Merge branch 'wip-MDL-44362-master' of git://github.com/marinaglancy/moodle
[moodle.git] / lib / accesslib.php
blob6680b41a16b971518720a579f4c0d58dbbf1b60e
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * This file contains functions for managing user access
20 * <b>Public API vs internals</b>
22 * General users probably only care about
24 * Context handling
25 * - context_course::instance($courseid), context_module::instance($cm->id), context_coursecat::instance($catid)
26 * - context::instance_by_id($contextid)
27 * - $context->get_parent_contexts();
28 * - $context->get_child_contexts();
30 * Whether the user can do something...
31 * - has_capability()
32 * - has_any_capability()
33 * - has_all_capabilities()
34 * - require_capability()
35 * - require_login() (from moodlelib)
36 * - is_enrolled()
37 * - is_viewing()
38 * - is_guest()
39 * - is_siteadmin()
40 * - isguestuser()
41 * - isloggedin()
43 * What courses has this user access to?
44 * - get_enrolled_users()
46 * What users can do X in this context?
47 * - get_enrolled_users() - at and bellow course context
48 * - get_users_by_capability() - above course context
50 * Modify roles
51 * - role_assign()
52 * - role_unassign()
53 * - role_unassign_all()
55 * Advanced - for internal use only
56 * - load_all_capabilities()
57 * - reload_all_capabilities()
58 * - has_capability_in_accessdata()
59 * - get_user_access_sitewide()
60 * - load_course_context()
61 * - load_role_access_by_context()
62 * - etc.
64 * <b>Name conventions</b>
66 * "ctx" means context
68 * <b>accessdata</b>
70 * Access control data is held in the "accessdata" array
71 * which - for the logged-in user, will be in $USER->access
73 * For other users can be generated and passed around (but may also be cached
74 * against userid in $ACCESSLIB_PRIVATE->accessdatabyuser).
76 * $accessdata is a multidimensional array, holding
77 * role assignments (RAs), role-capabilities-perm sets
78 * (role defs) and a list of courses we have loaded
79 * data for.
81 * Things are keyed on "contextpaths" (the path field of
82 * the context table) for fast walking up/down the tree.
83 * <code>
84 * $accessdata['ra'][$contextpath] = array($roleid=>$roleid)
85 * [$contextpath] = array($roleid=>$roleid)
86 * [$contextpath] = array($roleid=>$roleid)
87 * </code>
89 * Role definitions are stored like this
90 * (no cap merge is done - so it's compact)
92 * <code>
93 * $accessdata['rdef']["$contextpath:$roleid"]['mod/forum:viewpost'] = 1
94 * ['mod/forum:editallpost'] = -1
95 * ['mod/forum:startdiscussion'] = -1000
96 * </code>
98 * See how has_capability_in_accessdata() walks up the tree.
100 * First we only load rdef and ra down to the course level, but not below.
101 * This keeps accessdata small and compact. Below-the-course ra/rdef
102 * are loaded as needed. We keep track of which courses we have loaded ra/rdef in
103 * <code>
104 * $accessdata['loaded'] = array($courseid1=>1, $courseid2=>1)
105 * </code>
107 * <b>Stale accessdata</b>
109 * For the logged-in user, accessdata is long-lived.
111 * On each pageload we load $ACCESSLIB_PRIVATE->dirtycontexts which lists
112 * context paths affected by changes. Any check at-or-below
113 * a dirty context will trigger a transparent reload of accessdata.
115 * Changes at the system level will force the reload for everyone.
117 * <b>Default role caps</b>
118 * The default role assignment is not in the DB, so we
119 * add it manually to accessdata.
121 * This means that functions that work directly off the
122 * DB need to ensure that the default role caps
123 * are dealt with appropriately.
125 * @package core_access
126 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
127 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
130 defined('MOODLE_INTERNAL') || die();
132 /** No capability change */
133 define('CAP_INHERIT', 0);
134 /** Allow permission, overrides CAP_PREVENT defined in parent contexts */
135 define('CAP_ALLOW', 1);
136 /** Prevent permission, overrides CAP_ALLOW defined in parent contexts */
137 define('CAP_PREVENT', -1);
138 /** Prohibit permission, overrides everything in current and child contexts */
139 define('CAP_PROHIBIT', -1000);
141 /** System context level - only one instance in every system */
142 define('CONTEXT_SYSTEM', 10);
143 /** User context level - one instance for each user describing what others can do to user */
144 define('CONTEXT_USER', 30);
145 /** Course category context level - one instance for each category */
146 define('CONTEXT_COURSECAT', 40);
147 /** Course context level - one instances for each course */
148 define('CONTEXT_COURSE', 50);
149 /** Course module context level - one instance for each course module */
150 define('CONTEXT_MODULE', 70);
152 * Block context level - one instance for each block, sticky blocks are tricky
153 * because ppl think they should be able to override them at lower contexts.
154 * Any other context level instance can be parent of block context.
156 define('CONTEXT_BLOCK', 80);
158 /** Capability allow management of trusts - NOT IMPLEMENTED YET - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
159 define('RISK_MANAGETRUST', 0x0001);
160 /** Capability allows changes in system configuration - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
161 define('RISK_CONFIG', 0x0002);
162 /** Capability allows user to add scripted content - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
163 define('RISK_XSS', 0x0004);
164 /** Capability allows access to personal user information - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
165 define('RISK_PERSONAL', 0x0008);
166 /** Capability allows users to add content others may see - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
167 define('RISK_SPAM', 0x0010);
168 /** capability allows mass delete of data belonging to other users - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
169 define('RISK_DATALOSS', 0x0020);
171 /** rolename displays - the name as defined in the role definition, localised if name empty */
172 define('ROLENAME_ORIGINAL', 0);
173 /** rolename displays - the name as defined by a role alias at the course level, falls back to ROLENAME_ORIGINAL if alias not present */
174 define('ROLENAME_ALIAS', 1);
175 /** rolename displays - Both, like this: Role alias (Original) */
176 define('ROLENAME_BOTH', 2);
177 /** rolename displays - the name as defined in the role definition and the shortname in brackets */
178 define('ROLENAME_ORIGINALANDSHORT', 3);
179 /** rolename displays - the name as defined by a role alias, in raw form suitable for editing */
180 define('ROLENAME_ALIAS_RAW', 4);
181 /** rolename displays - the name is simply short role name */
182 define('ROLENAME_SHORT', 5);
184 if (!defined('CONTEXT_CACHE_MAX_SIZE')) {
185 /** maximum size of context cache - it is possible to tweak this config.php or in any script before inclusion of context.php */
186 define('CONTEXT_CACHE_MAX_SIZE', 2500);
190 * Although this looks like a global variable, it isn't really.
192 * It is just a private implementation detail to accesslib that MUST NOT be used elsewhere.
193 * It is used to cache various bits of data between function calls for performance reasons.
194 * Sadly, a PHP global variable is the only way to implement this, without rewriting everything
195 * as methods of a class, instead of functions.
197 * @access private
198 * @global stdClass $ACCESSLIB_PRIVATE
199 * @name $ACCESSLIB_PRIVATE
201 global $ACCESSLIB_PRIVATE;
202 $ACCESSLIB_PRIVATE = new stdClass();
203 $ACCESSLIB_PRIVATE->dirtycontexts = null; // Dirty contexts cache, loaded from DB once per page
204 $ACCESSLIB_PRIVATE->accessdatabyuser = array(); // Holds the cache of $accessdata structure for users (including $USER)
205 $ACCESSLIB_PRIVATE->rolepermissions = array(); // role permissions cache - helps a lot with mem usage
206 $ACCESSLIB_PRIVATE->capabilities = null; // detailed information about the capabilities
209 * Clears accesslib's private caches. ONLY BE USED BY UNIT TESTS
211 * This method should ONLY BE USED BY UNIT TESTS. It clears all of
212 * accesslib's private caches. You need to do this before setting up test data,
213 * and also at the end of the tests.
215 * @access private
216 * @return void
218 function accesslib_clear_all_caches_for_unit_testing() {
219 global $USER;
220 if (!PHPUNIT_TEST) {
221 throw new coding_exception('You must not call clear_all_caches outside of unit tests.');
224 accesslib_clear_all_caches(true);
226 unset($USER->access);
230 * Clears accesslib's private caches. ONLY BE USED FROM THIS LIBRARY FILE!
232 * This reset does not touch global $USER.
234 * @access private
235 * @param bool $resetcontexts
236 * @return void
238 function accesslib_clear_all_caches($resetcontexts) {
239 global $ACCESSLIB_PRIVATE;
241 $ACCESSLIB_PRIVATE->dirtycontexts = null;
242 $ACCESSLIB_PRIVATE->accessdatabyuser = array();
243 $ACCESSLIB_PRIVATE->rolepermissions = array();
244 $ACCESSLIB_PRIVATE->capabilities = null;
246 if ($resetcontexts) {
247 context_helper::reset_caches();
252 * Gets the accessdata for role "sitewide" (system down to course)
254 * @access private
255 * @param int $roleid
256 * @return array
258 function get_role_access($roleid) {
259 global $DB, $ACCESSLIB_PRIVATE;
261 /* Get it in 1 DB query...
262 * - relevant role caps at the root and down
263 * to the course level - but not below
266 //TODO: MUC - this could be cached in shared memory to speed up first page loading, web crawlers, etc.
268 $accessdata = get_empty_accessdata();
270 $accessdata['ra']['/'.SYSCONTEXTID] = array((int)$roleid => (int)$roleid);
272 // Overrides for the role IN ANY CONTEXTS down to COURSE - not below -.
275 $sql = "SELECT ctx.path,
276 rc.capability, rc.permission
277 FROM {context} ctx
278 JOIN {role_capabilities} rc ON rc.contextid = ctx.id
279 LEFT JOIN {context} cctx
280 ON (cctx.contextlevel = ".CONTEXT_COURSE." AND ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'").")
281 WHERE rc.roleid = ? AND cctx.id IS NULL";
282 $params = array($roleid);
285 // Note: the commented out query is 100% accurate but slow, so let's cheat instead by hardcoding the blocks mess directly.
287 $sql = "SELECT COALESCE(ctx.path, bctx.path) AS path, rc.capability, rc.permission
288 FROM {role_capabilities} rc
289 LEFT JOIN {context} ctx ON (ctx.id = rc.contextid AND ctx.contextlevel <= ".CONTEXT_COURSE.")
290 LEFT JOIN ({context} bctx
291 JOIN {block_instances} bi ON (bi.id = bctx.instanceid)
292 JOIN {context} pctx ON (pctx.id = bi.parentcontextid AND pctx.contextlevel < ".CONTEXT_COURSE.")
293 ) ON (bctx.id = rc.contextid AND bctx.contextlevel = ".CONTEXT_BLOCK.")
294 WHERE rc.roleid = :roleid AND (ctx.id IS NOT NULL OR bctx.id IS NOT NULL)";
295 $params = array('roleid'=>$roleid);
297 // we need extra caching in CLI scripts and cron
298 $rs = $DB->get_recordset_sql($sql, $params);
299 foreach ($rs as $rd) {
300 $k = "{$rd->path}:{$roleid}";
301 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
303 $rs->close();
305 // share the role definitions
306 foreach ($accessdata['rdef'] as $k=>$unused) {
307 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
308 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
310 $accessdata['rdef_count']++;
311 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
314 return $accessdata;
318 * Get the default guest role, this is used for guest account,
319 * search engine spiders, etc.
321 * @return stdClass role record
323 function get_guest_role() {
324 global $CFG, $DB;
326 if (empty($CFG->guestroleid)) {
327 if ($roles = $DB->get_records('role', array('archetype'=>'guest'))) {
328 $guestrole = array_shift($roles); // Pick the first one
329 set_config('guestroleid', $guestrole->id);
330 return $guestrole;
331 } else {
332 debugging('Can not find any guest role!');
333 return false;
335 } else {
336 if ($guestrole = $DB->get_record('role', array('id'=>$CFG->guestroleid))) {
337 return $guestrole;
338 } else {
339 // somebody is messing with guest roles, remove incorrect setting and try to find a new one
340 set_config('guestroleid', '');
341 return get_guest_role();
347 * Check whether a user has a particular capability in a given context.
349 * For example:
350 * $context = context_module::instance($cm->id);
351 * has_capability('mod/forum:replypost', $context)
353 * By default checks the capabilities of the current user, but you can pass a
354 * different userid. By default will return true for admin users, but you can override that with the fourth argument.
356 * Guest and not-logged-in users can never get any dangerous capability - that is any write capability
357 * or capabilities with XSS, config or data loss risks.
359 * @category access
361 * @param string $capability the name of the capability to check. For example mod/forum:view
362 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
363 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
364 * @param boolean $doanything If false, ignores effect of admin role assignment
365 * @return boolean true if the user has this capability. Otherwise false.
367 function has_capability($capability, context $context, $user = null, $doanything = true) {
368 global $USER, $CFG, $SCRIPT, $ACCESSLIB_PRIVATE;
370 if (during_initial_install()) {
371 if ($SCRIPT === "/$CFG->admin/index.php" or $SCRIPT === "/$CFG->admin/cli/install.php" or $SCRIPT === "/$CFG->admin/cli/install_database.php") {
372 // we are in an installer - roles can not work yet
373 return true;
374 } else {
375 return false;
379 if (strpos($capability, 'moodle/legacy:') === 0) {
380 throw new coding_exception('Legacy capabilities can not be used any more!');
383 if (!is_bool($doanything)) {
384 throw new coding_exception('Capability parameter "doanything" is wierd, only true or false is allowed. This has to be fixed in code.');
387 // capability must exist
388 if (!$capinfo = get_capability_info($capability)) {
389 debugging('Capability "'.$capability.'" was not found! This has to be fixed in code.');
390 return false;
393 if (!isset($USER->id)) {
394 // should never happen
395 $USER->id = 0;
396 debugging('Capability check being performed on a user with no ID.', DEBUG_DEVELOPER);
399 // make sure there is a real user specified
400 if ($user === null) {
401 $userid = $USER->id;
402 } else {
403 $userid = is_object($user) ? $user->id : $user;
406 // make sure forcelogin cuts off not-logged-in users if enabled
407 if (!empty($CFG->forcelogin) and $userid == 0) {
408 return false;
411 // make sure the guest account and not-logged-in users never get any risky caps no matter what the actual settings are.
412 if (($capinfo->captype === 'write') or ($capinfo->riskbitmask & (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))) {
413 if (isguestuser($userid) or $userid == 0) {
414 return false;
418 // somehow make sure the user is not deleted and actually exists
419 if ($userid != 0) {
420 if ($userid == $USER->id and isset($USER->deleted)) {
421 // this prevents one query per page, it is a bit of cheating,
422 // but hopefully session is terminated properly once user is deleted
423 if ($USER->deleted) {
424 return false;
426 } else {
427 if (!context_user::instance($userid, IGNORE_MISSING)) {
428 // no user context == invalid userid
429 return false;
434 // context path/depth must be valid
435 if (empty($context->path) or $context->depth == 0) {
436 // this should not happen often, each upgrade tries to rebuild the context paths
437 debugging('Context id '.$context->id.' does not have valid path, please use build_context_path()');
438 if (is_siteadmin($userid)) {
439 return true;
440 } else {
441 return false;
445 // Find out if user is admin - it is not possible to override the doanything in any way
446 // and it is not possible to switch to admin role either.
447 if ($doanything) {
448 if (is_siteadmin($userid)) {
449 if ($userid != $USER->id) {
450 return true;
452 // make sure switchrole is not used in this context
453 if (empty($USER->access['rsw'])) {
454 return true;
456 $parts = explode('/', trim($context->path, '/'));
457 $path = '';
458 $switched = false;
459 foreach ($parts as $part) {
460 $path .= '/' . $part;
461 if (!empty($USER->access['rsw'][$path])) {
462 $switched = true;
463 break;
466 if (!$switched) {
467 return true;
469 //ok, admin switched role in this context, let's use normal access control rules
473 // Careful check for staleness...
474 $context->reload_if_dirty();
476 if ($USER->id == $userid) {
477 if (!isset($USER->access)) {
478 load_all_capabilities();
480 $access =& $USER->access;
482 } else {
483 // make sure user accessdata is really loaded
484 get_user_accessdata($userid, true);
485 $access =& $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
489 // Load accessdata for below-the-course context if necessary,
490 // all contexts at and above all courses are already loaded
491 if ($context->contextlevel != CONTEXT_COURSE and $coursecontext = $context->get_course_context(false)) {
492 load_course_context($userid, $coursecontext, $access);
495 return has_capability_in_accessdata($capability, $context, $access);
499 * Check if the user has any one of several capabilities from a list.
501 * This is just a utility method that calls has_capability in a loop. Try to put
502 * the capabilities that most users are likely to have first in the list for best
503 * performance.
505 * @category access
506 * @see has_capability()
508 * @param array $capabilities an array of capability names.
509 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
510 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
511 * @param boolean $doanything If false, ignore effect of admin role assignment
512 * @return boolean true if the user has any of these capabilities. Otherwise false.
514 function has_any_capability(array $capabilities, context $context, $user = null, $doanything = true) {
515 foreach ($capabilities as $capability) {
516 if (has_capability($capability, $context, $user, $doanything)) {
517 return true;
520 return false;
524 * Check if the user has all the capabilities in a list.
526 * This is just a utility method that calls has_capability in a loop. Try to put
527 * the capabilities that fewest users are likely to have first in the list for best
528 * performance.
530 * @category access
531 * @see has_capability()
533 * @param array $capabilities an array of capability names.
534 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
535 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
536 * @param boolean $doanything If false, ignore effect of admin role assignment
537 * @return boolean true if the user has all of these capabilities. Otherwise false.
539 function has_all_capabilities(array $capabilities, context $context, $user = null, $doanything = true) {
540 foreach ($capabilities as $capability) {
541 if (!has_capability($capability, $context, $user, $doanything)) {
542 return false;
545 return true;
549 * Is course creator going to have capability in a new course?
551 * This is intended to be used in enrolment plugins before or during course creation,
552 * do not use after the course is fully created.
554 * @category access
556 * @param string $capability the name of the capability to check.
557 * @param context $context course or category context where is course going to be created
558 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
559 * @return boolean true if the user will have this capability.
561 * @throws coding_exception if different type of context submitted
563 function guess_if_creator_will_have_course_capability($capability, context $context, $user = null) {
564 global $CFG;
566 if ($context->contextlevel != CONTEXT_COURSE and $context->contextlevel != CONTEXT_COURSECAT) {
567 throw new coding_exception('Only course or course category context expected');
570 if (has_capability($capability, $context, $user)) {
571 // User already has the capability, it could be only removed if CAP_PROHIBIT
572 // was involved here, but we ignore that.
573 return true;
576 if (!has_capability('moodle/course:create', $context, $user)) {
577 return false;
580 if (!enrol_is_enabled('manual')) {
581 return false;
584 if (empty($CFG->creatornewroleid)) {
585 return false;
588 if ($context->contextlevel == CONTEXT_COURSE) {
589 if (is_viewing($context, $user, 'moodle/role:assign') or is_enrolled($context, $user, 'moodle/role:assign')) {
590 return false;
592 } else {
593 if (has_capability('moodle/course:view', $context, $user) and has_capability('moodle/role:assign', $context, $user)) {
594 return false;
598 // Most likely they will be enrolled after the course creation is finished,
599 // does the new role have the required capability?
600 list($neededroles, $forbiddenroles) = get_roles_with_cap_in_context($context, $capability);
601 return isset($neededroles[$CFG->creatornewroleid]);
605 * Check if the user is an admin at the site level.
607 * Please note that use of proper capabilities is always encouraged,
608 * this function is supposed to be used from core or for temporary hacks.
610 * @category access
612 * @param int|stdClass $user_or_id user id or user object
613 * @return bool true if user is one of the administrators, false otherwise
615 function is_siteadmin($user_or_id = null) {
616 global $CFG, $USER;
618 if ($user_or_id === null) {
619 $user_or_id = $USER;
622 if (empty($user_or_id)) {
623 return false;
625 if (!empty($user_or_id->id)) {
626 $userid = $user_or_id->id;
627 } else {
628 $userid = $user_or_id;
631 // Because this script is called many times (150+ for course page) with
632 // the same parameters, it is worth doing minor optimisations. This static
633 // cache stores the value for a single userid, saving about 2ms from course
634 // page load time without using significant memory. As the static cache
635 // also includes the value it depends on, this cannot break unit tests.
636 static $knownid, $knownresult, $knownsiteadmins;
637 if ($knownid === $userid && $knownsiteadmins === $CFG->siteadmins) {
638 return $knownresult;
640 $knownid = $userid;
641 $knownsiteadmins = $CFG->siteadmins;
643 $siteadmins = explode(',', $CFG->siteadmins);
644 $knownresult = in_array($userid, $siteadmins);
645 return $knownresult;
649 * Returns true if user has at least one role assign
650 * of 'coursecontact' role (is potentially listed in some course descriptions).
652 * @param int $userid
653 * @return bool
655 function has_coursecontact_role($userid) {
656 global $DB, $CFG;
658 if (empty($CFG->coursecontact)) {
659 return false;
661 $sql = "SELECT 1
662 FROM {role_assignments}
663 WHERE userid = :userid AND roleid IN ($CFG->coursecontact)";
664 return $DB->record_exists_sql($sql, array('userid'=>$userid));
668 * Does the user have a capability to do something?
670 * Walk the accessdata array and return true/false.
671 * Deals with prohibits, role switching, aggregating
672 * capabilities, etc.
674 * The main feature of here is being FAST and with no
675 * side effects.
677 * Notes:
679 * Switch Role merges with default role
680 * ------------------------------------
681 * If you are a teacher in course X, you have at least
682 * teacher-in-X + defaultloggedinuser-sitewide. So in the
683 * course you'll have techer+defaultloggedinuser.
684 * We try to mimic that in switchrole.
686 * Permission evaluation
687 * ---------------------
688 * Originally there was an extremely complicated way
689 * to determine the user access that dealt with
690 * "locality" or role assignments and role overrides.
691 * Now we simply evaluate access for each role separately
692 * and then verify if user has at least one role with allow
693 * and at the same time no role with prohibit.
695 * @access private
696 * @param string $capability
697 * @param context $context
698 * @param array $accessdata
699 * @return bool
701 function has_capability_in_accessdata($capability, context $context, array &$accessdata) {
702 global $CFG;
704 // Build $paths as a list of current + all parent "paths" with order bottom-to-top
705 $path = $context->path;
706 $paths = array($path);
707 while($path = rtrim($path, '0123456789')) {
708 $path = rtrim($path, '/');
709 if ($path === '') {
710 break;
712 $paths[] = $path;
715 $roles = array();
716 $switchedrole = false;
718 // Find out if role switched
719 if (!empty($accessdata['rsw'])) {
720 // From the bottom up...
721 foreach ($paths as $path) {
722 if (isset($accessdata['rsw'][$path])) {
723 // Found a switchrole assignment - check for that role _plus_ the default user role
724 $roles = array($accessdata['rsw'][$path]=>null, $CFG->defaultuserroleid=>null);
725 $switchedrole = true;
726 break;
731 if (!$switchedrole) {
732 // get all users roles in this context and above
733 foreach ($paths as $path) {
734 if (isset($accessdata['ra'][$path])) {
735 foreach ($accessdata['ra'][$path] as $roleid) {
736 $roles[$roleid] = null;
742 // Now find out what access is given to each role, going bottom-->up direction
743 $allowed = false;
744 foreach ($roles as $roleid => $ignored) {
745 foreach ($paths as $path) {
746 if (isset($accessdata['rdef']["{$path}:$roleid"][$capability])) {
747 $perm = (int)$accessdata['rdef']["{$path}:$roleid"][$capability];
748 if ($perm === CAP_PROHIBIT) {
749 // any CAP_PROHIBIT found means no permission for the user
750 return false;
752 if (is_null($roles[$roleid])) {
753 $roles[$roleid] = $perm;
757 // CAP_ALLOW in any role means the user has a permission, we continue only to detect prohibits
758 $allowed = ($allowed or $roles[$roleid] === CAP_ALLOW);
761 return $allowed;
765 * A convenience function that tests has_capability, and displays an error if
766 * the user does not have that capability.
768 * NOTE before Moodle 2.0, this function attempted to make an appropriate
769 * require_login call before checking the capability. This is no longer the case.
770 * You must call require_login (or one of its variants) if you want to check the
771 * user is logged in, before you call this function.
773 * @see has_capability()
775 * @param string $capability the name of the capability to check. For example mod/forum:view
776 * @param context $context the context to check the capability in. You normally get this with context_xxxx::instance().
777 * @param int $userid A user id. By default (null) checks the permissions of the current user.
778 * @param bool $doanything If false, ignore effect of admin role assignment
779 * @param string $errormessage The error string to to user. Defaults to 'nopermissions'.
780 * @param string $stringfile The language file to load the error string from. Defaults to 'error'.
781 * @return void terminates with an error if the user does not have the given capability.
783 function require_capability($capability, context $context, $userid = null, $doanything = true,
784 $errormessage = 'nopermissions', $stringfile = '') {
785 if (!has_capability($capability, $context, $userid, $doanything)) {
786 throw new required_capability_exception($context, $capability, $errormessage, $stringfile);
791 * Return a nested array showing role assignments
792 * all relevant role capabilities for the user at
793 * site/course_category/course levels
795 * We do _not_ delve deeper than courses because the number of
796 * overrides at the module/block levels can be HUGE.
798 * [ra] => [/path][roleid]=roleid
799 * [rdef] => [/path:roleid][capability]=permission
801 * @access private
802 * @param int $userid - the id of the user
803 * @return array access info array
805 function get_user_access_sitewide($userid) {
806 global $CFG, $DB, $ACCESSLIB_PRIVATE;
808 /* Get in a few cheap DB queries...
809 * - role assignments
810 * - relevant role caps
811 * - above and within this user's RAs
812 * - below this user's RAs - limited to course level
815 // raparents collects paths & roles we need to walk up the parenthood to build the minimal rdef
816 $raparents = array();
817 $accessdata = get_empty_accessdata();
819 // start with the default role
820 if (!empty($CFG->defaultuserroleid)) {
821 $syscontext = context_system::instance();
822 $accessdata['ra'][$syscontext->path][(int)$CFG->defaultuserroleid] = (int)$CFG->defaultuserroleid;
823 $raparents[$CFG->defaultuserroleid][$syscontext->id] = $syscontext->id;
826 // load the "default frontpage role"
827 if (!empty($CFG->defaultfrontpageroleid)) {
828 $frontpagecontext = context_course::instance(get_site()->id);
829 if ($frontpagecontext->path) {
830 $accessdata['ra'][$frontpagecontext->path][(int)$CFG->defaultfrontpageroleid] = (int)$CFG->defaultfrontpageroleid;
831 $raparents[$CFG->defaultfrontpageroleid][$frontpagecontext->id] = $frontpagecontext->id;
835 // preload every assigned role at and above course context
836 $sql = "SELECT ctx.path, ra.roleid, ra.contextid
837 FROM {role_assignments} ra
838 JOIN {context} ctx
839 ON ctx.id = ra.contextid
840 LEFT JOIN {block_instances} bi
841 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
842 LEFT JOIN {context} bpctx
843 ON (bpctx.id = bi.parentcontextid)
844 WHERE ra.userid = :userid
845 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")";
846 $params = array('userid'=>$userid);
847 $rs = $DB->get_recordset_sql($sql, $params);
848 foreach ($rs as $ra) {
849 // RAs leafs are arrays to support multi-role assignments...
850 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
851 $raparents[$ra->roleid][$ra->contextid] = $ra->contextid;
853 $rs->close();
855 if (empty($raparents)) {
856 return $accessdata;
859 // now get overrides of interesting roles in all interesting child contexts
860 // hopefully we will not run out of SQL limits here,
861 // users would have to have very many roles at/above course context...
