search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'MDL-38424_m23' of git://github.com/kordan/moodle into MOODLE_23_STABLE
[moodle.git] / lib / accesslib.php
blob48f24df88af501ab85874110eb6d59cad1b197a2
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This file contains functions for managing user access
19 *
20 * <b>Public API vs internals</b>
21 *
22 * General users probably only care about
23 *
24 * Context handling
25 * - context_course::instance($courseid), context_module::instance($cm->id), context_coursecat::instance($catid)
26 * - context::instance_by_id($contextid)
27 * - $context->get_parent_contexts();
28 * - $context->get_child_contexts();
29 *
30 * Whether the user can do something...
31 * - has_capability()
32 * - has_any_capability()
33 * - has_all_capabilities()
34 * - require_capability()
35 * - require_login() (from moodlelib)
36 * - is_enrolled()
37 * - is_viewing()
38 * - is_guest()
39 * - is_siteadmin()
40 * - isguestuser()
41 * - isloggedin()
42 *
43 * What courses has this user access to?
44 * - get_enrolled_users()
45 *
46 * What users can do X in this context?
47 * - get_enrolled_users() - at and bellow course context
48 * - get_users_by_capability() - above course context
49 *
50 * Modify roles
51 * - role_assign()
52 * - role_unassign()
53 * - role_unassign_all()
54 *
55 * Advanced - for internal use only
56 * - load_all_capabilities()
57 * - reload_all_capabilities()
58 * - has_capability_in_accessdata()
59 * - get_user_access_sitewide()
60 * - load_course_context()
61 * - load_role_access_by_context()
62 * - etc.
63 *
64 * <b>Name conventions</b>
65 *
66 * "ctx" means context
67 *
68 * <b>accessdata</b>
69 *
70 * Access control data is held in the "accessdata" array
71 * which - for the logged-in user, will be in $USER->access
72 *
73 * For other users can be generated and passed around (but may also be cached
74 * against userid in $ACCESSLIB_PRIVATE->accessdatabyuser).
75 *
76 * $accessdata is a multidimensional array, holding
77 * role assignments (RAs), role-capabilities-perm sets
78 * (role defs) and a list of courses we have loaded
79 * data for.
80 *
81 * Things are keyed on "contextpaths" (the path field of
82 * the context table) for fast walking up/down the tree.
83 * <code>
84 * $accessdata['ra'][$contextpath] = array($roleid=>$roleid)
85 * [$contextpath] = array($roleid=>$roleid)
86 * [$contextpath] = array($roleid=>$roleid)
87 * </code>
88 *
89 * Role definitions are stored like this
90 * (no cap merge is done - so it's compact)
91 *
92 * <code>
93 * $accessdata['rdef']["$contextpath:$roleid"]['mod/forum:viewpost'] = 1
94 * ['mod/forum:editallpost'] = -1
95 * ['mod/forum:startdiscussion'] = -1000
96 * </code>
97 *
98 * See how has_capability_in_accessdata() walks up the tree.
99 *
100 * First we only load rdef and ra down to the course level, but not below.
101 * This keeps accessdata small and compact. Below-the-course ra/rdef
102 * are loaded as needed. We keep track of which courses we have loaded ra/rdef in
103 * <code>
104 * $accessdata['loaded'] = array($courseid1=>1, $courseid2=>1)
105 * </code>
106 *
107 * <b>Stale accessdata</b>
108 *
109 * For the logged-in user, accessdata is long-lived.
110 *
111 * On each pageload we load $ACCESSLIB_PRIVATE->dirtycontexts which lists
112 * context paths affected by changes. Any check at-or-below
113 * a dirty context will trigger a transparent reload of accessdata.
114 *
115 * Changes at the system level will force the reload for everyone.
116 *
117 * <b>Default role caps</b>
118 * The default role assignment is not in the DB, so we
119 * add it manually to accessdata.
120 *
121 * This means that functions that work directly off the
122 * DB need to ensure that the default role caps
123 * are dealt with appropriately.
124 *
125 * @package core_access
126 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
127 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
128 */
129
130 defined('MOODLE_INTERNAL') || die();
131
132 /** No capability change */
133 define('CAP_INHERIT', 0);
134 /** Allow permission, overrides CAP_PREVENT defined in parent contexts */
135 define('CAP_ALLOW', 1);
136 /** Prevent permission, overrides CAP_ALLOW defined in parent contexts */
137 define('CAP_PREVENT', -1);
138 /** Prohibit permission, overrides everything in current and child contexts */
139 define('CAP_PROHIBIT', -1000);
140
141 /** System context level - only one instance in every system */
142 define('CONTEXT_SYSTEM', 10);
143 /** User context level - one instance for each user describing what others can do to user */
144 define('CONTEXT_USER', 30);
145 /** Course category context level - one instance for each category */
146 define('CONTEXT_COURSECAT', 40);
147 /** Course context level - one instances for each course */
148 define('CONTEXT_COURSE', 50);
149 /** Course module context level - one instance for each course module */
150 define('CONTEXT_MODULE', 70);
151 /**
152 * Block context level - one instance for each block, sticky blocks are tricky
153 * because ppl think they should be able to override them at lower contexts.
154 * Any other context level instance can be parent of block context.
155 */
156 define('CONTEXT_BLOCK', 80);
157
158 /** Capability allow management of trusts - NOT IMPLEMENTED YET - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
159 define('RISK_MANAGETRUST', 0x0001);
160 /** Capability allows changes in system configuration - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
161 define('RISK_CONFIG', 0x0002);
162 /** Capability allows user to add scripted content - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
163 define('RISK_XSS', 0x0004);
164 /** Capability allows access to personal user information - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
165 define('RISK_PERSONAL', 0x0008);
166 /** Capability allows users to add content others may see - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
167 define('RISK_SPAM', 0x0010);
168 /** capability allows mass delete of data belonging to other users - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
169 define('RISK_DATALOSS', 0x0020);
170
171 /** rolename displays - the name as defined in the role definition */
172 define('ROLENAME_ORIGINAL', 0);
173 /** rolename displays - the name as defined by a role alias */
174 define('ROLENAME_ALIAS', 1);
175 /** rolename displays - Both, like this: Role alias (Original) */
176 define('ROLENAME_BOTH', 2);
177 /** rolename displays - the name as defined in the role definition and the shortname in brackets */
178 define('ROLENAME_ORIGINALANDSHORT', 3);
179 /** rolename displays - the name as defined by a role alias, in raw form suitable for editing */
180 define('ROLENAME_ALIAS_RAW', 4);
181 /** rolename displays - the name is simply short role name */
182 define('ROLENAME_SHORT', 5);
183
184 if (!defined('CONTEXT_CACHE_MAX_SIZE')) {
185 /** maximum size of context cache - it is possible to tweak this config.php or in any script before inclusion of context.php */
186 define('CONTEXT_CACHE_MAX_SIZE', 2500);
187 }
188
189 /**
190 * Although this looks like a global variable, it isn't really.
191 *
192 * It is just a private implementation detail to accesslib that MUST NOT be used elsewhere.
193 * It is used to cache various bits of data between function calls for performance reasons.
194 * Sadly, a PHP global variable is the only way to implement this, without rewriting everything
195 * as methods of a class, instead of functions.
196 *
197 * @access private
198 * @global stdClass $ACCESSLIB_PRIVATE
199 * @name $ACCESSLIB_PRIVATE
200 */
201 global $ACCESSLIB_PRIVATE;
202 $ACCESSLIB_PRIVATE = new stdClass();
203 $ACCESSLIB_PRIVATE->dirtycontexts = null; // Dirty contexts cache, loaded from DB once per page
204 $ACCESSLIB_PRIVATE->accessdatabyuser = array(); // Holds the cache of $accessdata structure for users (including $USER)
205 $ACCESSLIB_PRIVATE->rolepermissions = array(); // role permissions cache - helps a lot with mem usage
206 $ACCESSLIB_PRIVATE->capabilities = null; // detailed information about the capabilities
207
208 /**
209 * Clears accesslib's private caches. ONLY BE USED BY UNIT TESTS
210 *
211 * This method should ONLY BE USED BY UNIT TESTS. It clears all of
212 * accesslib's private caches. You need to do this before setting up test data,
213 * and also at the end of the tests.
214 *
215 * @access private
216 * @return void
217 */
218 function accesslib_clear_all_caches_for_unit_testing() {
219 global $UNITTEST, $USER;
220 if (empty($UNITTEST->running) and !PHPUNIT_TEST) {
221 throw new coding_exception('You must not call clear_all_caches outside of unit tests.');
222 }
223
224 accesslib_clear_all_caches(true);
225
226 unset($USER->access);
227 }
228
229 /**
230 * Clears accesslib's private caches. ONLY BE USED FROM THIS LIBRARY FILE!
231 *
232 * This reset does not touch global $USER.
233 *
234 * @access private
235 * @param bool $resetcontexts
236 * @return void
237 */
238 function accesslib_clear_all_caches($resetcontexts) {
239 global $ACCESSLIB_PRIVATE;
240
241 $ACCESSLIB_PRIVATE->dirtycontexts = null;
242 $ACCESSLIB_PRIVATE->accessdatabyuser = array();
243 $ACCESSLIB_PRIVATE->rolepermissions = array();
244 $ACCESSLIB_PRIVATE->capabilities = null;
245
246 if ($resetcontexts) {
247 context_helper::reset_caches();
248 }
249 }
250
251 /**
252 * Gets the accessdata for role "sitewide" (system down to course)
253 *
254 * @access private
255 * @param int $roleid
256 * @return array
257 */
258 function get_role_access($roleid) {
259 global $DB, $ACCESSLIB_PRIVATE;
260
261 /* Get it in 1 DB query...
262 * - relevant role caps at the root and down
263 * to the course level - but not below
264 */
265
266 //TODO: MUC - this could be cached in shared memory to speed up first page loading, web crawlers, etc.
267
268 $accessdata = get_empty_accessdata();
269
270 $accessdata['ra']['/'.SYSCONTEXTID] = array((int)$roleid => (int)$roleid);
271
272 //
273 // Overrides for the role IN ANY CONTEXTS
274 // down to COURSE - not below -
275 //
276 $sql = "SELECT ctx.path,
277 rc.capability, rc.permission
278 FROM {context} ctx
279 JOIN {role_capabilities} rc ON rc.contextid = ctx.id
280 LEFT JOIN {context} cctx
281 ON (cctx.contextlevel = ".CONTEXT_COURSE." AND ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'").")
282 WHERE rc.roleid = ? AND cctx.id IS NULL";
283 $params = array($roleid);
284
285 // we need extra caching in CLI scripts and cron
286 $rs = $DB->get_recordset_sql($sql, $params);
287 foreach ($rs as $rd) {
288 $k = "{$rd->path}:{$roleid}";
289 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
290 }
291 $rs->close();
292
293 // share the role definitions
294 foreach ($accessdata['rdef'] as $k=>$unused) {
295 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
296 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
297 }
298 $accessdata['rdef_count']++;
299 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
300 }
301
302 return $accessdata;
303 }
304
305 /**
306 * Get the default guest role, this is used for guest account,
307 * search engine spiders, etc.
308 *
309 * @return stdClass role record
310 */
311 function get_guest_role() {
312 global $CFG, $DB;
313
314 if (empty($CFG->guestroleid)) {
315 if ($roles = $DB->get_records('role', array('archetype'=>'guest'))) {
316 $guestrole = array_shift($roles); // Pick the first one
317 set_config('guestroleid', $guestrole->id);
318 return $guestrole;
319 } else {
320 debugging('Can not find any guest role!');
321 return false;
322 }
323 } else {
324 if ($guestrole = $DB->get_record('role', array('id'=>$CFG->guestroleid))) {
325 return $guestrole;
326 } else {
327 // somebody is messing with guest roles, remove incorrect setting and try to find a new one
328 set_config('guestroleid', '');
329 return get_guest_role();
330 }
331 }
332 }
333
334 /**
335 * Check whether a user has a particular capability in a given context.
336 *
337 * For example:
338 * $context = context_module::instance($cm->id);
339 * has_capability('mod/forum:replypost', $context)
340 *
341 * By default checks the capabilities of the current user, but you can pass a
342 * different userid. By default will return true for admin users, but you can override that with the fourth argument.
343 *
344 * Guest and not-logged-in users can never get any dangerous capability - that is any write capability
345 * or capabilities with XSS, config or data loss risks.
346 *
347 * @category access
348 *
349 * @param string $capability the name of the capability to check. For example mod/forum:view
350 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
351 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
352 * @param boolean $doanything If false, ignores effect of admin role assignment
353 * @return boolean true if the user has this capability. Otherwise false.
354 */
355 function has_capability($capability, context $context, $user = null, $doanything = true) {
356 global $USER, $CFG, $SCRIPT, $ACCESSLIB_PRIVATE;
357
358 if (during_initial_install()) {
359 if ($SCRIPT === "/$CFG->admin/index.php" or $SCRIPT === "/$CFG->admin/cli/install.php" or $SCRIPT === "/$CFG->admin/cli/install_database.php") {
360 // we are in an installer - roles can not work yet
361 return true;
362 } else {
363 return false;
364 }
365 }
366
367 if (strpos($capability, 'moodle/legacy:') === 0) {
368 throw new coding_exception('Legacy capabilities can not be used any more!');
369 }
370
371 if (!is_bool($doanything)) {
372 throw new coding_exception('Capability parameter "doanything" is wierd, only true or false is allowed. This has to be fixed in code.');
373 }
374
375 // capability must exist
376 if (!$capinfo = get_capability_info($capability)) {
377 debugging('Capability "'.$capability.'" was not found! This has to be fixed in code.');
378 return false;
379 }
380
381 if (!isset($USER->id)) {
382 // should never happen
383 $USER->id = 0;
384 }
385
386 // make sure there is a real user specified
387 if ($user === null) {
388 $userid = $USER->id;
389 } else {
390 $userid = is_object($user) ? $user->id : $user;
391 }
392
393 // make sure forcelogin cuts off not-logged-in users if enabled
394 if (!empty($CFG->forcelogin) and $userid == 0) {
395 return false;
396 }
397
398 // make sure the guest account and not-logged-in users never get any risky caps no matter what the actual settings are.
399 if (($capinfo->captype === 'write') or ($capinfo->riskbitmask & (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))) {
400 if (isguestuser($userid) or $userid == 0) {
401 return false;
402 }
403 }
404
405 // somehow make sure the user is not deleted and actually exists
406 if ($userid != 0) {
407 if ($userid == $USER->id and isset($USER->deleted)) {
408 // this prevents one query per page, it is a bit of cheating,
409 // but hopefully session is terminated properly once user is deleted
410 if ($USER->deleted) {
411 return false;
412 }
413 } else {
414 if (!context_user::instance($userid, IGNORE_MISSING)) {
415 // no user context == invalid userid
416 return false;
417 }
418 }
419 }
420
421 // context path/depth must be valid
422 if (empty($context->path) or $context->depth == 0) {
423 // this should not happen often, each upgrade tries to rebuild the context paths
424 debugging('Context id '.$context->id.' does not have valid path, please use build_context_path()');
425 if (is_siteadmin($userid)) {
426 return true;
427 } else {
428 return false;
429 }
430 }
431
432 // Find out if user is admin - it is not possible to override the doanything in any way
433 // and it is not possible to switch to admin role either.
434 if ($doanything) {
435 if (is_siteadmin($userid)) {
436 if ($userid != $USER->id) {
437 return true;
438 }
439 // make sure switchrole is not used in this context
440 if (empty($USER->access['rsw'])) {
441 return true;
442 }
443 $parts = explode('/', trim($context->path, '/'));
444 $path = '';
445 $switched = false;
446 foreach ($parts as $part) {
447 $path .= '/' . $part;
448 if (!empty($USER->access['rsw'][$path])) {
449 $switched = true;
450 break;
451 }
452 }
453 if (!$switched) {
454 return true;
455 }
456 //ok, admin switched role in this context, let's use normal access control rules
457 }
458 }
459
460 // Careful check for staleness...
461 $context->reload_if_dirty();
462
463 if ($USER->id == $userid) {
464 if (!isset($USER->access)) {
465 load_all_capabilities();
466 }
467 $access =& $USER->access;
468
469 } else {
470 // make sure user accessdata is really loaded
471 get_user_accessdata($userid, true);
472 $access =& $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
473 }
474
475
476 // Load accessdata for below-the-course context if necessary,
477 // all contexts at and above all courses are already loaded
478 if ($context->contextlevel != CONTEXT_COURSE and $coursecontext = $context->get_course_context(false)) {
479 load_course_context($userid, $coursecontext, $access);
480 }
481
482 return has_capability_in_accessdata($capability, $context, $access);
483 }
484
485 /**
486 * Check if the user has any one of several capabilities from a list.
487 *
488 * This is just a utility method that calls has_capability in a loop. Try to put
489 * the capabilities that most users are likely to have first in the list for best
490 * performance.
491 *
492 * @category access
493 * @see has_capability()
494 *
495 * @param array $capabilities an array of capability names.
496 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
497 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
498 * @param boolean $doanything If false, ignore effect of admin role assignment
499 * @return boolean true if the user has any of these capabilities. Otherwise false.
500 */
501 function has_any_capability(array $capabilities, context $context, $user = null, $doanything = true) {
502 foreach ($capabilities as $capability) {
503 if (has_capability($capability, $context, $user, $doanything)) {
504 return true;
505 }
506 }
507 return false;
508 }
509
510 /**
511 * Check if the user has all the capabilities in a list.
512 *
513 * This is just a utility method that calls has_capability in a loop. Try to put
514 * the capabilities that fewest users are likely to have first in the list for best
515 * performance.
516 *
517 * @category access
518 * @see has_capability()
519 *
520 * @param array $capabilities an array of capability names.
521 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
522 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
523 * @param boolean $doanything If false, ignore effect of admin role assignment
524 * @return boolean true if the user has all of these capabilities. Otherwise false.
525 */
526 function has_all_capabilities(array $capabilities, context $context, $user = null, $doanything = true) {
527 foreach ($capabilities as $capability) {
528 if (!has_capability($capability, $context, $user, $doanything)) {
529 return false;
530 }
531 }
532 return true;
533 }
534
535 /**
536 * Check if the user is an admin at the site level.
537 *
538 * Please note that use of proper capabilities is always encouraged,
539 * this function is supposed to be used from core or for temporary hacks.
540 *
541 * @category access
542 *
543 * @param int|stdClass $user_or_id user id or user object
544 * @return bool true if user is one of the administrators, false otherwise
545 */
546 function is_siteadmin($user_or_id = null) {
547 global $CFG, $USER;
548
549 if ($user_or_id === null) {
550 $user_or_id = $USER;
551 }
552
553 if (empty($user_or_id)) {
554 return false;
555 }
556 if (!empty($user_or_id->id)) {
557 $userid = $user_or_id->id;
558 } else {
559 $userid = $user_or_id;
560 }
561
562 $siteadmins = explode(',', $CFG->siteadmins);
563 return in_array($userid, $siteadmins);
564 }
565
566 /**
567 * Returns true if user has at least one role assign
568 * of 'coursecontact' role (is potentially listed in some course descriptions).
569 *
570 * @param int $userid
571 * @return bool
572 */
573 function has_coursecontact_role($userid) {
574 global $DB, $CFG;
575
576 if (empty($CFG->coursecontact)) {
577 return false;
578 }
579 $sql = "SELECT 1
580 FROM {role_assignments}
581 WHERE userid = :userid AND roleid IN ($CFG->coursecontact)";
582 return $DB->record_exists_sql($sql, array('userid'=>$userid));
583 }
584
585 /**
586 * Does the user have a capability to do something?
587 *
588 * Walk the accessdata array and return true/false.
589 * Deals with prohibits, role switching, aggregating
590 * capabilities, etc.
591 *
592 * The main feature of here is being FAST and with no
593 * side effects.
594 *
595 * Notes:
596 *
597 * Switch Role merges with default role
598 * ------------------------------------
599 * If you are a teacher in course X, you have at least
600 * teacher-in-X + defaultloggedinuser-sitewide. So in the
601 * course you'll have techer+defaultloggedinuser.
602 * We try to mimic that in switchrole.
603 *
604 * Permission evaluation
605 * ---------------------
606 * Originally there was an extremely complicated way
607 * to determine the user access that dealt with
608 * "locality" or role assignments and role overrides.
609 * Now we simply evaluate access for each role separately
610 * and then verify if user has at least one role with allow
611 * and at the same time no role with prohibit.
612 *
613 * @access private
614 * @param string $capability
615 * @param context $context
616 * @param array $accessdata
617 * @return bool
618 */
619 function has_capability_in_accessdata($capability, context $context, array &$accessdata) {
620 global $CFG;
621
622 // Build $paths as a list of current + all parent "paths" with order bottom-to-top
623 $path = $context->path;
624 $paths = array($path);
625 while($path = rtrim($path, '0123456789')) {
626 $path = rtrim($path, '/');
627 if ($path === '') {
628 break;
629 }
630 $paths[] = $path;
631 }
632
633 $roles = array();
634 $switchedrole = false;
635
636 // Find out if role switched
637 if (!empty($accessdata['rsw'])) {
638 // From the bottom up...
639 foreach ($paths as $path) {
640 if (isset($accessdata['rsw'][$path])) {
641 // Found a switchrole assignment - check for that role _plus_ the default user role
642 $roles = array($accessdata['rsw'][$path]=>null, $CFG->defaultuserroleid=>null);
643 $switchedrole = true;
644 break;
645 }
646 }
647 }
648
649 if (!$switchedrole) {
650 // get all users roles in this context and above
651 foreach ($paths as $path) {
652 if (isset($accessdata['ra'][$path])) {
653 foreach ($accessdata['ra'][$path] as $roleid) {
654 $roles[$roleid] = null;
655 }
656 }
657 }
658 }
659
660 // Now find out what access is given to each role, going bottom-->up direction
661 $allowed = false;
662 foreach ($roles as $roleid => $ignored) {
663 foreach ($paths as $path) {
664 if (isset($accessdata['rdef']["{$path}:$roleid"][$capability])) {
665 $perm = (int)$accessdata['rdef']["{$path}:$roleid"][$capability];
666 if ($perm === CAP_PROHIBIT) {
667 // any CAP_PROHIBIT found means no permission for the user
668 return false;
669 }
670 if (is_null($roles[$roleid])) {
671 $roles[$roleid] = $perm;
672 }
673 }
674 }
675 // CAP_ALLOW in any role means the user has a permission, we continue only to detect prohibits
676 $allowed = ($allowed or $roles[$roleid] === CAP_ALLOW);
677 }
678
679 return $allowed;
680 }
681
682 /**
683 * A convenience function that tests has_capability, and displays an error if
684 * the user does not have that capability.
685 *
686 * NOTE before Moodle 2.0, this function attempted to make an appropriate
687 * require_login call before checking the capability. This is no longer the case.
688 * You must call require_login (or one of its variants) if you want to check the
689 * user is logged in, before you call this function.
690 *
691 * @see has_capability()
692 *
693 * @param string $capability the name of the capability to check. For example mod/forum:view
694 * @param context $context the context to check the capability in. You normally get this with {@link get_context_instance}.
695 * @param int $userid A user id. By default (null) checks the permissions of the current user.
696 * @param bool $doanything If false, ignore effect of admin role assignment
697 * @param string $errormessage The error string to to user. Defaults to 'nopermissions'.
698 * @param string $stringfile The language file to load the error string from. Defaults to 'error'.
699 * @return void terminates with an error if the user does not have the given capability.
700 */
701 function require_capability($capability, context $context, $userid = null, $doanything = true,
702 $errormessage = 'nopermissions', $stringfile = '') {
703 if (!has_capability($capability, $context, $userid, $doanything)) {
704 throw new required_capability_exception($context, $capability, $errormessage, $stringfile);
705 }
706 }
707
708 /**
709 * Return a nested array showing role assignments
710 * all relevant role capabilities for the user at
711 * site/course_category/course levels
712 *
713 * We do _not_ delve deeper than courses because the number of
714 * overrides at the module/block levels can be HUGE.
715 *
716 * [ra] => [/path][roleid]=roleid
717 * [rdef] => [/path:roleid][capability]=permission
718 *
719 * @access private
720 * @param int $userid - the id of the user
721 * @return array access info array
722 */
723 function get_user_access_sitewide($userid) {
724 global $CFG, $DB, $ACCESSLIB_PRIVATE;
725
726 /* Get in a few cheap DB queries...
727 * - role assignments
728 * - relevant role caps
729 * - above and within this user's RAs
730 * - below this user's RAs - limited to course level
731 */
732
733 // raparents collects paths & roles we need to walk up the parenthood to build the minimal rdef
734 $raparents = array();
735 $accessdata = get_empty_accessdata();
736
737 // start with the default role
738 if (!empty($CFG->defaultuserroleid)) {
739 $syscontext = context_system::instance();
740 $accessdata['ra'][$syscontext->path][(int)$CFG->defaultuserroleid] = (int)$CFG->defaultuserroleid;
741 $raparents[$CFG->defaultuserroleid][$syscontext->id] = $syscontext->id;
742 }
743
744 // load the "default frontpage role"
745 if (!empty($CFG->defaultfrontpageroleid)) {
746 $frontpagecontext = context_course::instance(get_site()->id);
747 if ($frontpagecontext->path) {
748 $accessdata['ra'][$frontpagecontext->path][(int)$CFG->defaultfrontpageroleid] = (int)$CFG->defaultfrontpageroleid;
749 $raparents[$CFG->defaultfrontpageroleid][$frontpagecontext->id] = $frontpagecontext->id;
750 }
751 }
752
753 // preload every assigned role at and above course context
754 $sql = "SELECT ctx.path, ra.roleid, ra.contextid
755 FROM {role_assignments} ra
756 JOIN {context} ctx
757 ON ctx.id = ra.contextid
758 LEFT JOIN {block_instances} bi
759 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
760 LEFT JOIN {context} bpctx
761 ON (bpctx.id = bi.parentcontextid)
762 WHERE ra.userid = :userid
763 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")";
764 $params = array('userid'=>$userid);
765 $rs = $DB->get_recordset_sql($sql, $params);
766 foreach ($rs as $ra) {
767 // RAs leafs are arrays to support multi-role assignments...
768 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
769 $raparents[$ra->roleid][$ra->contextid] = $ra->contextid;
770 }
771 $rs->close();
772
773 if (empty($raparents)) {
774 return $accessdata;
775 }
776
777 // now get overrides of interesting roles in all interesting child contexts
778 // hopefully we will not run out of SQL limits here,
779 // users would have to have very many roles at/above course context...
780 $sqls = array();
781 $params = array();
782
783 static $cp = 0;
784 foreach ($raparents as $roleid=>$ras) {
785 $cp++;
786 list($sqlcids, $cids) = $DB->get_in_or_equal($ras, SQL_PARAMS_NAMED, 'c'.$cp.'_');
787 $params = array_merge($params, $cids);
788 $params['r'.$cp] = $roleid;
789 $sqls[] = "(SELECT ctx.path, rc.roleid, rc.capability, rc.permission
790 FROM {role_capabilities} rc
791 JOIN {context} ctx
792 ON (ctx.id = rc.contextid)
793 JOIN {context} pctx
794 ON (pctx.id $sqlcids
795 AND (ctx.id = pctx.id
796 OR ctx.path LIKE ".$DB->sql_concat('pctx.path',"'/%'")."
797 OR pctx.path LIKE ".$DB->sql_concat('ctx.path',"'/%'")."))
798 LEFT JOIN {block_instances} bi
799 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
800 LEFT JOIN {context} bpctx
801 ON (bpctx.id = bi.parentcontextid)
802 WHERE rc.roleid = :r{$cp}
803 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")
804 )";
805 }
806
807 // fixed capability order is necessary for rdef dedupe
808 $rs = $DB->get_recordset_sql(implode("\nUNION\n", $sqls). "ORDER BY capability", $params);
809
810 foreach ($rs as $rd) {
811 $k = $rd->path.':'.$rd->roleid;
812 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
813 }
814 $rs->close();
815
816 // share the role definitions
817 foreach ($accessdata['rdef'] as $k=>$unused) {
818 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
819 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
820 }
821 $accessdata['rdef_count']++;
822 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
823 }
824
825 return $accessdata;
826 }
827
828 /**
829 * Add to the access ctrl array the data needed by a user for a given course.
830 *
831 * This function injects all course related access info into the accessdata array.
832 *
833 * @access private
834 * @param int $userid the id of the user
835 * @param context_course $coursecontext course context
836 * @param array $accessdata accessdata array (modified)
837 * @return void modifies $accessdata parameter
838 */
839 function load_course_context($userid, context_course $coursecontext, &$accessdata) {
840 global $DB, $CFG, $ACCESSLIB_PRIVATE;
841
842 if (empty($coursecontext->path)) {
843 // weird, this should not happen
844 return;
845 }
846
847 if (isset($accessdata['loaded'][$coursecontext->instanceid])) {
848 // already loaded, great!
