 if ($category = $DB->get_record('course_categories', array('id'=>$instanceid), 'id,parent', $strictness)) {
6631 if ($category->parent) {
6632 $parentcontext = context_coursecat::instance($category->parent);
6633 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, $parentcontext->path);
6634 } else {
6635 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, '/'.SYSCONTEXTID, 0);
6636 }
6637 }
6638 }
6639
6640 if ($record) {
6641 $context = new context_coursecat($record);
6642 context::cache_add($context);
6643 return $context;
6644 }
6645
6646 return false;
6647 }
6648
6649 /**
6650 * Returns immediate child contexts of category and all subcategories,
6651 * children of subcategories and courses are not returned.
6652 *
6653 * @return array
6654 */
6655 public function get_child_contexts() {
6656 global $DB;
6657
6658 if (empty($this->_path) or empty($this->_depth)) {
6659 debugging('Can not find child contexts of context '.$this->_id.' try rebuilding of context paths');
6660 return array();
6661 }
6662
6663 $sql = "SELECT ctx.*
6664 FROM {context} ctx
6665 WHERE ctx.path LIKE ? AND (ctx.depth = ? OR ctx.contextlevel = ?)";
6666 $params = array($this->_path.'/%', $this->depth+1, CONTEXT_COURSECAT);
6667 $records = $DB->get_records_sql($sql, $params);
6668
6669 $result = array();
6670 foreach ($records as $record) {
6671 $result[$record->id] = context::create_instance_from_record($record);
6672 }
6673
6674 return $result;
6675 }
6676
6677 /**
6678 * Create missing context instances at course category context level
6679 * @static
6680 */
6681 protected static function create_level_instances() {
6682 global $DB;
6683
6684 $sql = "SELECT ".CONTEXT_COURSECAT.", cc.id
6685 FROM {course_categories} cc
6686 WHERE NOT EXISTS (SELECT 'x'
6687 FROM {context} cx
6688 WHERE cc.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSECAT.")";
6689 $contextdata = $DB->get_recordset_sql($sql);
6690 foreach ($contextdata as $context) {
6691 context::insert_context_record(CONTEXT_COURSECAT, $context->id, null);
6692 }
6693 $contextdata->close();
6694 }
6695
6696 /**
6697 * Returns sql necessary for purging of stale context instances.
6698 *
6699 * @static
6700 * @return string cleanup SQL
6701 */
6702 protected static function get_cleanup_sql() {
6703 $sql = "
6704 SELECT c.*
6705 FROM {context} c
6706 LEFT OUTER JOIN {course_categories} cc ON c.instanceid = cc.id
6707 WHERE cc.id IS NULL AND c.contextlevel = ".CONTEXT_COURSECAT."
6708 ";
6709
6710 return $sql;
6711 }
6712
6713 /**
6714 * Rebuild context paths and depths at course category context level.
6715 *
6716 * @static
6717 * @param bool $force
6718 */
6719 protected static function build_paths($force) {
6720 global $DB;
6721
6722 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSECAT." AND (depth = 0 OR path IS NULL)")) {
6723 if ($force) {
6724 $ctxemptyclause = $emptyclause = '';
6725 } else {
6726 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6727 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6728 }
6729
6730 $base = '/'.SYSCONTEXTID;
6731
6732 // Normal top level categories
6733 $sql = "UPDATE {context}
6734 SET depth=2,
6735 path=".$DB->sql_concat("'$base/'", 'id')."