862 $sqls = array();
863 $params = array();
865 static $cp = 0;
866 foreach ($raparents as $roleid=>$ras) {
867 $cp++;
868 list($sqlcids, $cids) = $DB->get_in_or_equal($ras, SQL_PARAMS_NAMED, 'c'.$cp.'_');
869 $params = array_merge($params, $cids);
870 $params['r'.$cp] = $roleid;
871 $sqls[] = "(SELECT ctx.path, rc.roleid, rc.capability, rc.permission
872 FROM {role_capabilities} rc
873 JOIN {context} ctx
874 ON (ctx.id = rc.contextid)
875 JOIN {context} pctx
876 ON (pctx.id $sqlcids
877 AND (ctx.id = pctx.id
878 OR ctx.path LIKE ".$DB->sql_concat('pctx.path',"'/%'")."
879 OR pctx.path LIKE ".$DB->sql_concat('ctx.path',"'/%'")."))
880 LEFT JOIN {block_instances} bi
881 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
882 LEFT JOIN {context} bpctx
883 ON (bpctx.id = bi.parentcontextid)
884 WHERE rc.roleid = :r{$cp}
885 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")
889 // fixed capability order is necessary for rdef dedupe
890 $rs = $DB->get_recordset_sql(implode("\nUNION\n", $sqls). "ORDER BY capability", $params);
892 foreach ($rs as $rd) {
893 $k = $rd->path.':'.$rd->roleid;
894 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
896 $rs->close();
898 // share the role definitions
899 foreach ($accessdata['rdef'] as $k=>$unused) {
900 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
901 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
903 $accessdata['rdef_count']++;
904 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
907 return $accessdata;
911 * Add to the access ctrl array the data needed by a user for a given course.
913 * This function injects all course related access info into the accessdata array.
915 * @access private
916 * @param int $userid the id of the user
917 * @param context_course $coursecontext course context
918 * @param array $accessdata accessdata array (modified)
919 * @return void modifies $accessdata parameter
921 function load_course_context($userid, context_course $coursecontext, &$accessdata) {
922 global $DB, $CFG, $ACCESSLIB_PRIVATE;
924 if (empty($coursecontext->path)) {
925 // weird, this should not happen
926 return;
929 if (isset($accessdata['loaded'][$coursecontext->instanceid])) {
930 // already loaded, great!
931 return;
934 $roles = array();
936 if (empty($userid)) {
937 if (!empty($CFG->notloggedinroleid)) {
938 $roles[$CFG->notloggedinroleid] = $CFG->notloggedinroleid;
941 } else if (isguestuser($userid)) {
942 if ($guestrole = get_guest_role()) {
943 $roles[$guestrole->id] = $guestrole->id;
946 } else {
947 // Interesting role assignments at, above and below the course context
948 list($parentsaself, $params) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
949 $params['userid'] = $userid;
950 $params['children'] = $coursecontext->path."/%";
951 $sql = "SELECT ra.*, ctx.path
952 FROM {role_assignments} ra
953 JOIN {context} ctx ON ra.contextid = ctx.id
954 WHERE ra.userid = :userid AND (ctx.id $parentsaself OR ctx.path LIKE :children)";
955 $rs = $DB->get_recordset_sql($sql, $params);
957 // add missing role definitions
958 foreach ($rs as $ra) {
959 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
960 $roles[$ra->roleid] = $ra->roleid;
962 $rs->close();
964 // add the "default frontpage role" when on the frontpage
965 if (!empty($CFG->defaultfrontpageroleid)) {
966 $frontpagecontext = context_course::instance(get_site()->id);
967 if ($frontpagecontext->id == $coursecontext->id) {
968 $roles[$CFG->defaultfrontpageroleid] = $CFG->defaultfrontpageroleid;
972 // do not forget the default role
973 if (!empty($CFG->defaultuserroleid)) {
974 $roles[$CFG->defaultuserroleid] = $CFG->defaultuserroleid;
978 if (!$roles) {
979 // weird, default roles must be missing...
980 $accessdata['loaded'][$coursecontext->instanceid] = 1;
981 return;
984 // now get overrides of interesting roles in all interesting contexts (this course + children + parents)
985 $params = array('c'=>$coursecontext->id);
986 list($parentsaself, $rparams) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
987 $params = array_merge($params, $rparams);
988 list($roleids, $rparams) = $DB->get_in_or_equal($roles, SQL_PARAMS_NAMED, 'r_');
989 $params = array_merge($params, $rparams);
991 $sql = "SELECT ctx.path, rc.roleid, rc.capability, rc.permission
992 FROM {role_capabilities} rc
993 JOIN {context} ctx
994 ON (ctx.id = rc.contextid)
995 JOIN {context} cctx
996 ON (cctx.id = :c
997 AND (ctx.id $parentsaself OR ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'")."))
998 WHERE rc.roleid $roleids
999 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
1000 $rs = $DB->get_recordset_sql($sql, $params);
1002 $newrdefs = array();
1003 foreach ($rs as $rd) {
1004 $k = $rd->path.':'.$rd->roleid;
1005 if (isset($accessdata['rdef'][$k])) {
1006 continue;
1008 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
1010 $rs->close();
1012 // share new role definitions
1013 foreach ($newrdefs as $k=>$unused) {
1014 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
1015 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
1017 $accessdata['rdef_count']++;
1018 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1021 $accessdata['loaded'][$coursecontext->instanceid] = 1;
1023 // we want to deduplicate the USER->access from time to time, this looks like a good place,
1024 // because we have to do it before the end of session
1025 dedupe_user_access();
1029 * Add to the access ctrl array the data needed by a role for a given context.
1031 * The data is added in the rdef key.
1032 * This role-centric function is useful for role_switching
1033 * and temporary course roles.
1035 * @access private
1036 * @param int $roleid the id of the user
1037 * @param context $context needs path!
1038 * @param array $accessdata accessdata array (is modified)
1039 * @return array
1041 function load_role_access_by_context($roleid, context $context, &$accessdata) {
1042 global $DB, $ACCESSLIB_PRIVATE;
1044 /* Get the relevant rolecaps into rdef
1045 * - relevant role caps
1046 * - at ctx and above
1047 * - below this ctx
1050 if (empty($context->path)) {
1051 // weird, this should not happen
1052 return;
1055 list($parentsaself, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
1056 $params['roleid'] = $roleid;
1057 $params['childpath'] = $context->path.'/%';
1059 $sql = "SELECT ctx.path, rc.capability, rc.permission
1060 FROM {role_capabilities} rc
1061 JOIN {context} ctx ON (rc.contextid = ctx.id)
1062 WHERE rc.roleid = :roleid AND (ctx.id $parentsaself OR ctx.path LIKE :childpath)
1063 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
1064 $rs = $DB->get_recordset_sql($sql, $params);
1066 $newrdefs = array();
1067 foreach ($rs as $rd) {
1068 $k = $rd->path.':'.$roleid;
1069 if (isset($accessdata['rdef'][$k])) {
1070 continue;
1072 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
1074 $rs->close();
1076 // share new role definitions
1077 foreach ($newrdefs as $k=>$unused) {
1078 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
1079 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
1081 $accessdata['rdef_count']++;
1082 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1087 * Returns empty accessdata structure.
1089 * @access private
1090 * @return array empt accessdata
1092 function get_empty_accessdata() {
1093 $accessdata = array(); // named list
1094 $accessdata['ra'] = array();
1095 $accessdata['rdef'] = array();
1096 $accessdata['rdef_count'] = 0; // this bloody hack is necessary because count($array) is slooooowwww in PHP
1097 $accessdata['rdef_lcc'] = 0; // rdef_count during the last compression
1098 $accessdata['loaded'] = array(); // loaded course contexts
1099 $accessdata['time'] = time();
1100 $accessdata['rsw'] = array();
1102 return $accessdata;
1106 * Get accessdata for a given user.
1108 * @access private
1109 * @param int $userid
1110 * @param bool $preloadonly true means do not return access array
1111 * @return array accessdata
1113 function get_user_accessdata($userid, $preloadonly=false) {
1114 global $CFG, $ACCESSLIB_PRIVATE, $USER;
1116 if (!empty($USER->access['rdef']) and empty($ACCESSLIB_PRIVATE->rolepermissions)) {
1117 // share rdef from USER session with rolepermissions cache in order to conserve memory
1118 foreach ($USER->access['rdef'] as $k=>$v) {
1119 $ACCESSLIB_PRIVATE->rolepermissions[$k] =& $USER->access['rdef'][$k];
1121 $ACCESSLIB_PRIVATE->accessdatabyuser[$USER->id] = $USER->access;
1124 if (!isset($ACCESSLIB_PRIVATE->accessdatabyuser[$userid])) {
1125 if (empty($userid)) {
1126 if (!empty($CFG->notloggedinroleid)) {
1127 $accessdata = get_role_access($CFG->notloggedinroleid);
1128 } else {
1129 // weird
1130 return get_empty_accessdata();
1133 } else if (isguestuser($userid)) {
1134 if ($guestrole = get_guest_role()) {
1135 $accessdata = get_role_access($guestrole->id);
1136 } else {
1137 //weird
1138 return get_empty_accessdata();
1141 } else {
1142 $accessdata = get_user_access_sitewide($userid); // includes default role and frontpage role
1145 $ACCESSLIB_PRIVATE->accessdatabyuser[$userid] = $accessdata;
1148 if ($preloadonly) {
1149 return;
1150 } else {
1151 return $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
1156 * Try to minimise the size of $USER->access by eliminating duplicate override storage,
1157 * this function looks for contexts with the same overrides and shares them.
1159 * @access private
1160 * @return void
1162 function dedupe_user_access() {
1163 global $USER;
1165 if (CLI_SCRIPT) {
1166 // no session in CLI --> no compression necessary
1167 return;
1170 if (empty($USER->access['rdef_count'])) {
1171 // weird, this should not happen
1172 return;
1175 // the rdef is growing only, we never remove stuff from it, the rdef_lcc helps us to detect new stuff in rdef
1176 if ($USER->access['rdef_count'] - $USER->access['rdef_lcc'] > 10) {
1177 // do not compress after each change, wait till there is more stuff to be done
1178 return;
1181 $hashmap = array();
1182 foreach ($USER->access['rdef'] as $k=>$def) {
1183 $hash = sha1(serialize($def));
1184 if (isset($hashmap[$hash])) {
1185 $USER->access['rdef'][$k] =& $hashmap[$hash];
1186 } else {
1187 $hashmap[$hash] =& $USER->access['rdef'][$k];
1191 $USER->access['rdef_lcc'] = $USER->access['rdef_count'];
1195 * A convenience function to completely load all the capabilities
1196 * for the current user. It is called from has_capability() and functions change permissions.
1198 * Call it only _after_ you've setup $USER and called check_enrolment_plugins();
1199 * @see check_enrolment_plugins()
1201 * @access private
1202 * @return void
1204 function load_all_capabilities() {
1205 global $USER;
1207 // roles not installed yet - we are in the middle of installation
1208 if (during_initial_install()) {
1209 return;
1212 if (!isset($USER->id)) {
1213 // this should not happen
1214 $USER->id = 0;
1217 unset($USER->access);
1218 $USER->access = get_user_accessdata($USER->id);
1220 // deduplicate the overrides to minimize session size
1221 dedupe_user_access();
1223 // Clear to force a refresh
1224 unset($USER->mycourses);
1226 // init/reset internal enrol caches - active course enrolments and temp access
1227 $USER->enrol = array('enrolled'=>array(), 'tempguest'=>array());
1231 * A convenience function to completely reload all the capabilities
1232 * for the current user when roles have been updated in a relevant
1233 * context -- but PRESERVING switchroles and loginas.
1234 * This function resets all accesslib and context caches.
1236 * That is - completely transparent to the user.
1238 * Note: reloads $USER->access completely.
1240 * @access private
1241 * @return void
1243 function reload_all_capabilities() {
1244 global $USER, $DB, $ACCESSLIB_PRIVATE;
1246 // copy switchroles
1247 $sw = array();
1248 if (!empty($USER->access['rsw'])) {
1249 $sw = $USER->access['rsw'];
1252 accesslib_clear_all_caches(true);
1253 unset($USER->access);
1254 $ACCESSLIB_PRIVATE->dirtycontexts = array(); // prevent dirty flags refetching on this page
1256 load_all_capabilities();
1258 foreach ($sw as $path => $roleid) {
1259 if ($record = $DB->get_record('context', array('path'=>$path))) {
1260 $context = context::instance_by_id($record->id);
1261 role_switch($roleid, $context);
1267 * Adds a temp role to current USER->access array.
1269 * Useful for the "temporary guest" access we grant to logged-in users.
1270 * This is useful for enrol plugins only.
1272 * @since 2.2
1273 * @param context_course $coursecontext
1274 * @param int $roleid
1275 * @return void
1277 function load_temp_course_role(context_course $coursecontext, $roleid) {
1278 global $USER, $SITE;
1280 if (empty($roleid)) {
1281 debugging('invalid role specified in load_temp_course_role()');
1282 return;
1285 if ($coursecontext->instanceid == $SITE->id) {
1286 debugging('Can not use temp roles on the frontpage');
1287 return;
1290 if (!isset($USER->access)) {
1291 load_all_capabilities();
1294 $coursecontext->reload_if_dirty();
1296 if (isset($USER->access['ra'][$coursecontext->path][$roleid])) {
1297 return;
1300 // load course stuff first
1301 load_course_context($USER->id, $coursecontext, $USER->access);
1303 $USER->access['ra'][$coursecontext->path][(int)$roleid] = (int)$roleid;
1305 load_role_access_by_context($roleid, $coursecontext, $USER->access);
1309 * Removes any extra guest roles from current USER->access array.
1310 * This is useful for enrol plugins only.
1312 * @since 2.2
1313 * @param context_course $coursecontext
1314 * @return void
1316 function remove_temp_course_roles(context_course $coursecontext) {
1317 global $DB, $USER, $SITE;
1319 if ($coursecontext->instanceid == $SITE->id) {
1320 debugging('Can not use temp roles on the frontpage');
1321 return;
1324 if (empty($USER->access['ra'][$coursecontext->path])) {
1325 //no roles here, weird
1326 return;
1329 $sql = "SELECT DISTINCT ra.roleid AS id
1330 FROM {role_assignments} ra
1331 WHERE ra.contextid = :contextid AND ra.userid = :userid";
1332 $ras = $DB->get_records_sql($sql, array('contextid'=>$coursecontext->id, 'userid'=>$USER->id));
1334 $USER->access['ra'][$coursecontext->path] = array();
1335 foreach($ras as $r) {
1336 $USER->access['ra'][$coursecontext->path][(int)$r->id] = (int)$r->id;
1341 * Returns array of all role archetypes.
1343 * @return array
1345 function get_role_archetypes() {
1346 return array(
1347 'manager' => 'manager',
1348 'coursecreator' => 'coursecreator',
1349 'editingteacher' => 'editingteacher',
1350 'teacher' => 'teacher',
1351 'student' => 'student',
1352 'guest' => 'guest',
1353 'user' => 'user',
1354 'frontpage' => 'frontpage'
1359 * Assign the defaults found in this capability definition to roles that have
1360 * the corresponding legacy capabilities assigned to them.
1362 * @param string $capability
1363 * @param array $legacyperms an array in the format (example):
1364 * 'guest' => CAP_PREVENT,
1365 * 'student' => CAP_ALLOW,
1366 * 'teacher' => CAP_ALLOW,
1367 * 'editingteacher' => CAP_ALLOW,
1368 * 'coursecreator' => CAP_ALLOW,
1369 * 'manager' => CAP_ALLOW
1370 * @return boolean success or failure.
1372 function assign_legacy_capabilities($capability, $legacyperms) {
1374 $archetypes = get_role_archetypes();
1376 foreach ($legacyperms as $type => $perm) {
1378 $systemcontext = context_system::instance();
1379 if ($type === 'admin') {
1380 debugging('Legacy type admin in access.php was renamed to manager, please update the code.');
1381 $type = 'manager';
1384 if (!array_key_exists($type, $archetypes)) {
1385 print_error('invalidlegacy', '', '', $type);
1388 if ($roles = get_archetype_roles($type)) {
1389 foreach ($roles as $role) {
1390 // Assign a site level capability.
1391 if (!assign_capability($capability, $perm, $role->id, $systemcontext->id)) {
1392 return false;
1397 return true;
1401 * Verify capability risks.
1403 * @param stdClass $capability a capability - a row from the capabilities table.
1404 * @return boolean whether this capability is safe - that is, whether people with the
1405 * safeoverrides capability should be allowed to change it.
1407 function is_safe_capability($capability) {
1408 return !((RISK_DATALOSS | RISK_MANAGETRUST | RISK_CONFIG | RISK_XSS | RISK_PERSONAL) & $capability->riskbitmask);
1412 * Get the local override (if any) for a given capability in a role in a context
1414 * @param int $roleid
1415 * @param int $contextid
1416 * @param string $capability
1417 * @return stdClass local capability override
1419 function get_local_override($roleid, $contextid, $capability) {
1420 global $DB;
1421 return $DB->get_record('role_capabilities', array('roleid'=>$roleid, 'capability'=>$capability, 'contextid'=>$contextid));
1425 * Returns context instance plus related course and cm instances
1427 * @param int $contextid
1428 * @return array of ($context, $course, $cm)
1430 function get_context_info_array($contextid) {
1431 global $DB;
1433 $context = context::instance_by_id($contextid, MUST_EXIST);
1434 $course = null;
1435 $cm = null;
1437 if ($context->contextlevel == CONTEXT_COURSE) {
1438 $course = $DB->get_record('course', array('id'=>$context->instanceid), '*', MUST_EXIST);
1440 } else if ($context->contextlevel == CONTEXT_MODULE) {
1441 $cm = get_coursemodule_from_id('', $context->instanceid, 0, false, MUST_EXIST);
1442 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1444 } else if ($context->contextlevel == CONTEXT_BLOCK) {
1445 $parent = $context->get_parent_context();
1447 if ($parent->contextlevel == CONTEXT_COURSE) {
1448 $course = $DB->get_record('course', array('id'=>$parent->instanceid), '*', MUST_EXIST);
1449 } else if ($parent->contextlevel == CONTEXT_MODULE) {
1450 $cm = get_coursemodule_from_id('', $parent->instanceid, 0, false, MUST_EXIST);
1451 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1455 return array($context, $course, $cm);
1459 * Function that creates a role
1461 * @param string $name role name
1462 * @param string $shortname role short name
1463 * @param string $description role description
1464 * @param string $archetype
1465 * @return int id or dml_exception
1467 function create_role($name, $shortname, $description, $archetype = '') {
1468 global $DB;
1470 if (strpos($archetype, 'moodle/legacy:') !== false) {
1471 throw new coding_exception('Use new role archetype parameter in create_role() instead of old legacy capabilities.');
1474 // verify role archetype actually exists
1475 $archetypes = get_role_archetypes();
1476 if (empty($archetypes[$archetype])) {
1477 $archetype = '';
1480 // Insert the role record.
1481 $role = new stdClass();
1482 $role->name = $name;
1483 $role->shortname = $shortname;
1484 $role->description = $description;
1485 $role->archetype = $archetype;
1487 //find free sortorder number
1488 $role->sortorder = $DB->get_field('role', 'MAX(sortorder) + 1', array());
1489 if (empty($role->sortorder)) {
1490 $role->sortorder = 1;
1492 $id = $DB->insert_record('role', $role);
1494 return $id;
1498 * Function that deletes a role and cleanups up after it
1500 * @param int $roleid id of role to delete
1501 * @return bool always true
1503 function delete_role($roleid) {
1504 global $DB;
1506 // first unssign all users
1507 role_unassign_all(array('roleid'=>$roleid));
1509 // cleanup all references to this role, ignore errors
1510 $DB->delete_records('role_capabilities', array('roleid'=>$roleid));
1511 $DB->delete_records('role_allow_assign', array('roleid'=>$roleid));
1512 $DB->delete_records('role_allow_assign', array('allowassign'=>$roleid));
1513 $DB->delete_records('role_allow_override', array('roleid'=>$roleid));
1514 $DB->delete_records('role_allow_override', array('allowoverride'=>$roleid));
1515 $DB->delete_records('role_names', array('roleid'=>$roleid));
1516 $DB->delete_records('role_context_levels', array('roleid'=>$roleid));
1518 // Get role record before it's deleted.
1519 $role = $DB->get_record('role', array('id'=>$roleid));
1521 // Finally delete the role itself.
1522 $DB->delete_records('role', array('id'=>$roleid));
1524 // Trigger event.
1525 $event = \core\event\role_deleted::create(
1526 array(
1527 'context' => context_system::instance(),
1528 'objectid' => $roleid,
1529 'other' =>
1530 array(
1531 'shortname' => $role->shortname,
1532 'description' => $role->description,
1533 'archetype' => $role->archetype
1537 $event->add_record_snapshot('role', $role);
1538 $event->trigger();
1540 return true;
1544 * Function to write context specific overrides, or default capabilities.
1546 * NOTE: use $context->mark_dirty() after this
1548 * @param string $capability string name
1549 * @param int $permission CAP_ constants
1550 * @param int $roleid role id
1551 * @param int|context $contextid context id
1552 * @param bool $overwrite
1553 * @return bool always true or exception
1555 function assign_capability($capability, $permission, $roleid, $contextid, $overwrite = false) {
1556 global $USER, $DB;
1558 if ($contextid instanceof context) {
1559 $context = $contextid;
1560 } else {
1561 $context = context::instance_by_id($contextid);
1564 if (empty($permission) || $permission == CAP_INHERIT) { // if permission is not set
1565 unassign_capability($capability, $roleid, $context->id);
1566 return true;
1569 $existing = $DB->get_record('role_capabilities', array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability));
1571 if ($existing and !$overwrite) { // We want to keep whatever is there already
1572 return true;
1575 $cap = new stdClass();
1576 $cap->contextid = $context->id;
1577 $cap->roleid = $roleid;
1578 $cap->capability = $capability;
1579 $cap->permission = $permission;
1580 $cap->timemodified = time();
1581 $cap->modifierid = empty($USER->id) ? 0 : $USER->id;
1583 if ($existing) {
1584 $cap->id = $existing->id;
1585 $DB->update_record('role_capabilities', $cap);
1586 } else {
1587 if ($DB->record_exists('context', array('id'=>$context->id))) {
1588 $DB->insert_record('role_capabilities', $cap);
1591 return true;
1595 * Unassign a capability from a role.
1597 * NOTE: use $context->mark_dirty() after this
1599 * @param string $capability the name of the capability
1600 * @param int $roleid the role id
1601 * @param int|context $contextid null means all contexts
1602 * @return boolean true or exception
1604 function unassign_capability($capability, $roleid, $contextid = null) {
1605 global $DB;
1607 if (!empty($contextid)) {
1608 if ($contextid instanceof context) {
1609 $context = $contextid;
1610 } else {
1611 $context = context::instance_by_id($contextid);
1613 // delete from context rel, if this is the last override in this context
1614 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid, 'contextid'=>$context->id));
1615 } else {
1616 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid));
1618 return true;
1622 * Get the roles that have a given capability assigned to it
1624 * This function does not resolve the actual permission of the capability.
1625 * It just checks for permissions and overrides.
1626 * Use get_roles_with_cap_in_context() if resolution is required.
1628 * @param string $capability capability name (string)
1629 * @param string $permission optional, the permission defined for this capability
1630 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT. Defaults to null which means any.
1631 * @param stdClass $context null means any
1632 * @return array of role records
1634 function get_roles_with_capability($capability, $permission = null, $context = null) {
1635 global $DB;
1637 if ($context) {
1638 $contexts = $context->get_parent_context_ids(true);
1639 list($insql, $params) = $DB->get_in_or_equal($contexts, SQL_PARAMS_NAMED, 'ctx');
1640 $contextsql = "AND rc.contextid $insql";
1641 } else {
1642 $params = array();
1643 $contextsql = '';
1646 if ($permission) {
1647 $permissionsql = " AND rc.permission = :permission";
1648 $params['permission'] = $permission;
1649 } else {
1650 $permissionsql = '';
1653 $sql = "SELECT r.*
1654 FROM {role} r
1655 WHERE r.id IN (SELECT rc.roleid
1656 FROM {role_capabilities} rc
1657 WHERE rc.capability = :capname
1658 $contextsql
1659 $permissionsql)";
1660 $params['capname'] = $capability;
1663 return $DB->get_records_sql($sql, $params);
1667 * This function makes a role-assignment (a role for a user in a particular context)
1669 * @param int $roleid the role of the id
1670 * @param int $userid userid
1671 * @param int|context $contextid id of the context
1672 * @param string $component example 'enrol_ldap', defaults to '' which means manual assignment,
1673 * @param int $itemid id of enrolment/auth plugin
1674 * @param string $timemodified defaults to current time
1675 * @return int new/existing id of the assignment
1677 function role_assign($roleid, $userid, $contextid, $component = '', $itemid = 0, $timemodified = '') {
1678 global $USER, $DB;
1680 // first of all detect if somebody is using old style parameters
1681 if ($contextid === 0 or is_numeric($component)) {
1682 throw new coding_exception('Invalid call to role_assign(), code needs to be updated to use new order of parameters');
1685 // now validate all parameters
1686 if (empty($roleid)) {
1687 throw new coding_exception('Invalid call to role_assign(), roleid can not be empty');
1690 if (empty($userid)) {
1691 throw new coding_exception('Invalid call to role_assign(), userid can not be empty');
1694 if ($itemid) {
1695 if (strpos($component, '_') === false) {
1696 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as"enrol_" when itemid specified', 'component:'.$component);
1698 } else {
1699 $itemid = 0;
1700 if ($component !== '' and strpos($component, '_') === false) {
1701 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1705 if (!$DB->record_exists('user', array('id'=>$userid, 'deleted'=>0))) {
1706 throw new coding_exception('User ID does not exist or is deleted!', 'userid:'.$userid);
1709 if ($contextid instanceof context) {
1710 $context = $contextid;
1711 } else {
1712 $context = context::instance_by_id($contextid, MUST_EXIST);
1715 if (!$timemodified) {
1716 $timemodified = time();
1719 // Check for existing entry
1720 $ras = $DB->get_records('role_assignments', array('roleid'=>$roleid, 'contextid'=>$context->id, 'userid'=>$userid, 'component'=>$component, 'itemid'=>$itemid), 'id');
1722 if ($ras) {
1723 // role already assigned - this should not happen
1724 if (count($ras) > 1) {
1725 // very weird - remove all duplicates!
1726 $ra = array_shift($ras);
1727 foreach ($ras as $r) {
1728 $DB->delete_records('role_assignments', array('id'=>$r->id));
1730 } else {
1731 $ra = reset($ras);
1734 // actually there is no need to update, reset anything or trigger any event, so just return
1735 return $ra->id;
1738 // Create a new entry
1739 $ra = new stdClass();
1740 $ra->roleid = $roleid;
1741 $ra->contextid = $context->id;
1742 $ra->userid = $userid;
1743 $ra->component = $component;
1744 $ra->itemid = $itemid;
1745 $ra->timemodified = $timemodified;
1746 $ra->modifierid = empty($USER->id) ? 0 : $USER->id;
1748 $ra->id = $DB->insert_record('role_assignments', $ra);
1750 // mark context as dirty - again expensive, but needed
1751 $context->mark_dirty();
1753 if (!empty($USER->id) && $USER->id == $userid) {
1754 // If the user is the current user, then do full reload of capabilities too.
1755 reload_all_capabilities();
1758 $event = \core\event\role_assigned::create(
1759 array('context'=>$context, 'objectid'=>$ra->roleid, 'relateduserid'=>$ra->userid,
1760 'other'=>array('id'=>$ra->id, 'component'=>$ra->component, 'itemid'=>$ra->itemid)));
1761 $event->add_record_snapshot('role_assignments', $ra);
1762 $event->trigger();
1764 return $ra->id;
1768 * Removes one role assignment
1770 * @param int $roleid
1771 * @param int $userid
1772 * @param int $contextid
1773 * @param string $component
1774 * @param int $itemid
1775 * @return void
1777 function role_unassign($roleid, $userid, $contextid, $component = '', $itemid = 0) {
1778 // first make sure the params make sense
1779 if ($roleid == 0 or $userid == 0 or $contextid == 0) {
1780 throw new coding_exception('Invalid call to role_unassign(), please use role_unassign_all() when removing multiple role assignments');
1783 if ($itemid) {
1784 if (strpos($component, '_') === false) {
1785 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as "enrol_" when itemid specified', 'component:'.$component);
1787 } else {
1788 $itemid = 0;
1789 if ($component !== '' and strpos($component, '_') === false) {
1790 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1794 role_unassign_all(array('roleid'=>$roleid, 'userid'=>$userid, 'contextid'=>$contextid, 'component'=>$component, 'itemid'=>$itemid), false, false);
1798 * Removes multiple role assignments, parameters may contain:
1799 * 'roleid', 'userid', 'contextid', 'component', 'enrolid'.