849 return;
850 }
851
852 $roles = array();
853
854 if (empty($userid)) {
855 if (!empty($CFG->notloggedinroleid)) {
856 $roles[$CFG->notloggedinroleid] = $CFG->notloggedinroleid;
857 }
858
859 } else if (isguestuser($userid)) {
860 if ($guestrole = get_guest_role()) {
861 $roles[$guestrole->id] = $guestrole->id;
862 }
863
864 } else {
865 // Interesting role assignments at, above and below the course context
866 list($parentsaself, $params) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
867 $params['userid'] = $userid;
868 $params['children'] = $coursecontext->path."/%";
869 $sql = "SELECT ra.*, ctx.path
870 FROM {role_assignments} ra
871 JOIN {context} ctx ON ra.contextid = ctx.id
872 WHERE ra.userid = :userid AND (ctx.id $parentsaself OR ctx.path LIKE :children)";
873 $rs = $DB->get_recordset_sql($sql, $params);
874
875 // add missing role definitions
876 foreach ($rs as $ra) {
877 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
878 $roles[$ra->roleid] = $ra->roleid;
879 }
880 $rs->close();
881
882 // add the "default frontpage role" when on the frontpage
883 if (!empty($CFG->defaultfrontpageroleid)) {
884 $frontpagecontext = context_course::instance(get_site()->id);
885 if ($frontpagecontext->id == $coursecontext->id) {
886 $roles[$CFG->defaultfrontpageroleid] = $CFG->defaultfrontpageroleid;
887 }
888 }
889
890 // do not forget the default role
891 if (!empty($CFG->defaultuserroleid)) {
892 $roles[$CFG->defaultuserroleid] = $CFG->defaultuserroleid;
893 }
894 }
895
896 if (!$roles) {
897 // weird, default roles must be missing...
898 $accessdata['loaded'][$coursecontext->instanceid] = 1;
899 return;
900 }
901
902 // now get overrides of interesting roles in all interesting contexts (this course + children + parents)
903 $params = array('c'=>$coursecontext->id);
904 list($parentsaself, $rparams) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
905 $params = array_merge($params, $rparams);
906 list($roleids, $rparams) = $DB->get_in_or_equal($roles, SQL_PARAMS_NAMED, 'r_');
907 $params = array_merge($params, $rparams);
908
909 $sql = "SELECT ctx.path, rc.roleid, rc.capability, rc.permission
910 FROM {role_capabilities} rc
911 JOIN {context} ctx
912 ON (ctx.id = rc.contextid)
913 JOIN {context} cctx
914 ON (cctx.id = :c
915 AND (ctx.id $parentsaself OR ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'")."))
916 WHERE rc.roleid $roleids
917 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
918 $rs = $DB->get_recordset_sql($sql, $params);
919
920 $newrdefs = array();
921 foreach ($rs as $rd) {
922 $k = $rd->path.':'.$rd->roleid;
923 if (isset($accessdata['rdef'][$k])) {
924 continue;
925 }
926 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
927 }
928 $rs->close();
929
930 // share new role definitions
931 foreach ($newrdefs as $k=>$unused) {
932 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
933 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
934 }
935 $accessdata['rdef_count']++;
936 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
937 }
938
939 $accessdata['loaded'][$coursecontext->instanceid] = 1;
940
941 // we want to deduplicate the USER->access from time to time, this looks like a good place,
942 // because we have to do it before the end of session
943 dedupe_user_access();
944 }
945
946 /**
947 * Add to the access ctrl array the data needed by a role for a given context.
948 *
949 * The data is added in the rdef key.
950 * This role-centric function is useful for role_switching
951 * and temporary course roles.
952 *
953 * @access private
954 * @param int $roleid the id of the user
955 * @param context $context needs path!
956 * @param array $accessdata accessdata array (is modified)
957 * @return array
958 */
959 function load_role_access_by_context($roleid, context $context, &$accessdata) {
960 global $DB, $ACCESSLIB_PRIVATE;
961
962 /* Get the relevant rolecaps into rdef
963 * - relevant role caps
964 * - at ctx and above
965 * - below this ctx
966 */
967
968 if (empty($context->path)) {
969 // weird, this should not happen
970 return;
971 }
972
973 list($parentsaself, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
974 $params['roleid'] = $roleid;
975 $params['childpath'] = $context->path.'/%';
976
977 $sql = "SELECT ctx.path, rc.capability, rc.permission
978 FROM {role_capabilities} rc
979 JOIN {context} ctx ON (rc.contextid = ctx.id)
980 WHERE rc.roleid = :roleid AND (ctx.id $parentsaself OR ctx.path LIKE :childpath)
981 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
982 $rs = $DB->get_recordset_sql($sql, $params);
983
984 $newrdefs = array();
985 foreach ($rs as $rd) {
986 $k = $rd->path.':'.$roleid;
987 if (isset($accessdata['rdef'][$k])) {
988 continue;
989 }
990 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
991 }
992 $rs->close();
993
994 // share new role definitions
995 foreach ($newrdefs as $k=>$unused) {
996 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
997 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
998 }
999 $accessdata['rdef_count']++;
1000 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1001 }
1002 }
1003
1004 /**
1005 * Returns empty accessdata structure.
1006 *
1007 * @access private
1008 * @return array empt accessdata
1009 */
1010 function get_empty_accessdata() {
1011 $accessdata = array(); // named list
1012 $accessdata['ra'] = array();
1013 $accessdata['rdef'] = array();
1014 $accessdata['rdef_count'] = 0; // this bloody hack is necessary because count($array) is slooooowwww in PHP
1015 $accessdata['rdef_lcc'] = 0; // rdef_count during the last compression
1016 $accessdata['loaded'] = array(); // loaded course contexts
1017 $accessdata['time'] = time();
1018 $accessdata['rsw'] = array();
1019
1020 return $accessdata;
1021 }
1022
1023 /**
1024 * Get accessdata for a given user.
1025 *
1026 * @access private
1027 * @param int $userid
1028 * @param bool $preloadonly true means do not return access array
1029 * @return array accessdata
1030 */
1031 function get_user_accessdata($userid, $preloadonly=false) {
1032 global $CFG, $ACCESSLIB_PRIVATE, $USER;
1033
1034 if (!empty($USER->acces['rdef']) and empty($ACCESSLIB_PRIVATE->rolepermissions)) {
1035 // share rdef from USER session with rolepermissions cache in order to conserve memory
1036 foreach($USER->acces['rdef'] as $k=>$v) {
1037 $ACCESSLIB_PRIVATE->rolepermissions[$k] =& $USER->acces['rdef'][$k];
1038 }
1039 $ACCESSLIB_PRIVATE->accessdatabyuser[$USER->id] = $USER->acces;
1040 }
1041
1042 if (!isset($ACCESSLIB_PRIVATE->accessdatabyuser[$userid])) {
1043 if (empty($userid)) {
1044 if (!empty($CFG->notloggedinroleid)) {
1045 $accessdata = get_role_access($CFG->notloggedinroleid);
1046 } else {
1047 // weird
1048 return get_empty_accessdata();
1049 }
1050
1051 } else if (isguestuser($userid)) {
1052 if ($guestrole = get_guest_role()) {
1053 $accessdata = get_role_access($guestrole->id);
1054 } else {
1055 //weird
1056 return get_empty_accessdata();
1057 }
1058
1059 } else {
1060 $accessdata = get_user_access_sitewide($userid); // includes default role and frontpage role
1061 }
1062
1063 $ACCESSLIB_PRIVATE->accessdatabyuser[$userid] = $accessdata;
1064 }
1065
1066 if ($preloadonly) {
1067 return;
1068 } else {
1069 return $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
1070 }
1071 }
1072
1073 /**
1074 * Try to minimise the size of $USER->access by eliminating duplicate override storage,
1075 * this function looks for contexts with the same overrides and shares them.
1076 *
1077 * @access private
1078 * @return void
1079 */
1080 function dedupe_user_access() {
1081 global $USER;
1082
1083 if (CLI_SCRIPT) {
1084 // no session in CLI --> no compression necessary
1085 return;
1086 }
1087
1088 if (empty($USER->access['rdef_count'])) {
1089 // weird, this should not happen
1090 return;
1091 }
1092
1093 // the rdef is growing only, we never remove stuff from it, the rdef_lcc helps us to detect new stuff in rdef
1094 if ($USER->access['rdef_count'] - $USER->access['rdef_lcc'] > 10) {
1095 // do not compress after each change, wait till there is more stuff to be done
1096 return;
1097 }
1098
1099 $hashmap = array();
1100 foreach ($USER->access['rdef'] as $k=>$def) {
1101 $hash = sha1(serialize($def));
1102 if (isset($hashmap[$hash])) {
1103 $USER->access['rdef'][$k] =& $hashmap[$hash];
1104 } else {
1105 $hashmap[$hash] =& $USER->access['rdef'][$k];
1106 }
1107 }
1108
1109 $USER->access['rdef_lcc'] = $USER->access['rdef_count'];
1110 }
1111
1112 /**
1113 * A convenience function to completely load all the capabilities
1114 * for the current user. It is called from has_capability() and functions change permissions.
1115 *
1116 * Call it only _after_ you've setup $USER and called check_enrolment_plugins();
1117 * @see check_enrolment_plugins()
1118 *
1119 * @access private
1120 * @return void
1121 */
1122 function load_all_capabilities() {
1123 global $USER;
1124
1125 // roles not installed yet - we are in the middle of installation
1126 if (during_initial_install()) {
1127 return;
1128 }
1129
1130 if (!isset($USER->id)) {
1131 // this should not happen
1132 $USER->id = 0;
1133 }
1134
1135 unset($USER->access);
1136 $USER->access = get_user_accessdata($USER->id);
1137
1138 // deduplicate the overrides to minimize session size
1139 dedupe_user_access();
1140
1141 // Clear to force a refresh
1142 unset($USER->mycourses);
1143
1144 // init/reset internal enrol caches - active course enrolments and temp access
1145 $USER->enrol = array('enrolled'=>array(), 'tempguest'=>array());
1146 }
1147
1148 /**
1149 * A convenience function to completely reload all the capabilities
1150 * for the current user when roles have been updated in a relevant
1151 * context -- but PRESERVING switchroles and loginas.
1152 * This function resets all accesslib and context caches.
1153 *
1154 * That is - completely transparent to the user.
1155 *
1156 * Note: reloads $USER->access completely.
1157 *
1158 * @access private
1159 * @return void
1160 */
1161 function reload_all_capabilities() {
1162 global $USER, $DB, $ACCESSLIB_PRIVATE;
1163
1164 // copy switchroles
1165 $sw = array();
1166 if (!empty($USER->access['rsw'])) {
1167 $sw = $USER->access['rsw'];
1168 }
1169
1170 accesslib_clear_all_caches(true);
1171 unset($USER->access);
1172 $ACCESSLIB_PRIVATE->dirtycontexts = array(); // prevent dirty flags refetching on this page
1173
1174 load_all_capabilities();
1175
1176 foreach ($sw as $path => $roleid) {
1177 if ($record = $DB->get_record('context', array('path'=>$path))) {
1178 $context = context::instance_by_id($record->id);
1179 role_switch($roleid, $context);
1180 }
1181 }
1182 }
1183
1184 /**
1185 * Adds a temp role to current USER->access array.
1186 *
1187 * Useful for the "temporary guest" access we grant to logged-in users.
1188 * This is useful for enrol plugins only.
1189 *
1190 * @since 2.2
1191 * @param context_course $coursecontext
1192 * @param int $roleid
1193 * @return void
1194 */
1195 function load_temp_course_role(context_course $coursecontext, $roleid) {
1196 global $USER, $SITE;
1197
1198 if (empty($roleid)) {
1199 debugging('invalid role specified in load_temp_course_role()');
1200 return;
1201 }
1202
1203 if ($coursecontext->instanceid == $SITE->id) {
1204 debugging('Can not use temp roles on the frontpage');
1205 return;
1206 }
1207
1208 if (!isset($USER->access)) {
1209 load_all_capabilities();
1210 }
1211
1212 $coursecontext->reload_if_dirty();
1213
1214 if (isset($USER->access['ra'][$coursecontext->path][$roleid])) {
1215 return;
1216 }
1217
1218 // load course stuff first
1219 load_course_context($USER->id, $coursecontext, $USER->access);
1220
1221 $USER->access['ra'][$coursecontext->path][(int)$roleid] = (int)$roleid;
1222
1223 load_role_access_by_context($roleid, $coursecontext, $USER->access);
1224 }
1225
1226 /**
1227 * Removes any extra guest roles from current USER->access array.
1228 * This is useful for enrol plugins only.
1229 *
1230 * @since 2.2
1231 * @param context_course $coursecontext
1232 * @return void
1233 */
1234 function remove_temp_course_roles(context_course $coursecontext) {
1235 global $DB, $USER, $SITE;
1236
1237 if ($coursecontext->instanceid == $SITE->id) {
1238 debugging('Can not use temp roles on the frontpage');
1239 return;
1240 }
1241
1242 if (empty($USER->access['ra'][$coursecontext->path])) {
1243 //no roles here, weird
1244 return;
1245 }
1246
1247 $sql = "SELECT DISTINCT ra.roleid AS id
1248 FROM {role_assignments} ra
1249 WHERE ra.contextid = :contextid AND ra.userid = :userid";
1250 $ras = $DB->get_records_sql($sql, array('contextid'=>$coursecontext->id, 'userid'=>$USER->id));
1251
1252 $USER->access['ra'][$coursecontext->path] = array();
1253 foreach($ras as $r) {
1254 $USER->access['ra'][$coursecontext->path][(int)$r->id] = (int)$r->id;
1255 }
1256 }
1257
1258 /**
1259 * Returns array of all role archetypes.
1260 *
1261 * @return array
1262 */
1263 function get_role_archetypes() {
1264 return array(
1265 'manager' => 'manager',
1266 'coursecreator' => 'coursecreator',
1267 'editingteacher' => 'editingteacher',
1268 'teacher' => 'teacher',
1269 'student' => 'student',
1270 'guest' => 'guest',
1271 'user' => 'user',
1272 'frontpage' => 'frontpage'
1273 );
1274 }
1275
1276 /**
1277 * Assign the defaults found in this capability definition to roles that have
1278 * the corresponding legacy capabilities assigned to them.
1279 *
1280 * @param string $capability
1281 * @param array $legacyperms an array in the format (example):
1282 * 'guest' => CAP_PREVENT,
1283 * 'student' => CAP_ALLOW,
1284 * 'teacher' => CAP_ALLOW,
1285 * 'editingteacher' => CAP_ALLOW,
1286 * 'coursecreator' => CAP_ALLOW,
1287 * 'manager' => CAP_ALLOW
1288 * @return boolean success or failure.
1289 */
1290 function assign_legacy_capabilities($capability, $legacyperms) {
1291
1292 $archetypes = get_role_archetypes();
1293
1294 foreach ($legacyperms as $type => $perm) {
1295
1296 $systemcontext = context_system::instance();
1297 if ($type === 'admin') {
1298 debugging('Legacy type admin in access.php was renamed to manager, please update the code.');
1299 $type = 'manager';
1300 }
1301
1302 if (!array_key_exists($type, $archetypes)) {
1303 print_error('invalidlegacy', '', '', $type);
1304 }
1305
1306 if ($roles = get_archetype_roles($type)) {
1307 foreach ($roles as $role) {
1308 // Assign a site level capability.
1309 if (!assign_capability($capability, $perm, $role->id, $systemcontext->id)) {
1310 return false;
1311 }
1312 }
1313 }
1314 }
1315 return true;
1316 }
1317
1318 /**
1319 * Verify capability risks.
1320 *
1321 * @param stdClass $capability a capability - a row from the capabilities table.
1322 * @return boolean whether this capability is safe - that is, whether people with the
1323 * safeoverrides capability should be allowed to change it.
1324 */
1325 function is_safe_capability($capability) {
1326 return !((RISK_DATALOSS | RISK_MANAGETRUST | RISK_CONFIG | RISK_XSS | RISK_PERSONAL) & $capability->riskbitmask);
1327 }
1328
1329 /**
1330 * Get the local override (if any) for a given capability in a role in a context
1331 *
1332 * @param int $roleid
1333 * @param int $contextid
1334 * @param string $capability
1335 * @return stdClass local capability override
1336 */
1337 function get_local_override($roleid, $contextid, $capability) {
1338 global $DB;
1339 return $DB->get_record('role_capabilities', array('roleid'=>$roleid, 'capability'=>$capability, 'contextid'=>$contextid));
1340 }
1341
1342 /**
1343 * Returns context instance plus related course and cm instances
1344 *
1345 * @param int $contextid
1346 * @return array of ($context, $course, $cm)
1347 */
1348 function get_context_info_array($contextid) {
1349 global $DB;
1350
1351 $context = context::instance_by_id($contextid, MUST_EXIST);
1352 $course = null;
1353 $cm = null;
1354
1355 if ($context->contextlevel == CONTEXT_COURSE) {
1356 $course = $DB->get_record('course', array('id'=>$context->instanceid), '*', MUST_EXIST);
1357
1358 } else if ($context->contextlevel == CONTEXT_MODULE) {
1359 $cm = get_coursemodule_from_id('', $context->instanceid, 0, false, MUST_EXIST);
1360 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1361
1362 } else if ($context->contextlevel == CONTEXT_BLOCK) {
1363 $parent = $context->get_parent_context();
1364
1365 if ($parent->contextlevel == CONTEXT_COURSE) {
1366 $course = $DB->get_record('course', array('id'=>$parent->instanceid), '*', MUST_EXIST);
1367 } else if ($parent->contextlevel == CONTEXT_MODULE) {
1368 $cm = get_coursemodule_from_id('', $parent->instanceid, 0, false, MUST_EXIST);
1369 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1370 }
1371 }
1372
1373 return array($context, $course, $cm);
1374 }
1375
1376 /**
1377 * Function that creates a role
1378 *
1379 * @param string $name role name
1380 * @param string $shortname role short name
1381 * @param string $description role description
1382 * @param string $archetype
1383 * @return int id or dml_exception
1384 */
1385 function create_role($name, $shortname, $description, $archetype = '') {
1386 global $DB;
1387
1388 if (strpos($archetype, 'moodle/legacy:') !== false) {
1389 throw new coding_exception('Use new role archetype parameter in create_role() instead of old legacy capabilities.');
1390 }
1391
1392 // verify role archetype actually exists
1393 $archetypes = get_role_archetypes();
1394 if (empty($archetypes[$archetype])) {
1395 $archetype = '';
1396 }
1397
1398 // Insert the role record.
1399 $role = new stdClass();
1400 $role->name = $name;
1401 $role->shortname = $shortname;
1402 $role->description = $description;
1403 $role->archetype = $archetype;
1404
1405 //find free sortorder number
1406 $role->sortorder = $DB->get_field('role', 'MAX(sortorder) + 1', array());
1407 if (empty($role->sortorder)) {
1408 $role->sortorder = 1;
1409 }
1410 $id = $DB->insert_record('role', $role);
1411
1412 return $id;
1413 }
1414
1415 /**
1416 * Function that deletes a role and cleanups up after it
1417 *
1418 * @param int $roleid id of role to delete
1419 * @return bool always true
1420 */
1421 function delete_role($roleid) {
1422 global $DB;
1423
1424 // first unssign all users
1425 role_unassign_all(array('roleid'=>$roleid));
1426
1427 // cleanup all references to this role, ignore errors
1428 $DB->delete_records('role_capabilities', array('roleid'=>$roleid));
1429 $DB->delete_records('role_allow_assign', array('roleid'=>$roleid));
1430 $DB->delete_records('role_allow_assign', array('allowassign'=>$roleid));
1431 $DB->delete_records('role_allow_override', array('roleid'=>$roleid));
1432 $DB->delete_records('role_allow_override', array('allowoverride'=>$roleid));
1433 $DB->delete_records('role_names', array('roleid'=>$roleid));
1434 $DB->delete_records('role_context_levels', array('roleid'=>$roleid));
1435
1436 // finally delete the role itself
1437 // get this before the name is gone for logging
1438 $rolename = $DB->get_field('role', 'name', array('id'=>$roleid));
1439
1440 $DB->delete_records('role', array('id'=>$roleid));
1441
1442 add_to_log(SITEID, 'role', 'delete', 'admin/roles/action=delete&roleid='.$roleid, $rolename, '');
1443
1444 return true;
1445 }
1446
1447 /**
1448 * Function to write context specific overrides, or default capabilities.
1449 *
1450 * NOTE: use $context->mark_dirty() after this
1451 *
1452 * @param string $capability string name
1453 * @param int $permission CAP_ constants
1454 * @param int $roleid role id
1455 * @param int|context $contextid context id
1456 * @param bool $overwrite
1457 * @return bool always true or exception
1458 */
1459 function assign_capability($capability, $permission, $roleid, $contextid, $overwrite = false) {
1460 global $USER, $DB;
1461
1462 if ($contextid instanceof context) {
1463 $context = $contextid;
1464 } else {
1465 $context = context::instance_by_id($contextid);
1466 }
1467
1468 if (empty($permission) || $permission == CAP_INHERIT) { // if permission is not set
1469 unassign_capability($capability, $roleid, $context->id);
1470 return true;
1471 }
1472
1473 $existing = $DB->get_record('role_capabilities', array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability));
1474
1475 if ($existing and !$overwrite) { // We want to keep whatever is there already
1476 return true;
1477 }
1478
1479 $cap = new stdClass();
1480 $cap->contextid = $context->id;
1481 $cap->roleid = $roleid;
1482 $cap->capability = $capability;
1483 $cap->permission = $permission;
1484 $cap->timemodified = time();
1485 $cap->modifierid = empty($USER->id) ? 0 : $USER->id;
1486
1487 if ($existing) {
1488 $cap->id = $existing->id;
1489 $DB->update_record('role_capabilities', $cap);
1490 } else {
1491 if ($DB->record_exists('context', array('id'=>$context->id))) {
1492 $DB->insert_record('role_capabilities', $cap);
1493 }
1494 }
1495 return true;
1496 }
1497
1498 /**
1499 * Unassign a capability from a role.
1500 *
1501 * NOTE: use $context->mark_dirty() after this
1502 *
1503 * @param string $capability the name of the capability
1504 * @param int $roleid the role id
1505 * @param int|context $contextid null means all contexts
1506 * @return boolean true or exception
1507 */
1508 function unassign_capability($capability, $roleid, $contextid = null) {
1509 global $DB;
1510
1511 if (!empty($contextid)) {
1512 if ($contextid instanceof context) {
1513 $context = $contextid;
1514 } else {
1515 $context = context::instance_by_id($contextid);
1516 }
1517 // delete from context rel, if this is the last override in this context
1518 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid, 'contextid'=>$context->id));
1519 } else {
1520 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid));
1521 }
1522 return true;
1523 }
1524
1525 /**
1526 * Get the roles that have a given capability assigned to it
1527 *
1528 * This function does not resolve the actual permission of the capability.
1529 * It just checks for permissions and overrides.
1530 * Use get_roles_with_cap_in_context() if resolution is required.
1531 *
1532 * @param string $capability capability name (string)
1533 * @param string $permission optional, the permission defined for this capability
1534 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT. Defaults to null which means any.
1535 * @param stdClass $context null means any
1536 * @return array of role records
1537 */
1538 function get_roles_with_capability($capability, $permission = null, $context = null) {
1539 global $DB;
1540
1541 if ($context) {
1542 $contexts = $context->get_parent_context_ids(true);
1543 list($insql, $params) = $DB->get_in_or_equal($contexts, SQL_PARAMS_NAMED, 'ctx');
1544 $contextsql = "AND rc.contextid $insql";
1545 } else {
1546 $params = array();
1547 $contextsql = '';
1548 }
1549
1550 if ($permission) {
1551 $permissionsql = " AND rc.permission = :permission";
1552 $params['permission'] = $permission;
1553 } else {
1554 $permissionsql = '';
1555 }
1556
1557 $sql = "SELECT r.*
1558 FROM {role} r
1559 WHERE r.id IN (SELECT rc.roleid
1560 FROM {role_capabilities} rc
1561 WHERE rc.capability = :capname
1562 $contextsql
1563 $permissionsql)";
1564 $params['capname'] = $capability;
1565
1566
1567 return $DB->get_records_sql($sql, $params);
1568 }
1569
1570 /**
1571 * This function makes a role-assignment (a role for a user in a particular context)
1572 *
1573 * @param int $roleid the role of the id
1574 * @param int $userid userid
1575 * @param int|context $contextid id of the context
1576 * @param string $component example 'enrol_ldap', defaults to '' which means manual assignment,
1577 * @param int $itemid id of enrolment/auth plugin
1578 * @param string $timemodified defaults to current time
1579 * @return int new/existing id of the assignment
1580 */
1581 function role_assign($roleid, $userid, $contextid, $component = '', $itemid = 0, $timemodified = '') {
1582 global $USER, $DB;
1583
1584 // first of all detect if somebody is using old style parameters
1585 if ($contextid === 0 or is_numeric($component)) {
1586 throw new coding_exception('Invalid call to role_assign(), code needs to be updated to use new order of parameters');
1587 }
1588
1589 // now validate all parameters
1590 if (empty($roleid)) {
1591 throw new coding_exception('Invalid call to role_assign(), roleid can not be empty');
1592 }
1593
1594 if (empty($userid)) {
1595 throw new coding_exception('Invalid call to role_assign(), userid can not be empty');
1596 }
1597
1598 if ($itemid) {
1599 if (strpos($component, '_') === false) {
1600 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as"enrol_" when itemid specified', 'component:'.$component);
1601 }
1602 } else {
1603 $itemid = 0;
1604 if ($component !== '' and strpos($component, '_') === false) {
1605 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1606 }
1607 }
1608
1609 if (!$DB->record_exists('user', array('id'=>$userid, 'deleted'=>0))) {
1610 throw new coding_exception('User ID does not exist or is deleted!', 'userid:'.$userid);
1611 }
1612
1613 if ($contextid instanceof context) {
1614 $context = $contextid;
1615 } else {
1616 $context = context::instance_by_id($contextid, MUST_EXIST);
1617 }
1618
1619 if (!$timemodified) {
1620 $timemodified = time();
1621 }
1622
1623 // Check for existing entry
1624 // TODO: Revisit this sql_empty() use once Oracle bindings are improved. MDL-29765
1625 $component = ($component === '') ? $DB->sql_empty() : $component;
1626 $ras = $DB->get_records('role_assignments', array('roleid'=>$roleid, 'contextid'=>$context->id, 'userid'=>$userid, 'component'=>$component, 'itemid'=>$itemid), 'id');
1627
1628 if ($ras) {
1629 // role already assigned - this should not happen
1630 if (count($ras) > 1) {
1631 // very weird - remove all duplicates!
1632 $ra = array_shift($ras);
1633 foreach ($ras as $r) {
1634 $DB->delete_records('role_assignments', array('id'=>$r->id));
1635 }
1636 } else {
1637 $ra = reset($ras);
1638 }
1639
1640 // actually there is no need to update, reset anything or trigger any event, so just return
1641 return $ra->id;
1642 }
1643
1644 // Create a new entry
1645 $ra = new stdClass();
1646 $ra->roleid = $roleid;
1647 $ra->contextid = $context->id;
1648 $ra->userid = $userid;
1649 $ra->component = $component;
1650 $ra->itemid = $itemid;
1651 $ra->timemodified = $timemodified;
1652 $ra->modifierid = empty($USER->id) ? 0 : $USER->id;
1653
1654 $ra->id = $DB->insert_record('role_assignments', $ra);
1655
1656 // mark context as dirty - again expensive, but needed
1657 $context->mark_dirty();
1658
1659 if (!empty($USER->id) && $USER->id == $userid) {
1660 // If the user is the current user, then do full reload of capabilities too.
1661 reload_all_capabilities();
1662 }
1663
1664 events_trigger('role_assigned', $ra);
1665
1666 return $ra->id;
1667 }
1668
1669 /**
1670 * Removes one role assignment
1671 *
1672 * @param int $roleid
1673 * @param int $userid
1674 * @param int|context $contextid
1675 * @param string $component
1676 * @param int $itemid
1677 * @return void
1678 */
1679 function role_unassign($roleid, $userid, $contextid, $component = '', $itemid = 0) {
1680 // first make sure the params make sense
1681 if ($roleid == 0 or $userid == 0 or $contextid == 0) {
1682 throw new coding_exception('Invalid call to role_unassign(), please use role_unassign_all() when removing multiple role assignments');
1683 }
1684
1685 if ($itemid) {
1686 if (strpos($component, '_') === false) {
1687 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as "enrol_" when itemid specified', 'component:'.$component);
1688 }
1689 } else {
1690 $itemid = 0;
1691 if ($component !== '' and strpos($component, '_') === false) {
1692 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1693 }
1694 }
1695
1696 role_unassign_all(array('roleid'=>$roleid, 'userid'=>$userid, 'contextid'=>$contextid, 'component'=>$component, 'itemid'=>$itemid), false, false);
1697 }
1698
1699 /**
1700 * Removes multiple role assignments, parameters may contain:
1701 * 'roleid', 'userid', 'contextid', 'component', 'enrolid'.