6736 WHERE contextlevel=".CONTEXT_COURSECAT."
6737 AND EXISTS (SELECT 'x'
6738 FROM {course_categories} cc
6739 WHERE cc.id = {context}.instanceid AND cc.depth=1)
6740 $emptyclause";
6741 $DB->execute($sql);
6742
6743 // Deeper categories - one query per depthlevel
6744 $maxdepth = $DB->get_field_sql("SELECT MAX(depth) FROM {course_categories}");
6745 for ($n=2; $n<=$maxdepth; $n++) {
6746 $sql = "INSERT INTO {context_temp} (id, path, depth)
6747 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6748 FROM {context} ctx
6749 JOIN {course_categories} cc ON (cc.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSECAT." AND cc.depth = $n)
6750 JOIN {context} pctx ON (pctx.instanceid = cc.parent AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6751 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6752 $ctxemptyclause";
6753 $trans = $DB->start_delegated_transaction();
6754 $DB->delete_records('context_temp');
6755 $DB->execute($sql);
6756 context::merge_context_temp_table();
6757 $DB->delete_records('context_temp');
6758 $trans->allow_commit();
6759
6760 }
6761 }
6762 }
6763 }
6764
6765
6766 /**
6767 * Course context class
6768 *
6769 * @package core_access
6770 * @category access
6771 * @copyright Petr Skoda {@link http://skodak.org}
6772 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6773 * @since Moodle 2.2
6774 */
6775 class context_course extends context {
6776 /**
6777 * Please use context_course::instance($courseid) if you need the instance of context.
6778 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6779 *
6780 * @param stdClass $record
6781 */
6782 protected function __construct(stdClass $record) {
6783 parent::__construct($record);
6784 if ($record->contextlevel != CONTEXT_COURSE) {
6785 throw new coding_exception('Invalid $record->contextlevel in context_course constructor.');
6786 }
6787 }
6788
6789 /**
6790 * Returns human readable context level name.
6791 *
6792 * @static
6793 * @return string the human readable context level name.
6794 */
6795 public static function get_level_name() {
6796 return get_string('course');
6797 }
6798
6799 /**
6800 * Returns human readable context identifier.
6801 *
6802 * @param boolean $withprefix whether to prefix the name of the context with Course
6803 * @param boolean $short whether to use the short name of the thing.
6804 * @return string the human readable context name.
6805 */
6806 public function get_context_name($withprefix = true, $short = false) {
6807 global $DB;
6808
6809 $name = '';
6810 if ($this->_instanceid == SITEID) {
6811 $name = get_string('frontpage', 'admin');
6812 } else {
6813 if ($course = $DB->get_record('course', array('id'=>$this->_instanceid))) {
6814 if ($withprefix){
6815 $name = get_string('course').': ';
6816 }
6817 if ($short){
6818 $name .= format_string($course->shortname, true, array('context' => $this));
6819 } else {
6820 $name .= format_string(get_course_display_name_for_list($course));
6821 }
6822 }
6823 }
6824 return $name;
6825 }
6826
6827 /**
6828 * Returns the most relevant URL for this context.
6829 *
6830 * @return moodle_url
6831 */
6832 public function get_url() {
6833 if ($this->_instanceid != SITEID) {
6834 return new moodle_url('/course/view.php', array('id'=>$this->_instanceid));
6835 }
6836
6837 return new moodle_url('/');
6838 }
6839
6840 /**
6841 * Returns array of relevant context capability records.
6842 *
6843 * @return array
6844 */
6845 public function get_capabilities() {
6846 global $DB;
6847
6848 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6849
6850 $params = array();
6851 $sql = "SELECT *
6852 FROM {capabilities}
6853 WHERE contextlevel IN (".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6854
6855 return $DB->get_records_sql($sql.' '.$sort, $params);
6856 }
6857
6858 /**
6859 * Is this context part of any course? If yes return course context.
6860 *
6861 * @param bool $strict true means throw exception if not found, false means return false if not found
6862 * @return context_course context of the enclosing course, null if not found or exception
6863 */
6864 public function get_course_context($strict = true) {
6865 return $this;
6866 }
6867
6868 /**
6869 * Returns course context instance.