1801 * @param array $params role assignment parameters
1802 * @param bool $subcontexts unassign in subcontexts too
1803 * @param bool $includemanual include manual role assignments too
1804 * @return void
1806 function role_unassign_all(array $params, $subcontexts = false, $includemanual = false) {
1807 global $USER, $CFG, $DB;
1809 if (!$params) {
1810 throw new coding_exception('Missing parameters in role_unsassign_all() call');
1813 $allowed = array('roleid', 'userid', 'contextid', 'component', 'itemid');
1814 foreach ($params as $key=>$value) {
1815 if (!in_array($key, $allowed)) {
1816 throw new coding_exception('Unknown role_unsassign_all() parameter key', 'key:'.$key);
1820 if (isset($params['component']) and $params['component'] !== '' and strpos($params['component'], '_') === false) {
1821 throw new coding_exception('Invalid component paramter in role_unsassign_all() call', 'component:'.$params['component']);
1824 if ($includemanual) {
1825 if (!isset($params['component']) or $params['component'] === '') {
1826 throw new coding_exception('include manual parameter requires component parameter in role_unsassign_all() call');
1830 if ($subcontexts) {
1831 if (empty($params['contextid'])) {
1832 throw new coding_exception('subcontexts paramtere requires component parameter in role_unsassign_all() call');
1836 $ras = $DB->get_records('role_assignments', $params);
1837 foreach($ras as $ra) {
1838 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1839 if ($context = context::instance_by_id($ra->contextid, IGNORE_MISSING)) {
1840 // this is a bit expensive but necessary
1841 $context->mark_dirty();
1842 // If the user is the current user, then do full reload of capabilities too.
1843 if (!empty($USER->id) && $USER->id == $ra->userid) {
1844 reload_all_capabilities();
1846 $event = \core\event\role_unassigned::create(
1847 array('context'=>$context, 'objectid'=>$ra->roleid, 'relateduserid'=>$ra->userid,
1848 'other'=>array('id'=>$ra->id, 'component'=>$ra->component, 'itemid'=>$ra->itemid)));
1849 $event->add_record_snapshot('role_assignments', $ra);
1850 $event->trigger();
1853 unset($ras);
1855 // process subcontexts
1856 if ($subcontexts and $context = context::instance_by_id($params['contextid'], IGNORE_MISSING)) {
1857 if ($params['contextid'] instanceof context) {
1858 $context = $params['contextid'];
1859 } else {
1860 $context = context::instance_by_id($params['contextid'], IGNORE_MISSING);
1863 if ($context) {
1864 $contexts = $context->get_child_contexts();
1865 $mparams = $params;
1866 foreach($contexts as $context) {
1867 $mparams['contextid'] = $context->id;
1868 $ras = $DB->get_records('role_assignments', $mparams);
1869 foreach($ras as $ra) {
1870 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1871 // this is a bit expensive but necessary
1872 $context->mark_dirty();
1873 // If the user is the current user, then do full reload of capabilities too.
1874 if (!empty($USER->id) && $USER->id == $ra->userid) {
1875 reload_all_capabilities();
1877 $event = \core\event\role_unassigned::create(
1878 array('context'=>$context, 'objectid'=>$ra->roleid, 'relateduserid'=>$ra->userid,
1879 'other'=>array('id'=>$ra->id, 'component'=>$ra->component, 'itemid'=>$ra->itemid)));
1880 $event->add_record_snapshot('role_assignments', $ra);
1881 $event->trigger();
1887 // do this once more for all manual role assignments
1888 if ($includemanual) {
1889 $params['component'] = '';
1890 role_unassign_all($params, $subcontexts, false);
1895 * Determines if a user is currently logged in
1897 * @category access
1899 * @return bool
1901 function isloggedin() {
1902 global $USER;
1904 return (!empty($USER->id));
1908 * Determines if a user is logged in as real guest user with username 'guest'.
1910 * @category access
1912 * @param int|object $user mixed user object or id, $USER if not specified
1913 * @return bool true if user is the real guest user, false if not logged in or other user
1915 function isguestuser($user = null) {
1916 global $USER, $DB, $CFG;
1918 // make sure we have the user id cached in config table, because we are going to use it a lot
1919 if (empty($CFG->siteguest)) {
1920 if (!$guestid = $DB->get_field('user', 'id', array('username'=>'guest', 'mnethostid'=>$CFG->mnet_localhost_id))) {
1921 // guest does not exist yet, weird
1922 return false;
1924 set_config('siteguest', $guestid);
1926 if ($user === null) {
1927 $user = $USER;
1930 if ($user === null) {
1931 // happens when setting the $USER
1932 return false;
1934 } else if (is_numeric($user)) {
1935 return ($CFG->siteguest == $user);
1937 } else if (is_object($user)) {
1938 if (empty($user->id)) {
1939 return false; // not logged in means is not be guest
1940 } else {
1941 return ($CFG->siteguest == $user->id);
1944 } else {
1945 throw new coding_exception('Invalid user parameter supplied for isguestuser() function!');
1950 * Does user have a (temporary or real) guest access to course?
1952 * @category access
1954 * @param context $context
1955 * @param stdClass|int $user
1956 * @return bool
1958 function is_guest(context $context, $user = null) {
1959 global $USER;
1961 // first find the course context
1962 $coursecontext = $context->get_course_context();
1964 // make sure there is a real user specified
1965 if ($user === null) {
1966 $userid = isset($USER->id) ? $USER->id : 0;
1967 } else {
1968 $userid = is_object($user) ? $user->id : $user;
1971 if (isguestuser($userid)) {
1972 // can not inspect or be enrolled
1973 return true;
1976 if (has_capability('moodle/course:view', $coursecontext, $user)) {
1977 // viewing users appear out of nowhere, they are neither guests nor participants
1978 return false;
1981 // consider only real active enrolments here
1982 if (is_enrolled($coursecontext, $user, '', true)) {
1983 return false;
1986 return true;
1990 * Returns true if the user has moodle/course:view capability in the course,
1991 * this is intended for admins, managers (aka small admins), inspectors, etc.
1993 * @category access
1995 * @param context $context
1996 * @param int|stdClass $user if null $USER is used
1997 * @param string $withcapability extra capability name
1998 * @return bool
2000 function is_viewing(context $context, $user = null, $withcapability = '') {
2001 // first find the course context
2002 $coursecontext = $context->get_course_context();
2004 if (isguestuser($user)) {
2005 // can not inspect
2006 return false;
2009 if (!has_capability('moodle/course:view', $coursecontext, $user)) {
2010 // admins are allowed to inspect courses
2011 return false;
2014 if ($withcapability and !has_capability($withcapability, $context, $user)) {
2015 // site admins always have the capability, but the enrolment above blocks
2016 return false;
2019 return true;
2023 * Returns true if user is enrolled (is participating) in course
2024 * this is intended for students and teachers.
2026 * Since 2.2 the result for active enrolments and current user are cached.
2028 * @package core_enrol
2029 * @category access
2031 * @param context $context
2032 * @param int|stdClass $user if null $USER is used, otherwise user object or id expected
2033 * @param string $withcapability extra capability name
2034 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2035 * @return bool
2037 function is_enrolled(context $context, $user = null, $withcapability = '', $onlyactive = false) {
2038 global $USER, $DB;
2040 // first find the course context
2041 $coursecontext = $context->get_course_context();
2043 // make sure there is a real user specified
2044 if ($user === null) {
2045 $userid = isset($USER->id) ? $USER->id : 0;
2046 } else {
2047 $userid = is_object($user) ? $user->id : $user;
2050 if (empty($userid)) {
2051 // not-logged-in!
2052 return false;
2053 } else if (isguestuser($userid)) {
2054 // guest account can not be enrolled anywhere
2055 return false;
2058 if ($coursecontext->instanceid == SITEID) {
2059 // everybody participates on frontpage
2060 } else {
2061 // try cached info first - the enrolled flag is set only when active enrolment present
2062 if ($USER->id == $userid) {
2063 $coursecontext->reload_if_dirty();
2064 if (isset($USER->enrol['enrolled'][$coursecontext->instanceid])) {
2065 if ($USER->enrol['enrolled'][$coursecontext->instanceid] > time()) {
2066 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2067 return false;
2069 return true;
2074 if ($onlyactive) {
2075 // look for active enrolments only
2076 $until = enrol_get_enrolment_end($coursecontext->instanceid, $userid);
2078 if ($until === false) {
2079 return false;
2082 if ($USER->id == $userid) {
2083 if ($until == 0) {
2084 $until = ENROL_MAX_TIMESTAMP;
2086 $USER->enrol['enrolled'][$coursecontext->instanceid] = $until;
2087 if (isset($USER->enrol['tempguest'][$coursecontext->instanceid])) {
2088 unset($USER->enrol['tempguest'][$coursecontext->instanceid]);
2089 remove_temp_course_roles($coursecontext);
2093 } else {
2094 // any enrolment is good for us here, even outdated, disabled or inactive
2095 $sql = "SELECT 'x'
2096 FROM {user_enrolments} ue
2097 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :courseid)
2098 JOIN {user} u ON u.id = ue.userid
2099 WHERE ue.userid = :userid AND u.deleted = 0";
2100 $params = array('userid'=>$userid, 'courseid'=>$coursecontext->instanceid);
2101 if (!$DB->record_exists_sql($sql, $params)) {
2102 return false;
2107 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2108 return false;
2111 return true;
2115 * Returns true if the user is able to access the course.
2117 * This function is in no way, shape, or form a substitute for require_login.
2118 * It should only be used in circumstances where it is not possible to call require_login
2119 * such as the navigation.
2121 * This function checks many of the methods of access to a course such as the view
2122 * capability, enrollments, and guest access. It also makes use of the cache
2123 * generated by require_login for guest access.
2125 * The flags within the $USER object that are used here should NEVER be used outside
2126 * of this function can_access_course and require_login. Doing so WILL break future
2127 * versions.
2129 * @param stdClass $course record
2130 * @param stdClass|int|null $user user record or id, current user if null
2131 * @param string $withcapability Check for this capability as well.
2132 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2133 * @return boolean Returns true if the user is able to access the course
2135 function can_access_course(stdClass $course, $user = null, $withcapability = '', $onlyactive = false) {
2136 global $DB, $USER;
2138 // this function originally accepted $coursecontext parameter
2139 if ($course instanceof context) {
2140 if ($course instanceof context_course) {
2141 debugging('deprecated context parameter, please use $course record');
2142 $coursecontext = $course;
2143 $course = $DB->get_record('course', array('id'=>$coursecontext->instanceid));
2144 } else {
2145 debugging('Invalid context parameter, please use $course record');
2146 return false;
2148 } else {
2149 $coursecontext = context_course::instance($course->id);
2152 if (!isset($USER->id)) {
2153 // should never happen
2154 $USER->id = 0;
2155 debugging('Course access check being performed on a user with no ID.', DEBUG_DEVELOPER);
2158 // make sure there is a user specified
2159 if ($user === null) {
2160 $userid = $USER->id;
2161 } else {
2162 $userid = is_object($user) ? $user->id : $user;
2164 unset($user);
2166 if ($withcapability and !has_capability($withcapability, $coursecontext, $userid)) {
2167 return false;
2170 if ($userid == $USER->id) {
2171 if (!empty($USER->access['rsw'][$coursecontext->path])) {
2172 // the fact that somebody switched role means they can access the course no matter to what role they switched
2173 return true;
2177 if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext, $userid)) {
2178 return false;
2181 if (is_viewing($coursecontext, $userid)) {
2182 return true;
2185 if ($userid != $USER->id) {
2186 // for performance reasons we do not verify temporary guest access for other users, sorry...
2187 return is_enrolled($coursecontext, $userid, '', $onlyactive);
2190 // === from here we deal only with $USER ===
2192 $coursecontext->reload_if_dirty();
2194 if (isset($USER->enrol['enrolled'][$course->id])) {
2195 if ($USER->enrol['enrolled'][$course->id] > time()) {
2196 return true;
2199 if (isset($USER->enrol['tempguest'][$course->id])) {
2200 if ($USER->enrol['tempguest'][$course->id] > time()) {
2201 return true;
2205 if (is_enrolled($coursecontext, $USER, '', $onlyactive)) {
2206 return true;
2209 // if not enrolled try to gain temporary guest access
2210 $instances = $DB->get_records('enrol', array('courseid'=>$course->id, 'status'=>ENROL_INSTANCE_ENABLED), 'sortorder, id ASC');
2211 $enrols = enrol_get_plugins(true);
2212 foreach($instances as $instance) {
2213 if (!isset($enrols[$instance->enrol])) {
2214 continue;
2216 // Get a duration for the guest access, a timestamp in the future, 0 (always) or false.
2217 $until = $enrols[$instance->enrol]->try_guestaccess($instance);
2218 if ($until !== false and $until > time()) {
2219 $USER->enrol['tempguest'][$course->id] = $until;
2220 return true;
2223 if (isset($USER->enrol['tempguest'][$course->id])) {
2224 unset($USER->enrol['tempguest'][$course->id]);
2225 remove_temp_course_roles($coursecontext);
2228 return false;
2232 * Returns array with sql code and parameters returning all ids
2233 * of users enrolled into course.
2235 * This function is using 'eu[0-9]+_' prefix for table names and parameters.
2237 * @package core_enrol
2238 * @category access
2240 * @param context $context
2241 * @param string $withcapability
2242 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2243 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2244 * @return array list($sql, $params)
2246 function get_enrolled_sql(context $context, $withcapability = '', $groupid = 0, $onlyactive = false) {
2247 global $DB, $CFG;
2249 // use unique prefix just in case somebody makes some SQL magic with the result
2250 static $i = 0;
2251 $i++;
2252 $prefix = 'eu'.$i.'_';
2254 // first find the course context
2255 $coursecontext = $context->get_course_context();
2257 $isfrontpage = ($coursecontext->instanceid == SITEID);
2259 $joins = array();
2260 $wheres = array();
2261 $params = array();
2263 list($contextids, $contextpaths) = get_context_info_list($context);
2265 // get all relevant capability info for all roles
2266 if ($withcapability) {
2267 list($incontexts, $cparams) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'ctx');
2268 $cparams['cap'] = $withcapability;
2270 $defs = array();
2271 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.path
2272 FROM {role_capabilities} rc
2273 JOIN {context} ctx on rc.contextid = ctx.id
2274 WHERE rc.contextid $incontexts AND rc.capability = :cap";
2275 $rcs = $DB->get_records_sql($sql, $cparams);
2276 foreach ($rcs as $rc) {
2277 $defs[$rc->path][$rc->roleid] = $rc->permission;
2280 $access = array();
2281 if (!empty($defs)) {
2282 foreach ($contextpaths as $path) {
2283 if (empty($defs[$path])) {
2284 continue;
2286 foreach($defs[$path] as $roleid => $perm) {
2287 if ($perm == CAP_PROHIBIT) {
2288 $access[$roleid] = CAP_PROHIBIT;
2289 continue;
2291 if (!isset($access[$roleid])) {
2292 $access[$roleid] = (int)$perm;
2298 unset($defs);
2300 // make lists of roles that are needed and prohibited
2301 $needed = array(); // one of these is enough
2302 $prohibited = array(); // must not have any of these
2303 foreach ($access as $roleid => $perm) {
2304 if ($perm == CAP_PROHIBIT) {
2305 unset($needed[$roleid]);
2306 $prohibited[$roleid] = true;
2307 } else if ($perm == CAP_ALLOW and empty($prohibited[$roleid])) {
2308 $needed[$roleid] = true;
2312 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
2313 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
2315 $nobody = false;
2317 if ($isfrontpage) {
2318 if (!empty($prohibited[$defaultuserroleid]) or !empty($prohibited[$defaultfrontpageroleid])) {
2319 $nobody = true;
2320 } else if (!empty($needed[$defaultuserroleid]) or !empty($needed[$defaultfrontpageroleid])) {
2321 // everybody not having prohibit has the capability
2322 $needed = array();
2323 } else if (empty($needed)) {
2324 $nobody = true;
2326 } else {
2327 if (!empty($prohibited[$defaultuserroleid])) {
2328 $nobody = true;
2329 } else if (!empty($needed[$defaultuserroleid])) {
2330 // everybody not having prohibit has the capability
2331 $needed = array();
2332 } else if (empty($needed)) {
2333 $nobody = true;
2337 if ($nobody) {
2338 // nobody can match so return some SQL that does not return any results
2339 $wheres[] = "1 = 2";
2341 } else {
2343 if ($needed) {
2344 $ctxids = implode(',', $contextids);
2345 $roleids = implode(',', array_keys($needed));
2346 $joins[] = "JOIN {role_assignments} {$prefix}ra3 ON ({$prefix}ra3.userid = {$prefix}u.id AND {$prefix}ra3.roleid IN ($roleids) AND {$prefix}ra3.contextid IN ($ctxids))";
2349 if ($prohibited) {
2350 $ctxids = implode(',', $contextids);
2351 $roleids = implode(',', array_keys($prohibited));
2352 $joins[] = "LEFT JOIN {role_assignments} {$prefix}ra4 ON ({$prefix}ra4.userid = {$prefix}u.id AND {$prefix}ra4.roleid IN ($roleids) AND {$prefix}ra4.contextid IN ($ctxids))";
2353 $wheres[] = "{$prefix}ra4.id IS NULL";
2356 if ($groupid) {
2357 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2358 $params["{$prefix}gmid"] = $groupid;
2362 } else {
2363 if ($groupid) {
2364 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2365 $params["{$prefix}gmid"] = $groupid;
2369 $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
2370 $params["{$prefix}guestid"] = $CFG->siteguest;
2372 if ($isfrontpage) {
2373 // all users are "enrolled" on the frontpage
2374 } else {
2375 $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$prefix}u.id";
2376 $joins[] = "JOIN {enrol} {$prefix}e ON ({$prefix}e.id = {$prefix}ue.enrolid AND {$prefix}e.courseid = :{$prefix}courseid)";
2377 $params[$prefix.'courseid'] = $coursecontext->instanceid;
2379 if ($onlyactive) {
2380 $wheres[] = "{$prefix}ue.status = :{$prefix}active AND {$prefix}e.status = :{$prefix}enabled";
2381 $wheres[] = "{$prefix}ue.timestart < :{$prefix}now1 AND ({$prefix}ue.timeend = 0 OR {$prefix}ue.timeend > :{$prefix}now2)";
2382 $now = round(time(), -2); // rounding helps caching in DB
2383 $params = array_merge($params, array($prefix.'enabled'=>ENROL_INSTANCE_ENABLED,
2384 $prefix.'active'=>ENROL_USER_ACTIVE,
2385 $prefix.'now1'=>$now, $prefix.'now2'=>$now));
2389 $joins = implode("\n", $joins);
2390 $wheres = "WHERE ".implode(" AND ", $wheres);
2392 $sql = "SELECT DISTINCT {$prefix}u.id
2393 FROM {user} {$prefix}u
2394 $joins
2395 $wheres";
2397 return array($sql, $params);
2401 * Returns list of users enrolled into course.
2403 * @package core_enrol
2404 * @category access
2406 * @param context $context
2407 * @param string $withcapability
2408 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2409 * @param string $userfields requested user record fields
2410 * @param string $orderby
2411 * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
2412 * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
2413 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2414 * @return array of user records
2416 function get_enrolled_users(context $context, $withcapability = '', $groupid = 0, $userfields = 'u.*', $orderby = null,
2417 $limitfrom = 0, $limitnum = 0, $onlyactive = false) {
2418 global $DB;
2420 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid, $onlyactive);
2421 $sql = "SELECT $userfields
2422 FROM {user} u
2423 JOIN ($esql) je ON je.id = u.id
2424 WHERE u.deleted = 0";
2426 if ($orderby) {
2427 $sql = "$sql ORDER BY $orderby";
2428 } else {
2429 list($sort, $sortparams) = users_order_by_sql('u');
2430 $sql = "$sql ORDER BY $sort";
2431 $params = array_merge($params, $sortparams);
2434 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
2438 * Counts list of users enrolled into course (as per above function)
2440 * @package core_enrol
2441 * @category access
2443 * @param context $context
2444 * @param string $withcapability
2445 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2446 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2447 * @return array of user records
2449 function count_enrolled_users(context $context, $withcapability = '', $groupid = 0, $onlyactive = false) {
2450 global $DB;
2452 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid, $onlyactive);
2453 $sql = "SELECT count(u.id)
2454 FROM {user} u
2455 JOIN ($esql) je ON je.id = u.id
2456 WHERE u.deleted = 0";
2458 return $DB->count_records_sql($sql, $params);
2462 * Loads the capability definitions for the component (from file).
2464 * Loads the capability definitions for the component (from file). If no
2465 * capabilities are defined for the component, we simply return an empty array.
2467 * @access private
2468 * @param string $component full plugin name, examples: 'moodle', 'mod_forum'
2469 * @return array array of capabilities
2471 function load_capability_def($component) {
2472 $defpath = core_component::get_component_directory($component).'/db/access.php';
2474 $capabilities = array();
2475 if (file_exists($defpath)) {
2476 require($defpath);
2477 if (!empty(${$component.'_capabilities'})) {
2478 // BC capability array name
2479 // since 2.0 we prefer $capabilities instead - it is easier to use and matches db/* files
2480 debugging('componentname_capabilities array is deprecated, please use $capabilities array only in access.php files');
2481 $capabilities = ${$component.'_capabilities'};
2485 return $capabilities;
2489 * Gets the capabilities that have been cached in the database for this component.
2491 * @access private
2492 * @param string $component - examples: 'moodle', 'mod_forum'
2493 * @return array array of capabilities
2495 function get_cached_capabilities($component = 'moodle') {
2496 global $DB;
2497 return $DB->get_records('capabilities', array('component'=>$component));
2501 * Returns default capabilities for given role archetype.
2503 * @param string $archetype role archetype
2504 * @return array
2506 function get_default_capabilities($archetype) {
2507 global $DB;
2509 if (!$archetype) {
2510 return array();
2513 $alldefs = array();
2514 $defaults = array();
2515 $components = array();
2516 $allcaps = $DB->get_records('capabilities');
2518 foreach ($allcaps as $cap) {
2519 if (!in_array($cap->component, $components)) {
2520 $components[] = $cap->component;
2521 $alldefs = array_merge($alldefs, load_capability_def($cap->component));
2524 foreach($alldefs as $name=>$def) {
2525 // Use array 'archetypes if available. Only if not specified, use 'legacy'.
2526 if (isset($def['archetypes'])) {
2527 if (isset($def['archetypes'][$archetype])) {
2528 $defaults[$name] = $def['archetypes'][$archetype];
2530 // 'legacy' is for backward compatibility with 1.9 access.php
2531 } else {
2532 if (isset($def['legacy'][$archetype])) {
2533 $defaults[$name] = $def['legacy'][$archetype];
2538 return $defaults;
2542 * Return default roles that can be assigned, overridden or switched
2543 * by give role archetype.
2545 * @param string $type assign|override|switch
2546 * @param string $archetype
2547 * @return array of role ids
2549 function get_default_role_archetype_allows($type, $archetype) {
2550 global $DB;
2552 if (empty($archetype)) {
2553 return array();
2556 $roles = $DB->get_records('role');
2557 $archetypemap = array();
2558 foreach ($roles as $role) {
2559 if ($role->archetype) {
2560 $archetypemap[$role->archetype][$role->id] = $role->id;
2564 $defaults = array(
2565 'assign' => array(
2566 'manager' => array('manager', 'coursecreator', 'editingteacher', 'teacher', 'student'),
2567 'coursecreator' => array(),
2568 'editingteacher' => array('teacher', 'student'),
2569 'teacher' => array(),
2570 'student' => array(),
2571 'guest' => array(),
2572 'user' => array(),
2573 'frontpage' => array(),
2575 'override' => array(
2576 'manager' => array('manager', 'coursecreator', 'editingteacher', 'teacher', 'student', 'guest', 'user', 'frontpage'),
2577 'coursecreator' => array(),
2578 'editingteacher' => array('teacher', 'student', 'guest'),
2579 'teacher' => array(),
2580 'student' => array(),
2581 'guest' => array(),
2582 'user' => array(),
2583 'frontpage' => array(),
2585 'switch' => array(
2586 'manager' => array('editingteacher', 'teacher', 'student', 'guest'),
2587 'coursecreator' => array(),
2588 'editingteacher' => array('teacher', 'student', 'guest'),
2589 'teacher' => array('student', 'guest'),
2590 'student' => array(),
2591 'guest' => array(),
2592 'user' => array(),
2593 'frontpage' => array(),
2597 if (!isset($defaults[$type][$archetype])) {
2598 debugging("Unknown type '$type'' or archetype '$archetype''");
2599 return array();
2602 $return = array();
2603 foreach ($defaults[$type][$archetype] as $at) {
2604 if (isset($archetypemap[$at])) {
2605 foreach ($archetypemap[$at] as $roleid) {
2606 $return[$roleid] = $roleid;
2611 return $return;
2615 * Reset role capabilities to default according to selected role archetype.
2616 * If no archetype selected, removes all capabilities.
2618 * This applies to capabilities that are assigned to the role (that you could
2619 * edit in the 'define roles' interface), and not to any capability overrides
2620 * in different locations.
2622 * @param int $roleid ID of role to reset capabilities for
2624 function reset_role_capabilities($roleid) {
2625 global $DB;
2627 $role = $DB->get_record('role', array('id'=>$roleid), '*', MUST_EXIST);
2628 $defaultcaps = get_default_capabilities($role->archetype);
2630 $systemcontext = context_system::instance();
2632 $DB->delete_records('role_capabilities',
2633 array('roleid' => $roleid, 'contextid' => $systemcontext->id));
2635 foreach($defaultcaps as $cap=>$permission) {
2636 assign_capability($cap, $permission, $roleid, $systemcontext->id);
2639 // Mark the system context dirty.
2640 context_system::instance()->mark_dirty();
2644 * Updates the capabilities table with the component capability definitions.
2645 * If no parameters are given, the function updates the core moodle
2646 * capabilities.
2648 * Note that the absence of the db/access.php capabilities definition file
2649 * will cause any stored capabilities for the component to be removed from
2650 * the database.
2652 * @access private
2653 * @param string $component examples: 'moodle', 'mod/forum', 'block/quiz_results'
2654 * @return boolean true if success, exception in case of any problems
2656 function update_capabilities($component = 'moodle') {
2657 global $DB, $OUTPUT;
2659 $storedcaps = array();
2661 $filecaps = load_capability_def($component);
2662 foreach($filecaps as $capname=>$unused) {
2663 if (!preg_match('|^[a-z]+/[a-z_0-9]+:[a-z_0-9]+$|', $capname)) {
2664 debugging("Coding problem: Invalid capability name '$capname', use 'clonepermissionsfrom' field for migration.");
2668 $cachedcaps = get_cached_capabilities($component);
2669 if ($cachedcaps) {
2670 foreach ($cachedcaps as $cachedcap) {
2671 array_push($storedcaps, $cachedcap->name);
2672 // update risk bitmasks and context levels in existing capabilities if needed
2673 if (array_key_exists($cachedcap->name, $filecaps)) {
2674 if (!array_key_exists('riskbitmask', $filecaps[$cachedcap->name])) {
2675 $filecaps[$cachedcap->name]['riskbitmask'] = 0; // no risk if not specified
2677 if ($cachedcap->captype != $filecaps[$cachedcap->name]['captype']) {
2678 $updatecap = new stdClass();
2679 $updatecap->id = $cachedcap->id;
2680 $updatecap->captype = $filecaps[$cachedcap->name]['captype'];
2681 $DB->update_record('capabilities', $updatecap);
2683 if ($cachedcap->riskbitmask != $filecaps[$cachedcap->name]['riskbitmask']) {
2684 $updatecap = new stdClass();
2685 $updatecap->id = $cachedcap->id;
2686 $updatecap->riskbitmask = $filecaps[$cachedcap->name]['riskbitmask'];
2687 $DB->update_record('capabilities', $updatecap);
2690 if (!array_key_exists('contextlevel', $filecaps[$cachedcap->name])) {
2691 $filecaps[$cachedcap->name]['contextlevel'] = 0; // no context level defined
2693 if ($cachedcap->contextlevel != $filecaps[$cachedcap->name]['contextlevel']) {
2694 $updatecap = new stdClass();
2695 $updatecap->id = $cachedcap->id;
2696 $updatecap->contextlevel = $filecaps[$cachedcap->name]['contextlevel'];
2697 $DB->update_record('capabilities', $updatecap);
2703 // Are there new capabilities in the file definition?