1702 *
1703 * @param array $params role assignment parameters
1704 * @param bool $subcontexts unassign in subcontexts too
1705 * @param bool $includemanual include manual role assignments too
1706 * @return void
1707 */
1708 function role_unassign_all(array $params, $subcontexts = false, $includemanual = false) {
1709 global $USER, $CFG, $DB;
1710
1711 if (!$params) {
1712 throw new coding_exception('Missing parameters in role_unsassign_all() call');
1713 }
1714
1715 $allowed = array('roleid', 'userid', 'contextid', 'component', 'itemid');
1716 foreach ($params as $key=>$value) {
1717 if (!in_array($key, $allowed)) {
1718 throw new coding_exception('Unknown role_unsassign_all() parameter key', 'key:'.$key);
1719 }
1720 }
1721
1722 if (isset($params['component']) and $params['component'] !== '' and strpos($params['component'], '_') === false) {
1723 throw new coding_exception('Invalid component paramter in role_unsassign_all() call', 'component:'.$params['component']);
1724 }
1725
1726 if ($includemanual) {
1727 if (!isset($params['component']) or $params['component'] === '') {
1728 throw new coding_exception('include manual parameter requires component parameter in role_unsassign_all() call');
1729 }
1730 }
1731
1732 if ($subcontexts) {
1733 if (empty($params['contextid'])) {
1734 throw new coding_exception('subcontexts paramtere requires component parameter in role_unsassign_all() call');
1735 }
1736 }
1737
1738 // TODO: Revisit this sql_empty() use once Oracle bindings are improved. MDL-29765
1739 if (isset($params['component'])) {
1740 $params['component'] = ($params['component'] === '') ? $DB->sql_empty() : $params['component'];
1741 }
1742 $ras = $DB->get_records('role_assignments', $params);
1743 foreach($ras as $ra) {
1744 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1745 if ($context = context::instance_by_id($ra->contextid, IGNORE_MISSING)) {
1746 // this is a bit expensive but necessary
1747 $context->mark_dirty();
1748 // If the user is the current user, then do full reload of capabilities too.
1749 if (!empty($USER->id) && $USER->id == $ra->userid) {
1750 reload_all_capabilities();
1751 }
1752 }
1753 events_trigger('role_unassigned', $ra);
1754 }
1755 unset($ras);
1756
1757 // process subcontexts
1758 if ($subcontexts and $context = context::instance_by_id($params['contextid'], IGNORE_MISSING)) {
1759 if ($params['contextid'] instanceof context) {
1760 $context = $params['contextid'];
1761 } else {
1762 $context = context::instance_by_id($params['contextid'], IGNORE_MISSING);
1763 }
1764
1765 if ($context) {
1766 $contexts = $context->get_child_contexts();
1767 $mparams = $params;
1768 foreach($contexts as $context) {
1769 $mparams['contextid'] = $context->id;
1770 $ras = $DB->get_records('role_assignments', $mparams);
1771 foreach($ras as $ra) {
1772 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1773 // this is a bit expensive but necessary
1774 $context->mark_dirty();
1775 // If the user is the current user, then do full reload of capabilities too.
1776 if (!empty($USER->id) && $USER->id == $ra->userid) {
1777 reload_all_capabilities();
1778 }
1779 events_trigger('role_unassigned', $ra);
1780 }
1781 }
1782 }
1783 }
1784
1785 // do this once more for all manual role assignments
1786 if ($includemanual) {
1787 $params['component'] = '';
1788 role_unassign_all($params, $subcontexts, false);
1789 }
1790 }
1791
1792 /**
1793 * Determines if a user is currently logged in
1794 *
1795 * @category access
1796 *
1797 * @return bool
1798 */
1799 function isloggedin() {
1800 global $USER;
1801
1802 return (!empty($USER->id));
1803 }
1804
1805 /**
1806 * Determines if a user is logged in as real guest user with username 'guest'.
1807 *
1808 * @category access
1809 *
1810 * @param int|object $user mixed user object or id, $USER if not specified
1811 * @return bool true if user is the real guest user, false if not logged in or other user
1812 */
1813 function isguestuser($user = null) {
1814 global $USER, $DB, $CFG;
1815
1816 // make sure we have the user id cached in config table, because we are going to use it a lot
1817 if (empty($CFG->siteguest)) {
1818 if (!$guestid = $DB->get_field('user', 'id', array('username'=>'guest', 'mnethostid'=>$CFG->mnet_localhost_id))) {
1819 // guest does not exist yet, weird
1820 return false;
1821 }
1822 set_config('siteguest', $guestid);
1823 }
1824 if ($user === null) {
1825 $user = $USER;
1826 }
1827
1828 if ($user === null) {
1829 // happens when setting the $USER
1830 return false;
1831
1832 } else if (is_numeric($user)) {
1833 return ($CFG->siteguest == $user);
1834
1835 } else if (is_object($user)) {
1836 if (empty($user->id)) {
1837 return false; // not logged in means is not be guest
1838 } else {
1839 return ($CFG->siteguest == $user->id);
1840 }
1841
1842 } else {
1843 throw new coding_exception('Invalid user parameter supplied for isguestuser() function!');
1844 }
1845 }
1846
1847 /**
1848 * Does user have a (temporary or real) guest access to course?
1849 *
1850 * @category access
1851 *
1852 * @param context $context
1853 * @param stdClass|int $user
1854 * @return bool
1855 */
1856 function is_guest(context $context, $user = null) {
1857 global $USER;
1858
1859 // first find the course context
1860 $coursecontext = $context->get_course_context();
1861
1862 // make sure there is a real user specified
1863 if ($user === null) {
1864 $userid = isset($USER->id) ? $USER->id : 0;
1865 } else {
1866 $userid = is_object($user) ? $user->id : $user;
1867 }
1868
1869 if (isguestuser($userid)) {
1870 // can not inspect or be enrolled
1871 return true;
1872 }
1873
1874 if (has_capability('moodle/course:view', $coursecontext, $user)) {
1875 // viewing users appear out of nowhere, they are neither guests nor participants
1876 return false;
1877 }
1878
1879 // consider only real active enrolments here
1880 if (is_enrolled($coursecontext, $user, '', true)) {
1881 return false;
1882 }
1883
1884 return true;
1885 }
1886
1887 /**
1888 * Returns true if the user has moodle/course:view capability in the course,
1889 * this is intended for admins, managers (aka small admins), inspectors, etc.
1890 *
1891 * @category access
1892 *
1893 * @param context $context
1894 * @param int|stdClass $user if null $USER is used
1895 * @param string $withcapability extra capability name
1896 * @return bool
1897 */
1898 function is_viewing(context $context, $user = null, $withcapability = '') {
1899 // first find the course context
1900 $coursecontext = $context->get_course_context();
1901
1902 if (isguestuser($user)) {
1903 // can not inspect
1904 return false;
1905 }
1906
1907 if (!has_capability('moodle/course:view', $coursecontext, $user)) {
1908 // admins are allowed to inspect courses
1909 return false;
1910 }
1911
1912 if ($withcapability and !has_capability($withcapability, $context, $user)) {
1913 // site admins always have the capability, but the enrolment above blocks
1914 return false;
1915 }
1916
1917 return true;
1918 }
1919
1920 /**
1921 * Returns true if user is enrolled (is participating) in course
1922 * this is intended for students and teachers.
1923 *
1924 * Since 2.2 the result for active enrolments and current user are cached.
1925 *
1926 * @package core_enrol
1927 * @category access
1928 *
1929 * @param context $context
1930 * @param int|stdClass $user if null $USER is used, otherwise user object or id expected
1931 * @param string $withcapability extra capability name
1932 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
1933 * @return bool
1934 */
1935 function is_enrolled(context $context, $user = null, $withcapability = '', $onlyactive = false) {
1936 global $USER, $DB;
1937
1938 // first find the course context
1939 $coursecontext = $context->get_course_context();
1940
1941 // make sure there is a real user specified
1942 if ($user === null) {
1943 $userid = isset($USER->id) ? $USER->id : 0;
1944 } else {
1945 $userid = is_object($user) ? $user->id : $user;
1946 }
1947
1948 if (empty($userid)) {
1949 // not-logged-in!
1950 return false;
1951 } else if (isguestuser($userid)) {
1952 // guest account can not be enrolled anywhere
1953 return false;
1954 }
1955
1956 if ($coursecontext->instanceid == SITEID) {
1957 // everybody participates on frontpage
1958 } else {
1959 // try cached info first - the enrolled flag is set only when active enrolment present
1960 if ($USER->id == $userid) {
1961 $coursecontext->reload_if_dirty();
1962 if (isset($USER->enrol['enrolled'][$coursecontext->instanceid])) {
1963 if ($USER->enrol['enrolled'][$coursecontext->instanceid] > time()) {
1964 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
1965 return false;
1966 }
1967 return true;
1968 }
1969 }
1970 }
1971
1972 if ($onlyactive) {
1973 // look for active enrolments only
1974 $until = enrol_get_enrolment_end($coursecontext->instanceid, $userid);
1975
1976 if ($until === false) {
1977 return false;
1978 }
1979
1980 if ($USER->id == $userid) {
1981 if ($until == 0) {
1982 $until = ENROL_MAX_TIMESTAMP;
1983 }
1984 $USER->enrol['enrolled'][$coursecontext->instanceid] = $until;
1985 if (isset($USER->enrol['tempguest'][$coursecontext->instanceid])) {
1986 unset($USER->enrol['tempguest'][$coursecontext->instanceid]);
1987 remove_temp_course_roles($coursecontext);
1988 }
1989 }
1990
1991 } else {
1992 // any enrolment is good for us here, even outdated, disabled or inactive
1993 $sql = "SELECT 'x'
1994 FROM {user_enrolments} ue
1995 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :courseid)
1996 JOIN {user} u ON u.id = ue.userid
1997 WHERE ue.userid = :userid AND u.deleted = 0";
1998 $params = array('userid'=>$userid, 'courseid'=>$coursecontext->instanceid);
1999 if (!$DB->record_exists_sql($sql, $params)) {
2000 return false;
2001 }
2002 }
2003 }
2004
2005 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2006 return false;
2007 }
2008
2009 return true;
2010 }
2011
2012 /**
2013 * Returns true if the user is able to access the course.
2014 *
2015 * This function is in no way, shape, or form a substitute for require_login.
2016 * It should only be used in circumstances where it is not possible to call require_login
2017 * such as the navigation.
2018 *
2019 * This function checks many of the methods of access to a course such as the view
2020 * capability, enrollments, and guest access. It also makes use of the cache
2021 * generated by require_login for guest access.
2022 *
2023 * The flags within the $USER object that are used here should NEVER be used outside
2024 * of this function can_access_course and require_login. Doing so WILL break future
2025 * versions.
2026 *
2027 * @param stdClass $course record
2028 * @param stdClass|int|null $user user record or id, current user if null
2029 * @param string $withcapability Check for this capability as well.
2030 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2031 * @return boolean Returns true if the user is able to access the course
2032 */
2033 function can_access_course(stdClass $course, $user = null, $withcapability = '', $onlyactive = false) {
2034 global $DB, $USER;
2035
2036 // this function originally accepted $coursecontext parameter
2037 if ($course instanceof context) {
2038 if ($course instanceof context_course) {
2039 debugging('deprecated context parameter, please use $course record');
2040 $coursecontext = $course;
2041 $course = $DB->get_record('course', array('id'=>$coursecontext->instanceid));
2042 } else {
2043 debugging('Invalid context parameter, please use $course record');
2044 return false;
2045 }
2046 } else {
2047 $coursecontext = context_course::instance($course->id);
2048 }
2049
2050 if (!isset($USER->id)) {
2051 // should never happen
2052 $USER->id = 0;
2053 }
2054
2055 // make sure there is a user specified
2056 if ($user === null) {
2057 $userid = $USER->id;
2058 } else {
2059 $userid = is_object($user) ? $user->id : $user;
2060 }
2061 unset($user);
2062
2063 if ($withcapability and !has_capability($withcapability, $coursecontext, $userid)) {
2064 return false;
2065 }
2066
2067 if ($userid == $USER->id) {
2068 if (!empty($USER->access['rsw'][$coursecontext->path])) {
2069 // the fact that somebody switched role means they can access the course no matter to what role they switched
2070 return true;
2071 }
2072 }
2073
2074 if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext, $userid)) {
2075 return false;
2076 }
2077
2078 if (is_viewing($coursecontext, $userid)) {
2079 return true;
2080 }
2081
2082 if ($userid != $USER->id) {
2083 // for performance reasons we do not verify temporary guest access for other users, sorry...
2084 return is_enrolled($coursecontext, $userid, '', $onlyactive);
2085 }
2086
2087 // === from here we deal only with $USER ===
2088
2089 $coursecontext->reload_if_dirty();
2090
2091 if (isset($USER->enrol['enrolled'][$course->id])) {
2092 if ($USER->enrol['enrolled'][$course->id] > time()) {
2093 return true;
2094 }
2095 }
2096 if (isset($USER->enrol['tempguest'][$course->id])) {
2097 if ($USER->enrol['tempguest'][$course->id] > time()) {
2098 return true;
2099 }
2100 }
2101
2102 if (is_enrolled($coursecontext, $USER, '', $onlyactive)) {
2103 return true;
2104 }
2105
2106 // if not enrolled try to gain temporary guest access
2107 $instances = $DB->get_records('enrol', array('courseid'=>$course->id, 'status'=>ENROL_INSTANCE_ENABLED), 'sortorder, id ASC');
2108 $enrols = enrol_get_plugins(true);
2109 foreach($instances as $instance) {
2110 if (!isset($enrols[$instance->enrol])) {
2111 continue;
2112 }
2113 // Get a duration for the guest access, a timestamp in the future, 0 (always) or false.
2114 $until = $enrols[$instance->enrol]->try_guestaccess($instance);
2115 if ($until !== false and $until > time()) {
2116 $USER->enrol['tempguest'][$course->id] = $until;
2117 return true;
2118 }
2119 }
2120 if (isset($USER->enrol['tempguest'][$course->id])) {
2121 unset($USER->enrol['tempguest'][$course->id]);
2122 remove_temp_course_roles($coursecontext);
2123 }
2124
2125 return false;
2126 }
2127
2128 /**
2129 * Returns array with sql code and parameters returning all ids
2130 * of users enrolled into course.
2131 *
2132 * This function is using 'eu[0-9]+_' prefix for table names and parameters.
2133 *
2134 * @package core_enrol
2135 * @category access
2136 *
2137 * @param context $context
2138 * @param string $withcapability
2139 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2140 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2141 * @return array list($sql, $params)
2142 */
2143 function get_enrolled_sql(context $context, $withcapability = '', $groupid = 0, $onlyactive = false) {
2144 global $DB, $CFG;
2145
2146 // use unique prefix just in case somebody makes some SQL magic with the result
2147 static $i = 0;
2148 $i++;
2149 $prefix = 'eu'.$i.'_';
2150
2151 // first find the course context
2152 $coursecontext = $context->get_course_context();
2153
2154 $isfrontpage = ($coursecontext->instanceid == SITEID);
2155
2156 $joins = array();
2157 $wheres = array();
2158 $params = array();
2159
2160 list($contextids, $contextpaths) = get_context_info_list($context);
2161
2162 // get all relevant capability info for all roles
2163 if ($withcapability) {
2164 list($incontexts, $cparams) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'ctx');
2165 $cparams['cap'] = $withcapability;
2166
2167 $defs = array();
2168 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.path
2169 FROM {role_capabilities} rc
2170 JOIN {context} ctx on rc.contextid = ctx.id
2171 WHERE rc.contextid $incontexts AND rc.capability = :cap";
2172 $rcs = $DB->get_records_sql($sql, $cparams);
2173 foreach ($rcs as $rc) {
2174 $defs[$rc->path][$rc->roleid] = $rc->permission;
2175 }
2176
2177 $access = array();
2178 if (!empty($defs)) {
2179 foreach ($contextpaths as $path) {
2180 if (empty($defs[$path])) {
2181 continue;
2182 }
2183 foreach($defs[$path] as $roleid => $perm) {
2184 if ($perm == CAP_PROHIBIT) {
2185 $access[$roleid] = CAP_PROHIBIT;
2186 continue;
2187 }
2188 if (!isset($access[$roleid])) {
2189 $access[$roleid] = (int)$perm;
2190 }
2191 }
2192 }
2193 }
2194
2195 unset($defs);
2196
2197 // make lists of roles that are needed and prohibited
2198 $needed = array(); // one of these is enough
2199 $prohibited = array(); // must not have any of these
2200 foreach ($access as $roleid => $perm) {
2201 if ($perm == CAP_PROHIBIT) {
2202 unset($needed[$roleid]);
2203 $prohibited[$roleid] = true;
2204 } else if ($perm == CAP_ALLOW and empty($prohibited[$roleid])) {
2205 $needed[$roleid] = true;
2206 }
2207 }
2208
2209 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
2210 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
2211
2212 $nobody = false;
2213
2214 if ($isfrontpage) {
2215 if (!empty($prohibited[$defaultuserroleid]) or !empty($prohibited[$defaultfrontpageroleid])) {
2216 $nobody = true;
2217 } else if (!empty($needed[$defaultuserroleid]) or !empty($needed[$defaultfrontpageroleid])) {
2218 // everybody not having prohibit has the capability
2219 $needed = array();
2220 } else if (empty($needed)) {
2221 $nobody = true;
2222 }
2223 } else {
2224 if (!empty($prohibited[$defaultuserroleid])) {
2225 $nobody = true;
2226 } else if (!empty($needed[$defaultuserroleid])) {
2227 // everybody not having prohibit has the capability
2228 $needed = array();
2229 } else if (empty($needed)) {
2230 $nobody = true;
2231 }
2232 }
2233
2234 if ($nobody) {
2235 // nobody can match so return some SQL that does not return any results
2236 $wheres[] = "1 = 2";
2237
2238 } else {
2239
2240 if ($needed) {
2241 $ctxids = implode(',', $contextids);
2242 $roleids = implode(',', array_keys($needed));
2243 $joins[] = "JOIN {role_assignments} {$prefix}ra3 ON ({$prefix}ra3.userid = {$prefix}u.id AND {$prefix}ra3.roleid IN ($roleids) AND {$prefix}ra3.contextid IN ($ctxids))";
2244 }
2245
2246 if ($prohibited) {
2247 $ctxids = implode(',', $contextids);
2248 $roleids = implode(',', array_keys($prohibited));
2249 $joins[] = "LEFT JOIN {role_assignments} {$prefix}ra4 ON ({$prefix}ra4.userid = {$prefix}u.id AND {$prefix}ra4.roleid IN ($roleids) AND {$prefix}ra4.contextid IN ($ctxids))";
2250 $wheres[] = "{$prefix}ra4.id IS NULL";
2251 }
2252
2253 if ($groupid) {
2254 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2255 $params["{$prefix}gmid"] = $groupid;
2256 }
2257 }
2258
2259 } else {
2260 if ($groupid) {
2261 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2262 $params["{$prefix}gmid"] = $groupid;
2263 }
2264 }
2265
2266 $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
2267 $params["{$prefix}guestid"] = $CFG->siteguest;
2268
2269 if ($isfrontpage) {
2270 // all users are "enrolled" on the frontpage
2271 } else {
2272 $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$prefix}u.id";
2273 $joins[] = "JOIN {enrol} {$prefix}e ON ({$prefix}e.id = {$prefix}ue.enrolid AND {$prefix}e.courseid = :{$prefix}courseid)";
2274 $params[$prefix.'courseid'] = $coursecontext->instanceid;
2275
2276 if ($onlyactive) {
2277 $wheres[] = "{$prefix}ue.status = :{$prefix}active AND {$prefix}e.status = :{$prefix}enabled";
2278 $wheres[] = "{$prefix}ue.timestart < :{$prefix}now1 AND ({$prefix}ue.timeend = 0 OR {$prefix}ue.timeend > :{$prefix}now2)";
2279 $now = round(time(), -2); // rounding helps caching in DB
2280 $params = array_merge($params, array($prefix.'enabled'=>ENROL_INSTANCE_ENABLED,
2281 $prefix.'active'=>ENROL_USER_ACTIVE,
2282 $prefix.'now1'=>$now, $prefix.'now2'=>$now));
2283 }
2284 }
2285
2286 $joins = implode("\n", $joins);
2287 $wheres = "WHERE ".implode(" AND ", $wheres);
2288
2289 $sql = "SELECT DISTINCT {$prefix}u.id
2290 FROM {user} {$prefix}u
2291 $joins
2292 $wheres";
2293
2294 return array($sql, $params);
2295 }
2296
2297 /**
2298 * Returns list of users enrolled into course.
2299 *
2300 * @package core_enrol
2301 * @category access
2302 *
2303 * @param context $context
2304 * @param string $withcapability
2305 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2306 * @param string $userfields requested user record fields
2307 * @param string $orderby
2308 * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
2309 * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
2310 * @return array of user records
2311 */
2312 function get_enrolled_users(context $context, $withcapability = '', $groupid = 0, $userfields = 'u.*', $orderby = '', $limitfrom = 0, $limitnum = 0) {
2313 global $DB;
2314
2315 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid);
2316 $sql = "SELECT $userfields
2317 FROM {user} u
2318 JOIN ($esql) je ON je.id = u.id
2319 WHERE u.deleted = 0";
2320
2321 if ($orderby) {
2322 $sql = "$sql ORDER BY $orderby";
2323 } else {
2324 $sql = "$sql ORDER BY u.lastname ASC, u.firstname ASC";
2325 }
2326
2327 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
2328 }
2329
2330 /**
2331 * Counts list of users enrolled into course (as per above function)
2332 *
2333 * @package core_enrol
2334 * @category access
2335 *
2336 * @param context $context
2337 * @param string $withcapability
2338 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2339 * @return array of user records
2340 */
2341 function count_enrolled_users(context $context, $withcapability = '', $groupid = 0) {
2342 global $DB;
2343
2344 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid);
2345 $sql = "SELECT count(u.id)
2346 FROM {user} u
2347 JOIN ($esql) je ON je.id = u.id
2348 WHERE u.deleted = 0";
2349
2350 return $DB->count_records_sql($sql, $params);
2351 }
2352
2353 /**
2354 * Loads the capability definitions for the component (from file).
2355 *
2356 * Loads the capability definitions for the component (from file). If no
2357 * capabilities are defined for the component, we simply return an empty array.
2358 *
2359 * @access private
2360 * @param string $component full plugin name, examples: 'moodle', 'mod_forum'
2361 * @return array array of capabilities
2362 */
2363 function load_capability_def($component) {
2364 $defpath = get_component_directory($component).'/db/access.php';
2365
2366 $capabilities = array();
2367 if (file_exists($defpath)) {
2368 require($defpath);
2369 if (!empty(${$component.'_capabilities'})) {
2370 // BC capability array name
2371 // since 2.0 we prefer $capabilities instead - it is easier to use and matches db/* files
2372 debugging('componentname_capabilities array is deprecated, please use $capabilities array only in access.php files');
2373 $capabilities = ${$component.'_capabilities'};
2374 }
2375 }
2376
2377 return $capabilities;
2378 }
2379
2380 /**
2381 * Gets the capabilities that have been cached in the database for this component.
2382 *
2383 * @access private
2384 * @param string $component - examples: 'moodle', 'mod_forum'
2385 * @return array array of capabilities
2386 */
2387 function get_cached_capabilities($component = 'moodle') {
2388 global $DB;
2389 return $DB->get_records('capabilities', array('component'=>$component));
2390 }
2391
2392 /**
2393 * Returns default capabilities for given role archetype.
2394 *
2395 * @param string $archetype role archetype
2396 * @return array
2397 */
2398 function get_default_capabilities($archetype) {
2399 global $DB;
2400
2401 if (!$archetype) {
2402 return array();
2403 }
2404
2405 $alldefs = array();
2406 $defaults = array();
2407 $components = array();
2408 $allcaps = $DB->get_records('capabilities');
2409
2410 foreach ($allcaps as $cap) {
2411 if (!in_array($cap->component, $components)) {
2412 $components[] = $cap->component;
2413 $alldefs = array_merge($alldefs, load_capability_def($cap->component));
2414 }
2415 }
2416 foreach($alldefs as $name=>$def) {
2417 // Use array 'archetypes if available. Only if not specified, use 'legacy'.
2418 if (isset($def['archetypes'])) {
2419 if (isset($def['archetypes'][$archetype])) {
2420 $defaults[$name] = $def['archetypes'][$archetype];
2421 }
2422 // 'legacy' is for backward compatibility with 1.9 access.php
2423 } else {
2424 if (isset($def['legacy'][$archetype])) {
2425 $defaults[$name] = $def['legacy'][$archetype];
2426 }
2427 }
2428 }
2429
2430 return $defaults;
2431 }
2432
2433 /**
2434 * Reset role capabilities to default according to selected role archetype.
2435 * If no archetype selected, removes all capabilities.
2436 *
2437 * @param int $roleid
2438 * @return void
2439 */
2440 function reset_role_capabilities($roleid) {
2441 global $DB;
2442
2443 $role = $DB->get_record('role', array('id'=>$roleid), '*', MUST_EXIST);
2444 $defaultcaps = get_default_capabilities($role->archetype);
2445
2446 $systemcontext = context_system::instance();
2447
2448 $DB->delete_records('role_capabilities', array('roleid'=>$roleid));
2449
2450 foreach($defaultcaps as $cap=>$permission) {
2451 assign_capability($cap, $permission, $roleid, $systemcontext->id);
2452 }
2453 }
2454
2455 /**
2456 * Updates the capabilities table with the component capability definitions.
2457 * If no parameters are given, the function updates the core moodle
2458 * capabilities.
2459 *
2460 * Note that the absence of the db/access.php capabilities definition file
2461 * will cause any stored capabilities for the component to be removed from
2462 * the database.
2463 *
2464 * @access private
2465 * @param string $component examples: 'moodle', 'mod/forum', 'block/quiz_results'
2466 * @return boolean true if success, exception in case of any problems
2467 */
2468 function update_capabilities($component = 'moodle') {
2469 global $DB, $OUTPUT;
2470
2471 $storedcaps = array();
2472
2473 $filecaps = load_capability_def($component);
2474 foreach($filecaps as $capname=>$unused) {
2475 if (!preg_match('|^[a-z]+/[a-z_0-9]+:[a-z_0-9]+$|', $capname)) {
2476 debugging("Coding problem: Invalid capability name '$capname', use 'clonepermissionsfrom' field for migration.");
2477 }
2478 }
2479
2480 $cachedcaps = get_cached_capabilities($component);
2481 if ($cachedcaps) {
2482 foreach ($cachedcaps as $cachedcap) {
2483 array_push($storedcaps, $cachedcap->name);
2484 // update risk bitmasks and context levels in existing capabilities if needed
2485 if (array_key_exists($cachedcap->name, $filecaps)) {
2486 if (!array_key_exists('riskbitmask', $filecaps[$cachedcap->name])) {
2487 $filecaps[$cachedcap->name]['riskbitmask'] = 0; // no risk if not specified
2488 }
2489 if ($cachedcap->captype != $filecaps[$cachedcap->name]['captype']) {
2490 $updatecap = new stdClass();
2491 $updatecap->id = $cachedcap->id;
2492 $updatecap->captype = $filecaps[$cachedcap->name]['captype'];
2493 $DB->update_record('capabilities', $updatecap);
2494 }
2495 if ($cachedcap->riskbitmask != $filecaps[$cachedcap->name]['riskbitmask']) {
2496 $updatecap = new stdClass();
2497 $updatecap->id = $cachedcap->id;
2498 $updatecap->riskbitmask = $filecaps[$cachedcap->name]['riskbitmask'];
2499 $DB->update_record('capabilities', $updatecap);
2500 }
2501
2502 if (!array_key_exists('contextlevel', $filecaps[$cachedcap->name])) {
2503 $filecaps[$cachedcap->name]['contextlevel'] = 0; // no context level defined
2504 }
2505 if ($cachedcap->contextlevel != $filecaps[$cachedcap->name]['contextlevel']) {
2506 $updatecap = new stdClass();
2507 $updatecap->id = $cachedcap->id;
2508 $updatecap->contextlevel = $filecaps[$cachedcap->name]['contextlevel'];
2509 $DB->update_record('capabilities', $updatecap);
2510 }
2511 }
2512 }
2513 }
2514
2515 // Are there new capabilities in the file definition?
2516 $newcaps = array();
2517
2518 foreach ($filecaps as $filecap => $def) {
2519 if (!$storedcaps ||
2520 ($storedcaps && in_array($filecap, $storedcaps) === false)) {
2521 if (!array_key_exists('riskbitmask', $def)) {
2522 $def['riskbitmask'] = 0; // no risk if not specified
2523 }
2524 $newcaps[$filecap] = $def;
2525 }
2526 }
2527 // Add new capabilities to the stored definition.