6870 *
6871 * @static
6872 * @param int $instanceid
6873 * @param int $strictness
6874 * @return context_course context instance
6875 */
6876 public static function instance($instanceid, $strictness = MUST_EXIST) {
6877 global $DB;
6878
6879 if ($context = context::cache_get(CONTEXT_COURSE, $instanceid)) {
6880 return $context;
6881 }
6882
6883 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSE, 'instanceid'=>$instanceid))) {
6884 if ($course = $DB->get_record('course', array('id'=>$instanceid), 'id,category', $strictness)) {
6885 if ($course->category) {
6886 $parentcontext = context_coursecat::instance($course->category);
6887 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, $parentcontext->path);
6888 } else {
6889 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, '/'.SYSCONTEXTID, 0);
6890 }
6891 }
6892 }
6893
6894 if ($record) {
6895 $context = new context_course($record);
6896 context::cache_add($context);
6897 return $context;
6898 }
6899
6900 return false;
6901 }
6902
6903 /**
6904 * Create missing context instances at course context level
6905 * @static
6906 */
6907 protected static function create_level_instances() {
6908 global $DB;
6909
6910 $sql = "SELECT ".CONTEXT_COURSE.", c.id
6911 FROM {course} c
6912 WHERE NOT EXISTS (SELECT 'x'
6913 FROM {context} cx
6914 WHERE c.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSE.")";
6915 $contextdata = $DB->get_recordset_sql($sql);
6916 foreach ($contextdata as $context) {
6917 context::insert_context_record(CONTEXT_COURSE, $context->id, null);
6918 }
6919 $contextdata->close();
6920 }
6921
6922 /**
6923 * Returns sql necessary for purging of stale context instances.
6924 *
6925 * @static
6926 * @return string cleanup SQL
6927 */
6928 protected static function get_cleanup_sql() {
6929 $sql = "
6930 SELECT c.*
6931 FROM {context} c
6932 LEFT OUTER JOIN {course} co ON c.instanceid = co.id
6933 WHERE co.id IS NULL AND c.contextlevel = ".CONTEXT_COURSE."
6934 ";
6935
6936 return $sql;
6937 }
6938
6939 /**
6940 * Rebuild context paths and depths at course context level.
6941 *
6942 * @static
6943 * @param bool $force
6944 */
6945 protected static function build_paths($force) {
6946 global $DB;
6947
6948 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSE." AND (depth = 0 OR path IS NULL)")) {
6949 if ($force) {
6950 $ctxemptyclause = $emptyclause = '';
6951 } else {
6952 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6953 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6954 }
6955
6956 $base = '/'.SYSCONTEXTID;
6957
6958 // Standard frontpage
6959 $sql = "UPDATE {context}
6960 SET depth = 2,
6961 path = ".$DB->sql_concat("'$base/'", 'id')."
6962 WHERE contextlevel = ".CONTEXT_COURSE."
6963 AND EXISTS (SELECT 'x'
6964 FROM {course} c
6965 WHERE c.id = {context}.instanceid AND c.category = 0)
6966 $emptyclause";
6967 $DB->execute($sql);
6968
6969 // standard courses
6970 $sql = "INSERT INTO {context_temp} (id, path, depth)
6971 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6972 FROM {context} ctx
6973 JOIN {course} c ON (c.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSE." AND c.category <> 0)
6974 JOIN {context} pctx ON (pctx.instanceid = c.category AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6975 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6976 $ctxemptyclause";
6977 $trans = $DB->start_delegated_transaction();
6978 $DB->delete_records('context_temp');
6979 $DB->execute($sql);
6980 context::merge_context_temp_table();
6981 $DB->delete_records('context_temp');
6982 $trans->allow_commit();
6983 }
6984 }
6985 }
6986
6987
6988 /**
6989 * Course module context class
6990 *
6991 * @package core_access
6992 * @category access
6993 * @copyright Petr Skoda {@link http://skodak.org}
6994 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6995 * @since Moodle 2.2
6996 */
6997 class context_module extends context {
6998 /**
6999 * Please use context_module::instance($cmid) if you need the instance of context.
7000 * Alternatively if you know only the context id use context::instance_by_id($contextid)
7001 *
7002 * @param stdClass $record
7003 */
7004 protected function __construct(stdClass $record) {
7005 parent::__construct($record);
7006 if ($record->contextlevel != CONTEXT_MODULE) {
7007 throw new coding_exception('Invalid $record->contextlevel in context_module constructor.');
7008 }
7009 }
7010
7011 /**
7012 * Returns human readable context level name.