2704 $newcaps = array();
2706 foreach ($filecaps as $filecap => $def) {
2707 if (!$storedcaps ||
2708 ($storedcaps && in_array($filecap, $storedcaps) === false)) {
2709 if (!array_key_exists('riskbitmask', $def)) {
2710 $def['riskbitmask'] = 0; // no risk if not specified
2712 $newcaps[$filecap] = $def;
2715 // Add new capabilities to the stored definition.
2716 $existingcaps = $DB->get_records_menu('capabilities', array(), 'id', 'id, name');
2717 foreach ($newcaps as $capname => $capdef) {
2718 $capability = new stdClass();
2719 $capability->name = $capname;
2720 $capability->captype = $capdef['captype'];
2721 $capability->contextlevel = $capdef['contextlevel'];
2722 $capability->component = $component;
2723 $capability->riskbitmask = $capdef['riskbitmask'];
2725 $DB->insert_record('capabilities', $capability, false);
2727 if (isset($capdef['clonepermissionsfrom']) && in_array($capdef['clonepermissionsfrom'], $existingcaps)){
2728 if ($rolecapabilities = $DB->get_records('role_capabilities', array('capability'=>$capdef['clonepermissionsfrom']))){
2729 foreach ($rolecapabilities as $rolecapability){
2730 //assign_capability will update rather than insert if capability exists
2731 if (!assign_capability($capname, $rolecapability->permission,
2732 $rolecapability->roleid, $rolecapability->contextid, true)){
2733 echo $OUTPUT->notification('Could not clone capabilities for '.$capname);
2737 // we ignore archetype key if we have cloned permissions
2738 } else if (isset($capdef['archetypes']) && is_array($capdef['archetypes'])) {
2739 assign_legacy_capabilities($capname, $capdef['archetypes']);
2740 // 'legacy' is for backward compatibility with 1.9 access.php
2741 } else if (isset($capdef['legacy']) && is_array($capdef['legacy'])) {
2742 assign_legacy_capabilities($capname, $capdef['legacy']);
2745 // Are there any capabilities that have been removed from the file
2746 // definition that we need to delete from the stored capabilities and
2747 // role assignments?
2748 capabilities_cleanup($component, $filecaps);
2750 // reset static caches
2751 accesslib_clear_all_caches(false);
2753 return true;
2757 * Deletes cached capabilities that are no longer needed by the component.
2758 * Also unassigns these capabilities from any roles that have them.
2759 * NOTE: this function is called from lib/db/upgrade.php
2761 * @access private
2762 * @param string $component examples: 'moodle', 'mod_forum', 'block_quiz_results'
2763 * @param array $newcapdef array of the new capability definitions that will be
2764 * compared with the cached capabilities
2765 * @return int number of deprecated capabilities that have been removed
2767 function capabilities_cleanup($component, $newcapdef = null) {
2768 global $DB;
2770 $removedcount = 0;
2772 if ($cachedcaps = get_cached_capabilities($component)) {
2773 foreach ($cachedcaps as $cachedcap) {
2774 if (empty($newcapdef) ||
2775 array_key_exists($cachedcap->name, $newcapdef) === false) {
2777 // Remove from capabilities cache.
2778 $DB->delete_records('capabilities', array('name'=>$cachedcap->name));
2779 $removedcount++;
2780 // Delete from roles.
2781 if ($roles = get_roles_with_capability($cachedcap->name)) {
2782 foreach($roles as $role) {
2783 if (!unassign_capability($cachedcap->name, $role->id)) {
2784 print_error('cannotunassigncap', 'error', '', (object)array('cap'=>$cachedcap->name, 'role'=>$role->name));
2788 } // End if.
2791 return $removedcount;
2795 * Returns an array of all the known types of risk
2796 * The array keys can be used, for example as CSS class names, or in calls to
2797 * print_risk_icon. The values are the corresponding RISK_ constants.
2799 * @return array all the known types of risk.
2801 function get_all_risks() {
2802 return array(
2803 'riskmanagetrust' => RISK_MANAGETRUST,
2804 'riskconfig' => RISK_CONFIG,
2805 'riskxss' => RISK_XSS,
2806 'riskpersonal' => RISK_PERSONAL,
2807 'riskspam' => RISK_SPAM,
2808 'riskdataloss' => RISK_DATALOSS,
2813 * Return a link to moodle docs for a given capability name
2815 * @param stdClass $capability a capability - a row from the mdl_capabilities table.
2816 * @return string the human-readable capability name as a link to Moodle Docs.
2818 function get_capability_docs_link($capability) {
2819 $url = get_docs_url('Capabilities/' . $capability->name);
2820 return '<a onclick="this.target=\'docspopup\'" href="' . $url . '">' . get_capability_string($capability->name) . '</a>';
2824 * This function pulls out all the resolved capabilities (overrides and
2825 * defaults) of a role used in capability overrides in contexts at a given
2826 * context.
2828 * @param int $roleid
2829 * @param context $context
2830 * @param string $cap capability, optional, defaults to ''
2831 * @return array Array of capabilities
2833 function role_context_capabilities($roleid, context $context, $cap = '') {
2834 global $DB;
2836 $contexts = $context->get_parent_context_ids(true);
2837 $contexts = '('.implode(',', $contexts).')';
2839 $params = array($roleid);
2841 if ($cap) {
2842 $search = " AND rc.capability = ? ";
2843 $params[] = $cap;
2844 } else {
2845 $search = '';
2848 $sql = "SELECT rc.*
2849 FROM {role_capabilities} rc, {context} c
2850 WHERE rc.contextid in $contexts
2851 AND rc.roleid = ?
2852 AND rc.contextid = c.id $search
2853 ORDER BY c.contextlevel DESC, rc.capability DESC";
2855 $capabilities = array();
2857 if ($records = $DB->get_records_sql($sql, $params)) {
2858 // We are traversing via reverse order.
2859 foreach ($records as $record) {
2860 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
2861 if (!isset($capabilities[$record->capability]) || $record->permission<-500) {
2862 $capabilities[$record->capability] = $record->permission;
2866 return $capabilities;
2870 * Constructs array with contextids as first parameter and context paths,
2871 * in both cases bottom top including self.
2873 * @access private
2874 * @param context $context
2875 * @return array
2877 function get_context_info_list(context $context) {
2878 $contextids = explode('/', ltrim($context->path, '/'));
2879 $contextpaths = array();
2880 $contextids2 = $contextids;
2881 while ($contextids2) {
2882 $contextpaths[] = '/' . implode('/', $contextids2);
2883 array_pop($contextids2);
2885 return array($contextids, $contextpaths);
2889 * Check if context is the front page context or a context inside it
2891 * Returns true if this context is the front page context, or a context inside it,
2892 * otherwise false.
2894 * @param context $context a context object.
2895 * @return bool
2897 function is_inside_frontpage(context $context) {
2898 $frontpagecontext = context_course::instance(SITEID);
2899 return strpos($context->path . '/', $frontpagecontext->path . '/') === 0;
2903 * Returns capability information (cached)
2905 * @param string $capabilityname
2906 * @return stdClass or null if capability not found
2908 function get_capability_info($capabilityname) {
2909 global $ACCESSLIB_PRIVATE, $DB; // one request per page only
2911 //TODO: MUC - this could be cached in shared memory, it would eliminate 1 query per page
2913 if (empty($ACCESSLIB_PRIVATE->capabilities)) {
2914 $ACCESSLIB_PRIVATE->capabilities = array();
2915 $caps = $DB->get_records('capabilities', array(), 'id, name, captype, riskbitmask');
2916 foreach ($caps as $cap) {
2917 $capname = $cap->name;
2918 unset($cap->id);
2919 unset($cap->name);
2920 $cap->riskbitmask = (int)$cap->riskbitmask;
2921 $ACCESSLIB_PRIVATE->capabilities[$capname] = $cap;
2925 return isset($ACCESSLIB_PRIVATE->capabilities[$capabilityname]) ? $ACCESSLIB_PRIVATE->capabilities[$capabilityname] : null;
2929 * Returns the human-readable, translated version of the capability.
2930 * Basically a big switch statement.
2932 * @param string $capabilityname e.g. mod/choice:readresponses
2933 * @return string
2935 function get_capability_string($capabilityname) {
2937 // Typical capability name is 'plugintype/pluginname:capabilityname'
2938 list($type, $name, $capname) = preg_split('|[/:]|', $capabilityname);
2940 if ($type === 'moodle') {
2941 $component = 'core_role';
2942 } else if ($type === 'quizreport') {
2943 //ugly hack!!
2944 $component = 'quiz_'.$name;
2945 } else {
2946 $component = $type.'_'.$name;
2949 $stringname = $name.':'.$capname;
2951 if ($component === 'core_role' or get_string_manager()->string_exists($stringname, $component)) {
2952 return get_string($stringname, $component);
2955 $dir = core_component::get_component_directory($component);
2956 if (!file_exists($dir)) {
2957 // plugin broken or does not exist, do not bother with printing of debug message
2958 return $capabilityname.' ???';
2961 // something is wrong in plugin, better print debug
2962 return get_string($stringname, $component);
2966 * This gets the mod/block/course/core etc strings.
2968 * @param string $component
2969 * @param int $contextlevel
2970 * @return string|bool String is success, false if failed
2972 function get_component_string($component, $contextlevel) {
2974 if ($component === 'moodle' or $component === 'core') {
2975 switch ($contextlevel) {
2976 // TODO: this should probably use context level names instead
2977 case CONTEXT_SYSTEM: return get_string('coresystem');
2978 case CONTEXT_USER: return get_string('users');
2979 case CONTEXT_COURSECAT: return get_string('categories');
2980 case CONTEXT_COURSE: return get_string('course');
2981 case CONTEXT_MODULE: return get_string('activities');
2982 case CONTEXT_BLOCK: return get_string('block');
2983 default: print_error('unknowncontext');
2987 list($type, $name) = core_component::normalize_component($component);
2988 $dir = core_component::get_plugin_directory($type, $name);
2989 if (!file_exists($dir)) {
2990 // plugin not installed, bad luck, there is no way to find the name
2991 return $component.' ???';
2994 switch ($type) {
2995 // TODO: this is really hacky, anyway it should be probably moved to lib/pluginlib.php
2996 case 'quiz': return get_string($name.':componentname', $component);// insane hack!!!
2997 case 'repository': return get_string('repository', 'repository').': '.get_string('pluginname', $component);
2998 case 'gradeimport': return get_string('gradeimport', 'grades').': '.get_string('pluginname', $component);
2999 case 'gradeexport': return get_string('gradeexport', 'grades').': '.get_string('pluginname', $component);
3000 case 'gradereport': return get_string('gradereport', 'grades').': '.get_string('pluginname', $component);
3001 case 'webservice': return get_string('webservice', 'webservice').': '.get_string('pluginname', $component);
3002 case 'block': return get_string('block').': '.get_string('pluginname', basename($component));
3003 case 'mod':
3004 if (get_string_manager()->string_exists('pluginname', $component)) {
3005 return get_string('activity').': '.get_string('pluginname', $component);
3006 } else {
3007 return get_string('activity').': '.get_string('modulename', $component);
3009 default: return get_string('pluginname', $component);
3014 * Gets the list of roles assigned to this context and up (parents)
3015 * from the list of roles that are visible on user profile page
3016 * and participants page.
3018 * @param context $context
3019 * @return array
3021 function get_profile_roles(context $context) {
3022 global $CFG, $DB;
3024 if (empty($CFG->profileroles)) {
3025 return array();
3028 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
3029 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
3030 $params = array_merge($params, $cparams);
3032 if ($coursecontext = $context->get_course_context(false)) {
3033 $params['coursecontext'] = $coursecontext->id;
3034 } else {
3035 $params['coursecontext'] = 0;
3038 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3039 FROM {role_assignments} ra, {role} r
3040 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3041 WHERE r.id = ra.roleid
3042 AND ra.contextid $contextlist
3043 AND r.id $rallowed
3044 ORDER BY r.sortorder ASC";
3046 return $DB->get_records_sql($sql, $params);
3050 * Gets the list of roles assigned to this context and up (parents)
3052 * @param context $context
3053 * @return array
3055 function get_roles_used_in_context(context $context) {
3056 global $DB;
3058 list($contextlist, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'cl');
3060 if ($coursecontext = $context->get_course_context(false)) {
3061 $params['coursecontext'] = $coursecontext->id;
3062 } else {
3063 $params['coursecontext'] = 0;
3066 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3067 FROM {role_assignments} ra, {role} r
3068 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3069 WHERE r.id = ra.roleid
3070 AND ra.contextid $contextlist
3071 ORDER BY r.sortorder ASC";
3073 return $DB->get_records_sql($sql, $params);
3077 * This function is used to print roles column in user profile page.
3078 * It is using the CFG->profileroles to limit the list to only interesting roles.
3079 * (The permission tab has full details of user role assignments.)
3081 * @param int $userid
3082 * @param int $courseid
3083 * @return string
3085 function get_user_roles_in_course($userid, $courseid) {
3086 global $CFG, $DB;
3088 if (empty($CFG->profileroles)) {
3089 return '';
3092 if ($courseid == SITEID) {
3093 $context = context_system::instance();
3094 } else {
3095 $context = context_course::instance($courseid);
3098 if (empty($CFG->profileroles)) {
3099 return array();
3102 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
3103 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
3104 $params = array_merge($params, $cparams);
3106 if ($coursecontext = $context->get_course_context(false)) {
3107 $params['coursecontext'] = $coursecontext->id;
3108 } else {
3109 $params['coursecontext'] = 0;
3112 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3113 FROM {role_assignments} ra, {role} r
3114 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3115 WHERE r.id = ra.roleid
3116 AND ra.contextid $contextlist
3117 AND r.id $rallowed
3118 AND ra.userid = :userid
3119 ORDER BY r.sortorder ASC";
3120 $params['userid'] = $userid;
3122 $rolestring = '';
3124 if ($roles = $DB->get_records_sql($sql, $params)) {
3125 $rolenames = role_fix_names($roles, $context, ROLENAME_ALIAS, true); // Substitute aliases
3127 foreach ($rolenames as $roleid => $rolename) {
3128 $rolenames[$roleid] = '<a href="'.$CFG->wwwroot.'/user/index.php?contextid='.$context->id.'&amp;roleid='.$roleid.'">'.$rolename.'</a>';
3130 $rolestring = implode(',', $rolenames);
3133 return $rolestring;
3137 * Checks if a user can assign users to a particular role in this context
3139 * @param context $context
3140 * @param int $targetroleid - the id of the role you want to assign users to
3141 * @return boolean
3143 function user_can_assign(context $context, $targetroleid) {
3144 global $DB;
3146 // First check to see if the user is a site administrator.
3147 if (is_siteadmin()) {
3148 return true;
3151 // Check if user has override capability.
3152 // If not return false.
3153 if (!has_capability('moodle/role:assign', $context)) {
3154 return false;
3156 // pull out all active roles of this user from this context(or above)
3157 if ($userroles = get_user_roles($context)) {
3158 foreach ($userroles as $userrole) {
3159 // if any in the role_allow_override table, then it's ok
3160 if ($DB->get_record('role_allow_assign', array('roleid'=>$userrole->roleid, 'allowassign'=>$targetroleid))) {
3161 return true;
3166 return false;
3170 * Returns all site roles in correct sort order.
3172 * Note: this method does not localise role names or descriptions,
3173 * use role_get_names() if you need role names.
3175 * @param context $context optional context for course role name aliases
3176 * @return array of role records with optional coursealias property
3178 function get_all_roles(context $context = null) {
3179 global $DB;
3181 if (!$context or !$coursecontext = $context->get_course_context(false)) {
3182 $coursecontext = null;
3185 if ($coursecontext) {
3186 $sql = "SELECT r.*, rn.name AS coursealias
3187 FROM {role} r
3188 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3189 ORDER BY r.sortorder ASC";
3190 return $DB->get_records_sql($sql, array('coursecontext'=>$coursecontext->id));
3192 } else {
3193 return $DB->get_records('role', array(), 'sortorder ASC');
3198 * Returns roles of a specified archetype
3200 * @param string $archetype
3201 * @return array of full role records
3203 function get_archetype_roles($archetype) {
3204 global $DB;
3205 return $DB->get_records('role', array('archetype'=>$archetype), 'sortorder ASC');
3209 * Gets all the user roles assigned in this context, or higher contexts
3210 * this is mainly used when checking if a user can assign a role, or overriding a role
3211 * i.e. we need to know what this user holds, in order to verify against allow_assign and
3212 * allow_override tables
3214 * @param context $context
3215 * @param int $userid
3216 * @param bool $checkparentcontexts defaults to true
3217 * @param string $order defaults to 'c.contextlevel DESC, r.sortorder ASC'
3218 * @return array
3220 function get_user_roles(context $context, $userid = 0, $checkparentcontexts = true, $order = 'c.contextlevel DESC, r.sortorder ASC') {
3221 global $USER, $DB;
3223 if (empty($userid)) {
3224 if (empty($USER->id)) {
3225 return array();
3227 $userid = $USER->id;
3230 if ($checkparentcontexts) {
3231 $contextids = $context->get_parent_context_ids();
3232 } else {
3233 $contextids = array();
3235 $contextids[] = $context->id;
3237 list($contextids, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_QM);
3239 array_unshift($params, $userid);
3241 $sql = "SELECT ra.*, r.name, r.shortname
3242 FROM {role_assignments} ra, {role} r, {context} c
3243 WHERE ra.userid = ?
3244 AND ra.roleid = r.id
3245 AND ra.contextid = c.id
3246 AND ra.contextid $contextids
3247 ORDER BY $order";
3249 return $DB->get_records_sql($sql ,$params);
3253 * Like get_user_roles, but adds in the authenticated user role, and the front
3254 * page roles, if applicable.
3256 * @param context $context the context.
3257 * @param int $userid optional. Defaults to $USER->id
3258 * @return array of objects with fields ->userid, ->contextid and ->roleid.
3260 function get_user_roles_with_special(context $context, $userid = 0) {
3261 global $CFG, $USER;
3263 if (empty($userid)) {
3264 if (empty($USER->id)) {
3265 return array();
3267 $userid = $USER->id;
3270 $ras = get_user_roles($context, $userid);
3272 // Add front-page role if relevant.
3273 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3274 $isfrontpage = ($context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID) ||
3275 is_inside_frontpage($context);
3276 if ($defaultfrontpageroleid && $isfrontpage) {
3277 $frontpagecontext = context_course::instance(SITEID);
3278 $ra = new stdClass();
3279 $ra->userid = $userid;
3280 $ra->contextid = $frontpagecontext->id;
3281 $ra->roleid = $defaultfrontpageroleid;
3282 $ras[] = $ra;
3285 // Add authenticated user role if relevant.
3286 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3287 if ($defaultuserroleid && !isguestuser($userid)) {
3288 $systemcontext = context_system::instance();
3289 $ra = new stdClass();
3290 $ra->userid = $userid;
3291 $ra->contextid = $systemcontext->id;
3292 $ra->roleid = $defaultuserroleid;
3293 $ras[] = $ra;
3296 return $ras;
3300 * Creates a record in the role_allow_override table
3302 * @param int $sroleid source roleid
3303 * @param int $troleid target roleid
3304 * @return void
3306 function allow_override($sroleid, $troleid) {
3307 global $DB;
3309 $record = new stdClass();
3310 $record->roleid = $sroleid;
3311 $record->allowoverride = $troleid;
3312 $DB->insert_record('role_allow_override', $record);
3316 * Creates a record in the role_allow_assign table
3318 * @param int $fromroleid source roleid
3319 * @param int $targetroleid target roleid
3320 * @return void
3322 function allow_assign($fromroleid, $targetroleid) {
3323 global $DB;
3325 $record = new stdClass();
3326 $record->roleid = $fromroleid;
3327 $record->allowassign = $targetroleid;
3328 $DB->insert_record('role_allow_assign', $record);
3332 * Creates a record in the role_allow_switch table
3334 * @param int $fromroleid source roleid
3335 * @param int $targetroleid target roleid
3336 * @return void
3338 function allow_switch($fromroleid, $targetroleid) {
3339 global $DB;
3341 $record = new stdClass();
3342 $record->roleid = $fromroleid;
3343 $record->allowswitch = $targetroleid;
3344 $DB->insert_record('role_allow_switch', $record);
3348 * Gets a list of roles that this user can assign in this context
3350 * @param context $context the context.
3351 * @param int $rolenamedisplay the type of role name to display. One of the
3352 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3353 * @param bool $withusercounts if true, count the number of users with each role.
3354 * @param integer|object $user A user id or object. By default (null) checks the permissions of the current user.
3355 * @return array if $withusercounts is false, then an array $roleid => $rolename.
3356 * if $withusercounts is true, returns a list of three arrays,
3357 * $rolenames, $rolecounts, and $nameswithcounts.
3359 function get_assignable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withusercounts = false, $user = null) {
3360 global $USER, $DB;
3362 // make sure there is a real user specified
3363 if ($user === null) {
3364 $userid = isset($USER->id) ? $USER->id : 0;
3365 } else {
3366 $userid = is_object($user) ? $user->id : $user;
3369 if (!has_capability('moodle/role:assign', $context, $userid)) {
3370 if ($withusercounts) {
3371 return array(array(), array(), array());
3372 } else {
3373 return array();
3377 $params = array();
3378 $extrafields = '';
3380 if ($withusercounts) {
3381 $extrafields = ', (SELECT count(u.id)
3382 FROM {role_assignments} cra JOIN {user} u ON cra.userid = u.id
3383 WHERE cra.roleid = r.id AND cra.contextid = :conid AND u.deleted = 0
3384 ) AS usercount';
3385 $params['conid'] = $context->id;
3388 if (is_siteadmin($userid)) {
3389 // show all roles allowed in this context to admins
3390 $assignrestriction = "";
3391 } else {
3392 $parents = $context->get_parent_context_ids(true);
3393 $contexts = implode(',' , $parents);
3394 $assignrestriction = "JOIN (SELECT DISTINCT raa.allowassign AS id
3395 FROM {role_allow_assign} raa
3396 JOIN {role_assignments} ra ON ra.roleid = raa.roleid
3397 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3398 ) ar ON ar.id = r.id";
3399 $params['userid'] = $userid;
3401 $params['contextlevel'] = $context->contextlevel;
3403 if ($coursecontext = $context->get_course_context(false)) {
3404 $params['coursecontext'] = $coursecontext->id;
3405 } else {
3406 $params['coursecontext'] = 0; // no course aliases
3407 $coursecontext = null;
3409 $sql = "SELECT r.id, r.name, r.shortname, rn.name AS coursealias $extrafields
3410 FROM {role} r
3411 $assignrestriction
3412 JOIN {role_context_levels} rcl ON (rcl.contextlevel = :contextlevel AND r.id = rcl.roleid)
3413 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3414 ORDER BY r.sortorder ASC";
3415 $roles = $DB->get_records_sql($sql, $params);
3417 $rolenames = role_fix_names($roles, $coursecontext, $rolenamedisplay, true);
3419 if (!$withusercounts) {
3420 return $rolenames;
3423 $rolecounts = array();
3424 $nameswithcounts = array();
3425 foreach ($roles as $role) {
3426 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->usercount . ')';
3427 $rolecounts[$role->id] = $roles[$role->id]->usercount;
3429 return array($rolenames, $rolecounts, $nameswithcounts);
3433 * Gets a list of roles that this user can switch to in a context
3435 * Gets a list of roles that this user can switch to in a context, for the switchrole menu.
3436 * This function just process the contents of the role_allow_switch table. You also need to
3437 * test the moodle/role:switchroles to see if the user is allowed to switch in the first place.
3439 * @param context $context a context.
3440 * @return array an array $roleid => $rolename.
3442 function get_switchable_roles(context $context) {
3443 global $USER, $DB;
3445 $params = array();
3446 $extrajoins = '';
3447 $extrawhere = '';
3448 if (!is_siteadmin()) {
3449 // Admins are allowed to switch to any role with.
3450 // Others are subject to the additional constraint that the switch-to role must be allowed by
3451 // 'role_allow_switch' for some role they have assigned in this context or any parent.
3452 $parents = $context->get_parent_context_ids(true);
3453 $contexts = implode(',' , $parents);
3455 $extrajoins = "JOIN {role_allow_switch} ras ON ras.allowswitch = rc.roleid
3456 JOIN {role_assignments} ra ON ra.roleid = ras.roleid";
3457 $extrawhere = "WHERE ra.userid = :userid AND ra.contextid IN ($contexts)";
3458 $params['userid'] = $USER->id;
3461 if ($coursecontext = $context->get_course_context(false)) {
3462 $params['coursecontext'] = $coursecontext->id;
3463 } else {
3464 $params['coursecontext'] = 0; // no course aliases
3465 $coursecontext = null;
3468 $query = "
3469 SELECT r.id, r.name, r.shortname, rn.name AS coursealias
3470 FROM (SELECT DISTINCT rc.roleid
3471 FROM {role_capabilities} rc
3472 $extrajoins
3473 $extrawhere) idlist
3474 JOIN {role} r ON r.id = idlist.roleid
3475 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3476 ORDER BY r.sortorder";
3477 $roles = $DB->get_records_sql($query, $params);
3479 return role_fix_names($roles, $context, ROLENAME_ALIAS, true);
3483 * Gets a list of roles that this user can override in this context.
3485 * @param context $context the context.
3486 * @param int $rolenamedisplay the type of role name to display. One of the
3487 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3488 * @param bool $withcounts if true, count the number of overrides that are set for each role.
3489 * @return array if $withcounts is false, then an array $roleid => $rolename.
3490 * if $withusercounts is true, returns a list of three arrays,
3491 * $rolenames, $rolecounts, and $nameswithcounts.
3493 function get_overridable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withcounts = false) {
3494 global $USER, $DB;
3496 if (!has_any_capability(array('moodle/role:safeoverride', 'moodle/role:override'), $context)) {
3497 if ($withcounts) {
3498 return array(array(), array(), array());
3499 } else {
3500 return array();
3504 $parents = $context->get_parent_context_ids(true);
3505 $contexts = implode(',' , $parents);
3507 $params = array();
3508 $extrafields = '';
3510 $params['userid'] = $USER->id;
3511 if ($withcounts) {
3512 $extrafields = ', (SELECT COUNT(rc.id) FROM {role_capabilities} rc
3513 WHERE rc.roleid = ro.id AND rc.contextid = :conid) AS overridecount';
3514 $params['conid'] = $context->id;
3517 if ($coursecontext = $context->get_course_context(false)) {
3518 $params['coursecontext'] = $coursecontext->id;
3519 } else {
3520 $params['coursecontext'] = 0; // no course aliases
3521 $coursecontext = null;
3524 if (is_siteadmin()) {
3525 // show all roles to admins
3526 $roles = $DB->get_records_sql("
3527 SELECT ro.id, ro.name, ro.shortname, rn.name AS coursealias $extrafields
3528 FROM {role} ro
3529 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = ro.id)
3530 ORDER BY ro.sortorder ASC", $params);
3532 } else {
3533 $roles = $DB->get_records_sql("
3534 SELECT ro.id, ro.name, ro.shortname, rn.name AS coursealias $extrafields
3535 FROM {role} ro
3536 JOIN (SELECT DISTINCT r.id
3537 FROM {role} r
3538 JOIN {role_allow_override} rao ON r.id = rao.allowoverride
3539 JOIN {role_assignments} ra ON rao.roleid = ra.roleid
3540 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3541 ) inline_view ON ro.id = inline_view.id
3542 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = ro.id)
3543 ORDER BY ro.sortorder ASC", $params);
3546 $rolenames = role_fix_names($roles, $context, $rolenamedisplay, true);
3548 if (!$withcounts) {
3549 return $rolenames;
3552 $rolecounts = array();
3553 $nameswithcounts = array();
3554 foreach ($roles as $role) {
3555 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->overridecount . ')';
3556 $rolecounts[$role->id] = $roles[$role->id]->overridecount;
3558 return array($rolenames, $rolecounts, $nameswithcounts);
3562 * Create a role menu suitable for default role selection in enrol plugins.