2528 $existingcaps = $DB->get_records_menu('capabilities', array(), 'id', 'id, name');
2529 foreach ($newcaps as $capname => $capdef) {
2530 $capability = new stdClass();
2531 $capability->name = $capname;
2532 $capability->captype = $capdef['captype'];
2533 $capability->contextlevel = $capdef['contextlevel'];
2534 $capability->component = $component;
2535 $capability->riskbitmask = $capdef['riskbitmask'];
2536
2537 $DB->insert_record('capabilities', $capability, false);
2538
2539 if (isset($capdef['clonepermissionsfrom']) && in_array($capdef['clonepermissionsfrom'], $existingcaps)){
2540 if ($rolecapabilities = $DB->get_records('role_capabilities', array('capability'=>$capdef['clonepermissionsfrom']))){
2541 foreach ($rolecapabilities as $rolecapability){
2542 //assign_capability will update rather than insert if capability exists
2543 if (!assign_capability($capname, $rolecapability->permission,
2544 $rolecapability->roleid, $rolecapability->contextid, true)){
2545 echo $OUTPUT->notification('Could not clone capabilities for '.$capname);
2546 }
2547 }
2548 }
2549 // we ignore archetype key if we have cloned permissions
2550 } else if (isset($capdef['archetypes']) && is_array($capdef['archetypes'])) {
2551 assign_legacy_capabilities($capname, $capdef['archetypes']);
2552 // 'legacy' is for backward compatibility with 1.9 access.php
2553 } else if (isset($capdef['legacy']) && is_array($capdef['legacy'])) {
2554 assign_legacy_capabilities($capname, $capdef['legacy']);
2555 }
2556 }
2557 // Are there any capabilities that have been removed from the file
2558 // definition that we need to delete from the stored capabilities and
2559 // role assignments?
2560 capabilities_cleanup($component, $filecaps);
2561
2562 // reset static caches
2563 accesslib_clear_all_caches(false);
2564
2565 return true;
2566 }
2567
2568 /**
2569 * Deletes cached capabilities that are no longer needed by the component.
2570 * Also unassigns these capabilities from any roles that have them.
2571 *
2572 * @access private
2573 * @param string $component examples: 'moodle', 'mod_forum', 'block_quiz_results'
2574 * @param array $newcapdef array of the new capability definitions that will be
2575 * compared with the cached capabilities
2576 * @return int number of deprecated capabilities that have been removed
2577 */
2578 function capabilities_cleanup($component, $newcapdef = null) {
2579 global $DB;
2580
2581 $removedcount = 0;
2582
2583 if ($cachedcaps = get_cached_capabilities($component)) {
2584 foreach ($cachedcaps as $cachedcap) {
2585 if (empty($newcapdef) ||
2586 array_key_exists($cachedcap->name, $newcapdef) === false) {
2587
2588 // Remove from capabilities cache.
2589 $DB->delete_records('capabilities', array('name'=>$cachedcap->name));
2590 $removedcount++;
2591 // Delete from roles.
2592 if ($roles = get_roles_with_capability($cachedcap->name)) {
2593 foreach($roles as $role) {
2594 if (!unassign_capability($cachedcap->name, $role->id)) {
2595 print_error('cannotunassigncap', 'error', '', (object)array('cap'=>$cachedcap->name, 'role'=>$role->name));
2596 }
2597 }
2598 }
2599 } // End if.
2600 }
2601 }
2602 return $removedcount;
2603 }
2604
2605 /**
2606 * Returns an array of all the known types of risk
2607 * The array keys can be used, for example as CSS class names, or in calls to
2608 * print_risk_icon. The values are the corresponding RISK_ constants.
2609 *
2610 * @return array all the known types of risk.
2611 */
2612 function get_all_risks() {
2613 return array(
2614 'riskmanagetrust' => RISK_MANAGETRUST,
2615 'riskconfig' => RISK_CONFIG,
2616 'riskxss' => RISK_XSS,
2617 'riskpersonal' => RISK_PERSONAL,
2618 'riskspam' => RISK_SPAM,
2619 'riskdataloss' => RISK_DATALOSS,
2620 );
2621 }
2622
2623 /**
2624 * Return a link to moodle docs for a given capability name
2625 *
2626 * @param stdClass $capability a capability - a row from the mdl_capabilities table.
2627 * @return string the human-readable capability name as a link to Moodle Docs.
2628 */
2629 function get_capability_docs_link($capability) {
2630 $url = get_docs_url('Capabilities/' . $capability->name);
2631 return '<a onclick="this.target=\'docspopup\'" href="' . $url . '">' . get_capability_string($capability->name) . '</a>';
2632 }
2633
2634 /**
2635 * This function pulls out all the resolved capabilities (overrides and
2636 * defaults) of a role used in capability overrides in contexts at a given
2637 * context.
2638 *
2639 * @param int $roleid
2640 * @param context $context
2641 * @param string $cap capability, optional, defaults to ''
2642 * @return array Array of capabilities
2643 */
2644 function role_context_capabilities($roleid, context $context, $cap = '') {
2645 global $DB;
2646
2647 $contexts = $context->get_parent_context_ids(true);
2648 $contexts = '('.implode(',', $contexts).')';
2649
2650 $params = array($roleid);
2651
2652 if ($cap) {
2653 $search = " AND rc.capability = ? ";
2654 $params[] = $cap;
2655 } else {
2656 $search = '';
2657 }
2658
2659 $sql = "SELECT rc.*
2660 FROM {role_capabilities} rc, {context} c
2661 WHERE rc.contextid in $contexts
2662 AND rc.roleid = ?
2663 AND rc.contextid = c.id $search
2664 ORDER BY c.contextlevel DESC, rc.capability DESC";
2665
2666 $capabilities = array();
2667
2668 if ($records = $DB->get_records_sql($sql, $params)) {
2669 // We are traversing via reverse order.
2670 foreach ($records as $record) {
2671 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
2672 if (!isset($capabilities[$record->capability]) || $record->permission<-500) {
2673 $capabilities[$record->capability] = $record->permission;
2674 }
2675 }
2676 }
2677 return $capabilities;
2678 }
2679
2680 /**
2681 * Constructs array with contextids as first parameter and context paths,
2682 * in both cases bottom top including self.
2683 *
2684 * @access private
2685 * @param context $context
2686 * @return array
2687 */
2688 function get_context_info_list(context $context) {
2689 $contextids = explode('/', ltrim($context->path, '/'));
2690 $contextpaths = array();
2691 $contextids2 = $contextids;
2692 while ($contextids2) {
2693 $contextpaths[] = '/' . implode('/', $contextids2);
2694 array_pop($contextids2);
2695 }
2696 return array($contextids, $contextpaths);
2697 }
2698
2699 /**
2700 * Check if context is the front page context or a context inside it
2701 *
2702 * Returns true if this context is the front page context, or a context inside it,
2703 * otherwise false.
2704 *
2705 * @param context $context a context object.
2706 * @return bool
2707 */
2708 function is_inside_frontpage(context $context) {
2709 $frontpagecontext = context_course::instance(SITEID);
2710 return strpos($context->path . '/', $frontpagecontext->path . '/') === 0;
2711 }
2712
2713 /**
2714 * Returns capability information (cached)
2715 *
2716 * @param string $capabilityname
2717 * @return stdClass or null if capability not found
2718 */
2719 function get_capability_info($capabilityname) {
2720 global $ACCESSLIB_PRIVATE, $DB; // one request per page only
2721
2722 //TODO: MUC - this could be cached in shared memory, it would eliminate 1 query per page
2723
2724 if (empty($ACCESSLIB_PRIVATE->capabilities)) {
2725 $ACCESSLIB_PRIVATE->capabilities = array();
2726 $caps = $DB->get_records('capabilities', array(), 'id, name, captype, riskbitmask');
2727 foreach ($caps as $cap) {
2728 $capname = $cap->name;
2729 unset($cap->id);
2730 unset($cap->name);
2731 $cap->riskbitmask = (int)$cap->riskbitmask;
2732 $ACCESSLIB_PRIVATE->capabilities[$capname] = $cap;
2733 }
2734 }
2735
2736 return isset($ACCESSLIB_PRIVATE->capabilities[$capabilityname]) ? $ACCESSLIB_PRIVATE->capabilities[$capabilityname] : null;
2737 }
2738
2739 /**
2740 * Returns the human-readable, translated version of the capability.
2741 * Basically a big switch statement.
2742 *
2743 * @param string $capabilityname e.g. mod/choice:readresponses
2744 * @return string
2745 */
2746 function get_capability_string($capabilityname) {
2747
2748 // Typical capability name is 'plugintype/pluginname:capabilityname'
2749 list($type, $name, $capname) = preg_split('|[/:]|', $capabilityname);
2750
2751 if ($type === 'moodle') {
2752 $component = 'core_role';
2753 } else if ($type === 'quizreport') {
2754 //ugly hack!!
2755 $component = 'quiz_'.$name;
2756 } else {
2757 $component = $type.'_'.$name;
2758 }
2759
2760 $stringname = $name.':'.$capname;
2761
2762 if ($component === 'core_role' or get_string_manager()->string_exists($stringname, $component)) {
2763 return get_string($stringname, $component);
2764 }
2765
2766 $dir = get_component_directory($component);
2767 if (!file_exists($dir)) {
2768 // plugin broken or does not exist, do not bother with printing of debug message
2769 return $capabilityname.' ???';
2770 }
2771
2772 // something is wrong in plugin, better print debug
2773 return get_string($stringname, $component);
2774 }
2775
2776 /**
2777 * This gets the mod/block/course/core etc strings.
2778 *
2779 * @param string $component
2780 * @param int $contextlevel
2781 * @return string|bool String is success, false if failed
2782 */
2783 function get_component_string($component, $contextlevel) {
2784
2785 if ($component === 'moodle' or $component === 'core') {
2786 switch ($contextlevel) {
2787 // TODO: this should probably use context level names instead
2788 case CONTEXT_SYSTEM: return get_string('coresystem');
2789 case CONTEXT_USER: return get_string('users');
2790 case CONTEXT_COURSECAT: return get_string('categories');
2791 case CONTEXT_COURSE: return get_string('course');
2792 case CONTEXT_MODULE: return get_string('activities');
2793 case CONTEXT_BLOCK: return get_string('block');
2794 default: print_error('unknowncontext');
2795 }
2796 }
2797
2798 list($type, $name) = normalize_component($component);
2799 $dir = get_plugin_directory($type, $name);
2800 if (!file_exists($dir)) {
2801 // plugin not installed, bad luck, there is no way to find the name
2802 return $component.' ???';
2803 }
2804
2805 switch ($type) {
2806 // TODO: this is really hacky, anyway it should be probably moved to lib/pluginlib.php
2807 case 'quiz': return get_string($name.':componentname', $component);// insane hack!!!
2808 case 'repository': return get_string('repository', 'repository').': '.get_string('pluginname', $component);
2809 case 'gradeimport': return get_string('gradeimport', 'grades').': '.get_string('pluginname', $component);
2810 case 'gradeexport': return get_string('gradeexport', 'grades').': '.get_string('pluginname', $component);
2811 case 'gradereport': return get_string('gradereport', 'grades').': '.get_string('pluginname', $component);
2812 case 'webservice': return get_string('webservice', 'webservice').': '.get_string('pluginname', $component);
2813 case 'block': return get_string('block').': '.get_string('pluginname', basename($component));
2814 case 'mod':
2815 if (get_string_manager()->string_exists('pluginname', $component)) {
2816 return get_string('activity').': '.get_string('pluginname', $component);
2817 } else {
2818 return get_string('activity').': '.get_string('modulename', $component);
2819 }
2820 default: return get_string('pluginname', $component);
2821 }
2822 }
2823
2824 /**
2825 * Gets the list of roles assigned to this context and up (parents)
2826 * from the list of roles that are visible on user profile page
2827 * and participants page.
2828 *
2829 * @param context $context
2830 * @return array
2831 */
2832 function get_profile_roles(context $context) {
2833 global $CFG, $DB;
2834
2835 if (empty($CFG->profileroles)) {
2836 return array();
2837 }
2838
2839 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
2840 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
2841 $params = array_merge($params, $cparams);
2842
2843 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder
2844 FROM {role_assignments} ra, {role} r
2845 WHERE r.id = ra.roleid
2846 AND ra.contextid $contextlist
2847 AND r.id $rallowed
2848 ORDER BY r.sortorder ASC";
2849
2850 return $DB->get_records_sql($sql, $params);
2851 }
2852
2853 /**
2854 * Gets the list of roles assigned to this context and up (parents)
2855 *
2856 * @param context $context
2857 * @return array
2858 */
2859 function get_roles_used_in_context(context $context) {
2860 global $DB;
2861
2862 list($contextlist, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true));
2863
2864 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder
2865 FROM {role_assignments} ra, {role} r
2866 WHERE r.id = ra.roleid
2867 AND ra.contextid $contextlist
2868 ORDER BY r.sortorder ASC";
2869
2870 return $DB->get_records_sql($sql, $params);
2871 }
2872
2873 /**
2874 * This function is used to print roles column in user profile page.
2875 * It is using the CFG->profileroles to limit the list to only interesting roles.
2876 * (The permission tab has full details of user role assignments.)
2877 *
2878 * @param int $userid
2879 * @param int $courseid
2880 * @return string
2881 */
2882 function get_user_roles_in_course($userid, $courseid) {
2883 global $CFG, $DB;
2884
2885 if (empty($CFG->profileroles)) {
2886 return '';
2887 }
2888
2889 if ($courseid == SITEID) {
2890 $context = context_system::instance();
2891 } else {
2892 $context = context_course::instance($courseid);
2893 }
2894
2895 if (empty($CFG->profileroles)) {
2896 return array();
2897 }
2898
2899 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
2900 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
2901 $params = array_merge($params, $cparams);
2902
2903 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder
2904 FROM {role_assignments} ra, {role} r
2905 WHERE r.id = ra.roleid
2906 AND ra.contextid $contextlist
2907 AND r.id $rallowed
2908 AND ra.userid = :userid
2909 ORDER BY r.sortorder ASC";
2910 $params['userid'] = $userid;
2911
2912 $rolestring = '';
2913
2914 if ($roles = $DB->get_records_sql($sql, $params)) {
2915 foreach ($roles as $userrole) {
2916 $rolenames[$userrole->id] = $userrole->name;
2917 }
2918
2919 $rolenames = role_fix_names($rolenames, $context); // Substitute aliases
2920
2921 foreach ($rolenames as $roleid => $rolename) {
2922 $rolenames[$roleid] = '<a href="'.$CFG->wwwroot.'/user/index.php?contextid='.$context->id.'&amp;roleid='.$roleid.'">'.$rolename.'</a>';
2923 }
2924 $rolestring = implode(',', $rolenames);
2925 }
2926
2927 return $rolestring;
2928 }
2929
2930 /**
2931 * Checks if a user can assign users to a particular role in this context
2932 *
2933 * @param context $context
2934 * @param int $targetroleid - the id of the role you want to assign users to
2935 * @return boolean
2936 */
2937 function user_can_assign(context $context, $targetroleid) {
2938 global $DB;
2939
2940 // First check to see if the user is a site administrator.
2941 if (is_siteadmin()) {
2942 return true;
2943 }
2944
2945 // Check if user has override capability.
2946 // If not return false.
2947 if (!has_capability('moodle/role:assign', $context)) {
2948 return false;
2949 }
2950 // pull out all active roles of this user from this context(or above)
2951 if ($userroles = get_user_roles($context)) {
2952 foreach ($userroles as $userrole) {
2953 // if any in the role_allow_override table, then it's ok
2954 if ($DB->get_record('role_allow_assign', array('roleid'=>$userrole->roleid, 'allowassign'=>$targetroleid))) {
2955 return true;
2956 }
2957 }
2958 }
2959
2960 return false;
2961 }
2962
2963 /**
2964 * Returns all site roles in correct sort order.
2965 *
2966 * @return array
2967 */
2968 function get_all_roles() {
2969 global $DB;
2970 return $DB->get_records('role', null, 'sortorder ASC');
2971 }
2972
2973 /**
2974 * Returns roles of a specified archetype
2975 *
2976 * @param string $archetype
2977 * @return array of full role records
2978 */
2979 function get_archetype_roles($archetype) {
2980 global $DB;
2981 return $DB->get_records('role', array('archetype'=>$archetype), 'sortorder ASC');
2982 }
2983
2984 /**
2985 * Gets all the user roles assigned in this context, or higher contexts
2986 * this is mainly used when checking if a user can assign a role, or overriding a role
2987 * i.e. we need to know what this user holds, in order to verify against allow_assign and
2988 * allow_override tables
2989 *
2990 * @param context $context
2991 * @param int $userid
2992 * @param bool $checkparentcontexts defaults to true
2993 * @param string $order defaults to 'c.contextlevel DESC, r.sortorder ASC'
2994 * @return array
2995 */
2996 function get_user_roles(context $context, $userid = 0, $checkparentcontexts = true, $order = 'c.contextlevel DESC, r.sortorder ASC') {
2997 global $USER, $DB;
2998
2999 if (empty($userid)) {
3000 if (empty($USER->id)) {
3001 return array();
3002 }
3003 $userid = $USER->id;
3004 }
3005
3006 if ($checkparentcontexts) {
3007 $contextids = $context->get_parent_context_ids();
3008 } else {
3009 $contextids = array();
3010 }
3011 $contextids[] = $context->id;
3012
3013 list($contextids, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_QM);
3014
3015 array_unshift($params, $userid);
3016
3017 $sql = "SELECT ra.*, r.name, r.shortname
3018 FROM {role_assignments} ra, {role} r, {context} c
3019 WHERE ra.userid = ?
3020 AND ra.roleid = r.id
3021 AND ra.contextid = c.id
3022 AND ra.contextid $contextids
3023 ORDER BY $order";
3024
3025 return $DB->get_records_sql($sql ,$params);
3026 }
3027
3028 /**
3029 * Like get_user_roles, but adds in the authenticated user role, and the front
3030 * page roles, if applicable.
3031 *
3032 * @param context $context the context.
3033 * @param int $userid optional. Defaults to $USER->id
3034 * @return array of objects with fields ->userid, ->contextid and ->roleid.
3035 */
3036 function get_user_roles_with_special(context $context, $userid = 0) {
3037 global $CFG, $USER;
3038
3039 if (empty($userid)) {
3040 if (empty($USER->id)) {
3041 return array();
3042 }
3043 $userid = $USER->id;
3044 }
3045
3046 $ras = get_user_roles($context, $userid);
3047
3048 // Add front-page role if relevant.
3049 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3050 $isfrontpage = ($context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID) ||
3051 is_inside_frontpage($context);
3052 if ($defaultfrontpageroleid && $isfrontpage) {
3053 $frontpagecontext = context_course::instance(SITEID);
3054 $ra = new stdClass();
3055 $ra->userid = $userid;
3056 $ra->contextid = $frontpagecontext->id;
3057 $ra->roleid = $defaultfrontpageroleid;
3058 $ras[] = $ra;
3059 }
3060
3061 // Add authenticated user role if relevant.
3062 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3063 if ($defaultuserroleid && !isguestuser($userid)) {
3064 $systemcontext = context_system::instance();
3065 $ra = new stdClass();
3066 $ra->userid = $userid;
3067 $ra->contextid = $systemcontext->id;
3068 $ra->roleid = $defaultuserroleid;
3069 $ras[] = $ra;
3070 }
3071
3072 return $ras;
3073 }
3074
3075 /**
3076 * Creates a record in the role_allow_override table
3077 *
3078 * @param int $sroleid source roleid
3079 * @param int $troleid target roleid
3080 * @return void
3081 */
3082 function allow_override($sroleid, $troleid) {
3083 global $DB;
3084
3085 $record = new stdClass();
3086 $record->roleid = $sroleid;
3087 $record->allowoverride = $troleid;
3088 $DB->insert_record('role_allow_override', $record);
3089 }
3090
3091 /**
3092 * Creates a record in the role_allow_assign table
3093 *
3094 * @param int $fromroleid source roleid
3095 * @param int $targetroleid target roleid
3096 * @return void
3097 */
3098 function allow_assign($fromroleid, $targetroleid) {
3099 global $DB;
3100
3101 $record = new stdClass();
3102 $record->roleid = $fromroleid;
3103 $record->allowassign = $targetroleid;
3104 $DB->insert_record('role_allow_assign', $record);
3105 }
3106
3107 /**
3108 * Creates a record in the role_allow_switch table
3109 *
3110 * @param int $fromroleid source roleid
3111 * @param int $targetroleid target roleid
3112 * @return void
3113 */
3114 function allow_switch($fromroleid, $targetroleid) {
3115 global $DB;
3116
3117 $record = new stdClass();
3118 $record->roleid = $fromroleid;
3119 $record->allowswitch = $targetroleid;
3120 $DB->insert_record('role_allow_switch', $record);
3121 }
3122
3123 /**
3124 * Gets a list of roles that this user can assign in this context
3125 *
3126 * @param context $context the context.
3127 * @param int $rolenamedisplay the type of role name to display. One of the
3128 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3129 * @param bool $withusercounts if true, count the number of users with each role.
3130 * @param integer|object $user A user id or object. By default (null) checks the permissions of the current user.
3131 * @return array if $withusercounts is false, then an array $roleid => $rolename.
3132 * if $withusercounts is true, returns a list of three arrays,
3133 * $rolenames, $rolecounts, and $nameswithcounts.
3134 */
3135 function get_assignable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withusercounts = false, $user = null) {
3136 global $USER, $DB;
3137
3138 // make sure there is a real user specified
3139 if ($user === null) {
3140 $userid = isset($USER->id) ? $USER->id : 0;
3141 } else {
3142 $userid = is_object($user) ? $user->id : $user;
3143 }
3144
3145 if (!has_capability('moodle/role:assign', $context, $userid)) {
3146 if ($withusercounts) {
3147 return array(array(), array(), array());
3148 } else {
3149 return array();
3150 }
3151 }
3152
3153 $parents = $context->get_parent_context_ids(true);
3154 $contexts = implode(',' , $parents);
3155
3156 $params = array();
3157 $extrafields = '';
3158 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT or $rolenamedisplay == ROLENAME_SHORT) {
3159 $extrafields .= ', r.shortname';
3160 }
3161
3162 if ($withusercounts) {
3163 $extrafields = ', (SELECT count(u.id)
3164 FROM {role_assignments} cra JOIN {user} u ON cra.userid = u.id
3165 WHERE cra.roleid = r.id AND cra.contextid = :conid AND u.deleted = 0
3166 ) AS usercount';
3167 $params['conid'] = $context->id;
3168 }
3169
3170 if (is_siteadmin($userid)) {
3171 // show all roles allowed in this context to admins
3172 $assignrestriction = "";
3173 } else {
3174 $assignrestriction = "JOIN (SELECT DISTINCT raa.allowassign AS id
3175 FROM {role_allow_assign} raa
3176 JOIN {role_assignments} ra ON ra.roleid = raa.roleid
3177 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3178 ) ar ON ar.id = r.id";
3179 $params['userid'] = $userid;
3180 }
3181 $params['contextlevel'] = $context->contextlevel;
3182 $sql = "SELECT r.id, r.name $extrafields
3183 FROM {role} r
3184 $assignrestriction
3185 JOIN {role_context_levels} rcl ON r.id = rcl.roleid
3186 WHERE rcl.contextlevel = :contextlevel
3187 ORDER BY r.sortorder ASC";
3188 $roles = $DB->get_records_sql($sql, $params);
3189
3190 $rolenames = array();
3191 foreach ($roles as $role) {
3192 if ($rolenamedisplay == ROLENAME_SHORT) {
3193 $rolenames[$role->id] = $role->shortname;
3194 continue;
3195 }
3196 $rolenames[$role->id] = $role->name;
3197 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) {
3198 $rolenames[$role->id] .= ' (' . $role->shortname . ')';
3199 }
3200 }
3201 if ($rolenamedisplay != ROLENAME_ORIGINALANDSHORT and $rolenamedisplay != ROLENAME_SHORT) {
3202 $rolenames = role_fix_names($rolenames, $context, $rolenamedisplay);
3203 }
3204
3205 if (!$withusercounts) {
3206 return $rolenames;
3207 }
3208
3209 $rolecounts = array();
3210 $nameswithcounts = array();
3211 foreach ($roles as $role) {
3212 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->usercount . ')';
3213 $rolecounts[$role->id] = $roles[$role->id]->usercount;
3214 }
3215 return array($rolenames, $rolecounts, $nameswithcounts);
3216 }
3217
3218 /**
3219 * Gets a list of roles that this user can switch to in a context
3220 *
3221 * Gets a list of roles that this user can switch to in a context, for the switchrole menu.
3222 * This function just process the contents of the role_allow_switch table. You also need to
3223 * test the moodle/role:switchroles to see if the user is allowed to switch in the first place.
3224 *
3225 * @param context $context a context.
3226 * @return array an array $roleid => $rolename.
3227 */
3228 function get_switchable_roles(context $context) {
3229 global $USER, $DB;
3230
3231 $params = array();
3232 $extrajoins = '';
3233 $extrawhere = '';
3234 if (!is_siteadmin()) {
3235 // Admins are allowed to switch to any role with.
3236 // Others are subject to the additional constraint that the switch-to role must be allowed by
3237 // 'role_allow_switch' for some role they have assigned in this context or any parent.
3238 $parents = $context->get_parent_context_ids(true);
3239 $contexts = implode(',' , $parents);
3240
3241 $extrajoins = "JOIN {role_allow_switch} ras ON ras.allowswitch = rc.roleid
3242 JOIN {role_assignments} ra ON ra.roleid = ras.roleid";
3243 $extrawhere = "WHERE ra.userid = :userid AND ra.contextid IN ($contexts)";
3244 $params['userid'] = $USER->id;
3245 }
3246
3247 $query = "
3248 SELECT r.id, r.name
3249 FROM (SELECT DISTINCT rc.roleid
3250 FROM {role_capabilities} rc
3251 $extrajoins
3252 $extrawhere) idlist
3253 JOIN {role} r ON r.id = idlist.roleid
3254 ORDER BY r.sortorder";
3255
3256 $rolenames = $DB->get_records_sql_menu($query, $params);
3257 return role_fix_names($rolenames, $context, ROLENAME_ALIAS);
3258 }
3259
3260 /**
3261 * Gets a list of roles that this user can override in this context.
3262 *
3263 * @param context $context the context.
3264 * @param int $rolenamedisplay the type of role name to display. One of the
3265 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3266 * @param bool $withcounts if true, count the number of overrides that are set for each role.
3267 * @return array if $withcounts is false, then an array $roleid => $rolename.
3268 * if $withusercounts is true, returns a list of three arrays,
3269 * $rolenames, $rolecounts, and $nameswithcounts.
3270 */
3271 function get_overridable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withcounts = false) {
3272 global $USER, $DB;
3273
3274 if (!has_any_capability(array('moodle/role:safeoverride', 'moodle/role:override'), $context)) {
3275 if ($withcounts) {
3276 return array(array(), array(), array());
3277 } else {
3278 return array();
3279 }
3280 }
3281
3282 $parents = $context->get_parent_context_ids(true);
3283 $contexts = implode(',' , $parents);
3284
3285 $params = array();
3286 $extrafields = '';
3287 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) {
3288 $extrafields .= ', ro.shortname';
3289 }
3290
3291 $params['userid'] = $USER->id;
3292 if ($withcounts) {
3293 $extrafields = ', (SELECT COUNT(rc.id) FROM {role_capabilities} rc
3294 WHERE rc.roleid = ro.id AND rc.contextid = :conid) AS overridecount';
3295 $params['conid'] = $context->id;
3296 }
3297
3298 if (is_siteadmin()) {
3299 // show all roles to admins
3300 $roles = $DB->get_records_sql("
3301 SELECT ro.id, ro.name$extrafields
3302 FROM {role} ro
3303 ORDER BY ro.sortorder ASC", $params);
3304
3305 } else {
3306 $roles = $DB->get_records_sql("
3307 SELECT ro.id, ro.name$extrafields
3308 FROM {role} ro
3309 JOIN (SELECT DISTINCT r.id
3310 FROM {role} r
3311 JOIN {role_allow_override} rao ON r.id = rao.allowoverride
3312 JOIN {role_assignments} ra ON rao.roleid = ra.roleid
3313 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3314 ) inline_view ON ro.id = inline_view.id
3315 ORDER BY ro.sortorder ASC", $params);
3316 }
3317
3318 $rolenames = array();
3319 foreach ($roles as $role) {
3320 $rolenames[$role->id] = $role->name;
3321 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) {
3322 $rolenames[$role->id] .= ' (' . $role->shortname . ')';
3323 }
3324 }
3325 if ($rolenamedisplay != ROLENAME_ORIGINALANDSHORT) {
3326 $rolenames = role_fix_names($rolenames, $context, $rolenamedisplay);
3327 }
3328
3329 if (!$withcounts) {
3330 return $rolenames;
3331 }
3332
3333 $rolecounts = array();
3334 $nameswithcounts = array();
3335 foreach ($roles as $role) {
3336 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->overridecount . ')';
3337 $rolecounts[$role->id] = $roles[$role->id]->overridecount;
3338 }
3339 return array($rolenames, $rolecounts, $nameswithcounts);
3340 }
3341
3342 /**
3343 * Create a role menu suitable for default role selection in enrol plugins.