7013 *
7014 * @static
7015 * @return string the human readable context level name.
7016 */
7017 public static function get_level_name() {
7018 return get_string('activitymodule');
7019 }
7020
7021 /**
7022 * Returns human readable context identifier.
7023 *
7024 * @param boolean $withprefix whether to prefix the name of the context with the
7025 * module name, e.g. Forum, Glossary, etc.
7026 * @param boolean $short does not apply to module context
7027 * @return string the human readable context name.
7028 */
7029 public function get_context_name($withprefix = true, $short = false) {
7030 global $DB;
7031
7032 $name = '';
7033 if ($cm = $DB->get_record_sql("SELECT cm.*, md.name AS modname
7034 FROM {course_modules} cm
7035 JOIN {modules} md ON md.id = cm.module
7036 WHERE cm.id = ?", array($this->_instanceid))) {
7037 if ($mod = $DB->get_record($cm->modname, array('id' => $cm->instance))) {
7038 if ($withprefix){
7039 $name = get_string('modulename', $cm->modname).': ';
7040 }
7041 $name .= format_string($mod->name, true, array('context' => $this));
7042 }
7043 }
7044 return $name;
7045 }
7046
7047 /**
7048 * Returns the most relevant URL for this context.
7049 *
7050 * @return moodle_url
7051 */
7052 public function get_url() {
7053 global $DB;
7054
7055 if ($modname = $DB->get_field_sql("SELECT md.name AS modname
7056 FROM {course_modules} cm
7057 JOIN {modules} md ON md.id = cm.module
7058 WHERE cm.id = ?", array($this->_instanceid))) {
7059 return new moodle_url('/mod/' . $modname . '/view.php', array('id'=>$this->_instanceid));
7060 }
7061
7062 return new moodle_url('/');
7063 }
7064
7065 /**
7066 * Returns array of relevant context capability records.
7067 *
7068 * @return array
7069 */
7070 public function get_capabilities() {
7071 global $DB, $CFG;
7072
7073 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
7074
7075 $cm = $DB->get_record('course_modules', array('id'=>$this->_instanceid));
7076 $module = $DB->get_record('modules', array('id'=>$cm->module));
7077
7078 $subcaps = array();
7079 $subpluginsfile = "$CFG->dirroot/mod/$module->name/db/subplugins.php";
7080 if (file_exists($subpluginsfile)) {
7081 $subplugins = array(); // should be redefined in the file
7082 include($subpluginsfile);
7083 if (!empty($subplugins)) {
7084 foreach (array_keys($subplugins) as $subplugintype) {
7085 foreach (array_keys(core_component::get_plugin_list($subplugintype)) as $subpluginname) {
7086 $subcaps = array_merge($subcaps, array_keys(load_capability_def($subplugintype.'_'.$subpluginname)));
7087 }
7088 }
7089 }
7090 }
7091
7092 $modfile = "$CFG->dirroot/mod/$module->name/lib.php";
7093 $extracaps = array();
7094 if (file_exists($modfile)) {
7095 include_once($modfile);
7096 $modfunction = $module->name.'_get_extra_capabilities';
7097 if (function_exists($modfunction)) {
7098 $extracaps = $modfunction();
7099 }
7100 }
7101
7102 $extracaps = array_merge($subcaps, $extracaps);
7103 $extra = '';
7104 list($extra, $params) = $DB->get_in_or_equal(
7105 $extracaps, SQL_PARAMS_NAMED, 'cap0', true, '');
7106 if (!empty($extra)) {
7107 $extra = "OR name $extra";
7108 }
7109 $sql = "SELECT *
7110 FROM {capabilities}
7111 WHERE (contextlevel = ".CONTEXT_MODULE."
7112 AND (component = :component OR component = 'moodle'))
7113 $extra";
7114 $params['component'] = "mod_$module->name";
7115
7116 return $DB->get_records_sql($sql.' '.$sort, $params);
7117 }
7118
7119 /**
7120 * Is this context part of any course? If yes return course context.