3564 * @package core_enrol
3566 * @param context $context
3567 * @param int $addroleid current or default role - always added to list
3568 * @return array roleid=>localised role name
3570 function get_default_enrol_roles(context $context, $addroleid = null) {
3571 global $DB;
3573 $params = array('contextlevel'=>CONTEXT_COURSE);
3575 if ($coursecontext = $context->get_course_context(false)) {
3576 $params['coursecontext'] = $coursecontext->id;
3577 } else {
3578 $params['coursecontext'] = 0; // no course names
3579 $coursecontext = null;
3582 if ($addroleid) {
3583 $addrole = "OR r.id = :addroleid";
3584 $params['addroleid'] = $addroleid;
3585 } else {
3586 $addrole = "";
3589 $sql = "SELECT r.id, r.name, r.shortname, rn.name AS coursealias
3590 FROM {role} r
3591 LEFT JOIN {role_context_levels} rcl ON (rcl.roleid = r.id AND rcl.contextlevel = :contextlevel)
3592 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3593 WHERE rcl.id IS NOT NULL $addrole
3594 ORDER BY sortorder DESC";
3596 $roles = $DB->get_records_sql($sql, $params);
3598 return role_fix_names($roles, $context, ROLENAME_BOTH, true);
3602 * Return context levels where this role is assignable.
3604 * @param integer $roleid the id of a role.
3605 * @return array list of the context levels at which this role may be assigned.
3607 function get_role_contextlevels($roleid) {
3608 global $DB;
3609 return $DB->get_records_menu('role_context_levels', array('roleid' => $roleid),
3610 'contextlevel', 'id,contextlevel');
3614 * Return roles suitable for assignment at the specified context level.
3616 * NOTE: this function name looks like a typo, should be probably get_roles_for_contextlevel()
3618 * @param integer $contextlevel a contextlevel.
3619 * @return array list of role ids that are assignable at this context level.
3621 function get_roles_for_contextlevels($contextlevel) {
3622 global $DB;
3623 return $DB->get_records_menu('role_context_levels', array('contextlevel' => $contextlevel),
3624 '', 'id,roleid');
3628 * Returns default context levels where roles can be assigned.
3630 * @param string $rolearchetype one of the role archetypes - that is, one of the keys
3631 * from the array returned by get_role_archetypes();
3632 * @return array list of the context levels at which this type of role may be assigned by default.
3634 function get_default_contextlevels($rolearchetype) {
3635 static $defaults = array(
3636 'manager' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE),
3637 'coursecreator' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT),
3638 'editingteacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3639 'teacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3640 'student' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3641 'guest' => array(),
3642 'user' => array(),
3643 'frontpage' => array());
3645 if (isset($defaults[$rolearchetype])) {
3646 return $defaults[$rolearchetype];
3647 } else {
3648 return array();
3653 * Set the context levels at which a particular role can be assigned.
3654 * Throws exceptions in case of error.
3656 * @param integer $roleid the id of a role.
3657 * @param array $contextlevels the context levels at which this role should be assignable,
3658 * duplicate levels are removed.
3659 * @return void
3661 function set_role_contextlevels($roleid, array $contextlevels) {
3662 global $DB;
3663 $DB->delete_records('role_context_levels', array('roleid' => $roleid));
3664 $rcl = new stdClass();
3665 $rcl->roleid = $roleid;
3666 $contextlevels = array_unique($contextlevels);
3667 foreach ($contextlevels as $level) {
3668 $rcl->contextlevel = $level;
3669 $DB->insert_record('role_context_levels', $rcl, false, true);
3674 * Who has this capability in this context?
3676 * This can be a very expensive call - use sparingly and keep
3677 * the results if you are going to need them again soon.
3679 * Note if $fields is empty this function attempts to get u.*
3680 * which can get rather large - and has a serious perf impact
3681 * on some DBs.
3683 * @param context $context
3684 * @param string|array $capability - capability name(s)
3685 * @param string $fields - fields to be pulled. The user table is aliased to 'u'. u.id MUST be included.
3686 * @param string $sort - the sort order. Default is lastaccess time.
3687 * @param mixed $limitfrom - number of records to skip (offset)
3688 * @param mixed $limitnum - number of records to fetch
3689 * @param string|array $groups - single group or array of groups - only return
3690 * users who are in one of these group(s).
3691 * @param string|array $exceptions - list of users to exclude, comma separated or array
3692 * @param bool $doanything_ignored not used any more, admin accounts are never returned
3693 * @param bool $view_ignored - use get_enrolled_sql() instead
3694 * @param bool $useviewallgroups if $groups is set the return users who
3695 * have capability both $capability and moodle/site:accessallgroups
3696 * in this context, as well as users who have $capability and who are
3697 * in $groups.
3698 * @return array of user records
3700 function get_users_by_capability(context $context, $capability, $fields = '', $sort = '', $limitfrom = '', $limitnum = '',
3701 $groups = '', $exceptions = '', $doanything_ignored = null, $view_ignored = null, $useviewallgroups = false) {
3702 global $CFG, $DB;
3704 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3705 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3707 $ctxids = trim($context->path, '/');
3708 $ctxids = str_replace('/', ',', $ctxids);
3710 // Context is the frontpage
3711 $iscoursepage = false; // coursepage other than fp
3712 $isfrontpage = false;
3713 if ($context->contextlevel == CONTEXT_COURSE) {
3714 if ($context->instanceid == SITEID) {
3715 $isfrontpage = true;
3716 } else {
3717 $iscoursepage = true;
3720 $isfrontpage = ($isfrontpage || is_inside_frontpage($context));
3722 $caps = (array)$capability;
3724 // construct list of context paths bottom-->top
3725 list($contextids, $paths) = get_context_info_list($context);
3727 // we need to find out all roles that have these capabilities either in definition or in overrides
3728 $defs = array();
3729 list($incontexts, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'con');
3730 list($incaps, $params2) = $DB->get_in_or_equal($caps, SQL_PARAMS_NAMED, 'cap');
3731 $params = array_merge($params, $params2);
3732 $sql = "SELECT rc.id, rc.roleid, rc.permission, rc.capability, ctx.path
3733 FROM {role_capabilities} rc
3734 JOIN {context} ctx on rc.contextid = ctx.id
3735 WHERE rc.contextid $incontexts AND rc.capability $incaps";
3737 $rcs = $DB->get_records_sql($sql, $params);
3738 foreach ($rcs as $rc) {
3739 $defs[$rc->capability][$rc->path][$rc->roleid] = $rc->permission;
3742 // go through the permissions bottom-->top direction to evaluate the current permission,
3743 // first one wins (prohibit is an exception that always wins)
3744 $access = array();
3745 foreach ($caps as $cap) {
3746 foreach ($paths as $path) {
3747 if (empty($defs[$cap][$path])) {
3748 continue;
3750 foreach($defs[$cap][$path] as $roleid => $perm) {
3751 if ($perm == CAP_PROHIBIT) {
3752 $access[$cap][$roleid] = CAP_PROHIBIT;
3753 continue;
3755 if (!isset($access[$cap][$roleid])) {
3756 $access[$cap][$roleid] = (int)$perm;
3762 // make lists of roles that are needed and prohibited in this context
3763 $needed = array(); // one of these is enough
3764 $prohibited = array(); // must not have any of these
3765 foreach ($caps as $cap) {
3766 if (empty($access[$cap])) {
3767 continue;
3769 foreach ($access[$cap] as $roleid => $perm) {
3770 if ($perm == CAP_PROHIBIT) {
3771 unset($needed[$cap][$roleid]);
3772 $prohibited[$cap][$roleid] = true;
3773 } else if ($perm == CAP_ALLOW and empty($prohibited[$cap][$roleid])) {
3774 $needed[$cap][$roleid] = true;
3777 if (empty($needed[$cap]) or !empty($prohibited[$cap][$defaultuserroleid])) {
3778 // easy, nobody has the permission
3779 unset($needed[$cap]);
3780 unset($prohibited[$cap]);
3781 } else if ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid])) {
3782 // everybody is disqualified on the frontpage
3783 unset($needed[$cap]);
3784 unset($prohibited[$cap]);
3786 if (empty($prohibited[$cap])) {
3787 unset($prohibited[$cap]);
3791 if (empty($needed)) {
3792 // there can not be anybody if no roles match this request
3793 return array();
3796 if (empty($prohibited)) {
3797 // we can compact the needed roles
3798 $n = array();
3799 foreach ($needed as $cap) {
3800 foreach ($cap as $roleid=>$unused) {
3801 $n[$roleid] = true;
3804 $needed = array('any'=>$n);
3805 unset($n);
3808 // ***** Set up default fields ******
3809 if (empty($fields)) {
3810 if ($iscoursepage) {
3811 $fields = 'u.*, ul.timeaccess AS lastaccess';
3812 } else {
3813 $fields = 'u.*';
3815 } else {
3816 if ($CFG->debugdeveloper && strpos($fields, 'u.*') === false && strpos($fields, 'u.id') === false) {
3817 debugging('u.id must be included in the list of fields passed to get_users_by_capability().', DEBUG_DEVELOPER);
3821 // Set up default sort
3822 if (empty($sort)) { // default to course lastaccess or just lastaccess
3823 if ($iscoursepage) {
3824 $sort = 'ul.timeaccess';
3825 } else {
3826 $sort = 'u.lastaccess';
3830 // Prepare query clauses
3831 $wherecond = array();
3832 $params = array();
3833 $joins = array();
3835 // User lastaccess JOIN
3836 if ((strpos($sort, 'ul.timeaccess') === false) and (strpos($fields, 'ul.timeaccess') === false)) {
3837 // user_lastaccess is not required MDL-13810
3838 } else {
3839 if ($iscoursepage) {
3840 $joins[] = "LEFT OUTER JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = {$context->instanceid})";
3841 } else {
3842 throw new coding_exception('Invalid sort in get_users_by_capability(), ul.timeaccess allowed only for course contexts.');
3846 // We never return deleted users or guest account.
3847 $wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
3848 $params['guestid'] = $CFG->siteguest;
3850 // Groups
3851 if ($groups) {
3852 $groups = (array)$groups;
3853 list($grouptest, $grpparams) = $DB->get_in_or_equal($groups, SQL_PARAMS_NAMED, 'grp');
3854 $grouptest = "u.id IN (SELECT userid FROM {groups_members} gm WHERE gm.groupid $grouptest)";
3855 $params = array_merge($params, $grpparams);
3857 if ($useviewallgroups) {
3858 $viewallgroupsusers = get_users_by_capability($context, 'moodle/site:accessallgroups', 'u.id, u.id', '', '', '', '', $exceptions);
3859 if (!empty($viewallgroupsusers)) {
3860 $wherecond[] = "($grouptest OR u.id IN (" . implode(',', array_keys($viewallgroupsusers)) . '))';
3861 } else {
3862 $wherecond[] = "($grouptest)";
3864 } else {
3865 $wherecond[] = "($grouptest)";
3869 // User exceptions
3870 if (!empty($exceptions)) {
3871 $exceptions = (array)$exceptions;
3872 list($exsql, $exparams) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'exc', false);
3873 $params = array_merge($params, $exparams);
3874 $wherecond[] = "u.id $exsql";
3877 // now add the needed and prohibited roles conditions as joins
3878 if (!empty($needed['any'])) {
3879 // simple case - there are no prohibits involved
3880 if (!empty($needed['any'][$defaultuserroleid]) or ($isfrontpage and !empty($needed['any'][$defaultfrontpageroleid]))) {
3881 // everybody
3882 } else {
3883 $joins[] = "JOIN (SELECT DISTINCT userid
3884 FROM {role_assignments}
3885 WHERE contextid IN ($ctxids)
3886 AND roleid IN (".implode(',', array_keys($needed['any'])) .")
3887 ) ra ON ra.userid = u.id";
3889 } else {
3890 $unions = array();
3891 $everybody = false;
3892 foreach ($needed as $cap=>$unused) {
3893 if (empty($prohibited[$cap])) {
3894 if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3895 $everybody = true;
3896 break;
3897 } else {
3898 $unions[] = "SELECT userid
3899 FROM {role_assignments}
3900 WHERE contextid IN ($ctxids)
3901 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")";
3903 } else {
3904 if (!empty($prohibited[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid]))) {
3905 // nobody can have this cap because it is prevented in default roles
3906 continue;
3908 } else if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3909 // everybody except the prohibitted - hiding does not matter
3910 $unions[] = "SELECT id AS userid
3911 FROM {user}
3912 WHERE id NOT IN (SELECT userid
3913 FROM {role_assignments}
3914 WHERE contextid IN ($ctxids)
3915 AND roleid IN (".implode(',', array_keys($prohibited[$cap])) ."))";
3917 } else {
3918 $unions[] = "SELECT userid
3919 FROM {role_assignments}
3920 WHERE contextid IN ($ctxids)
3921 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")
3922 AND roleid NOT IN (".implode(',', array_keys($prohibited[$cap])) .")";
3926 if (!$everybody) {
3927 if ($unions) {
3928 $joins[] = "JOIN (SELECT DISTINCT userid FROM ( ".implode(' UNION ', $unions)." ) us) ra ON ra.userid = u.id";
3929 } else {
3930 // only prohibits found - nobody can be matched
3931 $wherecond[] = "1 = 2";
3936 // Collect WHERE conditions and needed joins
3937 $where = implode(' AND ', $wherecond);
3938 if ($where !== '') {
3939 $where = 'WHERE ' . $where;
3941 $joins = implode("\n", $joins);
3943 // Ok, let's get the users!
3944 $sql = "SELECT $fields
3945 FROM {user} u
3946 $joins
3947 $where
3948 ORDER BY $sort";
3950 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
3954 * Re-sort a users array based on a sorting policy
3956 * Will re-sort a $users results array (from get_users_by_capability(), usually)
3957 * based on a sorting policy. This is to support the odd practice of
3958 * sorting teachers by 'authority', where authority was "lowest id of the role
3959 * assignment".
3961 * Will execute 1 database query. Only suitable for small numbers of users, as it
3962 * uses an u.id IN() clause.
3964 * Notes about the sorting criteria.
3966 * As a default, we cannot rely on role.sortorder because then
3967 * admins/coursecreators will always win. That is why the sane
3968 * rule "is locality matters most", with sortorder as 2nd
3969 * consideration.
3971 * If you want role.sortorder, use the 'sortorder' policy, and
3972 * name explicitly what roles you want to cover. It's probably
3973 * a good idea to see what roles have the capabilities you want
3974 * (array_diff() them against roiles that have 'can-do-anything'
3975 * to weed out admin-ish roles. Or fetch a list of roles from
3976 * variables like $CFG->coursecontact .
3978 * @param array $users Users array, keyed on userid
3979 * @param context $context
3980 * @param array $roles ids of the roles to include, optional
3981 * @param string $sortpolicy defaults to locality, more about
3982 * @return array sorted copy of the array
3984 function sort_by_roleassignment_authority($users, context $context, $roles = array(), $sortpolicy = 'locality') {
3985 global $DB;
3987 $userswhere = ' ra.userid IN (' . implode(',',array_keys($users)) . ')';
3988 $contextwhere = 'AND ra.contextid IN ('.str_replace('/', ',',substr($context->path, 1)).')';
3989 if (empty($roles)) {
3990 $roleswhere = '';
3991 } else {
3992 $roleswhere = ' AND ra.roleid IN ('.implode(',',$roles).')';
3995 $sql = "SELECT ra.userid
3996 FROM {role_assignments} ra
3997 JOIN {role} r
3998 ON ra.roleid=r.id
3999 JOIN {context} ctx
4000 ON ra.contextid=ctx.id
4001 WHERE $userswhere
4002 $contextwhere
4003 $roleswhere";
4005 // Default 'locality' policy -- read PHPDoc notes
4006 // about sort policies...
4007 $orderby = 'ORDER BY '
4008 .'ctx.depth DESC, ' /* locality wins */
4009 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
4010 .'ra.id'; /* role assignment order tie-breaker */
4011 if ($sortpolicy === 'sortorder') {
4012 $orderby = 'ORDER BY '
4013 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
4014 .'ra.id'; /* role assignment order tie-breaker */
4017 $sortedids = $DB->get_fieldset_sql($sql . $orderby);
4018 $sortedusers = array();
4019 $seen = array();
4021 foreach ($sortedids as $id) {
4022 // Avoid duplicates
4023 if (isset($seen[$id])) {
4024 continue;
4026 $seen[$id] = true;
4028 // assign
4029 $sortedusers[$id] = $users[$id];
4031 return $sortedusers;
4035 * Gets all the users assigned this role in this context or higher
4037 * @param int $roleid (can also be an array of ints!)
4038 * @param context $context
4039 * @param bool $parent if true, get list of users assigned in higher context too
4040 * @param string $fields fields from user (u.) , role assignment (ra) or role (r.)
4041 * @param string $sort sort from user (u.) , role assignment (ra.) or role (r.).
4042 * null => use default sort from users_order_by_sql.
4043 * @param bool $all true means all, false means limit to enrolled users
4044 * @param string $group defaults to ''
4045 * @param mixed $limitfrom defaults to ''
4046 * @param mixed $limitnum defaults to ''
4047 * @param string $extrawheretest defaults to ''
4048 * @param array $whereorsortparams any paramter values used by $sort or $extrawheretest.
4049 * @return array
4051 function get_role_users($roleid, context $context, $parent = false, $fields = '',
4052 $sort = null, $all = true, $group = '',
4053 $limitfrom = '', $limitnum = '', $extrawheretest = '', $whereorsortparams = array()) {
4054 global $DB;
4056 if (empty($fields)) {
4057 $allnames = get_all_user_name_fields(true, 'u');
4058 $fields = 'u.id, u.confirmed, u.username, '. $allnames . ', ' .
4059 'u.maildisplay, u.mailformat, u.maildigest, u.email, u.emailstop, u.city, '.
4060 'u.country, u.picture, u.idnumber, u.department, u.institution, '.
4061 'u.lang, u.timezone, u.lastaccess, u.mnethostid, r.name AS rolename, r.sortorder, '.
4062 'r.shortname AS roleshortname, rn.name AS rolecoursealias';
4065 $parentcontexts = '';
4066 if ($parent) {
4067 $parentcontexts = substr($context->path, 1); // kill leading slash
4068 $parentcontexts = str_replace('/', ',', $parentcontexts);
4069 if ($parentcontexts !== '') {
4070 $parentcontexts = ' OR ra.contextid IN ('.$parentcontexts.' )';
4074 if ($roleid) {
4075 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_NAMED, 'r');
4076 $roleselect = "AND ra.roleid $rids";
4077 } else {
4078 $params = array();
4079 $roleselect = '';
4082 if ($coursecontext = $context->get_course_context(false)) {
4083 $params['coursecontext'] = $coursecontext->id;
4084 } else {
4085 $params['coursecontext'] = 0;
4088 if ($group) {
4089 $groupjoin = "JOIN {groups_members} gm ON gm.userid = u.id";
4090 $groupselect = " AND gm.groupid = :groupid ";
4091 $params['groupid'] = $group;
4092 } else {
4093 $groupjoin = '';
4094 $groupselect = '';
4097 $params['contextid'] = $context->id;
4099 if ($extrawheretest) {
4100 $extrawheretest = ' AND ' . $extrawheretest;
4103 if ($whereorsortparams) {
4104 $params = array_merge($params, $whereorsortparams);
4107 if (!$sort) {
4108 list($sort, $sortparams) = users_order_by_sql('u');
4109 $params = array_merge($params, $sortparams);
4112 if ($all === null) {
4113 // Previously null was used to indicate that parameter was not used.
4114 $all = true;
4116 if (!$all and $coursecontext) {
4117 // Do not use get_enrolled_sql() here for performance reasons.
4118 $ejoin = "JOIN {user_enrolments} ue ON ue.userid = u.id
4119 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :ecourseid)";
4120 $params['ecourseid'] = $coursecontext->instanceid;
4121 } else {
4122 $ejoin = "";
4125 $sql = "SELECT DISTINCT $fields, ra.roleid
4126 FROM {role_assignments} ra
4127 JOIN {user} u ON u.id = ra.userid
4128 JOIN {role} r ON ra.roleid = r.id
4129 $ejoin
4130 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
4131 $groupjoin
4132 WHERE (ra.contextid = :contextid $parentcontexts)
4133 $roleselect
4134 $groupselect
4135 $extrawheretest
4136 ORDER BY $sort"; // join now so that we can just use fullname() later
4138 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
4142 * Counts all the users assigned this role in this context or higher
4144 * @param int|array $roleid either int or an array of ints
4145 * @param context $context
4146 * @param bool $parent if true, get list of users assigned in higher context too
4147 * @return int Returns the result count
4149 function count_role_users($roleid, context $context, $parent = false) {
4150 global $DB;
4152 if ($parent) {
4153 if ($contexts = $context->get_parent_context_ids()) {
4154 $parentcontexts = ' OR r.contextid IN ('.implode(',', $contexts).')';
4155 } else {
4156 $parentcontexts = '';
4158 } else {
4159 $parentcontexts = '';
4162 if ($roleid) {
4163 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_QM);
4164 $roleselect = "AND r.roleid $rids";
4165 } else {
4166 $params = array();
4167 $roleselect = '';
4170 array_unshift($params, $context->id);
4172 $sql = "SELECT COUNT(u.id)
4173 FROM {role_assignments} r
4174 JOIN {user} u ON u.id = r.userid
4175 WHERE (r.contextid = ? $parentcontexts)
4176 $roleselect
4177 AND u.deleted = 0";
4179 return $DB->count_records_sql($sql, $params);
4183 * This function gets the list of courses that this user has a particular capability in.
4184 * It is still not very efficient.
4186 * @param string $capability Capability in question
4187 * @param int $userid User ID or null for current user
4188 * @param bool $doanything True if 'doanything' is permitted (default)
4189 * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records;
4190 * otherwise use a comma-separated list of the fields you require, not including id
4191 * @param string $orderby If set, use a comma-separated list of fields from course
4192 * table with sql modifiers (DESC) if needed
4193 * @return array Array of courses, may have zero entries. Or false if query failed.
4195 function get_user_capability_course($capability, $userid = null, $doanything = true, $fieldsexceptid = '', $orderby = '') {
4196 global $DB;
4198 // Convert fields list and ordering
4199 $fieldlist = '';
4200 if ($fieldsexceptid) {
4201 $fields = explode(',', $fieldsexceptid);
4202 foreach($fields as $field) {
4203 $fieldlist .= ',c.'.$field;
4206 if ($orderby) {
4207 $fields = explode(',', $orderby);
4208 $orderby = '';
4209 foreach($fields as $field) {
4210 if ($orderby) {
4211 $orderby .= ',';
4213 $orderby .= 'c.'.$field;
4215 $orderby = 'ORDER BY '.$orderby;
4218 // Obtain a list of everything relevant about all courses including context.
4219 // Note the result can be used directly as a context (we are going to), the course
4220 // fields are just appended.
4222 $contextpreload = context_helper::get_preload_record_columns_sql('x');
4224 $courses = array();
4225 $rs = $DB->get_recordset_sql("SELECT c.id $fieldlist, $contextpreload
4226 FROM {course} c
4227 JOIN {context} x ON (c.id=x.instanceid AND x.contextlevel=".CONTEXT_COURSE.")
4228 $orderby");
4229 // Check capability for each course in turn
4230 foreach ($rs as $course) {
4231 context_helper::preload_from_record($course);
4232 $context = context_course::instance($course->id);
4233 if (has_capability($capability, $context, $userid, $doanything)) {
4234 // We've got the capability. Make the record look like a course record
4235 // and store it
4236 $courses[] = $course;
4239 $rs->close();
4240 return empty($courses) ? false : $courses;
4244 * This function finds the roles assigned directly to this context only
4245 * i.e. no roles in parent contexts
4247 * @param context $context
4248 * @return array
4250 function get_roles_on_exact_context(context $context) {
4251 global $DB;
4253 return $DB->get_records_sql("SELECT r.*
4254 FROM {role_assignments} ra, {role} r
4255 WHERE ra.roleid = r.id AND ra.contextid = ?",
4256 array($context->id));
4260 * Switches the current user to another role for the current session and only
4261 * in the given context.
4263 * The caller *must* check
4264 * - that this op is allowed
4265 * - that the requested role can be switched to in this context (use get_switchable_roles)
4266 * - that the requested role is NOT $CFG->defaultuserroleid
4268 * To "unswitch" pass 0 as the roleid.
4270 * This function *will* modify $USER->access - beware
4272 * @param integer $roleid the role to switch to.
4273 * @param context $context the context in which to perform the switch.
4274 * @return bool success or failure.
4276 function role_switch($roleid, context $context) {
4277 global $USER;
4280 // Plan of action
4282 // - Add the ghost RA to $USER->access
4283 // as $USER->access['rsw'][$path] = $roleid
4285 // - Make sure $USER->access['rdef'] has the roledefs
4286 // it needs to honour the switcherole
4288 // Roledefs will get loaded "deep" here - down to the last child
4289 // context. Note that
4291 // - When visiting subcontexts, our selective accessdata loading
4292 // will still work fine - though those ra/rdefs will be ignored
4293 // appropriately while the switch is in place
4295 // - If a switcherole happens at a category with tons of courses
4296 // (that have many overrides for switched-to role), the session
4297 // will get... quite large. Sometimes you just can't win.
4299 // To un-switch just unset($USER->access['rsw'][$path])
4301 // Note: it is not possible to switch to roles that do not have course:view
4303 if (!isset($USER->access)) {
4304 load_all_capabilities();
4308 // Add the switch RA
4309 if ($roleid == 0) {
4310 unset($USER->access['rsw'][$context->path]);
4311 return true;
4314 $USER->access['rsw'][$context->path] = $roleid;
4316 // Load roledefs
4317 load_role_access_by_context($roleid, $context, $USER->access);
4319 return true;
4323 * Checks if the user has switched roles within the given course.
4325 * Note: You can only switch roles within the course, hence it takes a course id
4326 * rather than a context. On that note Petr volunteered to implement this across
4327 * all other contexts, all requests for this should be forwarded to him ;)
4329 * @param int $courseid The id of the course to check
4330 * @return bool True if the user has switched roles within the course.
4332 function is_role_switched($courseid) {
4333 global $USER;
4334 $context = context_course::instance($courseid, MUST_EXIST);
4335 return (!empty($USER->access['rsw'][$context->path]));
4339 * Get any role that has an override on exact context
4341 * @param context $context The context to check
4342 * @return array An array of roles
4344 function get_roles_with_override_on_context(context $context) {
4345 global $DB;
4347 return $DB->get_records_sql("SELECT r.*
4348 FROM {role_capabilities} rc, {role} r
4349 WHERE rc.roleid = r.id AND rc.contextid = ?",
4350 array($context->id));
4354 * Get all capabilities for this role on this context (overrides)
4356 * @param stdClass $role
4357 * @param context $context
4358 * @return array
4360 function get_capabilities_from_role_on_context($role, context $context) {
4361 global $DB;
4363 return $DB->get_records_sql("SELECT *
4364 FROM {role_capabilities}
4365 WHERE contextid = ? AND roleid = ?",
4366 array($context->id, $role->id));
4370 * Find out which roles has assignment on this context
4372 * @param context $context
4373 * @return array
4376 function get_roles_with_assignment_on_context(context $context) {
4377 global $DB;
4379 return $DB->get_records_sql("SELECT r.*
4380 FROM {role_assignments} ra, {role} r
4381 WHERE ra.roleid = r.id AND ra.contextid = ?",
4382 array($context->id));
4386 * Find all user assignment of users for this role, on this context
4388 * @param stdClass $role
4389 * @param context $context
4390 * @return array
4392 function get_users_from_role_on_context($role, context $context) {
4393 global $DB;
4395 return $DB->get_records_sql("SELECT *
4396 FROM {role_assignments}
4397 WHERE contextid = ? AND roleid = ?",
4398 array($context->id, $role->id));
4402 * Simple function returning a boolean true if user has roles
4403 * in context or parent contexts, otherwise false.
4405 * @param int $userid
4406 * @param int $roleid
4407 * @param int $contextid empty means any context
4408 * @return bool
4410 function user_has_role_assignment($userid, $roleid, $contextid = 0) {
4411 global $DB;
4413 if ($contextid) {
4414 if (!$context = context::instance_by_id($contextid, IGNORE_MISSING)) {
4415 return false;
4417 $parents = $context->get_parent_context_ids(true);
4418 list($contexts, $params) = $DB->get_in_or_equal($parents, SQL_PARAMS_NAMED, 'r');
4419 $params['userid'] = $userid;
4420 $params['roleid'] = $roleid;
4422 $sql = "SELECT COUNT(ra.id)
4423 FROM {role_assignments} ra
4424 WHERE ra.userid = :userid AND ra.roleid = :roleid AND ra.contextid $contexts";
4426 $count = $DB->get_field_sql($sql, $params);
4427 return ($count > 0);
4429 } else {
4430 return $DB->record_exists('role_assignments', array('userid'=>$userid, 'roleid'=>$roleid));
4435 * Get localised role name or alias if exists and format the text.