3344 *
3345 * @package core_enrol
3346 *
3347 * @param context $context
3348 * @param int $addroleid current or default role - always added to list
3349 * @return array roleid=>localised role name
3350 */
3351 function get_default_enrol_roles(context $context, $addroleid = null) {
3352 global $DB;
3353
3354 $params = array('contextlevel'=>CONTEXT_COURSE);
3355 if ($addroleid) {
3356 $addrole = "OR r.id = :addroleid";
3357 $params['addroleid'] = $addroleid;
3358 } else {
3359 $addrole = "";
3360 }
3361 $sql = "SELECT r.id, r.name
3362 FROM {role} r
3363 LEFT JOIN {role_context_levels} rcl ON (rcl.roleid = r.id AND rcl.contextlevel = :contextlevel)
3364 WHERE rcl.id IS NOT NULL $addrole
3365 ORDER BY sortorder DESC";
3366
3367 $roles = $DB->get_records_sql_menu($sql, $params);
3368 $roles = role_fix_names($roles, $context, ROLENAME_BOTH);
3369
3370 return $roles;
3371 }
3372
3373 /**
3374 * Return context levels where this role is assignable.
3375 *
3376 * @param integer $roleid the id of a role.
3377 * @return array list of the context levels at which this role may be assigned.
3378 */
3379 function get_role_contextlevels($roleid) {
3380 global $DB;
3381 return $DB->get_records_menu('role_context_levels', array('roleid' => $roleid),
3382 'contextlevel', 'id,contextlevel');
3383 }
3384
3385 /**
3386 * Return roles suitable for assignment at the specified context level.
3387 *
3388 * NOTE: this function name looks like a typo, should be probably get_roles_for_contextlevel()
3389 *
3390 * @param integer $contextlevel a contextlevel.
3391 * @return array list of role ids that are assignable at this context level.
3392 */
3393 function get_roles_for_contextlevels($contextlevel) {
3394 global $DB;
3395 return $DB->get_records_menu('role_context_levels', array('contextlevel' => $contextlevel),
3396 '', 'id,roleid');
3397 }
3398
3399 /**
3400 * Returns default context levels where roles can be assigned.
3401 *
3402 * @param string $rolearchetype one of the role archetypes - that is, one of the keys
3403 * from the array returned by get_role_archetypes();
3404 * @return array list of the context levels at which this type of role may be assigned by default.
3405 */
3406 function get_default_contextlevels($rolearchetype) {
3407 static $defaults = array(
3408 'manager' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE),
3409 'coursecreator' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT),
3410 'editingteacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3411 'teacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3412 'student' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3413 'guest' => array(),
3414 'user' => array(),
3415 'frontpage' => array());
3416
3417 if (isset($defaults[$rolearchetype])) {
3418 return $defaults[$rolearchetype];
3419 } else {
3420 return array();
3421 }
3422 }
3423
3424 /**
3425 * Set the context levels at which a particular role can be assigned.
3426 * Throws exceptions in case of error.
3427 *
3428 * @param integer $roleid the id of a role.
3429 * @param array $contextlevels the context levels at which this role should be assignable,
3430 * duplicate levels are removed.
3431 * @return void
3432 */
3433 function set_role_contextlevels($roleid, array $contextlevels) {
3434 global $DB;
3435 $DB->delete_records('role_context_levels', array('roleid' => $roleid));
3436 $rcl = new stdClass();
3437 $rcl->roleid = $roleid;
3438 $contextlevels = array_unique($contextlevels);
3439 foreach ($contextlevels as $level) {
3440 $rcl->contextlevel = $level;
3441 $DB->insert_record('role_context_levels', $rcl, false, true);
3442 }
3443 }
3444
3445 /**
3446 * Who has this capability in this context?
3447 *
3448 * This can be a very expensive call - use sparingly and keep
3449 * the results if you are going to need them again soon.
3450 *
3451 * Note if $fields is empty this function attempts to get u.*
3452 * which can get rather large - and has a serious perf impact
3453 * on some DBs.
3454 *
3455 * @param context $context
3456 * @param string|array $capability - capability name(s)
3457 * @param string $fields - fields to be pulled. The user table is aliased to 'u'. u.id MUST be included.
3458 * @param string $sort - the sort order. Default is lastaccess time.
3459 * @param mixed $limitfrom - number of records to skip (offset)
3460 * @param mixed $limitnum - number of records to fetch
3461 * @param string|array $groups - single group or array of groups - only return
3462 * users who are in one of these group(s).
3463 * @param string|array $exceptions - list of users to exclude, comma separated or array
3464 * @param bool $doanything_ignored not used any more, admin accounts are never returned
3465 * @param bool $view_ignored - use get_enrolled_sql() instead
3466 * @param bool $useviewallgroups if $groups is set the return users who
3467 * have capability both $capability and moodle/site:accessallgroups
3468 * in this context, as well as users who have $capability and who are
3469 * in $groups.
3470 * @return array of user records
3471 */
3472 function get_users_by_capability(context $context, $capability, $fields = '', $sort = '', $limitfrom = '', $limitnum = '',
3473 $groups = '', $exceptions = '', $doanything_ignored = null, $view_ignored = null, $useviewallgroups = false) {
3474 global $CFG, $DB;
3475
3476 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3477 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3478
3479 $ctxids = trim($context->path, '/');
3480 $ctxids = str_replace('/', ',', $ctxids);
3481
3482 // Context is the frontpage
3483 $iscoursepage = false; // coursepage other than fp
3484 $isfrontpage = false;
3485 if ($context->contextlevel == CONTEXT_COURSE) {
3486 if ($context->instanceid == SITEID) {
3487 $isfrontpage = true;
3488 } else {
3489 $iscoursepage = true;
3490 }
3491 }
3492 $isfrontpage = ($isfrontpage || is_inside_frontpage($context));
3493
3494 $caps = (array)$capability;
3495
3496 // construct list of context paths bottom-->top
3497 list($contextids, $paths) = get_context_info_list($context);
3498
3499 // we need to find out all roles that have these capabilities either in definition or in overrides
3500 $defs = array();
3501 list($incontexts, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'con');
3502 list($incaps, $params2) = $DB->get_in_or_equal($caps, SQL_PARAMS_NAMED, 'cap');
3503 $params = array_merge($params, $params2);
3504 $sql = "SELECT rc.id, rc.roleid, rc.permission, rc.capability, ctx.path
3505 FROM {role_capabilities} rc
3506 JOIN {context} ctx on rc.contextid = ctx.id
3507 WHERE rc.contextid $incontexts AND rc.capability $incaps";
3508
3509 $rcs = $DB->get_records_sql($sql, $params);
3510 foreach ($rcs as $rc) {
3511 $defs[$rc->capability][$rc->path][$rc->roleid] = $rc->permission;
3512 }
3513
3514 // go through the permissions bottom-->top direction to evaluate the current permission,
3515 // first one wins (prohibit is an exception that always wins)
3516 $access = array();
3517 foreach ($caps as $cap) {
3518 foreach ($paths as $path) {
3519 if (empty($defs[$cap][$path])) {
3520 continue;
3521 }
3522 foreach($defs[$cap][$path] as $roleid => $perm) {
3523 if ($perm == CAP_PROHIBIT) {
3524 $access[$cap][$roleid] = CAP_PROHIBIT;
3525 continue;
3526 }
3527 if (!isset($access[$cap][$roleid])) {
3528 $access[$cap][$roleid] = (int)$perm;
3529 }
3530 }
3531 }
3532 }
3533
3534 // make lists of roles that are needed and prohibited in this context
3535 $needed = array(); // one of these is enough
3536 $prohibited = array(); // must not have any of these
3537 foreach ($caps as $cap) {
3538 if (empty($access[$cap])) {
3539 continue;
3540 }
3541 foreach ($access[$cap] as $roleid => $perm) {
3542 if ($perm == CAP_PROHIBIT) {
3543 unset($needed[$cap][$roleid]);
3544 $prohibited[$cap][$roleid] = true;
3545 } else if ($perm == CAP_ALLOW and empty($prohibited[$cap][$roleid])) {
3546 $needed[$cap][$roleid] = true;
3547 }
3548 }
3549 if (empty($needed[$cap]) or !empty($prohibited[$cap][$defaultuserroleid])) {
3550 // easy, nobody has the permission
3551 unset($needed[$cap]);
3552 unset($prohibited[$cap]);
3553 } else if ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid])) {
3554 // everybody is disqualified on the frontpage
3555 unset($needed[$cap]);
3556 unset($prohibited[$cap]);
3557 }
3558 if (empty($prohibited[$cap])) {
3559 unset($prohibited[$cap]);
3560 }
3561 }
3562
3563 if (empty($needed)) {
3564 // there can not be anybody if no roles match this request
3565 return array();
3566 }
3567
3568 if (empty($prohibited)) {
3569 // we can compact the needed roles
3570 $n = array();
3571 foreach ($needed as $cap) {
3572 foreach ($cap as $roleid=>$unused) {
3573 $n[$roleid] = true;
3574 }
3575 }
3576 $needed = array('any'=>$n);
3577 unset($n);
3578 }
3579
3580 // ***** Set up default fields ******
3581 if (empty($fields)) {
3582 if ($iscoursepage) {
3583 $fields = 'u.*, ul.timeaccess AS lastaccess';
3584 } else {
3585 $fields = 'u.*';
3586 }
3587 } else {
3588 if (debugging('', DEBUG_DEVELOPER) && strpos($fields, 'u.*') === false && strpos($fields, 'u.id') === false) {
3589 debugging('u.id must be included in the list of fields passed to get_users_by_capability().', DEBUG_DEVELOPER);
3590 }
3591 }
3592
3593 // Set up default sort
3594 if (empty($sort)) { // default to course lastaccess or just lastaccess
3595 if ($iscoursepage) {
3596 $sort = 'ul.timeaccess';
3597 } else {
3598 $sort = 'u.lastaccess';
3599 }
3600 }
3601
3602 // Prepare query clauses
3603 $wherecond = array();
3604 $params = array();
3605 $joins = array();
3606
3607 // User lastaccess JOIN
3608 if ((strpos($sort, 'ul.timeaccess') === false) and (strpos($fields, 'ul.timeaccess') === false)) {
3609 // user_lastaccess is not required MDL-13810
3610 } else {
3611 if ($iscoursepage) {
3612 $joins[] = "LEFT OUTER JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = {$context->instanceid})";
3613 } else {
3614 throw new coding_exception('Invalid sort in get_users_by_capability(), ul.timeaccess allowed only for course contexts.');
3615 }
3616 }
3617
3618 // We never return deleted users or guest account.
3619 $wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
3620 $params['guestid'] = $CFG->siteguest;
3621
3622 // Groups
3623 if ($groups) {
3624 $groups = (array)$groups;
3625 list($grouptest, $grpparams) = $DB->get_in_or_equal($groups, SQL_PARAMS_NAMED, 'grp');
3626 $grouptest = "u.id IN (SELECT userid FROM {groups_members} gm WHERE gm.groupid $grouptest)";
3627 $params = array_merge($params, $grpparams);
3628
3629 if ($useviewallgroups) {
3630 $viewallgroupsusers = get_users_by_capability($context, 'moodle/site:accessallgroups', 'u.id, u.id', '', '', '', '', $exceptions);
3631 if (!empty($viewallgroupsusers)) {
3632 $wherecond[] = "($grouptest OR u.id IN (" . implode(',', array_keys($viewallgroupsusers)) . '))';
3633 } else {
3634 $wherecond[] = "($grouptest)";
3635 }
3636 } else {
3637 $wherecond[] = "($grouptest)";
3638 }
3639 }
3640
3641 // User exceptions
3642 if (!empty($exceptions)) {
3643 $exceptions = (array)$exceptions;
3644 list($exsql, $exparams) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'exc', false);
3645 $params = array_merge($params, $exparams);
3646 $wherecond[] = "u.id $exsql";
3647 }
3648
3649 // now add the needed and prohibited roles conditions as joins
3650 if (!empty($needed['any'])) {
3651 // simple case - there are no prohibits involved
3652 if (!empty($needed['any'][$defaultuserroleid]) or ($isfrontpage and !empty($needed['any'][$defaultfrontpageroleid]))) {
3653 // everybody
3654 } else {
3655 $joins[] = "JOIN (SELECT DISTINCT userid
3656 FROM {role_assignments}
3657 WHERE contextid IN ($ctxids)
3658 AND roleid IN (".implode(',', array_keys($needed['any'])) .")
3659 ) ra ON ra.userid = u.id";
3660 }
3661 } else {
3662 $unions = array();
3663 $everybody = false;
3664 foreach ($needed as $cap=>$unused) {
3665 if (empty($prohibited[$cap])) {
3666 if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3667 $everybody = true;
3668 break;
3669 } else {
3670 $unions[] = "SELECT userid
3671 FROM {role_assignments}
3672 WHERE contextid IN ($ctxids)
3673 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")";
3674 }
3675 } else {
3676 if (!empty($prohibited[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid]))) {
3677 // nobody can have this cap because it is prevented in default roles
3678 continue;
3679
3680 } else if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3681 // everybody except the prohibitted - hiding does not matter
3682 $unions[] = "SELECT id AS userid
3683 FROM {user}
3684 WHERE id NOT IN (SELECT userid
3685 FROM {role_assignments}
3686 WHERE contextid IN ($ctxids)
3687 AND roleid IN (".implode(',', array_keys($prohibited[$cap])) ."))";
3688
3689 } else {
3690 $unions[] = "SELECT userid
3691 FROM {role_assignments}
3692 WHERE contextid IN ($ctxids)
3693 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")
3694 AND roleid NOT IN (".implode(',', array_keys($prohibited[$cap])) .")";
3695 }
3696 }
3697 }
3698 if (!$everybody) {
3699 if ($unions) {
3700 $joins[] = "JOIN (SELECT DISTINCT userid FROM ( ".implode(' UNION ', $unions)." ) us) ra ON ra.userid = u.id";
3701 } else {
3702 // only prohibits found - nobody can be matched
3703 $wherecond[] = "1 = 2";
3704 }
3705 }
3706 }
3707
3708 // Collect WHERE conditions and needed joins
3709 $where = implode(' AND ', $wherecond);
3710 if ($where !== '') {
3711 $where = 'WHERE ' . $where;
3712 }
3713 $joins = implode("\n", $joins);
3714
3715 // Ok, let's get the users!
3716 $sql = "SELECT $fields
3717 FROM {user} u
3718 $joins
3719 $where
3720 ORDER BY $sort";
3721
3722 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
3723 }
3724
3725 /**
3726 * Re-sort a users array based on a sorting policy
3727 *
3728 * Will re-sort a $users results array (from get_users_by_capability(), usually)
3729 * based on a sorting policy. This is to support the odd practice of
3730 * sorting teachers by 'authority', where authority was "lowest id of the role
3731 * assignment".
3732 *
3733 * Will execute 1 database query. Only suitable for small numbers of users, as it
3734 * uses an u.id IN() clause.
3735 *
3736 * Notes about the sorting criteria.
3737 *
3738 * As a default, we cannot rely on role.sortorder because then
3739 * admins/coursecreators will always win. That is why the sane
3740 * rule "is locality matters most", with sortorder as 2nd
3741 * consideration.
3742 *
3743 * If you want role.sortorder, use the 'sortorder' policy, and
3744 * name explicitly what roles you want to cover. It's probably
3745 * a good idea to see what roles have the capabilities you want
3746 * (array_diff() them against roiles that have 'can-do-anything'
3747 * to weed out admin-ish roles. Or fetch a list of roles from
3748 * variables like $CFG->coursecontact .
3749 *
3750 * @param array $users Users array, keyed on userid
3751 * @param context $context
3752 * @param array $roles ids of the roles to include, optional
3753 * @param string $sortpolicy defaults to locality, more about
3754 * @return array sorted copy of the array
3755 */
3756 function sort_by_roleassignment_authority($users, context $context, $roles = array(), $sortpolicy = 'locality') {
3757 global $DB;
3758
3759 $userswhere = ' ra.userid IN (' . implode(',',array_keys($users)) . ')';
3760 $contextwhere = 'AND ra.contextid IN ('.str_replace('/', ',',substr($context->path, 1)).')';
3761 if (empty($roles)) {
3762 $roleswhere = '';
3763 } else {
3764 $roleswhere = ' AND ra.roleid IN ('.implode(',',$roles).')';
3765 }
3766
3767 $sql = "SELECT ra.userid
3768 FROM {role_assignments} ra
3769 JOIN {role} r
3770 ON ra.roleid=r.id
3771 JOIN {context} ctx
3772 ON ra.contextid=ctx.id
3773 WHERE $userswhere
3774 $contextwhere
3775 $roleswhere";
3776
3777 // Default 'locality' policy -- read PHPDoc notes
3778 // about sort policies...
3779 $orderby = 'ORDER BY '
3780 .'ctx.depth DESC, ' /* locality wins */
3781 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
3782 .'ra.id'; /* role assignment order tie-breaker */
3783 if ($sortpolicy === 'sortorder') {
3784 $orderby = 'ORDER BY '
3785 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
3786 .'ra.id'; /* role assignment order tie-breaker */
3787 }
3788
3789 $sortedids = $DB->get_fieldset_sql($sql . $orderby);
3790 $sortedusers = array();
3791 $seen = array();
3792
3793 foreach ($sortedids as $id) {
3794 // Avoid duplicates
3795 if (isset($seen[$id])) {
3796 continue;
3797 }
3798 $seen[$id] = true;
3799
3800 // assign
3801 $sortedusers[$id] = $users[$id];
3802 }
3803 return $sortedusers;
3804 }
3805
3806 /**
3807 * Gets all the users assigned this role in this context or higher
3808 *
3809 * @param int $roleid (can also be an array of ints!)
3810 * @param context $context
3811 * @param bool $parent if true, get list of users assigned in higher context too
3812 * @param string $fields fields from user (u.) , role assignment (ra) or role (r.)
3813 * @param string $sort sort from user (u.) , role assignment (ra) or role (r.)
3814 * @param bool $gethidden_ignored use enrolments instead
3815 * @param string $group defaults to ''
3816 * @param mixed $limitfrom defaults to ''
3817 * @param mixed $limitnum defaults to ''
3818 * @param string $extrawheretest defaults to ''
3819 * @param string|array $whereparams defaults to ''
3820 * @return array
3821 */
3822 function get_role_users($roleid, context $context, $parent = false, $fields = '',
3823 $sort = 'u.lastname, u.firstname', $gethidden_ignored = null, $group = '',
3824 $limitfrom = '', $limitnum = '', $extrawheretest = '', $whereparams = array()) {
3825 global $DB;
3826
3827 if (empty($fields)) {
3828 $fields = 'u.id, u.confirmed, u.username, u.firstname, u.lastname, '.
3829 'u.maildisplay, u.mailformat, u.maildigest, u.email, u.emailstop, u.city, '.
3830 'u.country, u.picture, u.idnumber, u.department, u.institution, '.
3831 'u.lang, u.timezone, u.lastaccess, u.mnethostid, r.name AS rolename, r.sortorder';
3832 }
3833
3834 $parentcontexts = '';
3835 if ($parent) {
3836 $parentcontexts = substr($context->path, 1); // kill leading slash
3837 $parentcontexts = str_replace('/', ',', $parentcontexts);
3838 if ($parentcontexts !== '') {
3839 $parentcontexts = ' OR ra.contextid IN ('.$parentcontexts.' )';
3840 }
3841 }
3842
3843 if ($roleid) {
3844 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_QM);
3845 $roleselect = "AND ra.roleid $rids";
3846 } else {
3847 $params = array();
3848 $roleselect = '';
3849 }
3850
3851 if ($group) {
3852 $groupjoin = "JOIN {groups_members} gm ON gm.userid = u.id";
3853 $groupselect = " AND gm.groupid = ? ";
3854 $params[] = $group;
3855 } else {
3856 $groupjoin = '';
3857 $groupselect = '';
3858 }
3859
3860 array_unshift($params, $context->id);
3861
3862 if ($extrawheretest) {
3863 $extrawheretest = ' AND ' . $extrawheretest;
3864 $params = array_merge($params, $whereparams);
3865 }
3866
3867 $sql = "SELECT DISTINCT $fields, ra.roleid
3868 FROM {role_assignments} ra
3869 JOIN {user} u ON u.id = ra.userid
3870 JOIN {role} r ON ra.roleid = r.id
3871 $groupjoin
3872 WHERE (ra.contextid = ? $parentcontexts)
3873 $roleselect
3874 $groupselect
3875 $extrawheretest
3876 ORDER BY $sort"; // join now so that we can just use fullname() later
3877
3878 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
3879 }
3880
3881 /**
3882 * Counts all the users assigned this role in this context or higher
3883 *
3884 * @param int|array $roleid either int or an array of ints
3885 * @param context $context
3886 * @param bool $parent if true, get list of users assigned in higher context too
3887 * @return int Returns the result count
3888 */
3889 function count_role_users($roleid, context $context, $parent = false) {
3890 global $DB;
3891
3892 if ($parent) {
3893 if ($contexts = $context->get_parent_context_ids()) {
3894 $parentcontexts = ' OR r.contextid IN ('.implode(',', $contexts).')';
3895 } else {
3896 $parentcontexts = '';
3897 }
3898 } else {
3899 $parentcontexts = '';
3900 }
3901
3902 if ($roleid) {
3903 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_QM);
3904 $roleselect = "AND r.roleid $rids";
3905 } else {
3906 $params = array();
3907 $roleselect = '';
3908 }
3909
3910 array_unshift($params, $context->id);
3911
3912 $sql = "SELECT COUNT(u.id)
3913 FROM {role_assignments} r
3914 JOIN {user} u ON u.id = r.userid
3915 WHERE (r.contextid = ? $parentcontexts)
3916 $roleselect
3917 AND u.deleted = 0";
3918
3919 return $DB->count_records_sql($sql, $params);
3920 }
3921
3922 /**
3923 * This function gets the list of courses that this user has a particular capability in.
3924 * It is still not very efficient.
3925 *
3926 * @param string $capability Capability in question
3927 * @param int $userid User ID or null for current user
3928 * @param bool $doanything True if 'doanything' is permitted (default)
3929 * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records;
3930 * otherwise use a comma-separated list of the fields you require, not including id
3931 * @param string $orderby If set, use a comma-separated list of fields from course
3932 * table with sql modifiers (DESC) if needed
3933 * @return array Array of courses, may have zero entries. Or false if query failed.
3934 */
3935 function get_user_capability_course($capability, $userid = null, $doanything = true, $fieldsexceptid = '', $orderby = '') {
3936 global $DB;
3937
3938 // Convert fields list and ordering
3939 $fieldlist = '';
3940 if ($fieldsexceptid) {
3941 $fields = explode(',', $fieldsexceptid);
3942 foreach($fields as $field) {
3943 $fieldlist .= ',c.'.$field;
3944 }
3945 }
3946 if ($orderby) {
3947 $fields = explode(',', $orderby);
3948 $orderby = '';
3949 foreach($fields as $field) {
3950 if ($orderby) {
3951 $orderby .= ',';
3952 }
3953 $orderby .= 'c.'.$field;
3954 }
3955 $orderby = 'ORDER BY '.$orderby;
3956 }
3957
3958 // Obtain a list of everything relevant about all courses including context.
3959 // Note the result can be used directly as a context (we are going to), the course
3960 // fields are just appended.
3961
3962 $contextpreload = context_helper::get_preload_record_columns_sql('x');
3963
3964 $courses = array();
3965 $rs = $DB->get_recordset_sql("SELECT c.id $fieldlist, $contextpreload
3966 FROM {course} c
3967 JOIN {context} x ON (c.id=x.instanceid AND x.contextlevel=".CONTEXT_COURSE.")
3968 $orderby");
3969 // Check capability for each course in turn
3970 foreach ($rs as $course) {
3971 context_helper::preload_from_record($course);
3972 $context = context_course::instance($course->id);
3973 if (has_capability($capability, $context, $userid, $doanything)) {
3974 // We've got the capability. Make the record look like a course record
3975 // and store it
3976 $courses[] = $course;
3977 }
3978 }
3979 $rs->close();
3980 return empty($courses) ? false : $courses;
3981 }
3982
3983 /**
3984 * This function finds the roles assigned directly to this context only
3985 * i.e. no roles in parent contexts
3986 *
3987 * @param context $context
3988 * @return array
3989 */
3990 function get_roles_on_exact_context(context $context) {
3991 global $DB;
3992
3993 return $DB->get_records_sql("SELECT r.*
3994 FROM {role_assignments} ra, {role} r
3995 WHERE ra.roleid = r.id AND ra.contextid = ?",
3996 array($context->id));
3997 }
3998
3999 /**
4000 * Switches the current user to another role for the current session and only
4001 * in the given context.
4002 *
4003 * The caller *must* check
4004 * - that this op is allowed
4005 * - that the requested role can be switched to in this context (use get_switchable_roles)
4006 * - that the requested role is NOT $CFG->defaultuserroleid
4007 *
4008 * To "unswitch" pass 0 as the roleid.
4009 *
4010 * This function *will* modify $USER->access - beware
4011 *
4012 * @param integer $roleid the role to switch to.
4013 * @param context $context the context in which to perform the switch.
4014 * @return bool success or failure.
4015 */
4016 function role_switch($roleid, context $context) {
4017 global $USER;
4018
4019 //
4020 // Plan of action
4021 //
4022 // - Add the ghost RA to $USER->access
4023 // as $USER->access['rsw'][$path] = $roleid
4024 //
4025 // - Make sure $USER->access['rdef'] has the roledefs
4026 // it needs to honour the switcherole
4027 //
4028 // Roledefs will get loaded "deep" here - down to the last child
4029 // context. Note that
4030 //
4031 // - When visiting subcontexts, our selective accessdata loading
4032 // will still work fine - though those ra/rdefs will be ignored
4033 // appropriately while the switch is in place
4034 //
4035 // - If a switcherole happens at a category with tons of courses
4036 // (that have many overrides for switched-to role), the session
4037 // will get... quite large. Sometimes you just can't win.
4038 //
4039 // To un-switch just unset($USER->access['rsw'][$path])
4040 //
4041 // Note: it is not possible to switch to roles that do not have course:view
4042
4043 if (!isset($USER->access)) {
4044 load_all_capabilities();
4045 }
4046
4047
4048 // Add the switch RA
4049 if ($roleid == 0) {
4050 unset($USER->access['rsw'][$context->path]);
4051 return true;
4052 }
4053
4054 $USER->access['rsw'][$context->path] = $roleid;
4055
4056 // Load roledefs
4057 load_role_access_by_context($roleid, $context, $USER->access);
4058
4059 return true;
4060 }
4061
4062 /**
4063 * Checks if the user has switched roles within the given course.
4064 *
4065 * Note: You can only switch roles within the course, hence it takes a course id
4066 * rather than a context. On that note Petr volunteered to implement this across
4067 * all other contexts, all requests for this should be forwarded to him ;)
4068 *
4069 * @param int $courseid The id of the course to check
4070 * @return bool True if the user has switched roles within the course.
4071 */
4072 function is_role_switched($courseid) {
4073 global $USER;
4074 $context = context_course::instance($courseid, MUST_EXIST);
4075 return (!empty($USER->access['rsw'][$context->path]));
4076 }
4077
4078 /**
4079 * Get any role that has an override on exact context
4080 *
4081 * @param context $context The context to check
4082 * @return array An array of roles
4083 */
4084 function get_roles_with_override_on_context(context $context) {
4085 global $DB;
4086
4087 return $DB->get_records_sql("SELECT r.*
4088 FROM {role_capabilities} rc, {role} r
4089 WHERE rc.roleid = r.id AND rc.contextid = ?",
4090 array($context->id));
4091 }
4092
4093 /**
4094 * Get all capabilities for this role on this context (overrides)
4095 *
4096 * @param stdClass $role
4097 * @param context $context
4098 * @return array
4099 */
4100 function get_capabilities_from_role_on_context($role, context $context) {
4101 global $DB;
4102
4103 return $DB->get_records_sql("SELECT *
4104 FROM {role_capabilities}
4105 WHERE contextid = ? AND roleid = ?",
4106 array($context->id, $role->id));
4107 }
4108
4109 /**
4110 * Find out which roles has assignment on this context
4111 *
4112 * @param context $context
4113 * @return array
4114 *
4115 */
4116 function get_roles_with_assignment_on_context(context $context) {
4117 global $DB;
4118
4119 return $DB->get_records_sql("SELECT r.*
4120 FROM {role_assignments} ra, {role} r
4121 WHERE ra.roleid = r.id AND ra.contextid = ?",
4122 array($context->id));
4123 }
4124
4125 /**
4126 * Find all user assignment of users for this role, on this context
4127 *
4128 * @param stdClass $role
4129 * @param context $context
4130 * @return array
4131 */
4132 function get_users_from_role_on_context($role, context $context) {
4133 global $DB;
4134
4135 return $DB->get_records_sql("SELECT *
4136 FROM {role_assignments}
4137 WHERE contextid = ? AND roleid = ?",
4138 array($context->id, $role->id));
4139 }
4140
4141 /**
4142 * Simple function returning a boolean true if user has roles
4143 * in context or parent contexts, otherwise false.