7121 *
7122 * @param bool $strict true means throw exception if not found, false means return false if not found
7123 * @return context_course context of the enclosing course, null if not found or exception
7124 */
7125 public function get_course_context($strict = true) {
7126 return $this->get_parent_context();
7127 }
7128
7129 /**
7130 * Returns module context instance.
7131 *
7132 * @static
7133 * @param int $instanceid
7134 * @param int $strictness
7135 * @return context_module context instance
7136 */
7137 public static function instance($instanceid, $strictness = MUST_EXIST) {
7138 global $DB;
7139
7140 if ($context = context::cache_get(CONTEXT_MODULE, $instanceid)) {
7141 return $context;
7142 }
7143
7144 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_MODULE, 'instanceid'=>$instanceid))) {
7145 if ($cm = $DB->get_record('course_modules', array('id'=>$instanceid), 'id,course', $strictness)) {
7146 $parentcontext = context_course::instance($cm->course);
7147 $record = context::insert_context_record(CONTEXT_MODULE, $cm->id, $parentcontext->path);
7148 }
7149 }
7150
7151 if ($record) {
7152 $context = new context_module($record);
7153 context::cache_add($context);
7154 return $context;
7155 }
7156
7157 return false;
7158 }
7159
7160 /**
7161 * Create missing context instances at module context level
7162 * @static
7163 */
7164 protected static function create_level_instances() {
7165 global $DB;
7166
7167 $sql = "SELECT ".CONTEXT_MODULE.", cm.id
7168 FROM {course_modules} cm
7169 WHERE NOT EXISTS (SELECT 'x'
7170 FROM {context} cx
7171 WHERE cm.id = cx.instanceid AND cx.contextlevel=".CONTEXT_MODULE.")";
7172 $contextdata = $DB->get_recordset_sql($sql);
7173 foreach ($contextdata as $context) {
7174 context::insert_context_record(CONTEXT_MODULE, $context->id, null);
7175 }
7176 $contextdata->close();
7177 }
7178
7179 /**
7180 * Returns sql necessary for purging of stale context instances.
7181 *
7182 * @static
7183 * @return string cleanup SQL
7184 */
7185 protected static function get_cleanup_sql() {
7186 $sql = "
7187 SELECT c.*
7188 FROM {context} c
7189 LEFT OUTER JOIN {course_modules} cm ON c.instanceid = cm.id
7190 WHERE cm.id IS NULL AND c.contextlevel = ".CONTEXT_MODULE."
7191 ";
7192
7193 return $sql;
7194 }
7195
7196 /**
7197 * Rebuild context paths and depths at module context level.
7198 *
7199 * @static
7200 * @param bool $force
7201 */
7202 protected static function build_paths($force) {
7203 global $DB;
7204
7205 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_MODULE." AND (depth = 0 OR path IS NULL)")) {
7206 if ($force) {
7207 $ctxemptyclause = '';
7208 } else {
7209 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
7210 }
7211
7212 $sql = "INSERT INTO {context_temp} (id, path, depth)
7213 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
7214 FROM {context} ctx
7215 JOIN {course_modules} cm ON (cm.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_MODULE.")
7216 JOIN {context} pctx ON (pctx.instanceid = cm.course AND pctx.contextlevel = ".CONTEXT_COURSE.")
7217 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
7218 $ctxemptyclause";
7219 $trans = $DB->start_delegated_transaction();
7220 $DB->delete_records('context_temp');
7221 $DB->execute($sql);
7222 context::merge_context_temp_table();
7223 $DB->delete_records('context_temp');
7224 $trans->allow_commit();
7225 }
7226 }
7227 }
7228
7229
7230 /**
7231 * Block context class
7232 *
7233 * @package core_access
7234 * @category access
7235 * @copyright Petr Skoda {@link http://skodak.org}
7236 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
7237 * @since Moodle 2.2
7238 */
7239 class context_block extends context {
7240 /**
7241 * Please use context_block::instance($blockinstanceid) if you need the instance of context.