4437 * @param stdClass $role role object
4438 * - optional 'coursealias' property should be included for performance reasons if course context used
4439 * - description property is not required here
4440 * @param context|bool $context empty means system context
4441 * @param int $rolenamedisplay type of role name
4442 * @return string localised role name or course role name alias
4444 function role_get_name(stdClass $role, $context = null, $rolenamedisplay = ROLENAME_ALIAS) {
4445 global $DB;
4447 if ($rolenamedisplay == ROLENAME_SHORT) {
4448 return $role->shortname;
4451 if (!$context or !$coursecontext = $context->get_course_context(false)) {
4452 $coursecontext = null;
4455 if ($coursecontext and !property_exists($role, 'coursealias') and ($rolenamedisplay == ROLENAME_ALIAS or $rolenamedisplay == ROLENAME_BOTH or $rolenamedisplay == ROLENAME_ALIAS_RAW)) {
4456 $role = clone($role); // Do not modify parameters.
4457 if ($r = $DB->get_record('role_names', array('roleid'=>$role->id, 'contextid'=>$coursecontext->id))) {
4458 $role->coursealias = $r->name;
4459 } else {
4460 $role->coursealias = null;
4464 if ($rolenamedisplay == ROLENAME_ALIAS_RAW) {
4465 if ($coursecontext) {
4466 return $role->coursealias;
4467 } else {
4468 return null;
4472 if (trim($role->name) !== '') {
4473 // For filtering always use context where was the thing defined - system for roles here.
4474 $original = format_string($role->name, true, array('context'=>context_system::instance()));
4476 } else {
4477 // Empty role->name means we want to see localised role name based on shortname,
4478 // only default roles are supposed to be localised.
4479 switch ($role->shortname) {
4480 case 'manager': $original = get_string('manager', 'role'); break;
4481 case 'coursecreator': $original = get_string('coursecreators'); break;
4482 case 'editingteacher': $original = get_string('defaultcourseteacher'); break;
4483 case 'teacher': $original = get_string('noneditingteacher'); break;
4484 case 'student': $original = get_string('defaultcoursestudent'); break;
4485 case 'guest': $original = get_string('guest'); break;
4486 case 'user': $original = get_string('authenticateduser'); break;
4487 case 'frontpage': $original = get_string('frontpageuser', 'role'); break;
4488 // We should not get here, the role UI should require the name for custom roles!
4489 default: $original = $role->shortname; break;
4493 if ($rolenamedisplay == ROLENAME_ORIGINAL) {
4494 return $original;
4497 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) {
4498 return "$original ($role->shortname)";
4501 if ($rolenamedisplay == ROLENAME_ALIAS) {
4502 if ($coursecontext and trim($role->coursealias) !== '') {
4503 return format_string($role->coursealias, true, array('context'=>$coursecontext));
4504 } else {
4505 return $original;
4509 if ($rolenamedisplay == ROLENAME_BOTH) {
4510 if ($coursecontext and trim($role->coursealias) !== '') {
4511 return format_string($role->coursealias, true, array('context'=>$coursecontext)) . " ($original)";
4512 } else {
4513 return $original;
4517 throw new coding_exception('Invalid $rolenamedisplay parameter specified in role_get_name()');
4521 * Returns localised role description if available.
4522 * If the name is empty it tries to find the default role name using
4523 * hardcoded list of default role names or other methods in the future.
4525 * @param stdClass $role
4526 * @return string localised role name
4528 function role_get_description(stdClass $role) {
4529 if (!html_is_blank($role->description)) {
4530 return format_text($role->description, FORMAT_HTML, array('context'=>context_system::instance()));
4533 switch ($role->shortname) {
4534 case 'manager': return get_string('managerdescription', 'role');
4535 case 'coursecreator': return get_string('coursecreatorsdescription');
4536 case 'editingteacher': return get_string('defaultcourseteacherdescription');
4537 case 'teacher': return get_string('noneditingteacherdescription');
4538 case 'student': return get_string('defaultcoursestudentdescription');
4539 case 'guest': return get_string('guestdescription');
4540 case 'user': return get_string('authenticateduserdescription');
4541 case 'frontpage': return get_string('frontpageuserdescription', 'role');
4542 default: return '';
4547 * Get all the localised role names for a context.
4549 * In new installs default roles have empty names, this function
4550 * add localised role names using current language pack.
4552 * @param context $context the context, null means system context
4553 * @param array of role objects with a ->localname field containing the context-specific role name.
4554 * @param int $rolenamedisplay
4555 * @param bool $returnmenu true means id=>localname, false means id=>rolerecord
4556 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4558 function role_get_names(context $context = null, $rolenamedisplay = ROLENAME_ALIAS, $returnmenu = null) {
4559 return role_fix_names(get_all_roles($context), $context, $rolenamedisplay, $returnmenu);
4563 * Prepare list of roles for display, apply aliases and localise default role names.
4565 * @param array $roleoptions array roleid => roleobject (with optional coursealias), strings are accepted for backwards compatibility only
4566 * @param context $context the context, null means system context
4567 * @param int $rolenamedisplay
4568 * @param bool $returnmenu null means keep the same format as $roleoptions, true means id=>localname, false means id=>rolerecord
4569 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4571 function role_fix_names($roleoptions, context $context = null, $rolenamedisplay = ROLENAME_ALIAS, $returnmenu = null) {
4572 global $DB;
4574 if (empty($roleoptions)) {
4575 return array();
4578 if (!$context or !$coursecontext = $context->get_course_context(false)) {
4579 $coursecontext = null;
4582 // We usually need all role columns...
4583 $first = reset($roleoptions);
4584 if ($returnmenu === null) {
4585 $returnmenu = !is_object($first);
4588 if (!is_object($first) or !property_exists($first, 'shortname')) {
4589 $allroles = get_all_roles($context);
4590 foreach ($roleoptions as $rid => $unused) {
4591 $roleoptions[$rid] = $allroles[$rid];
4595 // Inject coursealias if necessary.
4596 if ($coursecontext and ($rolenamedisplay == ROLENAME_ALIAS_RAW or $rolenamedisplay == ROLENAME_ALIAS or $rolenamedisplay == ROLENAME_BOTH)) {
4597 $first = reset($roleoptions);
4598 if (!property_exists($first, 'coursealias')) {
4599 $aliasnames = $DB->get_records('role_names', array('contextid'=>$coursecontext->id));
4600 foreach ($aliasnames as $alias) {
4601 if (isset($roleoptions[$alias->roleid])) {
4602 $roleoptions[$alias->roleid]->coursealias = $alias->name;
4608 // Add localname property.
4609 foreach ($roleoptions as $rid => $role) {
4610 $roleoptions[$rid]->localname = role_get_name($role, $coursecontext, $rolenamedisplay);
4613 if (!$returnmenu) {
4614 return $roleoptions;
4617 $menu = array();
4618 foreach ($roleoptions as $rid => $role) {
4619 $menu[$rid] = $role->localname;
4622 return $menu;
4626 * Aids in detecting if a new line is required when reading a new capability
4628 * This function helps admin/roles/manage.php etc to detect if a new line should be printed
4629 * when we read in a new capability.
4630 * Most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client)
4631 * but when we are in grade, all reports/import/export capabilities should be together
4633 * @param string $cap component string a
4634 * @param string $comp component string b
4635 * @param int $contextlevel
4636 * @return bool whether 2 component are in different "sections"
4638 function component_level_changed($cap, $comp, $contextlevel) {
4640 if (strstr($cap->component, '/') && strstr($comp, '/')) {
4641 $compsa = explode('/', $cap->component);
4642 $compsb = explode('/', $comp);
4644 // list of system reports
4645 if (($compsa[0] == 'report') && ($compsb[0] == 'report')) {
4646 return false;
4649 // we are in gradebook, still
4650 if (($compsa[0] == 'gradeexport' || $compsa[0] == 'gradeimport' || $compsa[0] == 'gradereport') &&
4651 ($compsb[0] == 'gradeexport' || $compsb[0] == 'gradeimport' || $compsb[0] == 'gradereport')) {
4652 return false;
4655 if (($compsa[0] == 'coursereport') && ($compsb[0] == 'coursereport')) {
4656 return false;
4660 return ($cap->component != $comp || $cap->contextlevel != $contextlevel);
4664 * Fix the roles.sortorder field in the database, so it contains sequential integers,
4665 * and return an array of roleids in order.
4667 * @param array $allroles array of roles, as returned by get_all_roles();
4668 * @return array $role->sortorder =-> $role->id with the keys in ascending order.
4670 function fix_role_sortorder($allroles) {
4671 global $DB;
4673 $rolesort = array();
4674 $i = 0;
4675 foreach ($allroles as $role) {
4676 $rolesort[$i] = $role->id;
4677 if ($role->sortorder != $i) {
4678 $r = new stdClass();
4679 $r->id = $role->id;
4680 $r->sortorder = $i;
4681 $DB->update_record('role', $r);
4682 $allroles[$role->id]->sortorder = $i;
4684 $i++;
4686 return $rolesort;
4690 * Switch the sort order of two roles (used in admin/roles/manage.php).
4692 * @param stdClass $first The first role. Actually, only ->sortorder is used.
4693 * @param stdClass $second The second role. Actually, only ->sortorder is used.
4694 * @return boolean success or failure
4696 function switch_roles($first, $second) {
4697 global $DB;
4698 $temp = $DB->get_field('role', 'MAX(sortorder) + 1', array());
4699 $result = $DB->set_field('role', 'sortorder', $temp, array('sortorder' => $first->sortorder));
4700 $result = $result && $DB->set_field('role', 'sortorder', $first->sortorder, array('sortorder' => $second->sortorder));
4701 $result = $result && $DB->set_field('role', 'sortorder', $second->sortorder, array('sortorder' => $temp));
4702 return $result;
4706 * Duplicates all the base definitions of a role
4708 * @param stdClass $sourcerole role to copy from
4709 * @param int $targetrole id of role to copy to
4711 function role_cap_duplicate($sourcerole, $targetrole) {
4712 global $DB;
4714 $systemcontext = context_system::instance();
4715 $caps = $DB->get_records_sql("SELECT *
4716 FROM {role_capabilities}
4717 WHERE roleid = ? AND contextid = ?",
4718 array($sourcerole->id, $systemcontext->id));
4719 // adding capabilities
4720 foreach ($caps as $cap) {
4721 unset($cap->id);
4722 $cap->roleid = $targetrole;
4723 $DB->insert_record('role_capabilities', $cap);
4728 * Returns two lists, this can be used to find out if user has capability.
4729 * Having any needed role and no forbidden role in this context means
4730 * user has this capability in this context.
4731 * Use get_role_names_with_cap_in_context() if you need role names to display in the UI
4733 * @param stdClass $context
4734 * @param string $capability
4735 * @return array($neededroles, $forbiddenroles)
4737 function get_roles_with_cap_in_context($context, $capability) {
4738 global $DB;
4740 $ctxids = trim($context->path, '/'); // kill leading slash
4741 $ctxids = str_replace('/', ',', $ctxids);
4743 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.depth
4744 FROM {role_capabilities} rc
4745 JOIN {context} ctx ON ctx.id = rc.contextid
4746 WHERE rc.capability = :cap AND ctx.id IN ($ctxids)
4747 ORDER BY rc.roleid ASC, ctx.depth DESC";
4748 $params = array('cap'=>$capability);
4750 if (!$capdefs = $DB->get_records_sql($sql, $params)) {
4751 // no cap definitions --> no capability
4752 return array(array(), array());
4755 $forbidden = array();
4756 $needed = array();
4757 foreach($capdefs as $def) {
4758 if (isset($forbidden[$def->roleid])) {
4759 continue;
4761 if ($def->permission == CAP_PROHIBIT) {
4762 $forbidden[$def->roleid] = $def->roleid;
4763 unset($needed[$def->roleid]);
4764 continue;
4766 if (!isset($needed[$def->roleid])) {
4767 if ($def->permission == CAP_ALLOW) {
4768 $needed[$def->roleid] = true;
4769 } else if ($def->permission == CAP_PREVENT) {
4770 $needed[$def->roleid] = false;
4774 unset($capdefs);
4776 // remove all those roles not allowing
4777 foreach($needed as $key=>$value) {
4778 if (!$value) {
4779 unset($needed[$key]);
4780 } else {
4781 $needed[$key] = $key;
4785 return array($needed, $forbidden);
4789 * Returns an array of role IDs that have ALL of the the supplied capabilities
4790 * Uses get_roles_with_cap_in_context(). Returns $allowed minus $forbidden
4792 * @param stdClass $context
4793 * @param array $capabilities An array of capabilities
4794 * @return array of roles with all of the required capabilities
4796 function get_roles_with_caps_in_context($context, $capabilities) {
4797 $neededarr = array();
4798 $forbiddenarr = array();
4799 foreach($capabilities as $caprequired) {
4800 list($neededarr[], $forbiddenarr[]) = get_roles_with_cap_in_context($context, $caprequired);
4803 $rolesthatcanrate = array();
4804 if (!empty($neededarr)) {
4805 foreach ($neededarr as $needed) {
4806 if (empty($rolesthatcanrate)) {
4807 $rolesthatcanrate = $needed;
4808 } else {
4809 //only want roles that have all caps
4810 $rolesthatcanrate = array_intersect_key($rolesthatcanrate,$needed);
4814 if (!empty($forbiddenarr) && !empty($rolesthatcanrate)) {
4815 foreach ($forbiddenarr as $forbidden) {
4816 //remove any roles that are forbidden any of the caps
4817 $rolesthatcanrate = array_diff($rolesthatcanrate, $forbidden);
4820 return $rolesthatcanrate;
4824 * Returns an array of role names that have ALL of the the supplied capabilities
4825 * Uses get_roles_with_caps_in_context(). Returns $allowed minus $forbidden
4827 * @param stdClass $context
4828 * @param array $capabilities An array of capabilities
4829 * @return array of roles with all of the required capabilities
4831 function get_role_names_with_caps_in_context($context, $capabilities) {
4832 global $DB;
4834 $rolesthatcanrate = get_roles_with_caps_in_context($context, $capabilities);
4835 $allroles = $DB->get_records('role', null, 'sortorder DESC');
4837 $roles = array();
4838 foreach ($rolesthatcanrate as $r) {
4839 $roles[$r] = $allroles[$r];
4842 return role_fix_names($roles, $context, ROLENAME_ALIAS, true);
4846 * This function verifies the prohibit comes from this context
4847 * and there are no more prohibits in parent contexts.
4849 * @param int $roleid
4850 * @param context $context
4851 * @param string $capability name
4852 * @return bool
4854 function prohibit_is_removable($roleid, context $context, $capability) {
4855 global $DB;
4857 $ctxids = trim($context->path, '/'); // kill leading slash
4858 $ctxids = str_replace('/', ',', $ctxids);
4860 $params = array('roleid'=>$roleid, 'cap'=>$capability, 'prohibit'=>CAP_PROHIBIT);
4862 $sql = "SELECT ctx.id
4863 FROM {role_capabilities} rc
4864 JOIN {context} ctx ON ctx.id = rc.contextid
4865 WHERE rc.roleid = :roleid AND rc.permission = :prohibit AND rc.capability = :cap AND ctx.id IN ($ctxids)
4866 ORDER BY ctx.depth DESC";
4868 if (!$prohibits = $DB->get_records_sql($sql, $params)) {
4869 // no prohibits == nothing to remove
4870 return true;
4873 if (count($prohibits) > 1) {
4874 // more prohibits can not be removed
4875 return false;
4878 return !empty($prohibits[$context->id]);
4882 * More user friendly role permission changing,
4883 * it should produce as few overrides as possible.
4885 * @param int $roleid
4886 * @param stdClass $context
4887 * @param string $capname capability name
4888 * @param int $permission
4889 * @return void
4891 function role_change_permission($roleid, $context, $capname, $permission) {
4892 global $DB;
4894 if ($permission == CAP_INHERIT) {
4895 unassign_capability($capname, $roleid, $context->id);
4896 $context->mark_dirty();
4897 return;
4900 $ctxids = trim($context->path, '/'); // kill leading slash
4901 $ctxids = str_replace('/', ',', $ctxids);
4903 $params = array('roleid'=>$roleid, 'cap'=>$capname);
4905 $sql = "SELECT ctx.id, rc.permission, ctx.depth
4906 FROM {role_capabilities} rc
4907 JOIN {context} ctx ON ctx.id = rc.contextid
4908 WHERE rc.roleid = :roleid AND rc.capability = :cap AND ctx.id IN ($ctxids)
4909 ORDER BY ctx.depth DESC";
4911 if ($existing = $DB->get_records_sql($sql, $params)) {
4912 foreach($existing as $e) {
4913 if ($e->permission == CAP_PROHIBIT) {
4914 // prohibit can not be overridden, no point in changing anything
4915 return;
4918 $lowest = array_shift($existing);
4919 if ($lowest->permission == $permission) {
4920 // permission already set in this context or parent - nothing to do
4921 return;
4923 if ($existing) {
4924 $parent = array_shift($existing);
4925 if ($parent->permission == $permission) {
4926 // permission already set in parent context or parent - just unset in this context
4927 // we do this because we want as few overrides as possible for performance reasons
4928 unassign_capability($capname, $roleid, $context->id);
4929 $context->mark_dirty();
4930 return;
4934 } else {
4935 if ($permission == CAP_PREVENT) {
4936 // nothing means role does not have permission
4937 return;
4941 // assign the needed capability
4942 assign_capability($capname, $permission, $roleid, $context->id, true);
4944 // force cap reloading
4945 $context->mark_dirty();
4950 * Basic moodle context abstraction class.
4952 * Google confirms that no other important framework is using "context" class,
4953 * we could use something else like mcontext or moodle_context, but we need to type
4954 * this very often which would be annoying and it would take too much space...
4956 * This class is derived from stdClass for backwards compatibility with
4957 * odl $context record that was returned from DML $DB->get_record()
4959 * @package core_access
4960 * @category access
4961 * @copyright Petr Skoda {@link http://skodak.org}
4962 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
4963 * @since 2.2
4965 * @property-read int $id context id
4966 * @property-read int $contextlevel CONTEXT_SYSTEM, CONTEXT_COURSE, etc.
4967 * @property-read int $instanceid id of related instance in each context
4968 * @property-read string $path path to context, starts with system context
4969 * @property-read int $depth
4971 abstract class context extends stdClass implements IteratorAggregate {
4974 * The context id
4975 * Can be accessed publicly through $context->id
4976 * @var int
4978 protected $_id;
4981 * The context level
4982 * Can be accessed publicly through $context->contextlevel
4983 * @var int One of CONTEXT_* e.g. CONTEXT_COURSE, CONTEXT_MODULE
4985 protected $_contextlevel;
4988 * Id of the item this context is related to e.g. COURSE_CONTEXT => course.id
4989 * Can be accessed publicly through $context->instanceid
4990 * @var int
4992 protected $_instanceid;
4995 * The path to the context always starting from the system context
4996 * Can be accessed publicly through $context->path
4997 * @var string
4999 protected $_path;
5002 * The depth of the context in relation to parent contexts
5003 * Can be accessed publicly through $context->depth
5004 * @var int
5006 protected $_depth;
5009 * @var array Context caching info
5011 private static $cache_contextsbyid = array();
5014 * @var array Context caching info
5016 private static $cache_contexts = array();
5019 * Context count
5020 * Why do we do count contexts? Because count($array) is horribly slow for large arrays
5021 * @var int
5023 protected static $cache_count = 0;
5026 * @var array Context caching info
5028 protected static $cache_preloaded = array();
5031 * @var context_system The system context once initialised
5033 protected static $systemcontext = null;
5036 * Resets the cache to remove all data.
5037 * @static
5039 protected static function reset_caches() {
5040 self::$cache_contextsbyid = array();
5041 self::$cache_contexts = array();
5042 self::$cache_count = 0;
5043 self::$cache_preloaded = array();
5045 self::$systemcontext = null;
5049 * Adds a context to the cache. If the cache is full, discards a batch of
5050 * older entries.
5052 * @static
5053 * @param context $context New context to add
5054 * @return void
5056 protected static function cache_add(context $context) {
5057 if (isset(self::$cache_contextsbyid[$context->id])) {
5058 // already cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
5059 return;
5062 if (self::$cache_count >= CONTEXT_CACHE_MAX_SIZE) {
5063 $i = 0;
5064 foreach(self::$cache_contextsbyid as $ctx) {
5065 $i++;
5066 if ($i <= 100) {
5067 // we want to keep the first contexts to be loaded on this page, hopefully they will be needed again later
5068 continue;
5070 if ($i > (CONTEXT_CACHE_MAX_SIZE / 3)) {
5071 // we remove oldest third of the contexts to make room for more contexts
5072 break;
5074 unset(self::$cache_contextsbyid[$ctx->id]);
5075 unset(self::$cache_contexts[$ctx->contextlevel][$ctx->instanceid]);
5076 self::$cache_count--;
5080 self::$cache_contexts[$context->contextlevel][$context->instanceid] = $context;
5081 self::$cache_contextsbyid[$context->id] = $context;
5082 self::$cache_count++;
5086 * Removes a context from the cache.
5088 * @static
5089 * @param context $context Context object to remove
5090 * @return void
5092 protected static function cache_remove(context $context) {
5093 if (!isset(self::$cache_contextsbyid[$context->id])) {
5094 // not cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
5095 return;
5097 unset(self::$cache_contexts[$context->contextlevel][$context->instanceid]);
5098 unset(self::$cache_contextsbyid[$context->id]);
5100 self::$cache_count--;
5102 if (self::$cache_count < 0) {
5103 self::$cache_count = 0;
5108 * Gets a context from the cache.
5110 * @static
5111 * @param int $contextlevel Context level
5112 * @param int $instance Instance ID
5113 * @return context|bool Context or false if not in cache
5115 protected static function cache_get($contextlevel, $instance) {
5116 if (isset(self::$cache_contexts[$contextlevel][$instance])) {
5117 return self::$cache_contexts[$contextlevel][$instance];
5119 return false;
5123 * Gets a context from the cache based on its id.
5125 * @static
5126 * @param int $id Context ID
5127 * @return context|bool Context or false if not in cache
5129 protected static function cache_get_by_id($id) {
5130 if (isset(self::$cache_contextsbyid[$id])) {
5131 return self::$cache_contextsbyid[$id];
5133 return false;
5137 * Preloads context information from db record and strips the cached info.
5139 * @static
5140 * @param stdClass $rec
5141 * @return void (modifies $rec)
5143 protected static function preload_from_record(stdClass $rec) {
5144 if (empty($rec->ctxid) or empty($rec->ctxlevel) or empty($rec->ctxinstance) or empty($rec->ctxpath) or empty($rec->ctxdepth)) {
5145 // $rec does not have enough data, passed here repeatedly or context does not exist yet
5146 return;
5149 // note: in PHP5 the objects are passed by reference, no need to return $rec
5150 $record = new stdClass();
5151 $record->id = $rec->ctxid; unset($rec->ctxid);
5152 $record->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel);
5153 $record->instanceid = $rec->ctxinstance; unset($rec->ctxinstance);
5154 $record->path = $rec->ctxpath; unset($rec->ctxpath);
5155 $record->depth = $rec->ctxdepth; unset($rec->ctxdepth);
5157 return context::create_instance_from_record($record);
5161 // ====== magic methods =======
5164 * Magic setter method, we do not want anybody to modify properties from the outside
5165 * @param string $name
5166 * @param mixed $value
5168 public function __set($name, $value) {
5169 debugging('Can not change context instance properties!');
5173 * Magic method getter, redirects to read only values.
5174 * @param string $name
5175 * @return mixed
5177 public function __get($name) {
5178 switch ($name) {
5179 case 'id': return $this->_id;
5180 case 'contextlevel': return $this->_contextlevel;
5181 case 'instanceid': return $this->_instanceid;
5182 case 'path': return $this->_path;
5183 case 'depth': return $this->_depth;
5185 default:
5186 debugging('Invalid context property accessed! '.$name);
5187 return null;
5192 * Full support for isset on our magic read only properties.
5193 * @param string $name
5194 * @return bool
5196 public function __isset($name) {
5197 switch ($name) {
5198 case 'id': return isset($this->_id);
5199 case 'contextlevel': return isset($this->_contextlevel);
5200 case 'instanceid': return isset($this->_instanceid);
5201 case 'path': return isset($this->_path);
5202 case 'depth': return isset($this->_depth);
5204 default: return false;
5210 * ALl properties are read only, sorry.
5211 * @param string $name
5213 public function __unset($name) {
5214 debugging('Can not unset context instance properties!');
5217 // ====== implementing method from interface IteratorAggregate ======
5220 * Create an iterator because magic vars can't be seen by 'foreach'.
5222 * Now we can convert context object to array using convert_to_array(),
5223 * and feed it properly to json_encode().
5225 public function getIterator() {
5226 $ret = array(
5227 'id' => $this->id,
5228 'contextlevel' => $this->contextlevel,
5229 'instanceid' => $this->instanceid,
5230 'path' => $this->path,
5231 'depth' => $this->depth
5233 return new ArrayIterator($ret);
5236 // ====== general context methods ======
5239 * Constructor is protected so that devs are forced to
5240 * use context_xxx::instance() or context::instance_by_id().
5242 * @param stdClass $record
5244 protected function __construct(stdClass $record) {
5245 $this->_id = $record->id;
5246 $this->_contextlevel = (int)$record->contextlevel;
5247 $this->_instanceid = $record->instanceid;
5248 $this->_path = $record->path;
5249 $this->_depth = $record->depth;
5253 * This function is also used to work around 'protected' keyword problems in context_helper.
5254 * @static
5255 * @param stdClass $record
5256 * @return context instance
5258 protected static function create_instance_from_record(stdClass $record) {
5259 $classname = context_helper::get_class_for_level($record->contextlevel);
5261 if ($context = context::cache_get_by_id($record->id)) {
5262 return $context;
5265 $context = new $classname($record);
5266 context::cache_add($context);
5268 return $context;
5272 * Copy prepared new contexts from temp table to context table,
5273 * we do this in db specific way for perf reasons only.
5274 * @static
5276 protected static function merge_context_temp_table() {
5277 global $DB;
5279 /* MDL-11347:
5280 * - mysql does not allow to use FROM in UPDATE statements
5281 * - using two tables after UPDATE works in mysql, but might give unexpected
5282 * results in pg 8 (depends on configuration)
5283 * - using table alias in UPDATE does not work in pg < 8.2
5285 * Different code for each database - mostly for performance reasons
5288 $dbfamily = $DB->get_dbfamily();
5289 if ($dbfamily == 'mysql') {
5290 $updatesql = "UPDATE {context} ct, {context_temp} temp
5291 SET ct.path = temp.path,
5292 ct.depth = temp.depth
5293 WHERE ct.id = temp.id";
5294 } else if ($dbfamily == 'oracle') {
5295 $updatesql = "UPDATE {context} ct
5296 SET (ct.path, ct.depth) =
5297 (SELECT temp.path, temp.depth
5298 FROM {context_temp} temp
5299 WHERE temp.id=ct.id)
5300 WHERE EXISTS (SELECT 'x'
5301 FROM {context_temp} temp
5302 WHERE temp.id = ct.id)";
5303 } else if ($dbfamily == 'postgres' or $dbfamily == 'mssql') {
5304 $updatesql = "UPDATE {context}
5305 SET path = temp.path,
5306 depth = temp.depth
5307 FROM {context_temp} temp
5308 WHERE temp.id={context}.id";
5309 } else {
5310 // sqlite and others
5311 $updatesql = "UPDATE {context}
5312 SET path = (SELECT path FROM {context_temp} WHERE id = {context}.id),
5313 depth = (SELECT depth FROM {context_temp} WHERE id = {context}.id)
5314 WHERE id IN (SELECT id FROM {context_temp})";
5317 $DB->execute($updatesql);
5321 * Get a context instance as an object, from a given context id.
5323 * @static
5324 * @param int $id context id
5325 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
5326 * MUST_EXIST means throw exception if no record found
5327 * @return context|bool the context object or false if not found
5329 public static function instance_by_id($id, $strictness = MUST_EXIST) {
5330 global $DB;
5332 if (get_called_class() !== 'context' and get_called_class() !== 'context_helper') {
5333 // some devs might confuse context->id and instanceid, better prevent these mistakes completely
5334 throw new coding_exception('use only context::instance_by_id() for real context levels use ::instance() methods');
5337 if ($id == SYSCONTEXTID) {
5338 return context_system::instance(0, $strictness);
5341 if (is_array($id) or is_object($id) or empty($id)) {
5342 throw new coding_exception('Invalid context id specified context::instance_by_id()');
5345 if ($context = context::cache_get_by_id($id)) {
5346 return $context;
5349 if ($record = $DB->get_record('context', array('id'=>$id), '*', $strictness)) {
5350 return context::create_instance_from_record($record);
5353 return false;
5357 * Update context info after moving context in the tree structure.