4144 *
4145 * @param int $userid
4146 * @param int $roleid
4147 * @param int $contextid empty means any context
4148 * @return bool
4149 */
4150 function user_has_role_assignment($userid, $roleid, $contextid = 0) {
4151 global $DB;
4152
4153 if ($contextid) {
4154 if (!$context = context::instance_by_id($contextid, IGNORE_MISSING)) {
4155 return false;
4156 }
4157 $parents = $context->get_parent_context_ids(true);
4158 list($contexts, $params) = $DB->get_in_or_equal($parents, SQL_PARAMS_NAMED, 'r');
4159 $params['userid'] = $userid;
4160 $params['roleid'] = $roleid;
4161
4162 $sql = "SELECT COUNT(ra.id)
4163 FROM {role_assignments} ra
4164 WHERE ra.userid = :userid AND ra.roleid = :roleid AND ra.contextid $contexts";
4165
4166 $count = $DB->get_field_sql($sql, $params);
4167 return ($count > 0);
4168
4169 } else {
4170 return $DB->record_exists('role_assignments', array('userid'=>$userid, 'roleid'=>$roleid));
4171 }
4172 }
4173
4174 /**
4175 * Get role name or alias if exists and format the text.
4176 *
4177 * @param stdClass $role role object
4178 * @param context_course $coursecontext
4179 * @return string name of role in course context
4180 */
4181 function role_get_name($role, context_course $coursecontext) {
4182 global $DB;
4183
4184 if ($r = $DB->get_record('role_names', array('roleid'=>$role->id, 'contextid'=>$coursecontext->id))) {
4185 return strip_tags(format_string($r->name));
4186 } else {
4187 return strip_tags(format_string($role->name));
4188 }
4189 }
4190
4191 /**
4192 * Get all the localised role names for a context.
4193 * @param context $context the context
4194 * @param array of role objects with a ->localname field containing the context-specific role name.
4195 */
4196 function role_get_names(context $context) {
4197 return role_fix_names(get_all_roles(), $context);
4198 }
4199
4200 /**
4201 * Prepare list of roles for display, apply aliases and format text
4202 *
4203 * @param array $roleoptions array roleid => rolename or roleid => roleobject
4204 * @param context $context a context
4205 * @param int $rolenamedisplay
4206 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4207 */
4208 function role_fix_names($roleoptions, context $context, $rolenamedisplay = ROLENAME_ALIAS) {
4209 global $DB;
4210
4211 // Make sure we have a course context.
4212 $coursecontext = $context->get_course_context(false);
4213
4214 // Make sure we are working with an array roleid => name. Normally we
4215 // want to use the unlocalised name if the localised one is not present.
4216 $newnames = array();
4217 foreach ($roleoptions as $rid => $roleorname) {
4218 if ($rolenamedisplay != ROLENAME_ALIAS_RAW) {
4219 if (is_object($roleorname)) {
4220 $newnames[$rid] = $roleorname->name;
4221 } else {
4222 $newnames[$rid] = $roleorname;
4223 }
4224 } else {
4225 $newnames[$rid] = '';
4226 }
4227 }
4228
4229 // If necessary, get the localised names.
4230 if ($rolenamedisplay != ROLENAME_ORIGINAL && !empty($coursecontext->id)) {
4231 // The get the relevant renames, and use them.
4232 $aliasnames = $DB->get_records('role_names', array('contextid'=>$coursecontext->id));
4233 foreach ($aliasnames as $alias) {
4234 if (isset($newnames[$alias->roleid])) {
4235 if ($rolenamedisplay == ROLENAME_ALIAS || $rolenamedisplay == ROLENAME_ALIAS_RAW) {
4236 $newnames[$alias->roleid] = $alias->name;
4237 } else if ($rolenamedisplay == ROLENAME_BOTH) {
4238 $newnames[$alias->roleid] = $alias->name . ' (' . $roleoptions[$alias->roleid] . ')';
4239 }
4240 }
4241 }
4242 }
4243
4244 // Finally, apply format_string and put the result in the right place.
4245 foreach ($roleoptions as $rid => $roleorname) {
4246 if ($rolenamedisplay != ROLENAME_ALIAS_RAW) {
4247 $newnames[$rid] = strip_tags(format_string($newnames[$rid]));
4248 }
4249 if (is_object($roleorname)) {
4250 $roleoptions[$rid]->localname = $newnames[$rid];
4251 } else {
4252 $roleoptions[$rid] = $newnames[$rid];
4253 }
4254 }
4255 return $roleoptions;
4256 }
4257
4258 /**
4259 * Aids in detecting if a new line is required when reading a new capability
4260 *
4261 * This function helps admin/roles/manage.php etc to detect if a new line should be printed
4262 * when we read in a new capability.
4263 * Most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client)
4264 * but when we are in grade, all reports/import/export capabilities should be together
4265 *
4266 * @param string $cap component string a
4267 * @param string $comp component string b
4268 * @param int $contextlevel
4269 * @return bool whether 2 component are in different "sections"
4270 */
4271 function component_level_changed($cap, $comp, $contextlevel) {
4272
4273 if (strstr($cap->component, '/') && strstr($comp, '/')) {
4274 $compsa = explode('/', $cap->component);
4275 $compsb = explode('/', $comp);
4276
4277 // list of system reports
4278 if (($compsa[0] == 'report') && ($compsb[0] == 'report')) {
4279 return false;
4280 }
4281
4282 // we are in gradebook, still
4283 if (($compsa[0] == 'gradeexport' || $compsa[0] == 'gradeimport' || $compsa[0] == 'gradereport') &&
4284 ($compsb[0] == 'gradeexport' || $compsb[0] == 'gradeimport' || $compsb[0] == 'gradereport')) {
4285 return false;
4286 }
4287
4288 if (($compsa[0] == 'coursereport') && ($compsb[0] == 'coursereport')) {
4289 return false;
4290 }
4291 }
4292
4293 return ($cap->component != $comp || $cap->contextlevel != $contextlevel);
4294 }
4295
4296 /**
4297 * Fix the roles.sortorder field in the database, so it contains sequential integers,
4298 * and return an array of roleids in order.
4299 *
4300 * @param array $allroles array of roles, as returned by get_all_roles();
4301 * @return array $role->sortorder =-> $role->id with the keys in ascending order.
4302 */
4303 function fix_role_sortorder($allroles) {
4304 global $DB;
4305
4306 $rolesort = array();
4307 $i = 0;
4308 foreach ($allroles as $role) {
4309 $rolesort[$i] = $role->id;
4310 if ($role->sortorder != $i) {
4311 $r = new stdClass();
4312 $r->id = $role->id;
4313 $r->sortorder = $i;
4314 $DB->update_record('role', $r);
4315 $allroles[$role->id]->sortorder = $i;
4316 }
4317 $i++;
4318 }
4319 return $rolesort;
4320 }
4321
4322 /**
4323 * Switch the sort order of two roles (used in admin/roles/manage.php).
4324 *
4325 * @param stdClass $first The first role. Actually, only ->sortorder is used.
4326 * @param stdClass $second The second role. Actually, only ->sortorder is used.
4327 * @return boolean success or failure
4328 */
4329 function switch_roles($first, $second) {
4330 global $DB;
4331 $temp = $DB->get_field('role', 'MAX(sortorder) + 1', array());
4332 $result = $DB->set_field('role', 'sortorder', $temp, array('sortorder' => $first->sortorder));
4333 $result = $result && $DB->set_field('role', 'sortorder', $first->sortorder, array('sortorder' => $second->sortorder));
4334 $result = $result && $DB->set_field('role', 'sortorder', $second->sortorder, array('sortorder' => $temp));
4335 return $result;
4336 }
4337
4338 /**
4339 * Duplicates all the base definitions of a role
4340 *
4341 * @param stdClass $sourcerole role to copy from
4342 * @param int $targetrole id of role to copy to
4343 */
4344 function role_cap_duplicate($sourcerole, $targetrole) {
4345 global $DB;
4346
4347 $systemcontext = context_system::instance();
4348 $caps = $DB->get_records_sql("SELECT *
4349 FROM {role_capabilities}
4350 WHERE roleid = ? AND contextid = ?",
4351 array($sourcerole->id, $systemcontext->id));
4352 // adding capabilities
4353 foreach ($caps as $cap) {
4354 unset($cap->id);
4355 $cap->roleid = $targetrole;
4356 $DB->insert_record('role_capabilities', $cap);
4357 }
4358 }
4359
4360 /**
4361 * Returns two lists, this can be used to find out if user has capability.
4362 * Having any needed role and no forbidden role in this context means
4363 * user has this capability in this context.
4364 * Use get_role_names_with_cap_in_context() if you need role names to display in the UI
4365 *
4366 * @param stdClass $context
4367 * @param string $capability
4368 * @return array($neededroles, $forbiddenroles)
4369 */
4370 function get_roles_with_cap_in_context($context, $capability) {
4371 global $DB;
4372
4373 $ctxids = trim($context->path, '/'); // kill leading slash
4374 $ctxids = str_replace('/', ',', $ctxids);
4375
4376 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.depth
4377 FROM {role_capabilities} rc
4378 JOIN {context} ctx ON ctx.id = rc.contextid
4379 WHERE rc.capability = :cap AND ctx.id IN ($ctxids)
4380 ORDER BY rc.roleid ASC, ctx.depth DESC";
4381 $params = array('cap'=>$capability);
4382
4383 if (!$capdefs = $DB->get_records_sql($sql, $params)) {
4384 // no cap definitions --> no capability
4385 return array(array(), array());
4386 }
4387
4388 $forbidden = array();
4389 $needed = array();
4390 foreach($capdefs as $def) {
4391 if (isset($forbidden[$def->roleid])) {
4392 continue;
4393 }
4394 if ($def->permission == CAP_PROHIBIT) {
4395 $forbidden[$def->roleid] = $def->roleid;
4396 unset($needed[$def->roleid]);
4397 continue;
4398 }
4399 if (!isset($needed[$def->roleid])) {
4400 if ($def->permission == CAP_ALLOW) {
4401 $needed[$def->roleid] = true;
4402 } else if ($def->permission == CAP_PREVENT) {
4403 $needed[$def->roleid] = false;
4404 }
4405 }
4406 }
4407 unset($capdefs);
4408
4409 // remove all those roles not allowing
4410 foreach($needed as $key=>$value) {
4411 if (!$value) {
4412 unset($needed[$key]);
4413 } else {
4414 $needed[$key] = $key;
4415 }
4416 }
4417
4418 return array($needed, $forbidden);
4419 }
4420
4421 /**
4422 * Returns an array of role IDs that have ALL of the the supplied capabilities
4423 * Uses get_roles_with_cap_in_context(). Returns $allowed minus $forbidden
4424 *
4425 * @param stdClass $context
4426 * @param array $capabilities An array of capabilities
4427 * @return array of roles with all of the required capabilities
4428 */
4429 function get_roles_with_caps_in_context($context, $capabilities) {
4430 $neededarr = array();
4431 $forbiddenarr = array();
4432 foreach($capabilities as $caprequired) {
4433 list($neededarr[], $forbiddenarr[]) = get_roles_with_cap_in_context($context, $caprequired);
4434 }
4435
4436 $rolesthatcanrate = array();
4437 if (!empty($neededarr)) {
4438 foreach ($neededarr as $needed) {
4439 if (empty($rolesthatcanrate)) {
4440 $rolesthatcanrate = $needed;
4441 } else {
4442 //only want roles that have all caps
4443 $rolesthatcanrate = array_intersect_key($rolesthatcanrate,$needed);
4444 }
4445 }
4446 }
4447 if (!empty($forbiddenarr) && !empty($rolesthatcanrate)) {
4448 foreach ($forbiddenarr as $forbidden) {
4449 //remove any roles that are forbidden any of the caps
4450 $rolesthatcanrate = array_diff($rolesthatcanrate, $forbidden);
4451 }
4452 }
4453 return $rolesthatcanrate;
4454 }
4455
4456 /**
4457 * Returns an array of role names that have ALL of the the supplied capabilities
4458 * Uses get_roles_with_caps_in_context(). Returns $allowed minus $forbidden
4459 *
4460 * @param stdClass $context
4461 * @param array $capabilities An array of capabilities
4462 * @return array of roles with all of the required capabilities
4463 */
4464 function get_role_names_with_caps_in_context($context, $capabilities) {
4465 global $DB;
4466
4467 $rolesthatcanrate = get_roles_with_caps_in_context($context, $capabilities);
4468
4469 $allroles = array();
4470 $roles = $DB->get_records('role', null, 'sortorder DESC');
4471 foreach ($roles as $roleid=>$role) {
4472 $allroles[$roleid] = $role->name;
4473 }
4474
4475 $rolenames = array();
4476 foreach ($rolesthatcanrate as $r) {
4477 $rolenames[$r] = $allroles[$r];
4478 }
4479 $rolenames = role_fix_names($rolenames, $context);
4480 return $rolenames;
4481 }
4482
4483 /**
4484 * This function verifies the prohibit comes from this context
4485 * and there are no more prohibits in parent contexts.
4486 *
4487 * @param int $roleid
4488 * @param context $context
4489 * @param string $capability name
4490 * @return bool
4491 */
4492 function prohibit_is_removable($roleid, context $context, $capability) {
4493 global $DB;
4494
4495 $ctxids = trim($context->path, '/'); // kill leading slash
4496 $ctxids = str_replace('/', ',', $ctxids);
4497
4498 $params = array('roleid'=>$roleid, 'cap'=>$capability, 'prohibit'=>CAP_PROHIBIT);
4499
4500 $sql = "SELECT ctx.id
4501 FROM {role_capabilities} rc
4502 JOIN {context} ctx ON ctx.id = rc.contextid
4503 WHERE rc.roleid = :roleid AND rc.permission = :prohibit AND rc.capability = :cap AND ctx.id IN ($ctxids)
4504 ORDER BY ctx.depth DESC";
4505
4506 if (!$prohibits = $DB->get_records_sql($sql, $params)) {
4507 // no prohibits == nothing to remove
4508 return true;
4509 }
4510
4511 if (count($prohibits) > 1) {
4512 // more prohibits can not be removed
4513 return false;
4514 }
4515
4516 return !empty($prohibits[$context->id]);
4517 }
4518
4519 /**
4520 * More user friendly role permission changing,
4521 * it should produce as few overrides as possible.
4522 *
4523 * @param int $roleid
4524 * @param stdClass $context
4525 * @param string $capname capability name
4526 * @param int $permission
4527 * @return void
4528 */
4529 function role_change_permission($roleid, $context, $capname, $permission) {
4530 global $DB;
4531
4532 if ($permission == CAP_INHERIT) {
4533 unassign_capability($capname, $roleid, $context->id);
4534 $context->mark_dirty();
4535 return;
4536 }
4537
4538 $ctxids = trim($context->path, '/'); // kill leading slash
4539 $ctxids = str_replace('/', ',', $ctxids);
4540
4541 $params = array('roleid'=>$roleid, 'cap'=>$capname);
4542
4543 $sql = "SELECT ctx.id, rc.permission, ctx.depth
4544 FROM {role_capabilities} rc
4545 JOIN {context} ctx ON ctx.id = rc.contextid
4546 WHERE rc.roleid = :roleid AND rc.capability = :cap AND ctx.id IN ($ctxids)
4547 ORDER BY ctx.depth DESC";
4548
4549 if ($existing = $DB->get_records_sql($sql, $params)) {
4550 foreach($existing as $e) {
4551 if ($e->permission == CAP_PROHIBIT) {
4552 // prohibit can not be overridden, no point in changing anything
4553 return;
4554 }
4555 }
4556 $lowest = array_shift($existing);
4557 if ($lowest->permission == $permission) {
4558 // permission already set in this context or parent - nothing to do
4559 return;
4560 }
4561 if ($existing) {
4562 $parent = array_shift($existing);
4563 if ($parent->permission == $permission) {
4564 // permission already set in parent context or parent - just unset in this context
4565 // we do this because we want as few overrides as possible for performance reasons
4566 unassign_capability($capname, $roleid, $context->id);
4567 $context->mark_dirty();
4568 return;
4569 }
4570 }
4571
4572 } else {
4573 if ($permission == CAP_PREVENT) {
4574 // nothing means role does not have permission
4575 return;
4576 }
4577 }
4578
4579 // assign the needed capability
4580 assign_capability($capname, $permission, $roleid, $context->id, true);
4581
4582 // force cap reloading
4583 $context->mark_dirty();
4584 }
4585
4586
4587 /**
4588 * Basic moodle context abstraction class.
4589 *
4590 * Google confirms that no other important framework is using "context" class,
4591 * we could use something else like mcontext or moodle_context, but we need to type
4592 * this very often which would be annoying and it would take too much space...
4593 *
4594 * This class is derived from stdClass for backwards compatibility with
4595 * odl $context record that was returned from DML $DB->get_record()
4596 *
4597 * @package core_access
4598 * @category access
4599 * @copyright Petr Skoda {@link http://skodak.org}
4600 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
4601 * @since 2.2
4602 *
4603 * @property-read int $id context id
4604 * @property-read int $contextlevel CONTEXT_SYSTEM, CONTEXT_COURSE, etc.
4605 * @property-read int $instanceid id of related instance in each context
4606 * @property-read string $path path to context, starts with system context
4607 * @property-read int $depth
4608 */
4609 abstract class context extends stdClass implements IteratorAggregate {
4610
4611 /**
4612 * The context id
4613 * Can be accessed publicly through $context->id
4614 * @var int
4615 */
4616 protected $_id;
4617
4618 /**
4619 * The context level
4620 * Can be accessed publicly through $context->contextlevel
4621 * @var int One of CONTEXT_* e.g. CONTEXT_COURSE, CONTEXT_MODULE
4622 */
4623 protected $_contextlevel;
4624
4625 /**
4626 * Id of the item this context is related to e.g. COURSE_CONTEXT => course.id
4627 * Can be accessed publicly through $context->instanceid
4628 * @var int
4629 */
4630 protected $_instanceid;
4631
4632 /**
4633 * The path to the context always starting from the system context
4634 * Can be accessed publicly through $context->path
4635 * @var string
4636 */
4637 protected $_path;
4638
4639 /**
4640 * The depth of the context in relation to parent contexts
4641 * Can be accessed publicly through $context->depth
4642 * @var int
4643 */
4644 protected $_depth;
4645
4646 /**
4647 * @var array Context caching info
4648 */
4649 private static $cache_contextsbyid = array();
4650
4651 /**
4652 * @var array Context caching info
4653 */
4654 private static $cache_contexts = array();
4655
4656 /**
4657 * Context count
4658 * Why do we do count contexts? Because count($array) is horribly slow for large arrays
4659 * @var int
4660 */
4661 protected static $cache_count = 0;
4662
4663 /**
4664 * @var array Context caching info
4665 */
4666 protected static $cache_preloaded = array();
4667
4668 /**
4669 * @var context_system The system context once initialised
4670 */
4671 protected static $systemcontext = null;
4672
4673 /**
4674 * Resets the cache to remove all data.
4675 * @static
4676 */
4677 protected static function reset_caches() {
4678 self::$cache_contextsbyid = array();
4679 self::$cache_contexts = array();
4680 self::$cache_count = 0;
4681 self::$cache_preloaded = array();
4682
4683 self::$systemcontext = null;
4684 }
4685
4686 /**
4687 * Adds a context to the cache. If the cache is full, discards a batch of
4688 * older entries.
4689 *
4690 * @static
4691 * @param context $context New context to add
4692 * @return void
4693 */
4694 protected static function cache_add(context $context) {
4695 if (isset(self::$cache_contextsbyid[$context->id])) {
4696 // already cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
4697 return;
4698 }
4699
4700 if (self::$cache_count >= CONTEXT_CACHE_MAX_SIZE) {
4701 $i = 0;
4702 foreach(self::$cache_contextsbyid as $ctx) {
4703 $i++;
4704 if ($i <= 100) {
4705 // we want to keep the first contexts to be loaded on this page, hopefully they will be needed again later
4706 continue;
4707 }
4708 if ($i > (CONTEXT_CACHE_MAX_SIZE / 3)) {
4709 // we remove oldest third of the contexts to make room for more contexts
4710 break;
4711 }
4712 unset(self::$cache_contextsbyid[$ctx->id]);
4713 unset(self::$cache_contexts[$ctx->contextlevel][$ctx->instanceid]);
4714 self::$cache_count--;
4715 }
4716 }
4717
4718 self::$cache_contexts[$context->contextlevel][$context->instanceid] = $context;
4719 self::$cache_contextsbyid[$context->id] = $context;
4720 self::$cache_count++;
4721 }
4722
4723 /**
4724 * Removes a context from the cache.
4725 *
4726 * @static
4727 * @param context $context Context object to remove
4728 * @return void
4729 */
4730 protected static function cache_remove(context $context) {
4731 if (!isset(self::$cache_contextsbyid[$context->id])) {
4732 // not cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
4733 return;
4734 }
4735 unset(self::$cache_contexts[$context->contextlevel][$context->instanceid]);
4736 unset(self::$cache_contextsbyid[$context->id]);
4737
4738 self::$cache_count--;
4739
4740 if (self::$cache_count < 0) {
4741 self::$cache_count = 0;
4742 }
4743 }
4744
4745 /**
4746 * Gets a context from the cache.
4747 *
4748 * @static
4749 * @param int $contextlevel Context level
4750 * @param int $instance Instance ID
4751 * @return context|bool Context or false if not in cache
4752 */
4753 protected static function cache_get($contextlevel, $instance) {
4754 if (isset(self::$cache_contexts[$contextlevel][$instance])) {
4755 return self::$cache_contexts[$contextlevel][$instance];
4756 }
4757 return false;
4758 }
4759
4760 /**
4761 * Gets a context from the cache based on its id.
4762 *
4763 * @static
4764 * @param int $id Context ID
4765 * @return context|bool Context or false if not in cache
4766 */
4767 protected static function cache_get_by_id($id) {
4768 if (isset(self::$cache_contextsbyid[$id])) {
4769 return self::$cache_contextsbyid[$id];
4770 }
4771 return false;
4772 }
4773
4774 /**
4775 * Preloads context information from db record and strips the cached info.
4776 *
4777 * @static
4778 * @param stdClass $rec
4779 * @return void (modifies $rec)
4780 */
4781 protected static function preload_from_record(stdClass $rec) {
4782 if (empty($rec->ctxid) or empty($rec->ctxlevel) or empty($rec->ctxinstance) or empty($rec->ctxpath) or empty($rec->ctxdepth)) {
4783 // $rec does not have enough data, passed here repeatedly or context does not exist yet
4784 return;
4785 }
4786
4787 // note: in PHP5 the objects are passed by reference, no need to return $rec
4788 $record = new stdClass();
4789 $record->id = $rec->ctxid; unset($rec->ctxid);
4790 $record->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel);
4791 $record->instanceid = $rec->ctxinstance; unset($rec->ctxinstance);
4792 $record->path = $rec->ctxpath; unset($rec->ctxpath);
4793 $record->depth = $rec->ctxdepth; unset($rec->ctxdepth);
4794
4795 return context::create_instance_from_record($record);
4796 }
4797
4798
4799 // ====== magic methods =======
4800
4801 /**
4802 * Magic setter method, we do not want anybody to modify properties from the outside
4803 * @param string $name
4804 * @param mixed $value
4805 */
4806 public function __set($name, $value) {
4807 debugging('Can not change context instance properties!');
4808 }
4809
4810 /**
4811 * Magic method getter, redirects to read only values.
4812 * @param string $name
4813 * @return mixed
4814 */
4815 public function __get($name) {
4816 switch ($name) {
4817 case 'id': return $this->_id;
4818 case 'contextlevel': return $this->_contextlevel;
4819 case 'instanceid': return $this->_instanceid;
4820 case 'path': return $this->_path;
4821 case 'depth': return $this->_depth;
4822
4823 default:
4824 debugging('Invalid context property accessed! '.$name);
4825 return null;
4826 }
4827 }
4828
4829 /**
4830 * Full support for isset on our magic read only properties.
4831 * @param string $name
4832 * @return bool
4833 */
4834 public function __isset($name) {
4835 switch ($name) {
4836 case 'id': return isset($this->_id);
4837 case 'contextlevel': return isset($this->_contextlevel);
4838 case 'instanceid': return isset($this->_instanceid);
4839 case 'path': return isset($this->_path);
4840 case 'depth': return isset($this->_depth);
4841
4842 default: return false;
4843 }
4844
4845 }
4846
4847 /**
4848 * ALl properties are read only, sorry.
4849 * @param string $name
4850 */
4851 public function __unset($name) {
4852 debugging('Can not unset context instance properties!');
4853 }
4854
4855 // ====== implementing method from interface IteratorAggregate ======
4856
4857 /**
4858 * Create an iterator because magic vars can't be seen by 'foreach'.
4859 *
4860 * Now we can convert context object to array using convert_to_array(),
4861 * and feed it properly to json_encode().
4862 */
4863 public function getIterator() {
4864 $ret = array(
4865 'id' => $this->id,
4866 'contextlevel' => $this->contextlevel,
4867 'instanceid' => $this->instanceid,
4868 'path' => $this->path,
4869 'depth' => $this->depth
4870 );
4871 return new ArrayIterator($ret);
4872 }
4873
4874 // ====== general context methods ======
4875
4876 /**
4877 * Constructor is protected so that devs are forced to
4878 * use context_xxx::instance() or context::instance_by_id().
4879 *
4880 * @param stdClass $record
4881 */
4882 protected function __construct(stdClass $record) {
4883 $this->_id = $record->id;
4884 $this->_contextlevel = (int)$record->contextlevel;
4885 $this->_instanceid = $record->instanceid;
4886 $this->_path = $record->path;
4887 $this->_depth = $record->depth;
4888 }
4889
4890 /**
4891 * This function is also used to work around 'protected' keyword problems in context_helper.
4892 * @static
4893 * @param stdClass $record
4894 * @return context instance
4895 */
4896 protected static function create_instance_from_record(stdClass $record) {
4897 $classname = context_helper::get_class_for_level($record->contextlevel);
4898
4899 if ($context = context::cache_get_by_id($record->id)) {
4900 return $context;
4901 }
4902
4903 $context = new $classname($record);
4904 context::cache_add($context);
4905
4906 return $context;
4907 }
4908
4909 /**
4910 * Copy prepared new contexts from temp table to context table,
4911 * we do this in db specific way for perf reasons only.
4912 * @static
4913 */
4914 protected static function merge_context_temp_table() {
4915 global $DB;
4916
4917 /* MDL-11347:
4918 * - mysql does not allow to use FROM in UPDATE statements
4919 * - using two tables after UPDATE works in mysql, but might give unexpected
4920 * results in pg 8 (depends on configuration)
4921 * - using table alias in UPDATE does not work in pg < 8.2
4922 *
4923 * Different code for each database - mostly for performance reasons
4924 */
4925
4926 $dbfamily = $DB->get_dbfamily();
4927 if ($dbfamily == 'mysql') {
4928 $updatesql = "UPDATE {context} ct, {context_temp} temp
4929 SET ct.path = temp.path,
4930 ct.depth = temp.depth
4931 WHERE ct.id = temp.id";
4932 } else if ($dbfamily == 'oracle') {
4933 $updatesql = "UPDATE {context} ct
4934 SET (ct.path, ct.depth) =
4935 (SELECT temp.path, temp.depth
4936 FROM {context_temp} temp
4937 WHERE temp.id=ct.id)
4938 WHERE EXISTS (SELECT 'x'
4939 FROM {context_temp} temp
4940 WHERE temp.id = ct.id)";
4941 } else if ($dbfamily == 'postgres' or $dbfamily == 'mssql') {
4942 $updatesql = "UPDATE {context}
4943 SET path = temp.path,
4944 depth = temp.depth
4945 FROM {context_temp} temp
4946 WHERE temp.id={context}.id";
4947 } else {
4948 // sqlite and others
4949 $updatesql = "UPDATE {context}
4950 SET path = (SELECT path FROM {context_temp} WHERE id = {context}.id),
4951 depth = (SELECT depth FROM {context_temp} WHERE id = {context}.id)
4952 WHERE id IN (SELECT id FROM {context_temp})";
4953 }
4954
4955 $DB->execute($updatesql);
4956 }
4957
4958 /**
4959 * Get a context instance as an object, from a given context id.
4960 *
4961 * @static
4962 * @param int $id context id
4963 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
4964 * MUST_EXIST means throw exception if no record found
4965 * @return context|bool the context object or false if not found
4966 */
4967 public static function instance_by_id($id, $strictness = MUST_EXIST) {
4968 global $DB;
4969
4970 if (get_called_class() !== 'context' and get_called_class() !== 'context_helper') {
4971 // some devs might confuse context->id and instanceid, better prevent these mistakes completely
4972 throw new coding_exception('use only context::instance_by_id() for real context levels use ::instance() methods');
4973 }
4974
4975 if ($id == SYSCONTEXTID) {
4976 return context_system::instance(0, $strictness);
4977 }
4978
4979 if (is_array($id) or is_object($id) or empty($id)) {
4980 throw new coding_exception('Invalid context id specified context::instance_by_id()');
4981 }
4982
4983 if ($context = context::cache_get_by_id($id)) {
4984 return $context;
4985 }
4986
4987 if ($record = $DB->get_record('context', array('id'=>$id), '*', $strictness)) {
4988 return context::create_instance_from_record($record);
4989 }
4990
4991 return false;
4992 }
4993
4994 /**
4995 * Update context info after moving context in the tree structure.