7242 * Alternatively if you know only the context id use context::instance_by_id($contextid)
7243 *
7244 * @param stdClass $record
7245 */
7246 protected function __construct(stdClass $record) {
7247 parent::__construct($record);
7248 if ($record->contextlevel != CONTEXT_BLOCK) {
7249 throw new coding_exception('Invalid $record->contextlevel in context_block constructor');
7250 }
7251 }
7252
7253 /**
7254 * Returns human readable context level name.
7255 *
7256 * @static
7257 * @return string the human readable context level name.
7258 */
7259 public static function get_level_name() {
7260 return get_string('block');
7261 }
7262
7263 /**
7264 * Returns human readable context identifier.
7265 *
7266 * @param boolean $withprefix whether to prefix the name of the context with Block
7267 * @param boolean $short does not apply to block context
7268 * @return string the human readable context name.
7269 */
7270 public function get_context_name($withprefix = true, $short = false) {
7271 global $DB, $CFG;
7272
7273 $name = '';
7274 if ($blockinstance = $DB->get_record('block_instances', array('id'=>$this->_instanceid))) {
7275 global $CFG;
7276 require_once("$CFG->dirroot/blocks/moodleblock.class.php");
7277 require_once("$CFG->dirroot/blocks/$blockinstance->blockname/block_$blockinstance->blockname.php");
7278 $blockname = "block_$blockinstance->blockname";
7279 if ($blockobject = new $blockname()) {
7280 if ($withprefix){
7281 $name = get_string('block').': ';
7282 }
7283 $name .= $blockobject->title;
7284 }
7285 }
7286
7287 return $name;
7288 }
7289
7290 /**
7291 * Returns the most relevant URL for this context.
7292 *
7293 * @return moodle_url
7294 */
7295 public function get_url() {
7296 $parentcontexts = $this->get_parent_context();
7297 return $parentcontexts->get_url();
7298 }
7299
7300 /**
7301 * Returns array of relevant context capability records.
7302 *
7303 * @return array
7304 */
7305 public function get_capabilities() {
7306 global $DB;
7307
7308 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
7309
7310 $params = array();
7311 $bi = $DB->get_record('block_instances', array('id' => $this->_instanceid));
7312
7313 $extra = '';
7314 $extracaps = block_method_result($bi->blockname, 'get_extra_capabilities');
7315 if ($extracaps) {
7316 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
7317 $extra = "OR name $extra";
7318 }
7319
7320 $sql = "SELECT *
7321 FROM {capabilities}
7322 WHERE (contextlevel = ".CONTEXT_BLOCK."
7323 AND component = :component)
7324 $extra";
7325 $params['component'] = 'block_' . $bi->blockname;
7326
7327 return $DB->get_records_sql($sql.' '.$sort, $params);
7328 }
7329
7330 /**
7331 * Is this context part of any course? If yes return course context.
7332 *
7333 * @param bool $strict true means throw exception if not found, false means return false if not found
7334 * @return context_course context of the enclosing course, null if not found or exception
7335 */
7336 public function get_course_context($strict = true) {
7337 $parentcontext = $this->get_parent_context();
7338 return $parentcontext->get_course_context($strict);
7339 }
7340
7341 /**
7342 * Returns block context instance.
7343 *
7344 * @static
7345 * @param int $instanceid
7346 * @param int $strictness
7347 * @return context_block context instance
7348 */
7349 public static function instance($instanceid, $strictness = MUST_EXIST) {
7350 global $DB;
7351
7352 if ($context = context::cache_get(CONTEXT_BLOCK, $instanceid)) {
7353 return $context;
7354 }
7355
7356 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_BLOCK, 'instanceid'=>$instanceid))) {
7357 if ($bi = $DB->get_record('block_instances', array('id'=>$instanceid), 'id,parentcontextid', $strictness)) {
7358 $parentcontext = context::instance_by_id($bi->parentcontextid);
7359 $record = context::insert_context_record(CONTEXT_BLOCK, $bi->id, $parentcontext->path);
7360 }
7361 }
7362
7363 if ($record) {
7364 $context = new context_block($record);
7365 context::cache_add($context);
7366 return $context;
7367 }
7368
7369 return false;
7370 }
7371
7372 /**
7373 * Block do not have child contexts...