5359 * @param context $newparent
5360 * @return void
5362 public function update_moved(context $newparent) {
5363 global $DB;
5365 $frompath = $this->_path;
5366 $newpath = $newparent->path . '/' . $this->_id;
5368 $trans = $DB->start_delegated_transaction();
5370 $this->mark_dirty();
5372 $setdepth = '';
5373 if (($newparent->depth +1) != $this->_depth) {
5374 $diff = $newparent->depth - $this->_depth + 1;
5375 $setdepth = ", depth = depth + $diff";
5377 $sql = "UPDATE {context}
5378 SET path = ?
5379 $setdepth
5380 WHERE id = ?";
5381 $params = array($newpath, $this->_id);
5382 $DB->execute($sql, $params);
5384 $this->_path = $newpath;
5385 $this->_depth = $newparent->depth + 1;
5387 $sql = "UPDATE {context}
5388 SET path = ".$DB->sql_concat("?", $DB->sql_substr("path", strlen($frompath)+1))."
5389 $setdepth
5390 WHERE path LIKE ?";
5391 $params = array($newpath, "{$frompath}/%");
5392 $DB->execute($sql, $params);
5394 $this->mark_dirty();
5396 context::reset_caches();
5398 $trans->allow_commit();
5402 * Remove all context path info and optionally rebuild it.
5404 * @param bool $rebuild
5405 * @return void
5407 public function reset_paths($rebuild = true) {
5408 global $DB;
5410 if ($this->_path) {
5411 $this->mark_dirty();
5413 $DB->set_field_select('context', 'depth', 0, "path LIKE '%/$this->_id/%'");
5414 $DB->set_field_select('context', 'path', NULL, "path LIKE '%/$this->_id/%'");
5415 if ($this->_contextlevel != CONTEXT_SYSTEM) {
5416 $DB->set_field('context', 'depth', 0, array('id'=>$this->_id));
5417 $DB->set_field('context', 'path', NULL, array('id'=>$this->_id));
5418 $this->_depth = 0;
5419 $this->_path = null;
5422 if ($rebuild) {
5423 context_helper::build_all_paths(false);
5426 context::reset_caches();
5430 * Delete all data linked to content, do not delete the context record itself
5432 public function delete_content() {
5433 global $CFG, $DB;
5435 blocks_delete_all_for_context($this->_id);
5436 filter_delete_all_for_context($this->_id);
5438 require_once($CFG->dirroot . '/comment/lib.php');
5439 comment::delete_comments(array('contextid'=>$this->_id));
5441 require_once($CFG->dirroot.'/rating/lib.php');
5442 $delopt = new stdclass();
5443 $delopt->contextid = $this->_id;
5444 $rm = new rating_manager();
5445 $rm->delete_ratings($delopt);
5447 // delete all files attached to this context
5448 $fs = get_file_storage();
5449 $fs->delete_area_files($this->_id);
5451 // Delete all repository instances attached to this context.
5452 require_once($CFG->dirroot . '/repository/lib.php');
5453 repository::delete_all_for_context($this->_id);
5455 // delete all advanced grading data attached to this context
5456 require_once($CFG->dirroot.'/grade/grading/lib.php');
5457 grading_manager::delete_all_for_context($this->_id);
5459 // now delete stuff from role related tables, role_unassign_all
5460 // and unenrol should be called earlier to do proper cleanup
5461 $DB->delete_records('role_assignments', array('contextid'=>$this->_id));
5462 $DB->delete_records('role_capabilities', array('contextid'=>$this->_id));
5463 $DB->delete_records('role_names', array('contextid'=>$this->_id));
5467 * Delete the context content and the context record itself
5469 public function delete() {
5470 global $DB;
5472 if ($this->_contextlevel <= CONTEXT_SYSTEM) {
5473 throw new coding_exception('Cannot delete system context');
5476 // double check the context still exists
5477 if (!$DB->record_exists('context', array('id'=>$this->_id))) {
5478 context::cache_remove($this);
5479 return;
5482 $this->delete_content();
5483 $DB->delete_records('context', array('id'=>$this->_id));
5484 // purge static context cache if entry present
5485 context::cache_remove($this);
5487 // do not mark dirty contexts if parents unknown
5488 if (!is_null($this->_path) and $this->_depth > 0) {
5489 $this->mark_dirty();
5493 // ====== context level related methods ======
5496 * Utility method for context creation
5498 * @static
5499 * @param int $contextlevel
5500 * @param int $instanceid
5501 * @param string $parentpath
5502 * @return stdClass context record
5504 protected static function insert_context_record($contextlevel, $instanceid, $parentpath) {
5505 global $DB;
5507 $record = new stdClass();
5508 $record->contextlevel = $contextlevel;
5509 $record->instanceid = $instanceid;
5510 $record->depth = 0;
5511 $record->path = null; //not known before insert
5513 $record->id = $DB->insert_record('context', $record);
5515 // now add path if known - it can be added later
5516 if (!is_null($parentpath)) {
5517 $record->path = $parentpath.'/'.$record->id;
5518 $record->depth = substr_count($record->path, '/');
5519 $DB->update_record('context', $record);
5522 return $record;
5526 * Returns human readable context identifier.
5528 * @param boolean $withprefix whether to prefix the name of the context with the
5529 * type of context, e.g. User, Course, Forum, etc.
5530 * @param boolean $short whether to use the short name of the thing. Only applies
5531 * to course contexts
5532 * @return string the human readable context name.
5534 public function get_context_name($withprefix = true, $short = false) {
5535 // must be implemented in all context levels
5536 throw new coding_exception('can not get name of abstract context');
5540 * Returns the most relevant URL for this context.
5542 * @return moodle_url
5544 public abstract function get_url();
5547 * Returns array of relevant context capability records.
5549 * @return array
5551 public abstract function get_capabilities();
5554 * Recursive function which, given a context, find all its children context ids.
5556 * For course category contexts it will return immediate children and all subcategory contexts.
5557 * It will NOT recurse into courses or subcategories categories.
5558 * If you want to do that, call it on the returned courses/categories.
5560 * When called for a course context, it will return the modules and blocks
5561 * displayed in the course page and blocks displayed on the module pages.
5563 * If called on a user/course/module context it _will_ populate the cache with the appropriate
5564 * contexts ;-)
5566 * @return array Array of child records
5568 public function get_child_contexts() {
5569 global $DB;
5571 if (empty($this->_path) or empty($this->_depth)) {
5572 debugging('Can not find child contexts of context '.$this->_id.' try rebuilding of context paths');
5573 return array();
5576 $sql = "SELECT ctx.*
5577 FROM {context} ctx
5578 WHERE ctx.path LIKE ?";
5579 $params = array($this->_path.'/%');
5580 $records = $DB->get_records_sql($sql, $params);
5582 $result = array();
5583 foreach ($records as $record) {
5584 $result[$record->id] = context::create_instance_from_record($record);
5587 return $result;
5591 * Returns parent contexts of this context in reversed order, i.e. parent first,
5592 * then grand parent, etc.
5594 * @param bool $includeself tre means include self too
5595 * @return array of context instances
5597 public function get_parent_contexts($includeself = false) {
5598 if (!$contextids = $this->get_parent_context_ids($includeself)) {
5599 return array();
5602 $result = array();
5603 foreach ($contextids as $contextid) {
5604 $parent = context::instance_by_id($contextid, MUST_EXIST);
5605 $result[$parent->id] = $parent;
5608 return $result;
5612 * Returns parent contexts of this context in reversed order, i.e. parent first,
5613 * then grand parent, etc.
5615 * @param bool $includeself tre means include self too
5616 * @return array of context ids
5618 public function get_parent_context_ids($includeself = false) {
5619 if (empty($this->_path)) {
5620 return array();
5623 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5624 $parentcontexts = explode('/', $parentcontexts);
5625 if (!$includeself) {
5626 array_pop($parentcontexts); // and remove its own id
5629 return array_reverse($parentcontexts);
5633 * Returns parent context
5635 * @return context
5637 public function get_parent_context() {
5638 if (empty($this->_path) or $this->_id == SYSCONTEXTID) {
5639 return false;
5642 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5643 $parentcontexts = explode('/', $parentcontexts);
5644 array_pop($parentcontexts); // self
5645 $contextid = array_pop($parentcontexts); // immediate parent
5647 return context::instance_by_id($contextid, MUST_EXIST);
5651 * Is this context part of any course? If yes return course context.
5653 * @param bool $strict true means throw exception if not found, false means return false if not found
5654 * @return course_context context of the enclosing course, null if not found or exception
5656 public function get_course_context($strict = true) {
5657 if ($strict) {
5658 throw new coding_exception('Context does not belong to any course.');
5659 } else {
5660 return false;
5665 * Returns sql necessary for purging of stale context instances.
5667 * @static
5668 * @return string cleanup SQL
5670 protected static function get_cleanup_sql() {
5671 throw new coding_exception('get_cleanup_sql() method must be implemented in all context levels');
5675 * Rebuild context paths and depths at context level.
5677 * @static
5678 * @param bool $force
5679 * @return void
5681 protected static function build_paths($force) {
5682 throw new coding_exception('build_paths() method must be implemented in all context levels');
5686 * Create missing context instances at given level
5688 * @static
5689 * @return void
5691 protected static function create_level_instances() {
5692 throw new coding_exception('create_level_instances() method must be implemented in all context levels');
5696 * Reset all cached permissions and definitions if the necessary.
5697 * @return void
5699 public function reload_if_dirty() {
5700 global $ACCESSLIB_PRIVATE, $USER;
5702 // Load dirty contexts list if needed
5703 if (CLI_SCRIPT) {
5704 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5705 // we do not load dirty flags in CLI and cron
5706 $ACCESSLIB_PRIVATE->dirtycontexts = array();
5708 } else {
5709 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5710 if (!isset($USER->access['time'])) {
5711 // nothing was loaded yet, we do not need to check dirty contexts now
5712 return;
5714 // no idea why -2 is there, server cluster time difference maybe... (skodak)
5715 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5719 foreach ($ACCESSLIB_PRIVATE->dirtycontexts as $path=>$unused) {
5720 if ($path === $this->_path or strpos($this->_path, $path.'/') === 0) {
5721 // reload all capabilities of USER and others - preserving loginas, roleswitches, etc
5722 // and then cleanup any marks of dirtyness... at least from our short term memory! :-)
5723 reload_all_capabilities();
5724 break;
5730 * Mark a context as dirty (with timestamp) so as to force reloading of the context.
5732 public function mark_dirty() {
5733 global $CFG, $USER, $ACCESSLIB_PRIVATE;
5735 if (during_initial_install()) {
5736 return;
5739 // only if it is a non-empty string
5740 if (is_string($this->_path) && $this->_path !== '') {
5741 set_cache_flag('accesslib/dirtycontexts', $this->_path, 1, time()+$CFG->sessiontimeout);
5742 if (isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5743 $ACCESSLIB_PRIVATE->dirtycontexts[$this->_path] = 1;
5744 } else {
5745 if (CLI_SCRIPT) {
5746 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5747 } else {
5748 if (isset($USER->access['time'])) {
5749 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5750 } else {
5751 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5753 // flags not loaded yet, it will be done later in $context->reload_if_dirty()
5762 * Context maintenance and helper methods.
5764 * This is "extends context" is a bloody hack that tires to work around the deficiencies
5765 * in the "protected" keyword in PHP, this helps us to hide all the internals of context
5766 * level implementation from the rest of code, the code completion returns what developers need.
5768 * Thank you Tim Hunt for helping me with this nasty trick.
5770 * @package core_access
5771 * @category access
5772 * @copyright Petr Skoda {@link http://skodak.org}
5773 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5774 * @since 2.2
5776 class context_helper extends context {
5779 * @var array An array mapping context levels to classes
5781 private static $alllevels;
5784 * Instance does not make sense here, only static use
5786 protected function __construct() {
5790 * Initialise context levels, call before using self::$alllevels.
5792 private static function init_levels() {
5793 global $CFG;
5795 if (isset(self::$alllevels)) {
5796 return;
5798 self::$alllevels = array(
5799 CONTEXT_SYSTEM => 'context_system',
5800 CONTEXT_USER => 'context_user',
5801 CONTEXT_COURSECAT => 'context_coursecat',
5802 CONTEXT_COURSE => 'context_course',
5803 CONTEXT_MODULE => 'context_module',
5804 CONTEXT_BLOCK => 'context_block',
5807 if (empty($CFG->custom_context_classes)) {
5808 return;
5811 // Unsupported custom levels, use with care!!!
5812 foreach ($CFG->custom_context_classes as $level => $classname) {
5813 self::$alllevels[$level] = $classname;
5815 ksort(self::$alllevels);
5819 * Returns a class name of the context level class
5821 * @static
5822 * @param int $contextlevel (CONTEXT_SYSTEM, etc.)
5823 * @return string class name of the context class
5825 public static function get_class_for_level($contextlevel) {
5826 self::init_levels();
5827 if (isset(self::$alllevels[$contextlevel])) {
5828 return self::$alllevels[$contextlevel];
5829 } else {
5830 throw new coding_exception('Invalid context level specified');
5835 * Returns a list of all context levels
5837 * @static
5838 * @return array int=>string (level=>level class name)
5840 public static function get_all_levels() {
5841 self::init_levels();
5842 return self::$alllevels;
5846 * Remove stale contexts that belonged to deleted instances.
5847 * Ideally all code should cleanup contexts properly, unfortunately accidents happen...
5849 * @static
5850 * @return void
5852 public static function cleanup_instances() {
5853 global $DB;
5854 self::init_levels();
5856 $sqls = array();
5857 foreach (self::$alllevels as $level=>$classname) {
5858 $sqls[] = $classname::get_cleanup_sql();
5861 $sql = implode(" UNION ", $sqls);
5863 // it is probably better to use transactions, it might be faster too
5864 $transaction = $DB->start_delegated_transaction();
5866 $rs = $DB->get_recordset_sql($sql);
5867 foreach ($rs as $record) {
5868 $context = context::create_instance_from_record($record);
5869 $context->delete();
5871 $rs->close();
5873 $transaction->allow_commit();
5877 * Create all context instances at the given level and above.
5879 * @static
5880 * @param int $contextlevel null means all levels
5881 * @param bool $buildpaths
5882 * @return void
5884 public static function create_instances($contextlevel = null, $buildpaths = true) {
5885 self::init_levels();
5886 foreach (self::$alllevels as $level=>$classname) {
5887 if ($contextlevel and $level > $contextlevel) {
5888 // skip potential sub-contexts
5889 continue;
5891 $classname::create_level_instances();
5892 if ($buildpaths) {
5893 $classname::build_paths(false);
5899 * Rebuild paths and depths in all context levels.
5901 * @static
5902 * @param bool $force false means add missing only
5903 * @return void
5905 public static function build_all_paths($force = false) {
5906 self::init_levels();
5907 foreach (self::$alllevels as $classname) {
5908 $classname::build_paths($force);
5911 // reset static course cache - it might have incorrect cached data
5912 accesslib_clear_all_caches(true);
5916 * Resets the cache to remove all data.
5917 * @static
5919 public static function reset_caches() {
5920 context::reset_caches();
5924 * Returns all fields necessary for context preloading from user $rec.
5926 * This helps with performance when dealing with hundreds of contexts.
5928 * @static
5929 * @param string $tablealias context table alias in the query
5930 * @return array (table.column=>alias, ...)
5932 public static function get_preload_record_columns($tablealias) {
5933 return array("$tablealias.id"=>"ctxid", "$tablealias.path"=>"ctxpath", "$tablealias.depth"=>"ctxdepth", "$tablealias.contextlevel"=>"ctxlevel", "$tablealias.instanceid"=>"ctxinstance");
5937 * Returns all fields necessary for context preloading from user $rec.
5939 * This helps with performance when dealing with hundreds of contexts.
5941 * @static
5942 * @param string $tablealias context table alias in the query
5943 * @return string
5945 public static function get_preload_record_columns_sql($tablealias) {
5946 return "$tablealias.id AS ctxid, $tablealias.path AS ctxpath, $tablealias.depth AS ctxdepth, $tablealias.contextlevel AS ctxlevel, $tablealias.instanceid AS ctxinstance";
5950 * Preloads context information from db record and strips the cached info.
5952 * The db request has to contain all columns from context_helper::get_preload_record_columns().
5954 * @static
5955 * @param stdClass $rec
5956 * @return void (modifies $rec)
5958 public static function preload_from_record(stdClass $rec) {
5959 context::preload_from_record($rec);
5963 * Preload all contexts instances from course.
5965 * To be used if you expect multiple queries for course activities...
5967 * @static
5968 * @param int $courseid
5970 public static function preload_course($courseid) {
5971 // Users can call this multiple times without doing any harm
5972 if (isset(context::$cache_preloaded[$courseid])) {
5973 return;
5975 $coursecontext = context_course::instance($courseid);
5976 $coursecontext->get_child_contexts();
5978 context::$cache_preloaded[$courseid] = true;
5982 * Delete context instance
5984 * @static
5985 * @param int $contextlevel
5986 * @param int $instanceid
5987 * @return void
5989 public static function delete_instance($contextlevel, $instanceid) {
5990 global $DB;
5992 // double check the context still exists
5993 if ($record = $DB->get_record('context', array('contextlevel'=>$contextlevel, 'instanceid'=>$instanceid))) {
5994 $context = context::create_instance_from_record($record);
5995 $context->delete();
5996 } else {
5997 // we should try to purge the cache anyway
6002 * Returns the name of specified context level
6004 * @static
6005 * @param int $contextlevel
6006 * @return string name of the context level
6008 public static function get_level_name($contextlevel) {
6009 $classname = context_helper::get_class_for_level($contextlevel);
6010 return $classname::get_level_name();
6014 * not used
6016 public function get_url() {
6020 * not used
6022 public function get_capabilities() {
6028 * System context class
6030 * @package core_access
6031 * @category access
6032 * @copyright Petr Skoda {@link http://skodak.org}
6033 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6034 * @since 2.2
6036 class context_system extends context {
6038 * Please use context_system::instance() if you need the instance of context.
6040 * @param stdClass $record
6042 protected function __construct(stdClass $record) {
6043 parent::__construct($record);
6044 if ($record->contextlevel != CONTEXT_SYSTEM) {
6045 throw new coding_exception('Invalid $record->contextlevel in context_system constructor.');
6050 * Returns human readable context level name.
6052 * @static
6053 * @return string the human readable context level name.
6055 public static function get_level_name() {
6056 return get_string('coresystem');
6060 * Returns human readable context identifier.
6062 * @param boolean $withprefix does not apply to system context
6063 * @param boolean $short does not apply to system context
6064 * @return string the human readable context name.
6066 public function get_context_name($withprefix = true, $short = false) {
6067 return self::get_level_name();
6071 * Returns the most relevant URL for this context.
6073 * @return moodle_url
6075 public function get_url() {
6076 return new moodle_url('/');
6080 * Returns array of relevant context capability records.
6082 * @return array
6084 public function get_capabilities() {
6085 global $DB;
6087 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6089 $params = array();
6090 $sql = "SELECT *
6091 FROM {capabilities}";
6093 return $DB->get_records_sql($sql.' '.$sort, $params);
6097 * Create missing context instances at system context
6098 * @static
6100 protected static function create_level_instances() {
6101 // nothing to do here, the system context is created automatically in installer
6102 self::instance(0);
6106 * Returns system context instance.
6108 * @static
6109 * @param int $instanceid
6110 * @param int $strictness
6111 * @param bool $cache
6112 * @return context_system context instance
6114 public static function instance($instanceid = 0, $strictness = MUST_EXIST, $cache = true) {
6115 global $DB;
6117 if ($instanceid != 0) {
6118 debugging('context_system::instance(): invalid $id parameter detected, should be 0');
6121 if (defined('SYSCONTEXTID') and $cache) { // dangerous: define this in config.php to eliminate 1 query/page
6122 if (!isset(context::$systemcontext)) {
6123 $record = new stdClass();
6124 $record->id = SYSCONTEXTID;
6125 $record->contextlevel = CONTEXT_SYSTEM;
6126 $record->instanceid = 0;
6127 $record->path = '/'.SYSCONTEXTID;
6128 $record->depth = 1;
6129 context::$systemcontext = new context_system($record);
6131 return context::$systemcontext;
6135 try {
6136 // We ignore the strictness completely because system context must exist except during install.
6137 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
6138 } catch (dml_exception $e) {
6139 //table or record does not exist
6140 if (!during_initial_install()) {
6141 // do not mess with system context after install, it simply must exist
6142 throw $e;
6144 $record = null;
6147 if (!$record) {
6148 $record = new stdClass();
6149 $record->contextlevel = CONTEXT_SYSTEM;
6150 $record->instanceid = 0;
6151 $record->depth = 1;
6152 $record->path = null; //not known before insert
6154 try {
6155 if ($DB->count_records('context')) {
6156 // contexts already exist, this is very weird, system must be first!!!
6157 return null;
6159 if (defined('SYSCONTEXTID')) {
6160 // this would happen only in unittest on sites that went through weird 1.7 upgrade
6161 $record->id = SYSCONTEXTID;
6162 $DB->import_record('context', $record);
6163 $DB->get_manager()->reset_sequence('context');
6164 } else {
6165 $record->id = $DB->insert_record('context', $record);
6167 } catch (dml_exception $e) {
6168 // can not create context - table does not exist yet, sorry
6169 return null;
6173 if ($record->instanceid != 0) {
6174 // this is very weird, somebody must be messing with context table
6175 debugging('Invalid system context detected');
6178 if ($record->depth != 1 or $record->path != '/'.$record->id) {
6179 // fix path if necessary, initial install or path reset
6180 $record->depth = 1;
6181 $record->path = '/'.$record->id;
6182 $DB->update_record('context', $record);
6185 if (!defined('SYSCONTEXTID')) {
6186 define('SYSCONTEXTID', $record->id);
6189 context::$systemcontext = new context_system($record);
6190 return context::$systemcontext;
6194 * Returns all site contexts except the system context, DO NOT call on production servers!!
6196 * Contexts are not cached.
6198 * @return array
6200 public function get_child_contexts() {
6201 global $DB;
6203 debugging('Fetching of system context child courses is strongly discouraged on production servers (it may eat all available memory)!');
6205 // Just get all the contexts except for CONTEXT_SYSTEM level
6206 // and hope we don't OOM in the process - don't cache
6207 $sql = "SELECT c.*
6208 FROM {context} c
6209 WHERE contextlevel > ".CONTEXT_SYSTEM;
6210 $records = $DB->get_records_sql($sql);
6212 $result = array();
6213 foreach ($records as $record) {
6214 $result[$record->id] = context::create_instance_from_record($record);
6217 return $result;
6221 * Returns sql necessary for purging of stale context instances.
6223 * @static
6224 * @return string cleanup SQL
6226 protected static function get_cleanup_sql() {
6227 $sql = "
6228 SELECT c.*
6229 FROM {context} c
6230 WHERE 1=2
6233 return $sql;
6237 * Rebuild context paths and depths at system context level.
6239 * @static
6240 * @param bool $force
6242 protected static function build_paths($force) {
6243 global $DB;
6245 /* note: ignore $force here, we always do full test of system context */
6247 // exactly one record must exist
6248 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
6250 if ($record->instanceid != 0) {
6251 debugging('Invalid system context detected');
6254 if (defined('SYSCONTEXTID') and $record->id != SYSCONTEXTID) {
6255 debugging('Invalid SYSCONTEXTID detected');
6258 if ($record->depth != 1 or $record->path != '/'.$record->id) {
6259 // fix path if necessary, initial install or path reset
6260 $record->depth = 1;
6261 $record->path = '/'.$record->id;
6262 $DB->update_record('context', $record);
6269 * User context class
6271 * @package core_access
6272 * @category access
6273 * @copyright Petr Skoda {@link http://skodak.org}
6274 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6275 * @since 2.2
6277 class context_user extends context {
6279 * Please use context_user::instance($userid) if you need the instance of context.
6280 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6282 * @param stdClass $record
6284 protected function __construct(stdClass $record) {
6285 parent::__construct($record);
6286 if ($record->contextlevel != CONTEXT_USER) {
6287 throw new coding_exception('Invalid $record->contextlevel in context_user constructor.');
6292 * Returns human readable context level name.
6294 * @static
6295 * @return string the human readable context level name.
6297 public static function get_level_name() {
6298 return get_string('user');
6302 * Returns human readable context identifier.
6304 * @param boolean $withprefix whether to prefix the name of the context with User
6305 * @param boolean $short does not apply to user context
6306 * @return string the human readable context name.
6308 public function get_context_name($withprefix = true, $short = false) {
6309 global $DB;
6311 $name = '';
6312 if ($user = $DB->get_record('user', array('id'=>$this->_instanceid, 'deleted'=>0))) {
6313 if ($withprefix){
6314 $name = get_string('user').': ';
6316 $name .= fullname($user);
6318 return $name;
6322 * Returns the most relevant URL for this context.
6324 * @return moodle_url
6326 public function get_url() {
6327 global $COURSE;
6329 if ($COURSE->id == SITEID) {
6330 $url = new moodle_url('/user/profile.php', array('id'=>$this->_instanceid));
6331 } else {
6332 $url = new moodle_url('/user/view.php', array('id'=>$this->_instanceid, 'courseid'=>$COURSE->id));
6334 return $url;
6338 * Returns array of relevant context capability records.
6340 * @return array
6342 public function get_capabilities() {
6343 global $DB;
6345 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6347 $extracaps = array('moodle/grade:viewall');
6348 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
6349 $sql = "SELECT *
6350 FROM {capabilities}
6351 WHERE contextlevel = ".CONTEXT_USER."
6352 OR name $extra";
6354 return $records = $DB->get_records_sql($sql.' '.$sort, $params);
6358 * Returns user context instance.
6360 * @static
6361 * @param int $instanceid
6362 * @param int $strictness
6363 * @return context_user context instance
6365 public static function instance($instanceid, $strictness = MUST_EXIST) {
6366 global $DB;
6368 if ($context = context::cache_get(CONTEXT_USER, $instanceid)) {
6369 return $context;
6372 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_USER, 'instanceid'=>$instanceid))) {
6373 if ($user = $DB->get_record('user', array('id'=>$instanceid, 'deleted'=>0), 'id', $strictness)) {
6374 $record = context::insert_context_record(CONTEXT_USER, $user->id, '/'.SYSCONTEXTID, 0);
6378 if ($record) {
6379 $context = new context_user($record);
6380 context::cache_add($context);
6381 return $context;
6384 return false;
6388 * Create missing context instances at user context level
6389 * @static
6391 protected static function create_level_instances() {
6392 global $DB;
6394 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6395 SELECT ".CONTEXT_USER.", u.id
6396 FROM {user} u
6397 WHERE u.deleted = 0
6398 AND NOT EXISTS (SELECT 'x'
6399 FROM {context} cx
6400 WHERE u.id = cx.instanceid AND cx.contextlevel=".CONTEXT_USER.")";
6401 $DB->execute($sql);
6405 * Returns sql necessary for purging of stale context instances.
6407 * @static
6408 * @return string cleanup SQL
6410 protected static function get_cleanup_sql() {
6411 $sql = "
6412 SELECT c.*
6413 FROM {context} c
6414 LEFT OUTER JOIN {user} u ON (c.instanceid = u.id AND u.deleted = 0)
6415 WHERE u.id IS NULL AND c.contextlevel = ".CONTEXT_USER."
6418 return $sql;
6422 * Rebuild context paths and depths at user context level.
6424 * @static
6425 * @param bool $force
6427 protected static function build_paths($force) {
6428 global $DB;
6430 // First update normal users.
6431 $path = $DB->sql_concat('?', 'id');
6432 $pathstart = '/' . SYSCONTEXTID . '/';
6433 $params = array($pathstart);
6435 if ($force) {
6436 $where = "depth <> 2 OR path IS NULL OR path <> ({$path})";
6437 $params[] = $pathstart;
6438 } else {
6439 $where = "depth = 0 OR path IS NULL";
6442 $sql = "UPDATE {context}
6443 SET depth = 2,
6444 path = {$path}
6445 WHERE contextlevel = " . CONTEXT_USER . "
6446 AND ($where)";
6447 $DB->execute($sql, $params);
6453 * Course category context class
6455 * @package core_access
6456 * @category access
6457 * @copyright Petr Skoda {@link http://skodak.org}
6458 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6459 * @since 2.2
6461 class context_coursecat extends context {
6463 * Please use context_coursecat::instance($coursecatid) if you need the instance of context.