4996 *
4997 * @param context $newparent
4998 * @return void
4999 */
5000 public function update_moved(context $newparent) {
5001 global $DB;
5002
5003 $frompath = $this->_path;
5004 $newpath = $newparent->path . '/' . $this->_id;
5005
5006 $trans = $DB->start_delegated_transaction();
5007
5008 $this->mark_dirty();
5009
5010 $setdepth = '';
5011 if (($newparent->depth +1) != $this->_depth) {
5012 $diff = $newparent->depth - $this->_depth + 1;
5013 $setdepth = ", depth = depth + $diff";
5014 }
5015 $sql = "UPDATE {context}
5016 SET path = ?
5017 $setdepth
5018 WHERE id = ?";
5019 $params = array($newpath, $this->_id);
5020 $DB->execute($sql, $params);
5021
5022 $this->_path = $newpath;
5023 $this->_depth = $newparent->depth + 1;
5024
5025 $sql = "UPDATE {context}
5026 SET path = ".$DB->sql_concat("?", $DB->sql_substr("path", strlen($frompath)+1))."
5027 $setdepth
5028 WHERE path LIKE ?";
5029 $params = array($newpath, "{$frompath}/%");
5030 $DB->execute($sql, $params);
5031
5032 $this->mark_dirty();
5033
5034 context::reset_caches();
5035
5036 $trans->allow_commit();
5037 }
5038
5039 /**
5040 * Remove all context path info and optionally rebuild it.
5041 *
5042 * @param bool $rebuild
5043 * @return void
5044 */
5045 public function reset_paths($rebuild = true) {
5046 global $DB;
5047
5048 if ($this->_path) {
5049 $this->mark_dirty();
5050 }
5051 $DB->set_field_select('context', 'depth', 0, "path LIKE '%/$this->_id/%'");
5052 $DB->set_field_select('context', 'path', NULL, "path LIKE '%/$this->_id/%'");
5053 if ($this->_contextlevel != CONTEXT_SYSTEM) {
5054 $DB->set_field('context', 'depth', 0, array('id'=>$this->_id));
5055 $DB->set_field('context', 'path', NULL, array('id'=>$this->_id));
5056 $this->_depth = 0;
5057 $this->_path = null;
5058 }
5059
5060 if ($rebuild) {
5061 context_helper::build_all_paths(false);
5062 }
5063
5064 context::reset_caches();
5065 }
5066
5067 /**
5068 * Delete all data linked to content, do not delete the context record itself
5069 */
5070 public function delete_content() {
5071 global $CFG, $DB;
5072
5073 blocks_delete_all_for_context($this->_id);
5074 filter_delete_all_for_context($this->_id);
5075
5076 require_once($CFG->dirroot . '/comment/lib.php');
5077 comment::delete_comments(array('contextid'=>$this->_id));
5078
5079 require_once($CFG->dirroot.'/rating/lib.php');
5080 $delopt = new stdclass();
5081 $delopt->contextid = $this->_id;
5082 $rm = new rating_manager();
5083 $rm->delete_ratings($delopt);
5084
5085 // delete all files attached to this context
5086 $fs = get_file_storage();
5087 $fs->delete_area_files($this->_id);
5088
5089 // delete all advanced grading data attached to this context
5090 require_once($CFG->dirroot.'/grade/grading/lib.php');
5091 grading_manager::delete_all_for_context($this->_id);
5092
5093 // now delete stuff from role related tables, role_unassign_all
5094 // and unenrol should be called earlier to do proper cleanup
5095 $DB->delete_records('role_assignments', array('contextid'=>$this->_id));
5096 $DB->delete_records('role_capabilities', array('contextid'=>$this->_id));
5097 $DB->delete_records('role_names', array('contextid'=>$this->_id));
5098 }
5099
5100 /**
5101 * Delete the context content and the context record itself
5102 */
5103 public function delete() {
5104 global $DB;
5105
5106 // double check the context still exists
5107 if (!$DB->record_exists('context', array('id'=>$this->_id))) {
5108 context::cache_remove($this);
5109 return;
5110 }
5111
5112 $this->delete_content();
5113 $DB->delete_records('context', array('id'=>$this->_id));
5114 // purge static context cache if entry present
5115 context::cache_remove($this);
5116
5117 // do not mark dirty contexts if parents unknown
5118 if (!is_null($this->_path) and $this->_depth > 0) {
5119 $this->mark_dirty();
5120 }
5121 }
5122
5123 // ====== context level related methods ======
5124
5125 /**
5126 * Utility method for context creation
5127 *
5128 * @static
5129 * @param int $contextlevel
5130 * @param int $instanceid
5131 * @param string $parentpath
5132 * @return stdClass context record
5133 */
5134 protected static function insert_context_record($contextlevel, $instanceid, $parentpath) {
5135 global $DB;
5136
5137 $record = new stdClass();
5138 $record->contextlevel = $contextlevel;
5139 $record->instanceid = $instanceid;
5140 $record->depth = 0;
5141 $record->path = null; //not known before insert
5142
5143 $record->id = $DB->insert_record('context', $record);
5144
5145 // now add path if known - it can be added later
5146 if (!is_null($parentpath)) {
5147 $record->path = $parentpath.'/'.$record->id;
5148 $record->depth = substr_count($record->path, '/');
5149 $DB->update_record('context', $record);
5150 }
5151
5152 return $record;
5153 }
5154
5155 /**
5156 * Returns human readable context identifier.
5157 *
5158 * @param boolean $withprefix whether to prefix the name of the context with the
5159 * type of context, e.g. User, Course, Forum, etc.
5160 * @param boolean $short whether to use the short name of the thing. Only applies
5161 * to course contexts
5162 * @return string the human readable context name.
5163 */
5164 public function get_context_name($withprefix = true, $short = false) {
5165 // must be implemented in all context levels
5166 throw new coding_exception('can not get name of abstract context');
5167 }
5168
5169 /**
5170 * Returns the most relevant URL for this context.
5171 *
5172 * @return moodle_url
5173 */
5174 public abstract function get_url();
5175
5176 /**
5177 * Returns array of relevant context capability records.
5178 *
5179 * @return array
5180 */
5181 public abstract function get_capabilities();
5182
5183 /**
5184 * Recursive function which, given a context, find all its children context ids.
5185 *
5186 * For course category contexts it will return immediate children and all subcategory contexts.
5187 * It will NOT recurse into courses or subcategories categories.
5188 * If you want to do that, call it on the returned courses/categories.
5189 *
5190 * When called for a course context, it will return the modules and blocks
5191 * displayed in the course page and blocks displayed on the module pages.
5192 *
5193 * If called on a user/course/module context it _will_ populate the cache with the appropriate
5194 * contexts ;-)
5195 *
5196 * @return array Array of child records
5197 */
5198 public function get_child_contexts() {
5199 global $DB;
5200
5201 $sql = "SELECT ctx.*
5202 FROM {context} ctx
5203 WHERE ctx.path LIKE ?";
5204 $params = array($this->_path.'/%');
5205 $records = $DB->get_records_sql($sql, $params);
5206
5207 $result = array();
5208 foreach ($records as $record) {
5209 $result[$record->id] = context::create_instance_from_record($record);
5210 }
5211
5212 return $result;
5213 }
5214
5215 /**
5216 * Returns parent contexts of this context in reversed order, i.e. parent first,
5217 * then grand parent, etc.
5218 *
5219 * @param bool $includeself tre means include self too
5220 * @return array of context instances
5221 */
5222 public function get_parent_contexts($includeself = false) {
5223 if (!$contextids = $this->get_parent_context_ids($includeself)) {
5224 return array();
5225 }
5226
5227 $result = array();
5228 foreach ($contextids as $contextid) {
5229 $parent = context::instance_by_id($contextid, MUST_EXIST);
5230 $result[$parent->id] = $parent;
5231 }
5232
5233 return $result;
5234 }
5235
5236 /**
5237 * Returns parent contexts of this context in reversed order, i.e. parent first,
5238 * then grand parent, etc.
5239 *
5240 * @param bool $includeself tre means include self too
5241 * @return array of context ids
5242 */
5243 public function get_parent_context_ids($includeself = false) {
5244 if (empty($this->_path)) {
5245 return array();
5246 }
5247
5248 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5249 $parentcontexts = explode('/', $parentcontexts);
5250 if (!$includeself) {
5251 array_pop($parentcontexts); // and remove its own id
5252 }
5253
5254 return array_reverse($parentcontexts);
5255 }
5256
5257 /**
5258 * Returns parent context
5259 *
5260 * @return context
5261 */
5262 public function get_parent_context() {
5263 if (empty($this->_path) or $this->_id == SYSCONTEXTID) {
5264 return false;
5265 }
5266
5267 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5268 $parentcontexts = explode('/', $parentcontexts);
5269 array_pop($parentcontexts); // self
5270 $contextid = array_pop($parentcontexts); // immediate parent
5271
5272 return context::instance_by_id($contextid, MUST_EXIST);
5273 }
5274
5275 /**
5276 * Is this context part of any course? If yes return course context.
5277 *
5278 * @param bool $strict true means throw exception if not found, false means return false if not found
5279 * @return course_context context of the enclosing course, null if not found or exception
5280 */
5281 public function get_course_context($strict = true) {
5282 if ($strict) {
5283 throw new coding_exception('Context does not belong to any course.');
5284 } else {
5285 return false;
5286 }
5287 }
5288
5289 /**
5290 * Returns sql necessary for purging of stale context instances.
5291 *
5292 * @static
5293 * @return string cleanup SQL
5294 */
5295 protected static function get_cleanup_sql() {
5296 throw new coding_exception('get_cleanup_sql() method must be implemented in all context levels');
5297 }
5298
5299 /**
5300 * Rebuild context paths and depths at context level.
5301 *
5302 * @static
5303 * @param bool $force
5304 * @return void
5305 */
5306 protected static function build_paths($force) {
5307 throw new coding_exception('build_paths() method must be implemented in all context levels');
5308 }
5309
5310 /**
5311 * Create missing context instances at given level
5312 *
5313 * @static
5314 * @return void
5315 */
5316 protected static function create_level_instances() {
5317 throw new coding_exception('create_level_instances() method must be implemented in all context levels');
5318 }
5319
5320 /**
5321 * Reset all cached permissions and definitions if the necessary.
5322 * @return void
5323 */
5324 public function reload_if_dirty() {
5325 global $ACCESSLIB_PRIVATE, $USER;
5326
5327 // Load dirty contexts list if needed
5328 if (CLI_SCRIPT) {
5329 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5330 // we do not load dirty flags in CLI and cron
5331 $ACCESSLIB_PRIVATE->dirtycontexts = array();
5332 }
5333 } else {
5334 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5335 if (!isset($USER->access['time'])) {
5336 // nothing was loaded yet, we do not need to check dirty contexts now
5337 return;
5338 }
5339 // no idea why -2 is there, server cluster time difference maybe... (skodak)
5340 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5341 }
5342 }
5343
5344 foreach ($ACCESSLIB_PRIVATE->dirtycontexts as $path=>$unused) {
5345 if ($path === $this->_path or strpos($this->_path, $path.'/') === 0) {
5346 // reload all capabilities of USER and others - preserving loginas, roleswitches, etc
5347 // and then cleanup any marks of dirtyness... at least from our short term memory! :-)
5348 reload_all_capabilities();
5349 break;
5350 }
5351 }
5352 }
5353
5354 /**
5355 * Mark a context as dirty (with timestamp) so as to force reloading of the context.
5356 */
5357 public function mark_dirty() {
5358 global $CFG, $USER, $ACCESSLIB_PRIVATE;
5359
5360 if (during_initial_install()) {
5361 return;
5362 }
5363
5364 // only if it is a non-empty string
5365 if (is_string($this->_path) && $this->_path !== '') {
5366 set_cache_flag('accesslib/dirtycontexts', $this->_path, 1, time()+$CFG->sessiontimeout);
5367 if (isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5368 $ACCESSLIB_PRIVATE->dirtycontexts[$this->_path] = 1;
5369 } else {
5370 if (CLI_SCRIPT) {
5371 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5372 } else {
5373 if (isset($USER->access['time'])) {
5374 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5375 } else {
5376 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5377 }
5378 // flags not loaded yet, it will be done later in $context->reload_if_dirty()
5379 }
5380 }
5381 }
5382 }
5383 }
5384
5385
5386 /**
5387 * Context maintenance and helper methods.
5388 *
5389 * This is "extends context" is a bloody hack that tires to work around the deficiencies
5390 * in the "protected" keyword in PHP, this helps us to hide all the internals of context
5391 * level implementation from the rest of code, the code completion returns what developers need.
5392 *
5393 * Thank you Tim Hunt for helping me with this nasty trick.
5394 *
5395 * @package core_access
5396 * @category access
5397 * @copyright Petr Skoda {@link http://skodak.org}
5398 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5399 * @since 2.2
5400 */
5401 class context_helper extends context {
5402
5403 /**
5404 * @var array An array mapping context levels to classes
5405 */
5406 private static $alllevels = array(
5407 CONTEXT_SYSTEM => 'context_system',
5408 CONTEXT_USER => 'context_user',
5409 CONTEXT_COURSECAT => 'context_coursecat',
5410 CONTEXT_COURSE => 'context_course',
5411 CONTEXT_MODULE => 'context_module',
5412 CONTEXT_BLOCK => 'context_block',
5413 );
5414
5415 /**
5416 * Instance does not make sense here, only static use
5417 */
5418 protected function __construct() {
5419 }
5420
5421 /**
5422 * Returns a class name of the context level class
5423 *
5424 * @static
5425 * @param int $contextlevel (CONTEXT_SYSTEM, etc.)
5426 * @return string class name of the context class
5427 */
5428 public static function get_class_for_level($contextlevel) {
5429 if (isset(self::$alllevels[$contextlevel])) {
5430 return self::$alllevels[$contextlevel];
5431 } else {
5432 throw new coding_exception('Invalid context level specified');
5433 }
5434 }
5435
5436 /**
5437 * Returns a list of all context levels
5438 *
5439 * @static
5440 * @return array int=>string (level=>level class name)
5441 */
5442 public static function get_all_levels() {
5443 return self::$alllevels;
5444 }
5445
5446 /**
5447 * Remove stale contexts that belonged to deleted instances.
5448 * Ideally all code should cleanup contexts properly, unfortunately accidents happen...
5449 *
5450 * @static
5451 * @return void
5452 */
5453 public static function cleanup_instances() {
5454 global $DB;
5455 $sqls = array();
5456 foreach (self::$alllevels as $level=>$classname) {
5457 $sqls[] = $classname::get_cleanup_sql();
5458 }
5459
5460 $sql = implode(" UNION ", $sqls);
5461
5462 // it is probably better to use transactions, it might be faster too
5463 $transaction = $DB->start_delegated_transaction();
5464
5465 $rs = $DB->get_recordset_sql($sql);
5466 foreach ($rs as $record) {
5467 $context = context::create_instance_from_record($record);
5468 $context->delete();
5469 }
5470 $rs->close();
5471
5472 $transaction->allow_commit();
5473 }
5474
5475 /**
5476 * Create all context instances at the given level and above.
5477 *
5478 * @static
5479 * @param int $contextlevel null means all levels
5480 * @param bool $buildpaths
5481 * @return void
5482 */
5483 public static function create_instances($contextlevel = null, $buildpaths = true) {
5484 foreach (self::$alllevels as $level=>$classname) {
5485 if ($contextlevel and $level > $contextlevel) {
5486 // skip potential sub-contexts
5487 continue;
5488 }
5489 $classname::create_level_instances();
5490 if ($buildpaths) {
5491 $classname::build_paths(false);
5492 }
5493 }
5494 }
5495
5496 /**
5497 * Rebuild paths and depths in all context levels.
5498 *
5499 * @static
5500 * @param bool $force false means add missing only
5501 * @return void
5502 */
5503 public static function build_all_paths($force = false) {
5504 foreach (self::$alllevels as $classname) {
5505 $classname::build_paths($force);
5506 }
5507
5508 // reset static course cache - it might have incorrect cached data
5509 accesslib_clear_all_caches(true);
5510 }
5511
5512 /**
5513 * Resets the cache to remove all data.
5514 * @static
5515 */
5516 public static function reset_caches() {
5517 context::reset_caches();
5518 }
5519
5520 /**
5521 * Returns all fields necessary for context preloading from user $rec.
5522 *
5523 * This helps with performance when dealing with hundreds of contexts.
5524 *
5525 * @static
5526 * @param string $tablealias context table alias in the query
5527 * @return array (table.column=>alias, ...)
5528 */
5529 public static function get_preload_record_columns($tablealias) {
5530 return array("$tablealias.id"=>"ctxid", "$tablealias.path"=>"ctxpath", "$tablealias.depth"=>"ctxdepth", "$tablealias.contextlevel"=>"ctxlevel", "$tablealias.instanceid"=>"ctxinstance");
5531 }
5532
5533 /**
5534 * Returns all fields necessary for context preloading from user $rec.
5535 *
5536 * This helps with performance when dealing with hundreds of contexts.
5537 *
5538 * @static
5539 * @param string $tablealias context table alias in the query
5540 * @return string
5541 */
5542 public static function get_preload_record_columns_sql($tablealias) {
5543 return "$tablealias.id AS ctxid, $tablealias.path AS ctxpath, $tablealias.depth AS ctxdepth, $tablealias.contextlevel AS ctxlevel, $tablealias.instanceid AS ctxinstance";
5544 }
5545
5546 /**
5547 * Preloads context information from db record and strips the cached info.
5548 *
5549 * The db request has to contain all columns from context_helper::get_preload_record_columns().
5550 *
5551 * @static
5552 * @param stdClass $rec
5553 * @return void (modifies $rec)
5554 */
5555 public static function preload_from_record(stdClass $rec) {
5556 context::preload_from_record($rec);
5557 }
5558
5559 /**
5560 * Preload all contexts instances from course.
5561 *
5562 * To be used if you expect multiple queries for course activities...
5563 *
5564 * @static
5565 * @param int $courseid
5566 */
5567 public static function preload_course($courseid) {
5568 // Users can call this multiple times without doing any harm
5569 if (isset(context::$cache_preloaded[$courseid])) {
5570 return;
5571 }
5572 $coursecontext = context_course::instance($courseid);
5573 $coursecontext->get_child_contexts();
5574
5575 context::$cache_preloaded[$courseid] = true;
5576 }
5577
5578 /**
5579 * Delete context instance
5580 *
5581 * @static
5582 * @param int $contextlevel
5583 * @param int $instanceid
5584 * @return void
5585 */
5586 public static function delete_instance($contextlevel, $instanceid) {
5587 global $DB;
5588
5589 // double check the context still exists
5590 if ($record = $DB->get_record('context', array('contextlevel'=>$contextlevel, 'instanceid'=>$instanceid))) {
5591 $context = context::create_instance_from_record($record);
5592 $context->delete();
5593 } else {
5594 // we should try to purge the cache anyway
5595 }
5596 }
5597
5598 /**
5599 * Returns the name of specified context level
5600 *
5601 * @static
5602 * @param int $contextlevel
5603 * @return string name of the context level
5604 */
5605 public static function get_level_name($contextlevel) {
5606 $classname = context_helper::get_class_for_level($contextlevel);
5607 return $classname::get_level_name();
5608 }
5609
5610 /**
5611 * not used
5612 */
5613 public function get_url() {
5614 }
5615
5616 /**
5617 * not used
5618 */
5619 public function get_capabilities() {
5620 }
5621 }
5622
5623
5624 /**
5625 * System context class
5626 *
5627 * @package core_access
5628 * @category access
5629 * @copyright Petr Skoda {@link http://skodak.org}
5630 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5631 * @since 2.2
5632 */
5633 class context_system extends context {
5634 /**
5635 * Please use context_system::instance() if you need the instance of context.
5636 *
5637 * @param stdClass $record
5638 */
5639 protected function __construct(stdClass $record) {
5640 parent::__construct($record);
5641 if ($record->contextlevel != CONTEXT_SYSTEM) {
5642 throw new coding_exception('Invalid $record->contextlevel in context_system constructor.');
5643 }
5644 }
5645
5646 /**
5647 * Returns human readable context level name.
5648 *
5649 * @static
5650 * @return string the human readable context level name.
5651 */
5652 public static function get_level_name() {
5653 return get_string('coresystem');
5654 }
5655
5656 /**
5657 * Returns human readable context identifier.
5658 *
5659 * @param boolean $withprefix does not apply to system context
5660 * @param boolean $short does not apply to system context
5661 * @return string the human readable context name.
5662 */
5663 public function get_context_name($withprefix = true, $short = false) {
5664 return self::get_level_name();
5665 }
5666
5667 /**
5668 * Returns the most relevant URL for this context.
5669 *
5670 * @return moodle_url
5671 */
5672 public function get_url() {
5673 return new moodle_url('/');
5674 }
5675
5676 /**
5677 * Returns array of relevant context capability records.
5678 *
5679 * @return array
5680 */
5681 public function get_capabilities() {
5682 global $DB;
5683
5684 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
5685
5686 $params = array();
5687 $sql = "SELECT *
5688 FROM {capabilities}";
5689
5690 return $DB->get_records_sql($sql.' '.$sort, $params);
5691 }
5692
5693 /**
5694 * Create missing context instances at system context
5695 * @static
5696 */
5697 protected static function create_level_instances() {
5698 // nothing to do here, the system context is created automatically in installer
5699 self::instance(0);
5700 }
5701
5702 /**
5703 * Returns system context instance.
5704 *
5705 * @static
5706 * @param int $instanceid
5707 * @param int $strictness
5708 * @param bool $cache
5709 * @return context_system context instance
5710 */
5711 public static function instance($instanceid = 0, $strictness = MUST_EXIST, $cache = true) {
5712 global $DB;
5713
5714 if ($instanceid != 0) {
5715 debugging('context_system::instance(): invalid $id parameter detected, should be 0');
5716 }
5717
5718 if (defined('SYSCONTEXTID') and $cache) { // dangerous: define this in config.php to eliminate 1 query/page
5719 if (!isset(context::$systemcontext)) {
5720 $record = new stdClass();
5721 $record->id = SYSCONTEXTID;
5722 $record->contextlevel = CONTEXT_SYSTEM;
5723 $record->instanceid = 0;
5724 $record->path = '/'.SYSCONTEXTID;
5725 $record->depth = 1;
5726 context::$systemcontext = new context_system($record);
5727 }
5728 return context::$systemcontext;
5729 }
5730
5731
5732 try {
5733 // we ignore the strictness completely because system context must except except during install
5734 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
5735 } catch (dml_exception $e) {
5736 //table or record does not exist
5737 if (!during_initial_install()) {
5738 // do not mess with system context after install, it simply must exist
5739 throw $e;
5740 }
5741 $record = null;
5742 }
5743
5744 if (!$record) {
5745 $record = new stdClass();
5746 $record->contextlevel = CONTEXT_SYSTEM;
5747 $record->instanceid = 0;
5748 $record->depth = 1;
5749 $record->path = null; //not known before insert
5750
5751 try {
5752 if ($DB->count_records('context')) {
5753 // contexts already exist, this is very weird, system must be first!!!
5754 return null;
5755 }
5756 if (defined('SYSCONTEXTID')) {
5757 // this would happen only in unittest on sites that went through weird 1.7 upgrade
5758 $record->id = SYSCONTEXTID;
5759 $DB->import_record('context', $record);
5760 $DB->get_manager()->reset_sequence('context');
5761 } else {
5762 $record->id = $DB->insert_record('context', $record);
5763 }
5764 } catch (dml_exception $e) {
5765 // can not create context - table does not exist yet, sorry
5766 return null;
5767 }
5768 }
5769
5770 if ($record->instanceid != 0) {
5771 // this is very weird, somebody must be messing with context table
5772 debugging('Invalid system context detected');
5773 }
5774
5775 if ($record->depth != 1 or $record->path != '/'.$record->id) {
5776 // fix path if necessary, initial install or path reset
5777 $record->depth = 1;
5778 $record->path = '/'.$record->id;
5779 $DB->update_record('context', $record);
5780 }
5781
5782 if (!defined('SYSCONTEXTID')) {
5783 define('SYSCONTEXTID', $record->id);
5784 }
5785
5786 context::$systemcontext = new context_system($record);
5787 return context::$systemcontext;
5788 }
5789
5790 /**
5791 * Returns all site contexts except the system context, DO NOT call on production servers!!
5792 *
5793 * Contexts are not cached.
5794 *
5795 * @return array
5796 */
5797 public function get_child_contexts() {
5798 global $DB;
5799
5800 debugging('Fetching of system context child courses is strongly discouraged on production servers (it may eat all available memory)!');
5801
5802 // Just get all the contexts except for CONTEXT_SYSTEM level
5803 // and hope we don't OOM in the process - don't cache
5804 $sql = "SELECT c.*
5805 FROM {context} c
5806 WHERE contextlevel > ".CONTEXT_SYSTEM;
5807 $records = $DB->get_records_sql($sql);
5808
5809 $result = array();
5810 foreach ($records as $record) {
5811 $result[$record->id] = context::create_instance_from_record($record);
5812 }
5813
5814 return $result;
5815 }
5816
5817 /**
5818 * Returns sql necessary for purging of stale context instances.
5819 *
5820 * @static
5821 * @return string cleanup SQL
5822 */
5823 protected static function get_cleanup_sql() {
5824 $sql = "
5825 SELECT c.*
5826 FROM {context} c
5827 WHERE 1=2
5828 ";
5829
5830 return $sql;
5831 }
5832
5833 /**
5834 * Rebuild context paths and depths at system context level.
5835 *
5836 * @static
5837 * @param bool $force
5838 */
5839 protected static function build_paths($force) {
5840 global $DB;
5841
5842 /* note: ignore $force here, we always do full test of system context */
5843
5844 // exactly one record must exist
5845 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
5846
5847 if ($record->instanceid != 0) {
5848 debugging('Invalid system context detected');
5849 }
5850
5851 if (defined('SYSCONTEXTID') and $record->id != SYSCONTEXTID) {
5852 debugging('Invalid SYSCONTEXTID detected');
5853 }
5854
5855 if ($record->depth != 1 or $record->path != '/'.$record->id) {
5856 // fix path if necessary, initial install or path reset
5857 $record->depth = 1;
5858 $record->path = '/'.$record->id;
5859 $DB->update_record('context', $record);
5860 }
5861 }
5862 }
5863
5864
5865 /**
5866 * User context class
5867 *
5868 * @package core_access
5869 * @category access
5870 * @copyright Petr Skoda {@link http://skodak.org}
5871 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5872 * @since 2.2
5873 */
5874 class context_user extends context {
5875 /**
5876 * Please use context_user::instance($userid) if you need the instance of context.
5877 * Alternatively if you know only the context id use context::instance_by_id($contextid)
5878 *
5879 * @param stdClass $record
5880 */
5881 protected function __construct(stdClass $record) {
5882 parent::__construct($record);
5883 if ($record->contextlevel != CONTEXT_USER) {
5884 throw new coding_exception('Invalid $record->contextlevel in context_user constructor.');
5885 }
5886 }
5887
5888 /**
5889 * Returns human readable context level name.
5890 *
5891 * @static
5892 * @return string the human readable context level name.
5893 */
5894 public static function get_level_name() {
5895 return get_string('user');
5896 }
5897
5898 /**
5899 * Returns human readable context identifier.
5900 *
5901 * @param boolean $withprefix whether to prefix the name of the context with User
5902 * @param boolean $short does not apply to user context
5903 * @return string the human readable context name.
5904 */
5905 public function get_context_name($withprefix = true, $short = false) {
5906 global $DB;
5907
5908 $name = '';
5909 if ($user = $DB->get_record('user', array('id'=>$this->_instanceid, 'deleted'=>0))) {
5910 if ($withprefix){
5911 $name = get_string('user').': ';
5912 }
5913 $name .= fullname($user);
5914 }
5915 return $name;
5916 }
5917
5918 /**
5919 * Returns the most relevant URL for this context.
5920 *
5921 * @return moodle_url
5922 */
5923 public function get_url() {
5924 global $COURSE;
5925
5926 if ($COURSE->id == SITEID) {
5927 $url = new moodle_url('/user/profile.php', array('id'=>$this->_instanceid));
5928 } else {
5929 $url = new moodle_url('/user/view.php', array('id'=>$this->_instanceid, 'courseid'=>$COURSE->id));
5930 }
5931 return $url;
5932 }
5933
5934 /**
5935 * Returns array of relevant context capability records.
5936 *
5937 * @return array
5938 */
5939 public function get_capabilities() {
5940 global $DB;
5941
5942 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
5943
5944 $extracaps = array('moodle/grade:viewall');
5945 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
5946 $sql = "SELECT *
5947 FROM {capabilities}
5948 WHERE contextlevel = ".CONTEXT_USER."
5949 OR name $extra";
5950
5951 return $records = $DB->get_records_sql($sql.' '.$sort, $params);
5952 }
5953
5954 /**
5955 * Returns user context instance.