7374 * @return array
7375 */
7376 public function get_child_contexts() {
7377 return array();
7378 }
7379
7380 /**
7381 * Create missing context instances at block context level
7382 * @static
7383 */
7384 protected static function create_level_instances() {
7385 global $DB;
7386
7387 $sql = "SELECT ".CONTEXT_BLOCK.", bi.id
7388 FROM {block_instances} bi
7389 WHERE NOT EXISTS (SELECT 'x'
7390 FROM {context} cx
7391 WHERE bi.id = cx.instanceid AND cx.contextlevel=".CONTEXT_BLOCK.")";
7392 $contextdata = $DB->get_recordset_sql($sql);
7393 foreach ($contextdata as $context) {
7394 context::insert_context_record(CONTEXT_BLOCK, $context->id, null);
7395 }
7396 $contextdata->close();
7397 }
7398
7399 /**
7400 * Returns sql necessary for purging of stale context instances.
7401 *
7402 * @static
7403 * @return string cleanup SQL
7404 */
7405 protected static function get_cleanup_sql() {
7406 $sql = "
7407 SELECT c.*
7408 FROM {context} c
7409 LEFT OUTER JOIN {block_instances} bi ON c.instanceid = bi.id
7410 WHERE bi.id IS NULL AND c.contextlevel = ".CONTEXT_BLOCK."
7411 ";
7412
7413 return $sql;
7414 }
7415
7416 /**
7417 * Rebuild context paths and depths at block context level.
7418 *
7419 * @static
7420 * @param bool $force
7421 */
7422 protected static function build_paths($force) {
7423 global $DB;
7424
7425 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_BLOCK." AND (depth = 0 OR path IS NULL)")) {
7426 if ($force) {
7427 $ctxemptyclause = '';
7428 } else {
7429 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
7430 }
7431
7432 // pctx.path IS NOT NULL prevents fatal problems with broken block instances that point to invalid context parent
7433 $sql = "INSERT INTO {context_temp} (id, path, depth)
7434 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
7435 FROM {context} ctx
7436 JOIN {block_instances} bi ON (bi.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_BLOCK.")
7437 JOIN {context} pctx ON (pctx.id = bi.parentcontextid)
7438 WHERE (pctx.path IS NOT NULL AND pctx.depth > 0)
7439 $ctxemptyclause";
7440 $trans = $DB->start_delegated_transaction();
7441 $DB->delete_records('context_temp');
7442 $DB->execute($sql);
7443 context::merge_context_temp_table();
7444 $DB->delete_records('context_temp');
7445 $trans->allow_commit();
7446 }
7447 }
7448 }
7449
7450
7451 // ============== DEPRECATED FUNCTIONS ==========================================
7452 // Old context related functions were deprecated in 2.0, it is recommended
7453 // to use context classes in new code. Old function can be used when
7454 // creating patches that are supposed to be backported to older stable branches.
7455 // These deprecated functions will not be removed in near future,
7456 // before removing devs will be warned with a debugging message first,
7457 // then we will add error message and only after that we can remove the functions
7458 // completely.
7459
7460 /**
7461 * Runs get_records select on context table and returns the result
7462 * Does get_records_select on the context table, and returns the results ordered
7463 * by contextlevel, and then the natural sort order within each level.
7464 * for the purpose of $select, you need to know that the context table has been
7465 * aliased to ctx, so for example, you can call get_sorted_contexts('ctx.depth = 3');
7466 *
7467 * @param string $select the contents of the WHERE clause. Remember to do ctx.fieldname.