6464 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6466 * @param stdClass $record
6468 protected function __construct(stdClass $record) {
6469 parent::__construct($record);
6470 if ($record->contextlevel != CONTEXT_COURSECAT) {
6471 throw new coding_exception('Invalid $record->contextlevel in context_coursecat constructor.');
6476 * Returns human readable context level name.
6478 * @static
6479 * @return string the human readable context level name.
6481 public static function get_level_name() {
6482 return get_string('category');
6486 * Returns human readable context identifier.
6488 * @param boolean $withprefix whether to prefix the name of the context with Category
6489 * @param boolean $short does not apply to course categories
6490 * @return string the human readable context name.
6492 public function get_context_name($withprefix = true, $short = false) {
6493 global $DB;
6495 $name = '';
6496 if ($category = $DB->get_record('course_categories', array('id'=>$this->_instanceid))) {
6497 if ($withprefix){
6498 $name = get_string('category').': ';
6500 $name .= format_string($category->name, true, array('context' => $this));
6502 return $name;
6506 * Returns the most relevant URL for this context.
6508 * @return moodle_url
6510 public function get_url() {
6511 return new moodle_url('/course/index.php', array('categoryid' => $this->_instanceid));
6515 * Returns array of relevant context capability records.
6517 * @return array
6519 public function get_capabilities() {
6520 global $DB;
6522 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6524 $params = array();
6525 $sql = "SELECT *
6526 FROM {capabilities}
6527 WHERE contextlevel IN (".CONTEXT_COURSECAT.",".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6529 return $DB->get_records_sql($sql.' '.$sort, $params);
6533 * Returns course category context instance.
6535 * @static
6536 * @param int $instanceid
6537 * @param int $strictness
6538 * @return context_coursecat context instance
6540 public static function instance($instanceid, $strictness = MUST_EXIST) {
6541 global $DB;
6543 if ($context = context::cache_get(CONTEXT_COURSECAT, $instanceid)) {
6544 return $context;
6547 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSECAT, 'instanceid'=>$instanceid))) {
6548 if ($category = $DB->get_record('course_categories', array('id'=>$instanceid), 'id,parent', $strictness)) {
6549 if ($category->parent) {
6550 $parentcontext = context_coursecat::instance($category->parent);
6551 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, $parentcontext->path);
6552 } else {
6553 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, '/'.SYSCONTEXTID, 0);
6558 if ($record) {
6559 $context = new context_coursecat($record);
6560 context::cache_add($context);
6561 return $context;
6564 return false;
6568 * Returns immediate child contexts of category and all subcategories,
6569 * children of subcategories and courses are not returned.
6571 * @return array
6573 public function get_child_contexts() {
6574 global $DB;
6576 if (empty($this->_path) or empty($this->_depth)) {
6577 debugging('Can not find child contexts of context '.$this->_id.' try rebuilding of context paths');
6578 return array();
6581 $sql = "SELECT ctx.*
6582 FROM {context} ctx
6583 WHERE ctx.path LIKE ? AND (ctx.depth = ? OR ctx.contextlevel = ?)";
6584 $params = array($this->_path.'/%', $this->depth+1, CONTEXT_COURSECAT);
6585 $records = $DB->get_records_sql($sql, $params);
6587 $result = array();
6588 foreach ($records as $record) {
6589 $result[$record->id] = context::create_instance_from_record($record);
6592 return $result;
6596 * Create missing context instances at course category context level
6597 * @static
6599 protected static function create_level_instances() {
6600 global $DB;
6602 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6603 SELECT ".CONTEXT_COURSECAT.", cc.id
6604 FROM {course_categories} cc
6605 WHERE NOT EXISTS (SELECT 'x'
6606 FROM {context} cx
6607 WHERE cc.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSECAT.")";
6608 $DB->execute($sql);
6612 * Returns sql necessary for purging of stale context instances.
6614 * @static
6615 * @return string cleanup SQL
6617 protected static function get_cleanup_sql() {
6618 $sql = "
6619 SELECT c.*
6620 FROM {context} c
6621 LEFT OUTER JOIN {course_categories} cc ON c.instanceid = cc.id
6622 WHERE cc.id IS NULL AND c.contextlevel = ".CONTEXT_COURSECAT."
6625 return $sql;
6629 * Rebuild context paths and depths at course category context level.
6631 * @static
6632 * @param bool $force
6634 protected static function build_paths($force) {
6635 global $DB;
6637 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSECAT." AND (depth = 0 OR path IS NULL)")) {
6638 if ($force) {
6639 $ctxemptyclause = $emptyclause = '';
6640 } else {
6641 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6642 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6645 $base = '/'.SYSCONTEXTID;
6647 // Normal top level categories
6648 $sql = "UPDATE {context}
6649 SET depth=2,
6650 path=".$DB->sql_concat("'$base/'", 'id')."
6651 WHERE contextlevel=".CONTEXT_COURSECAT."
6652 AND EXISTS (SELECT 'x'
6653 FROM {course_categories} cc
6654 WHERE cc.id = {context}.instanceid AND cc.depth=1)
6655 $emptyclause";
6656 $DB->execute($sql);
6658 // Deeper categories - one query per depthlevel
6659 $maxdepth = $DB->get_field_sql("SELECT MAX(depth) FROM {course_categories}");
6660 for ($n=2; $n<=$maxdepth; $n++) {
6661 $sql = "INSERT INTO {context_temp} (id, path, depth)
6662 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6663 FROM {context} ctx
6664 JOIN {course_categories} cc ON (cc.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSECAT." AND cc.depth = $n)
6665 JOIN {context} pctx ON (pctx.instanceid = cc.parent AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6666 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6667 $ctxemptyclause";
6668 $trans = $DB->start_delegated_transaction();
6669 $DB->delete_records('context_temp');
6670 $DB->execute($sql);
6671 context::merge_context_temp_table();
6672 $DB->delete_records('context_temp');
6673 $trans->allow_commit();
6682 * Course context class
6684 * @package core_access
6685 * @category access
6686 * @copyright Petr Skoda {@link http://skodak.org}
6687 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6688 * @since 2.2
6690 class context_course extends context {
6692 * Please use context_course::instance($courseid) if you need the instance of context.
6693 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6695 * @param stdClass $record
6697 protected function __construct(stdClass $record) {
6698 parent::__construct($record);
6699 if ($record->contextlevel != CONTEXT_COURSE) {
6700 throw new coding_exception('Invalid $record->contextlevel in context_course constructor.');
6705 * Returns human readable context level name.
6707 * @static
6708 * @return string the human readable context level name.
6710 public static function get_level_name() {
6711 return get_string('course');
6715 * Returns human readable context identifier.
6717 * @param boolean $withprefix whether to prefix the name of the context with Course
6718 * @param boolean $short whether to use the short name of the thing.
6719 * @return string the human readable context name.
6721 public function get_context_name($withprefix = true, $short = false) {
6722 global $DB;
6724 $name = '';
6725 if ($this->_instanceid == SITEID) {
6726 $name = get_string('frontpage', 'admin');
6727 } else {
6728 if ($course = $DB->get_record('course', array('id'=>$this->_instanceid))) {
6729 if ($withprefix){
6730 $name = get_string('course').': ';
6732 if ($short){
6733 $name .= format_string($course->shortname, true, array('context' => $this));
6734 } else {
6735 $name .= format_string(get_course_display_name_for_list($course));
6739 return $name;
6743 * Returns the most relevant URL for this context.
6745 * @return moodle_url
6747 public function get_url() {
6748 if ($this->_instanceid != SITEID) {
6749 return new moodle_url('/course/view.php', array('id'=>$this->_instanceid));
6752 return new moodle_url('/');
6756 * Returns array of relevant context capability records.
6758 * @return array
6760 public function get_capabilities() {
6761 global $DB;
6763 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6765 $params = array();
6766 $sql = "SELECT *
6767 FROM {capabilities}
6768 WHERE contextlevel IN (".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6770 return $DB->get_records_sql($sql.' '.$sort, $params);
6774 * Is this context part of any course? If yes return course context.
6776 * @param bool $strict true means throw exception if not found, false means return false if not found
6777 * @return course_context context of the enclosing course, null if not found or exception
6779 public function get_course_context($strict = true) {
6780 return $this;
6784 * Returns course context instance.
6786 * @static
6787 * @param int $instanceid
6788 * @param int $strictness
6789 * @return context_course context instance
6791 public static function instance($instanceid, $strictness = MUST_EXIST) {
6792 global $DB;
6794 if ($context = context::cache_get(CONTEXT_COURSE, $instanceid)) {
6795 return $context;
6798 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSE, 'instanceid'=>$instanceid))) {
6799 if ($course = $DB->get_record('course', array('id'=>$instanceid), 'id,category', $strictness)) {
6800 if ($course->category) {
6801 $parentcontext = context_coursecat::instance($course->category);
6802 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, $parentcontext->path);
6803 } else {
6804 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, '/'.SYSCONTEXTID, 0);
6809 if ($record) {
6810 $context = new context_course($record);
6811 context::cache_add($context);
6812 return $context;
6815 return false;
6819 * Create missing context instances at course context level
6820 * @static
6822 protected static function create_level_instances() {
6823 global $DB;
6825 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6826 SELECT ".CONTEXT_COURSE.", c.id
6827 FROM {course} c
6828 WHERE NOT EXISTS (SELECT 'x'
6829 FROM {context} cx
6830 WHERE c.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSE.")";
6831 $DB->execute($sql);
6835 * Returns sql necessary for purging of stale context instances.
6837 * @static
6838 * @return string cleanup SQL
6840 protected static function get_cleanup_sql() {
6841 $sql = "
6842 SELECT c.*
6843 FROM {context} c
6844 LEFT OUTER JOIN {course} co ON c.instanceid = co.id
6845 WHERE co.id IS NULL AND c.contextlevel = ".CONTEXT_COURSE."
6848 return $sql;
6852 * Rebuild context paths and depths at course context level.
6854 * @static
6855 * @param bool $force
6857 protected static function build_paths($force) {
6858 global $DB;
6860 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSE." AND (depth = 0 OR path IS NULL)")) {
6861 if ($force) {
6862 $ctxemptyclause = $emptyclause = '';
6863 } else {
6864 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6865 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6868 $base = '/'.SYSCONTEXTID;
6870 // Standard frontpage
6871 $sql = "UPDATE {context}
6872 SET depth = 2,
6873 path = ".$DB->sql_concat("'$base/'", 'id')."
6874 WHERE contextlevel = ".CONTEXT_COURSE."
6875 AND EXISTS (SELECT 'x'
6876 FROM {course} c
6877 WHERE c.id = {context}.instanceid AND c.category = 0)
6878 $emptyclause";
6879 $DB->execute($sql);
6881 // standard courses
6882 $sql = "INSERT INTO {context_temp} (id, path, depth)
6883 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6884 FROM {context} ctx
6885 JOIN {course} c ON (c.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSE." AND c.category <> 0)
6886 JOIN {context} pctx ON (pctx.instanceid = c.category AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6887 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6888 $ctxemptyclause";
6889 $trans = $DB->start_delegated_transaction();
6890 $DB->delete_records('context_temp');
6891 $DB->execute($sql);
6892 context::merge_context_temp_table();
6893 $DB->delete_records('context_temp');
6894 $trans->allow_commit();
6901 * Course module context class
6903 * @package core_access
6904 * @category access
6905 * @copyright Petr Skoda {@link http://skodak.org}
6906 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6907 * @since 2.2
6909 class context_module extends context {
6911 * Please use context_module::instance($cmid) if you need the instance of context.
6912 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6914 * @param stdClass $record
6916 protected function __construct(stdClass $record) {
6917 parent::__construct($record);
6918 if ($record->contextlevel != CONTEXT_MODULE) {
6919 throw new coding_exception('Invalid $record->contextlevel in context_module constructor.');
6924 * Returns human readable context level name.
6926 * @static
6927 * @return string the human readable context level name.
6929 public static function get_level_name() {
6930 return get_string('activitymodule');
6934 * Returns human readable context identifier.
6936 * @param boolean $withprefix whether to prefix the name of the context with the
6937 * module name, e.g. Forum, Glossary, etc.
6938 * @param boolean $short does not apply to module context
6939 * @return string the human readable context name.
6941 public function get_context_name($withprefix = true, $short = false) {
6942 global $DB;
6944 $name = '';
6945 if ($cm = $DB->get_record_sql("SELECT cm.*, md.name AS modname
6946 FROM {course_modules} cm
6947 JOIN {modules} md ON md.id = cm.module
6948 WHERE cm.id = ?", array($this->_instanceid))) {
6949 if ($mod = $DB->get_record($cm->modname, array('id' => $cm->instance))) {
6950 if ($withprefix){
6951 $name = get_string('modulename', $cm->modname).': ';
6953 $name .= format_string($mod->name, true, array('context' => $this));
6956 return $name;
6960 * Returns the most relevant URL for this context.
6962 * @return moodle_url
6964 public function get_url() {
6965 global $DB;
6967 if ($modname = $DB->get_field_sql("SELECT md.name AS modname
6968 FROM {course_modules} cm
6969 JOIN {modules} md ON md.id = cm.module
6970 WHERE cm.id = ?", array($this->_instanceid))) {
6971 return new moodle_url('/mod/' . $modname . '/view.php', array('id'=>$this->_instanceid));
6974 return new moodle_url('/');
6978 * Returns array of relevant context capability records.
6980 * @return array
6982 public function get_capabilities() {
6983 global $DB, $CFG;
6985 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6987 $cm = $DB->get_record('course_modules', array('id'=>$this->_instanceid));
6988 $module = $DB->get_record('modules', array('id'=>$cm->module));
6990 $subcaps = array();
6991 $subpluginsfile = "$CFG->dirroot/mod/$module->name/db/subplugins.php";
6992 if (file_exists($subpluginsfile)) {
6993 $subplugins = array(); // should be redefined in the file
6994 include($subpluginsfile);
6995 if (!empty($subplugins)) {
6996 foreach (array_keys($subplugins) as $subplugintype) {
6997 foreach (array_keys(core_component::get_plugin_list($subplugintype)) as $subpluginname) {
6998 $subcaps = array_merge($subcaps, array_keys(load_capability_def($subplugintype.'_'.$subpluginname)));
7004 $modfile = "$CFG->dirroot/mod/$module->name/lib.php";
7005 $extracaps = array();
7006 if (file_exists($modfile)) {
7007 include_once($modfile);
7008 $modfunction = $module->name.'_get_extra_capabilities';
7009 if (function_exists($modfunction)) {
7010 $extracaps = $modfunction();
7014 $extracaps = array_merge($subcaps, $extracaps);
7015 $extra = '';
7016 list($extra, $params) = $DB->get_in_or_equal(
7017 $extracaps, SQL_PARAMS_NAMED, 'cap0', true, '');
7018 if (!empty($extra)) {
7019 $extra = "OR name $extra";
7021 $sql = "SELECT *
7022 FROM {capabilities}
7023 WHERE (contextlevel = ".CONTEXT_MODULE."
7024 AND (component = :component OR component = 'moodle'))
7025 $extra";
7026 $params['component'] = "mod_$module->name";
7028 return $DB->get_records_sql($sql.' '.$sort, $params);
7032 * Is this context part of any course? If yes return course context.
7034 * @param bool $strict true means throw exception if not found, false means return false if not found
7035 * @return context_course context of the enclosing course, null if not found or exception
7037 public function get_course_context($strict = true) {
7038 return $this->get_parent_context();
7042 * Returns module context instance.
7044 * @static
7045 * @param int $instanceid
7046 * @param int $strictness
7047 * @return context_module context instance
7049 public static function instance($instanceid, $strictness = MUST_EXIST) {
7050 global $DB;
7052 if ($context = context::cache_get(CONTEXT_MODULE, $instanceid)) {
7053 return $context;
7056 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_MODULE, 'instanceid'=>$instanceid))) {
7057 if ($cm = $DB->get_record('course_modules', array('id'=>$instanceid), 'id,course', $strictness)) {
7058 $parentcontext = context_course::instance($cm->course);
7059 $record = context::insert_context_record(CONTEXT_MODULE, $cm->id, $parentcontext->path);
7063 if ($record) {
7064 $context = new context_module($record);
7065 context::cache_add($context);
7066 return $context;
7069 return false;
7073 * Create missing context instances at module context level
7074 * @static
7076 protected static function create_level_instances() {
7077 global $DB;
7079 $sql = "INSERT INTO {context} (contextlevel, instanceid)
7080 SELECT ".CONTEXT_MODULE.", cm.id
7081 FROM {course_modules} cm
7082 WHERE NOT EXISTS (SELECT 'x'
7083 FROM {context} cx
7084 WHERE cm.id = cx.instanceid AND cx.contextlevel=".CONTEXT_MODULE.")";
7085 $DB->execute($sql);
7089 * Returns sql necessary for purging of stale context instances.
7091 * @static
7092 * @return string cleanup SQL
7094 protected static function get_cleanup_sql() {
7095 $sql = "
7096 SELECT c.*
7097 FROM {context} c
7098 LEFT OUTER JOIN {course_modules} cm ON c.instanceid = cm.id
7099 WHERE cm.id IS NULL AND c.contextlevel = ".CONTEXT_MODULE."
7102 return $sql;
7106 * Rebuild context paths and depths at module context level.
7108 * @static
7109 * @param bool $force
7111 protected static function build_paths($force) {
7112 global $DB;
7114 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_MODULE." AND (depth = 0 OR path IS NULL)")) {
7115 if ($force) {
7116 $ctxemptyclause = '';
7117 } else {
7118 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
7121 $sql = "INSERT INTO {context_temp} (id, path, depth)
7122 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
7123 FROM {context} ctx
7124 JOIN {course_modules} cm ON (cm.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_MODULE.")
7125 JOIN {context} pctx ON (pctx.instanceid = cm.course AND pctx.contextlevel = ".CONTEXT_COURSE.")
7126 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
7127 $ctxemptyclause";
7128 $trans = $DB->start_delegated_transaction();
7129 $DB->delete_records('context_temp');
7130 $DB->execute($sql);
7131 context::merge_context_temp_table();
7132 $DB->delete_records('context_temp');
7133 $trans->allow_commit();
7140 * Block context class
7142 * @package core_access
7143 * @category access
7144 * @copyright Petr Skoda {@link http://skodak.org}
7145 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
7146 * @since 2.2
7148 class context_block extends context {
7150 * Please use context_block::instance($blockinstanceid) if you need the instance of context.
7151 * Alternatively if you know only the context id use context::instance_by_id($contextid)
7153 * @param stdClass $record
7155 protected function __construct(stdClass $record) {
7156 parent::__construct($record);
7157 if ($record->contextlevel != CONTEXT_BLOCK) {
7158 throw new coding_exception('Invalid $record->contextlevel in context_block constructor');
7163 * Returns human readable context level name.
7165 * @static
7166 * @return string the human readable context level name.
7168 public static function get_level_name() {
7169 return get_string('block');
7173 * Returns human readable context identifier.
7175 * @param boolean $withprefix whether to prefix the name of the context with Block
7176 * @param boolean $short does not apply to block context
7177 * @return string the human readable context name.
7179 public function get_context_name($withprefix = true, $short = false) {
7180 global $DB, $CFG;
7182 $name = '';
7183 if ($blockinstance = $DB->get_record('block_instances', array('id'=>$this->_instanceid))) {
7184 global $CFG;
7185 require_once("$CFG->dirroot/blocks/moodleblock.class.php");
7186 require_once("$CFG->dirroot/blocks/$blockinstance->blockname/block_$blockinstance->blockname.php");
7187 $blockname = "block_$blockinstance->blockname";
7188 if ($blockobject = new $blockname()) {
7189 if ($withprefix){
7190 $name = get_string('block').': ';
7192 $name .= $blockobject->title;
7196 return $name;
7200 * Returns the most relevant URL for this context.
7202 * @return moodle_url
7204 public function get_url() {
7205 $parentcontexts = $this->get_parent_context();
7206 return $parentcontexts->get_url();
7210 * Returns array of relevant context capability records.
7212 * @return array
7214 public function get_capabilities() {
7215 global $DB;
7217 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
7219 $params = array();
7220 $bi = $DB->get_record('block_instances', array('id' => $this->_instanceid));
7222 $extra = '';
7223 $extracaps = block_method_result($bi->blockname, 'get_extra_capabilities');
7224 if ($extracaps) {
7225 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
7226 $extra = "OR name $extra";
7229 $sql = "SELECT *
7230 FROM {capabilities}
7231 WHERE (contextlevel = ".CONTEXT_BLOCK."
7232 AND component = :component)
7233 $extra";
7234 $params['component'] = 'block_' . $bi->blockname;
7236 return $DB->get_records_sql($sql.' '.$sort, $params);
7240 * Is this context part of any course? If yes return course context.
7242 * @param bool $strict true means throw exception if not found, false means return false if not found
7243 * @return course_context context of the enclosing course, null if not found or exception
7245 public function get_course_context($strict = true) {
7246 $parentcontext = $this->get_parent_context();
7247 return $parentcontext->get_course_context($strict);
7251 * Returns block context instance.
7253 * @static
7254 * @param int $instanceid
7255 * @param int $strictness
7256 * @return context_block context instance
7258 public static function instance($instanceid, $strictness = MUST_EXIST) {
7259 global $DB;
7261 if ($context = context::cache_get(CONTEXT_BLOCK, $instanceid)) {
7262 return $context;
7265 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_BLOCK, 'instanceid'=>$instanceid))) {
7266 if ($bi = $DB->get_record('block_instances', array('id'=>$instanceid), 'id,parentcontextid', $strictness)) {
7267 $parentcontext = context::instance_by_id($bi->parentcontextid);
7268 $record = context::insert_context_record(CONTEXT_BLOCK, $bi->id, $parentcontext->path);
7272 if ($record) {
7273 $context = new context_block($record);
7274 context::cache_add($context);
7275 return $context;
7278 return false;
7282 * Block do not have child contexts...
7283 * @return array
7285 public function get_child_contexts() {
7286 return array();
7290 * Create missing context instances at block context level
7291 * @static
7293 protected static function create_level_instances() {
7294 global $DB;
7296 $sql = "INSERT INTO {context} (contextlevel, instanceid)
7297 SELECT ".CONTEXT_BLOCK.", bi.id
7298 FROM {block_instances} bi
7299 WHERE NOT EXISTS (SELECT 'x'
7300 FROM {context} cx
7301 WHERE bi.id = cx.instanceid AND cx.contextlevel=".CONTEXT_BLOCK.")";
7302 $DB->execute($sql);
7306 * Returns sql necessary for purging of stale context instances.
7308 * @static
7309 * @return string cleanup SQL
7311 protected static function get_cleanup_sql() {
7312 $sql = "
7313 SELECT c.*
7314 FROM {context} c
7315 LEFT OUTER JOIN {block_instances} bi ON c.instanceid = bi.id
7316 WHERE bi.id IS NULL AND c.contextlevel = ".CONTEXT_BLOCK."
7319 return $sql;
7323 * Rebuild context paths and depths at block context level.
7325 * @static
7326 * @param bool $force
7328 protected static function build_paths($force) {
7329 global $DB;
7331 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_BLOCK." AND (depth = 0 OR path IS NULL)")) {
7332 if ($force) {
7333 $ctxemptyclause = '';
7334 } else {
7335 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
7338 // pctx.path IS NOT NULL prevents fatal problems with broken block instances that point to invalid context parent
7339 $sql = "INSERT INTO {context_temp} (id, path, depth)
7340 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
7341 FROM {context} ctx
7342 JOIN {block_instances} bi ON (bi.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_BLOCK.")
7343 JOIN {context} pctx ON (pctx.id = bi.parentcontextid)
7344 WHERE (pctx.path IS NOT NULL AND pctx.depth > 0)
7345 $ctxemptyclause";
7346 $trans = $DB->start_delegated_transaction();
7347 $DB->delete_records('context_temp');
7348 $DB->execute($sql);
7349 context::merge_context_temp_table();
7350 $DB->delete_records('context_temp');
7351 $trans->allow_commit();
7357 // ============== DEPRECATED FUNCTIONS ==========================================
7358 // Old context related functions were deprecated in 2.0, it is recommended
7359 // to use context classes in new code. Old function can be used when
7360 // creating patches that are supposed to be backported to older stable branches.
7361 // These deprecated functions will not be removed in near future,
7362 // before removing devs will be warned with a debugging message first,
7363 // then we will add error message and only after that we can remove the functions
7364 // completely.
7367 * Runs get_records select on context table and returns the result
7368 * Does get_records_select on the context table, and returns the results ordered
7369 * by contextlevel, and then the natural sort order within each level.
7370 * for the purpose of $select, you need to know that the context table has been
7371 * aliased to ctx, so for example, you can call get_sorted_contexts('ctx.depth = 3');
7373 * @param string $select the contents of the WHERE clause. Remember to do ctx.fieldname.
7374 * @param array $params any parameters required by $select.
7375 * @return array the requested context records.
7377 function get_sorted_contexts($select, $params = array()) {
7379 //TODO: we should probably rewrite all the code that is using this thing, the trouble is we MUST NOT modify the context instances...
7381 global $DB;
7382 if ($select) {
7383 $select = 'WHERE ' . $select;
7385 return $DB->get_records_sql("
7386 SELECT ctx.*
7387 FROM {context} ctx
7388 LEFT JOIN {user} u ON ctx.contextlevel = " . CONTEXT_USER . " AND u.id = ctx.instanceid
7389 LEFT JOIN {course_categories} cat ON ctx.contextlevel = " . CONTEXT_COURSECAT . " AND cat.id = ctx.instanceid
7390 LEFT JOIN {course} c ON ctx.contextlevel = " . CONTEXT_COURSE . " AND c.id = ctx.instanceid
7391 LEFT JOIN {course_modules} cm ON ctx.contextlevel = " . CONTEXT_MODULE . " AND cm.id = ctx.instanceid
7392 LEFT JOIN {block_instances} bi ON ctx.contextlevel = " . CONTEXT_BLOCK . " AND bi.id = ctx.instanceid
7393 $select
7394 ORDER BY ctx.contextlevel, bi.defaultregion, COALESCE(cat.sortorder, c.sortorder, cm.section, bi.defaultweight), u.lastname, u.firstname, cm.id
7395 ", $params);
7399 * Given context and array of users, returns array of users whose enrolment status is suspended,
7400 * or enrolment has expired or has not started. Also removes those users from the given array
7402 * @param context $context context in which suspended users should be extracted.
7403 * @param array $users list of users.
7404 * @param array $ignoreusers array of user ids to ignore, e.g. guest
7405 * @return array list of suspended users.
7407 function extract_suspended_users($context, &$users, $ignoreusers=array()) {
7408 global $DB;
7410 // Get active enrolled users.
7411 list($sql, $params) = get_enrolled_sql($context, null, null, true);
7412 $activeusers = $DB->get_records_sql($sql, $params);
7414 // Move suspended users to a separate array & remove from the initial one.
7415 $susers = array();
7416 if (sizeof($activeusers)) {
7417 foreach ($users as $userid => $user) {
7418 if (!array_key_exists($userid, $activeusers) && !in_array($userid, $ignoreusers)) {
7419 $susers[$userid] = $user;
7420 unset($users[$userid]);
7424 return $susers;
7428 * Given context and array of users, returns array of user ids whose enrolment status is suspended,
7429 * or enrolment has expired or not started.
7431 * @param context $context context in which user enrolment is checked.
7432 * @return array list of suspended user id's.
7434 function get_suspended_userids($context){
7435 global $DB;
7437 // Get all enrolled users.
7438 list($sql, $params) = get_enrolled_sql($context);
7439 $users = $DB->get_records_sql($sql, $params);
7441 // Get active enrolled users.
7442 list($sql, $params) = get_enrolled_sql($context, null, null, true);
7443 $activeusers = $DB->get_records_sql($sql, $params);
7445 $susers = array();
7446 if (sizeof($activeusers) != sizeof($users)) {
7447 foreach ($users as $userid => $user) {
7448 if (!array_key_exists($userid, $activeusers)) {
7449 $susers[$userid] = $userid;
7453 return $susers;