7468 * @param array $params any parameters required by $select.
7469 * @return array the requested context records.
7470 */
7471 function get_sorted_contexts($select, $params = array()) {
7472
7473 //TODO: we should probably rewrite all the code that is using this thing, the trouble is we MUST NOT modify the context instances...
7474
7475 global $DB;
7476 if ($select) {
7477 $select = 'WHERE ' . $select;
7478 }
7479 return $DB->get_records_sql("
7480 SELECT ctx.*
7481 FROM {context} ctx
7482 LEFT JOIN {user} u ON ctx.contextlevel = " . CONTEXT_USER . " AND u.id = ctx.instanceid
7483 LEFT JOIN {course_categories} cat ON ctx.contextlevel = " . CONTEXT_COURSECAT . " AND cat.id = ctx.instanceid
7484 LEFT JOIN {course} c ON ctx.contextlevel = " . CONTEXT_COURSE . " AND c.id = ctx.instanceid
7485 LEFT JOIN {course_modules} cm ON ctx.contextlevel = " . CONTEXT_MODULE . " AND cm.id = ctx.instanceid
7486 LEFT JOIN {block_instances} bi ON ctx.contextlevel = " . CONTEXT_BLOCK . " AND bi.id = ctx.instanceid
7487 $select
7488 ORDER BY ctx.contextlevel, bi.defaultregion, COALESCE(cat.sortorder, c.sortorder, cm.section, bi.defaultweight), u.lastname, u.firstname, cm.id
7489 ", $params);
7490 }
7491
7492 /**
7493 * Given context and array of users, returns array of users whose enrolment status is suspended,
7494 * or enrolment has expired or has not started. Also removes those users from the given array
7495 *
7496 * @param context $context context in which suspended users should be extracted.
7497 * @param array $users list of users.
7498 * @param array $ignoreusers array of user ids to ignore, e.g. guest
7499 * @return array list of suspended users.
7500 */
7501 function extract_suspended_users($context, &$users, $ignoreusers=array()) {
7502 global $DB;
7503
7504 // Get active enrolled users.
7505 list($sql, $params) = get_enrolled_sql($context, null, null, true);
7506 $activeusers = $DB->get_records_sql($sql, $params);
7507
7508 // Move suspended users to a separate array & remove from the initial one.
7509 $susers = array();
7510 if (sizeof($activeusers)) {
7511 foreach ($users as $userid => $user) {
7512 if (!array_key_exists($userid, $activeusers) && !in_array($userid, $ignoreusers)) {
7513 $susers[$userid] = $user;
7514 unset($users[$userid]);
7515 }
7516 }
7517 }
7518 return $susers;
7519 }
7520
7521 /**
7522 * Given context and array of users, returns array of user ids whose enrolment status is suspended,
7523 * or enrolment has expired or not started.
7524 *
7525 * @param context $context context in which user enrolment is checked.
7526 * @param bool $usecache Enable or disable (default) the request cache
7527 * @return array list of suspended user id's.
7528 */
7529 function get_suspended_userids(context $context, $usecache = false) {
7530 global $DB;
7531
7532 if ($usecache) {
7533 $cache = cache::make('core', 'suspended_userids');
7534 $susers = $cache->get($context->id);
7535 if ($susers !== false) {
7536 return $susers;
7537 }
7538 }
7539
7540 $coursecontext = $context->get_course_context();
7541 $susers = array();
7542
7543 // Front page users are always enrolled, so suspended list is empty.
7544 if ($coursecontext->instanceid != SITEID) {
7545 list($sql, $params) = get_enrolled_sql($context, null, null, false, true);
7546 $susers = $DB->get_fieldset_sql($sql, $params);
7547 $susers = array_combine($susers, $susers);
7548 }
7549
7550 // Cache results for the remainder of this request.
7551 if ($usecache) {
7552 $cache->set($context->id, $susers);
7553 }
7554
7555 return $susers;
7556 }
Read-only mirror of the Moodle CVS