5956 *
5957 * @static
5958 * @param int $instanceid
5959 * @param int $strictness
5960 * @return context_user context instance
5961 */
5962 public static function instance($instanceid, $strictness = MUST_EXIST) {
5963 global $DB;
5964
5965 if ($context = context::cache_get(CONTEXT_USER, $instanceid)) {
5966 return $context;
5967 }
5968
5969 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_USER, 'instanceid'=>$instanceid))) {
5970 if ($user = $DB->get_record('user', array('id'=>$instanceid, 'deleted'=>0), 'id', $strictness)) {
5971 $record = context::insert_context_record(CONTEXT_USER, $user->id, '/'.SYSCONTEXTID, 0);
5972 }
5973 }
5974
5975 if ($record) {
5976 $context = new context_user($record);
5977 context::cache_add($context);
5978 return $context;
5979 }
5980
5981 return false;
5982 }
5983
5984 /**
5985 * Create missing context instances at user context level
5986 * @static
5987 */
5988 protected static function create_level_instances() {
5989 global $DB;
5990
5991 $sql = "INSERT INTO {context} (contextlevel, instanceid)
5992 SELECT ".CONTEXT_USER.", u.id
5993 FROM {user} u
5994 WHERE u.deleted = 0
5995 AND NOT EXISTS (SELECT 'x'
5996 FROM {context} cx
5997 WHERE u.id = cx.instanceid AND cx.contextlevel=".CONTEXT_USER.")";
5998 $DB->execute($sql);
5999 }
6000
6001 /**
6002 * Returns sql necessary for purging of stale context instances.
6003 *
6004 * @static
6005 * @return string cleanup SQL
6006 */
6007 protected static function get_cleanup_sql() {
6008 $sql = "
6009 SELECT c.*
6010 FROM {context} c
6011 LEFT OUTER JOIN {user} u ON (c.instanceid = u.id AND u.deleted = 0)
6012 WHERE u.id IS NULL AND c.contextlevel = ".CONTEXT_USER."
6013 ";
6014
6015 return $sql;
6016 }
6017
6018 /**
6019 * Rebuild context paths and depths at user context level.
6020 *
6021 * @static
6022 * @param bool $force
6023 */
6024 protected static function build_paths($force) {
6025 global $DB;
6026
6027 // First update normal users.
6028 $path = $DB->sql_concat('?', 'id');
6029 $pathstart = '/' . SYSCONTEXTID . '/';
6030 $params = array($pathstart);
6031
6032 if ($force) {
6033 $where = "depth <> 2 OR path IS NULL OR path <> ({$path})";
6034 $params[] = $pathstart;
6035 } else {
6036 $where = "depth = 0 OR path IS NULL";
6037 }
6038
6039 $sql = "UPDATE {context}
6040 SET depth = 2,
6041 path = {$path}
6042 WHERE contextlevel = " . CONTEXT_USER . "
6043 AND ($where)";
6044 $DB->execute($sql, $params);
6045 }
6046 }
6047
6048
6049 /**
6050 * Course category context class
6051 *
6052 * @package core_access
6053 * @category access
6054 * @copyright Petr Skoda {@link http://skodak.org}
6055 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6056 * @since 2.2
6057 */
6058 class context_coursecat extends context {
6059 /**
6060 * Please use context_coursecat::instance($coursecatid) if you need the instance of context.
6061 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6062 *
6063 * @param stdClass $record
6064 */
6065 protected function __construct(stdClass $record) {
6066 parent::__construct($record);
6067 if ($record->contextlevel != CONTEXT_COURSECAT) {
6068 throw new coding_exception('Invalid $record->contextlevel in context_coursecat constructor.');
6069 }
6070 }
6071
6072 /**
6073 * Returns human readable context level name.
6074 *
6075 * @static
6076 * @return string the human readable context level name.
6077 */
6078 public static function get_level_name() {
6079 return get_string('category');
6080 }
6081
6082 /**
6083 * Returns human readable context identifier.
6084 *
6085 * @param boolean $withprefix whether to prefix the name of the context with Category
6086 * @param boolean $short does not apply to course categories
6087 * @return string the human readable context name.
6088 */
6089 public function get_context_name($withprefix = true, $short = false) {
6090 global $DB;
6091
6092 $name = '';
6093 if ($category = $DB->get_record('course_categories', array('id'=>$this->_instanceid))) {
6094 if ($withprefix){
6095 $name = get_string('category').': ';
6096 }
6097 $name .= format_string($category->name, true, array('context' => $this));
6098 }
6099 return $name;
6100 }
6101
6102 /**
6103 * Returns the most relevant URL for this context.
6104 *
6105 * @return moodle_url
6106 */
6107 public function get_url() {
6108 return new moodle_url('/course/category.php', array('id'=>$this->_instanceid));
6109 }
6110
6111 /**
6112 * Returns array of relevant context capability records.
6113 *
6114 * @return array
6115 */
6116 public function get_capabilities() {
6117 global $DB;
6118
6119 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6120
6121 $params = array();
6122 $sql = "SELECT *
6123 FROM {capabilities}
6124 WHERE contextlevel IN (".CONTEXT_COURSECAT.",".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6125
6126 return $DB->get_records_sql($sql.' '.$sort, $params);
6127 }
6128
6129 /**
6130 * Returns course category context instance.
6131 *
6132 * @static
6133 * @param int $instanceid
6134 * @param int $strictness
6135 * @return context_coursecat context instance
6136 */
6137 public static function instance($instanceid, $strictness = MUST_EXIST) {
6138 global $DB;
6139
6140 if ($context = context::cache_get(CONTEXT_COURSECAT, $instanceid)) {
6141 return $context;
6142 }
6143
6144 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSECAT, 'instanceid'=>$instanceid))) {
6145 if ($category = $DB->get_record('course_categories', array('id'=>$instanceid), 'id,parent', $strictness)) {
6146 if ($category->parent) {
6147 $parentcontext = context_coursecat::instance($category->parent);
6148 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, $parentcontext->path);
6149 } else {
6150 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, '/'.SYSCONTEXTID, 0);
6151 }
6152 }
6153 }
6154
6155 if ($record) {
6156 $context = new context_coursecat($record);
6157 context::cache_add($context);
6158 return $context;
6159 }
6160
6161 return false;
6162 }
6163
6164 /**
6165 * Returns immediate child contexts of category and all subcategories,
6166 * children of subcategories and courses are not returned.
6167 *
6168 * @return array
6169 */
6170 public function get_child_contexts() {
6171 global $DB;
6172
6173 $sql = "SELECT ctx.*
6174 FROM {context} ctx
6175 WHERE ctx.path LIKE ? AND (ctx.depth = ? OR ctx.contextlevel = ?)";
6176 $params = array($this->_path.'/%', $this->depth+1, CONTEXT_COURSECAT);
6177 $records = $DB->get_records_sql($sql, $params);
6178
6179 $result = array();
6180 foreach ($records as $record) {
6181 $result[$record->id] = context::create_instance_from_record($record);
6182 }
6183
6184 return $result;
6185 }
6186
6187 /**
6188 * Create missing context instances at course category context level
6189 * @static
6190 */
6191 protected static function create_level_instances() {
6192 global $DB;
6193
6194 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6195 SELECT ".CONTEXT_COURSECAT.", cc.id
6196 FROM {course_categories} cc
6197 WHERE NOT EXISTS (SELECT 'x'
6198 FROM {context} cx
6199 WHERE cc.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSECAT.")";
6200 $DB->execute($sql);
6201 }
6202
6203 /**
6204 * Returns sql necessary for purging of stale context instances.
6205 *
6206 * @static
6207 * @return string cleanup SQL
6208 */
6209 protected static function get_cleanup_sql() {
6210 $sql = "
6211 SELECT c.*
6212 FROM {context} c
6213 LEFT OUTER JOIN {course_categories} cc ON c.instanceid = cc.id
6214 WHERE cc.id IS NULL AND c.contextlevel = ".CONTEXT_COURSECAT."
6215 ";
6216
6217 return $sql;
6218 }
6219
6220 /**
6221 * Rebuild context paths and depths at course category context level.
6222 *
6223 * @static
6224 * @param bool $force
6225 */
6226 protected static function build_paths($force) {
6227 global $DB;
6228
6229 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSECAT." AND (depth = 0 OR path IS NULL)")) {
6230 if ($force) {
6231 $ctxemptyclause = $emptyclause = '';
6232 } else {
6233 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6234 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6235 }
6236
6237 $base = '/'.SYSCONTEXTID;
6238
6239 // Normal top level categories
6240 $sql = "UPDATE {context}
6241 SET depth=2,
6242 path=".$DB->sql_concat("'$base/'", 'id')."
6243 WHERE contextlevel=".CONTEXT_COURSECAT."
6244 AND EXISTS (SELECT 'x'
6245 FROM {course_categories} cc
6246 WHERE cc.id = {context}.instanceid AND cc.depth=1)
6247 $emptyclause";
6248 $DB->execute($sql);
6249
6250 // Deeper categories - one query per depthlevel
6251 $maxdepth = $DB->get_field_sql("SELECT MAX(depth) FROM {course_categories}");
6252 for ($n=2; $n<=$maxdepth; $n++) {
6253 $sql = "INSERT INTO {context_temp} (id, path, depth)
6254 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6255 FROM {context} ctx
6256 JOIN {course_categories} cc ON (cc.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSECAT." AND cc.depth = $n)
6257 JOIN {context} pctx ON (pctx.instanceid = cc.parent AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6258 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6259 $ctxemptyclause";
6260 $trans = $DB->start_delegated_transaction();
6261 $DB->delete_records('context_temp');
6262 $DB->execute($sql);
6263 context::merge_context_temp_table();
6264 $DB->delete_records('context_temp');
6265 $trans->allow_commit();
6266
6267 }
6268 }
6269 }
6270 }
6271
6272
6273 /**
6274 * Course context class
6275 *
6276 * @package core_access
6277 * @category access
6278 * @copyright Petr Skoda {@link http://skodak.org}
6279 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6280 * @since 2.2
6281 */
6282 class context_course extends context {
6283 /**
6284 * Please use context_course::instance($courseid) if you need the instance of context.
6285 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6286 *
6287 * @param stdClass $record
6288 */
6289 protected function __construct(stdClass $record) {
6290 parent::__construct($record);
6291 if ($record->contextlevel != CONTEXT_COURSE) {
6292 throw new coding_exception('Invalid $record->contextlevel in context_course constructor.');
6293 }
6294 }
6295
6296 /**
6297 * Returns human readable context level name.
6298 *
6299 * @static
6300 * @return string the human readable context level name.
6301 */
6302 public static function get_level_name() {
6303 return get_string('course');
6304 }
6305
6306 /**
6307 * Returns human readable context identifier.
6308 *
6309 * @param boolean $withprefix whether to prefix the name of the context with Course
6310 * @param boolean $short whether to use the short name of the thing.
6311 * @return string the human readable context name.
6312 */
6313 public function get_context_name($withprefix = true, $short = false) {
6314 global $DB;
6315
6316 $name = '';
6317 if ($this->_instanceid == SITEID) {
6318 $name = get_string('frontpage', 'admin');
6319 } else {
6320 if ($course = $DB->get_record('course', array('id'=>$this->_instanceid))) {
6321 if ($withprefix){
6322 $name = get_string('course').': ';
6323 }
6324 if ($short){
6325 $name .= format_string($course->shortname, true, array('context' => $this));
6326 } else {
6327 $name .= format_string(get_course_display_name_for_list($course));
6328 }
6329 }
6330 }
6331 return $name;
6332 }
6333
6334 /**
6335 * Returns the most relevant URL for this context.
6336 *
6337 * @return moodle_url
6338 */
6339 public function get_url() {
6340 if ($this->_instanceid != SITEID) {
6341 return new moodle_url('/course/view.php', array('id'=>$this->_instanceid));
6342 }
6343
6344 return new moodle_url('/');
6345 }
6346
6347 /**
6348 * Returns array of relevant context capability records.
6349 *
6350 * @return array
6351 */
6352 public function get_capabilities() {
6353 global $DB;
6354
6355 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6356
6357 $params = array();
6358 $sql = "SELECT *
6359 FROM {capabilities}
6360 WHERE contextlevel IN (".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6361
6362 return $DB->get_records_sql($sql.' '.$sort, $params);
6363 }
6364
6365 /**
6366 * Is this context part of any course? If yes return course context.
6367 *
6368 * @param bool $strict true means throw exception if not found, false means return false if not found
6369 * @return course_context context of the enclosing course, null if not found or exception
6370 */
6371 public function get_course_context($strict = true) {
6372 return $this;
6373 }
6374
6375 /**
6376 * Returns course context instance.
6377 *
6378 * @static
6379 * @param int $instanceid
6380 * @param int $strictness
6381 * @return context_course context instance
6382 */
6383 public static function instance($instanceid, $strictness = MUST_EXIST) {
6384 global $DB;
6385
6386 if ($context = context::cache_get(CONTEXT_COURSE, $instanceid)) {
6387 return $context;
6388 }
6389
6390 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSE, 'instanceid'=>$instanceid))) {
6391 if ($course = $DB->get_record('course', array('id'=>$instanceid), 'id,category', $strictness)) {
6392 if ($course->category) {
6393 $parentcontext = context_coursecat::instance($course->category);
6394 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, $parentcontext->path);
6395 } else {
6396 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, '/'.SYSCONTEXTID, 0);
6397 }
6398 }
6399 }
6400
6401 if ($record) {
6402 $context = new context_course($record);
6403 context::cache_add($context);
6404 return $context;
6405 }
6406
6407 return false;
6408 }
6409
6410 /**
6411 * Create missing context instances at course context level
6412 * @static
6413 */
6414 protected static function create_level_instances() {
6415 global $DB;
6416
6417 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6418 SELECT ".CONTEXT_COURSE.", c.id
6419 FROM {course} c
6420 WHERE NOT EXISTS (SELECT 'x'
6421 FROM {context} cx
6422 WHERE c.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSE.")";
6423 $DB->execute($sql);
6424 }
6425
6426 /**
6427 * Returns sql necessary for purging of stale context instances.
6428 *
6429 * @static
6430 * @return string cleanup SQL
6431 */
6432 protected static function get_cleanup_sql() {
6433 $sql = "
6434 SELECT c.*
6435 FROM {context} c
6436 LEFT OUTER JOIN {course} co ON c.instanceid = co.id
6437 WHERE co.id IS NULL AND c.contextlevel = ".CONTEXT_COURSE."
6438 ";
6439
6440 return $sql;
6441 }
6442
6443 /**
6444 * Rebuild context paths and depths at course context level.
6445 *
6446 * @static
6447 * @param bool $force
6448 */
6449 protected static function build_paths($force) {
6450 global $DB;
6451
6452 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSE." AND (depth = 0 OR path IS NULL)")) {
6453 if ($force) {
6454 $ctxemptyclause = $emptyclause = '';
6455 } else {
6456 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6457 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6458 }
6459
6460 $base = '/'.SYSCONTEXTID;
6461
6462 // Standard frontpage
6463 $sql = "UPDATE {context}
6464 SET depth = 2,
6465 path = ".$DB->sql_concat("'$base/'", 'id')."
6466 WHERE contextlevel = ".CONTEXT_COURSE."
6467 AND EXISTS (SELECT 'x'
6468 FROM {course} c
6469 WHERE c.id = {context}.instanceid AND c.category = 0)
6470 $emptyclause";
6471 $DB->execute($sql);
6472
6473 // standard courses
6474 $sql = "INSERT INTO {context_temp} (id, path, depth)
6475 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6476 FROM {context} ctx
6477 JOIN {course} c ON (c.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSE." AND c.category <> 0)
6478 JOIN {context} pctx ON (pctx.instanceid = c.category AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6479 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6480 $ctxemptyclause";
6481 $trans = $DB->start_delegated_transaction();
6482 $DB->delete_records('context_temp');
6483 $DB->execute($sql);
6484 context::merge_context_temp_table();
6485 $DB->delete_records('context_temp');
6486 $trans->allow_commit();
6487 }
6488 }
6489 }
6490
6491
6492 /**
6493 * Course module context class
6494 *
6495 * @package core_access
6496 * @category access
6497 * @copyright Petr Skoda {@link http://skodak.org}
6498 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6499 * @since 2.2
6500 */
6501 class context_module extends context {
6502 /**
6503 * Please use context_module::instance($cmid) if you need the instance of context.
6504 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6505 *
6506 * @param stdClass $record
6507 */
6508 protected function __construct(stdClass $record) {
6509 parent::__construct($record);
6510 if ($record->contextlevel != CONTEXT_MODULE) {
6511 throw new coding_exception('Invalid $record->contextlevel in context_module constructor.');
6512 }
6513 }
6514
6515 /**
6516 * Returns human readable context level name.
6517 *
6518 * @static
6519 * @return string the human readable context level name.
6520 */
6521 public static function get_level_name() {
6522 return get_string('activitymodule');
6523 }
6524
6525 /**
6526 * Returns human readable context identifier.
6527 *
6528 * @param boolean $withprefix whether to prefix the name of the context with the
6529 * module name, e.g. Forum, Glossary, etc.
6530 * @param boolean $short does not apply to module context
6531 * @return string the human readable context name.
6532 */
6533 public function get_context_name($withprefix = true, $short = false) {
6534 global $DB;
6535
6536 $name = '';
6537 if ($cm = $DB->get_record_sql("SELECT cm.*, md.name AS modname
6538 FROM {course_modules} cm
6539 JOIN {modules} md ON md.id = cm.module
6540 WHERE cm.id = ?", array($this->_instanceid))) {
6541 if ($mod = $DB->get_record($cm->modname, array('id' => $cm->instance))) {
6542 if ($withprefix){
6543 $name = get_string('modulename', $cm->modname).': ';
6544 }
6545 $name .= format_string($mod->name, true, array('context' => $this));
6546 }
6547 }
6548 return $name;
6549 }
6550
6551 /**
6552 * Returns the most relevant URL for this context.
6553 *
6554 * @return moodle_url
6555 */
6556 public function get_url() {
6557 global $DB;
6558
6559 if ($modname = $DB->get_field_sql("SELECT md.name AS modname
6560 FROM {course_modules} cm
6561 JOIN {modules} md ON md.id = cm.module
6562 WHERE cm.id = ?", array($this->_instanceid))) {
6563 return new moodle_url('/mod/' . $modname . '/view.php', array('id'=>$this->_instanceid));
6564 }
6565
6566 return new moodle_url('/');
6567 }
6568
6569 /**
6570 * Returns array of relevant context capability records.
6571 *
6572 * @return array
6573 */
6574 public function get_capabilities() {
6575 global $DB, $CFG;
6576
6577 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6578
6579 $cm = $DB->get_record('course_modules', array('id'=>$this->_instanceid));
6580 $module = $DB->get_record('modules', array('id'=>$cm->module));
6581
6582 $subcaps = array();
6583 $subpluginsfile = "$CFG->dirroot/mod/$module->name/db/subplugins.php";
6584 if (file_exists($subpluginsfile)) {
6585 $subplugins = array(); // should be redefined in the file
6586 include($subpluginsfile);
6587 if (!empty($subplugins)) {
6588 foreach (array_keys($subplugins) as $subplugintype) {
6589 foreach (array_keys(get_plugin_list($subplugintype)) as $subpluginname) {
6590 $subcaps = array_merge($subcaps, array_keys(load_capability_def($subplugintype.'_'.$subpluginname)));
6591 }
6592 }
6593 }
6594 }
6595
6596 $modfile = "$CFG->dirroot/mod/$module->name/lib.php";
6597 $extracaps = array();
6598 if (file_exists($modfile)) {
6599 include_once($modfile);
6600 $modfunction = $module->name.'_get_extra_capabilities';
6601 if (function_exists($modfunction)) {
6602 $extracaps = $modfunction();
6603 }
6604 }
6605
6606 $extracaps = array_merge($subcaps, $extracaps);
6607 $extra = '';
6608 list($extra, $params) = $DB->get_in_or_equal(
6609 $extracaps, SQL_PARAMS_NAMED, 'cap0', true, '');
6610 if (!empty($extra)) {
6611 $extra = "OR name $extra";
6612 }
6613 $sql = "SELECT *
6614 FROM {capabilities}
6615 WHERE (contextlevel = ".CONTEXT_MODULE."
6616 AND (component = :component OR component = 'moodle'))
6617 $extra";
6618 $params['component'] = "mod_$module->name";
6619
6620 return $DB->get_records_sql($sql.' '.$sort, $params);
6621 }
6622
6623 /**
6624 * Is this context part of any course? If yes return course context.
6625 *
6626 * @param bool $strict true means throw exception if not found, false means return false if not found
6627 * @return course_context context of the enclosing course, null if not found or exception
6628 */
6629 public function get_course_context($strict = true) {
6630 return $this->get_parent_context();
6631 }
6632
6633 /**
6634 * Returns module context instance.
6635 *
6636 * @static
6637 * @param int $instanceid
6638 * @param int $strictness
6639 * @return context_module context instance
6640 */
6641 public static function instance($instanceid, $strictness = MUST_EXIST) {
6642 global $DB;
6643
6644 if ($context = context::cache_get(CONTEXT_MODULE, $instanceid)) {
6645 return $context;
6646 }
6647
6648 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_MODULE, 'instanceid'=>$instanceid))) {
6649 if ($cm = $DB->get_record('course_modules', array('id'=>$instanceid), 'id,course', $strictness)) {
6650 $parentcontext = context_course::instance($cm->course);
6651 $record = context::insert_context_record(CONTEXT_MODULE, $cm->id, $parentcontext->path);
6652 }
6653 }
6654
6655 if ($record) {
6656 $context = new context_module($record);
6657 context::cache_add($context);
6658 return $context;
6659 }
6660
6661 return false;
6662 }
6663
6664 /**
6665 * Create missing context instances at module context level
6666 * @static
6667 */
6668 protected static function create_level_instances() {
6669 global $DB;
6670
6671 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6672 SELECT ".CONTEXT_MODULE.", cm.id
6673 FROM {course_modules} cm
6674 WHERE NOT EXISTS (SELECT 'x'
6675 FROM {context} cx
6676 WHERE cm.id = cx.instanceid AND cx.contextlevel=".CONTEXT_MODULE.")";
6677 $DB->execute($sql);
6678 }
6679
6680 /**
6681 * Returns sql necessary for purging of stale context instances.
6682 *
6683 * @static
6684 * @return string cleanup SQL
6685 */
6686 protected static function get_cleanup_sql() {
6687 $sql = "
6688 SELECT c.*
6689 FROM {context} c
6690 LEFT OUTER JOIN {course_modules} cm ON c.instanceid = cm.id
6691 WHERE cm.id IS NULL AND c.contextlevel = ".CONTEXT_MODULE."
6692 ";
6693
6694 return $sql;
6695 }
6696
6697 /**
6698 * Rebuild context paths and depths at module context level.
6699 *
6700 * @static
6701 * @param bool $force
6702 */
6703 protected static function build_paths($force) {
6704 global $DB;
6705
6706 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_MODULE." AND (depth = 0 OR path IS NULL)")) {
6707 if ($force) {
6708 $ctxemptyclause = '';
6709 } else {
6710 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6711 }
6712
6713 $sql = "INSERT INTO {context_temp} (id, path, depth)
6714 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6715 FROM {context} ctx
6716 JOIN {course_modules} cm ON (cm.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_MODULE.")
6717 JOIN {context} pctx ON (pctx.instanceid = cm.course AND pctx.contextlevel = ".CONTEXT_COURSE.")
6718 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6719 $ctxemptyclause";
6720 $trans = $DB->start_delegated_transaction();
6721 $DB->delete_records('context_temp');
6722 $DB->execute($sql);
6723 context::merge_context_temp_table();
6724 $DB->delete_records('context_temp');
6725 $trans->allow_commit();
6726 }
6727 }
6728 }
6729
6730
6731 /**
6732 * Block context class
6733 *
6734 * @package core_access
6735 * @category access
6736 * @copyright Petr Skoda {@link http://skodak.org}
6737 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6738 * @since 2.2
6739 */
6740 class context_block extends context {
6741 /**
6742 * Please use context_block::instance($blockinstanceid) if you need the instance of context.
6743 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6744 *
6745 * @param stdClass $record
6746 */
6747 protected function __construct(stdClass $record) {
6748 parent::__construct($record);
6749 if ($record->contextlevel != CONTEXT_BLOCK) {
6750 throw new coding_exception('Invalid $record->contextlevel in context_block constructor');
6751 }
6752 }
6753
6754 /**
6755 * Returns human readable context level name.
6756 *
6757 * @static
6758 * @return string the human readable context level name.
6759 */
6760 public static function get_level_name() {
6761 return get_string('block');
6762 }
6763
6764 /**
6765 * Returns human readable context identifier.
6766 *
6767 * @param boolean $withprefix whether to prefix the name of the context with Block
6768 * @param boolean $short does not apply to block context
6769 * @return string the human readable context name.
6770 */
6771 public function get_context_name($withprefix = true, $short = false) {
6772 global $DB, $CFG;
6773
6774 $name = '';
6775 if ($blockinstance = $DB->get_record('block_instances', array('id'=>$this->_instanceid))) {
6776 global $CFG;
6777 require_once("$CFG->dirroot/blocks/moodleblock.class.php");
6778 require_once("$CFG->dirroot/blocks/$blockinstance->blockname/block_$blockinstance->blockname.php");
6779 $blockname = "block_$blockinstance->blockname";
6780 if ($blockobject = new $blockname()) {
6781 if ($withprefix){
6782 $name = get_string('block').': ';
6783 }
6784 $name .= $blockobject->title;
6785 }
6786 }
6787
6788 return $name;
6789 }
6790
6791 /**
6792 * Returns the most relevant URL for this context.
6793 *
6794 * @return moodle_url
6795 */
6796 public function get_url() {
6797 $parentcontexts = $this->get_parent_context();
6798 return $parentcontexts->get_url();
6799 }
6800
6801 /**
6802 * Returns array of relevant context capability records.
6803 *
6804 * @return array
6805 */
6806 public function get_capabilities() {
6807 global $DB;
6808
6809 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6810
6811 $params = array();
6812 $bi = $DB->get_record('block_instances', array('id' => $this->_instanceid));
6813
6814 $extra = '';
6815 $extracaps = block_method_result($bi->blockname, 'get_extra_capabilities');
6816 if ($extracaps) {
6817 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
6818 $extra = "OR name $extra";
6819 }
6820
6821 $sql = "SELECT *
6822 FROM {capabilities}
6823 WHERE (contextlevel = ".CONTEXT_BLOCK."
6824 AND component = :component)
6825 $extra";
6826 $params['component'] = 'block_' . $bi->blockname;
6827
6828 return $DB->get_records_sql($sql.' '.$sort, $params);
6829 }
6830
6831 /**
6832 * Is this context part of any course? If yes return course context.
6833 *
6834 * @param bool $strict true means throw exception if not found, false means return false if not found
6835 * @return course_context context of the enclosing course, null if not found or exception
6836 */
6837 public function get_course_context($strict = true) {
6838 $parentcontext = $this->get_parent_context();
6839 return $parentcontext->get_course_context($strict);
6840 }
6841
6842 /**
6843 * Returns block context instance.
6844 *
6845 * @static
6846 * @param int $instanceid
6847 * @param int $strictness
6848 * @return context_block context instance
6849 */
6850 public static function instance($instanceid, $strictness = MUST_EXIST) {
6851 global $DB;
6852
6853 if ($context = context::cache_get(CONTEXT_BLOCK, $instanceid)) {
6854 return $context;
6855 }
6856
6857 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_BLOCK, 'instanceid'=>$instanceid))) {
6858 if ($bi = $DB->get_record('block_instances', array('id'=>$instanceid), 'id,parentcontextid', $strictness)) {
6859 $parentcontext = context::instance_by_id($bi->parentcontextid);
6860 $record = context::insert_context_record(CONTEXT_BLOCK, $bi->id, $parentcontext->path);
6861 }
6862 }
6863
6864 if ($record) {
6865 $context = new context_block($record);
6866 context::cache_add($context);
6867 return $context;
6868 }
6869
6870 return false;
6871 }
6872
6873 /**
6874 * Block do not have child contexts...
6875 * @return array
6876 */
6877 public function get_child_contexts() {
6878 return array();
6879 }
6880
6881 /**
6882 * Create missing context instances at block context level
6883 * @static
6884 */
6885 protected static function create_level_instances() {
6886 global $DB;
6887
6888 $sql = "INSERT INTO {context} (contextlevel, instanceid)
6889 SELECT ".CONTEXT_BLOCK.", bi.id
6890 FROM {block_instances} bi
6891 WHERE NOT EXISTS (SELECT 'x'
6892 FROM {context} cx
6893 WHERE bi.id = cx.instanceid AND cx.contextlevel=".CONTEXT_BLOCK.")";
6894 $DB->execute($sql);
6895 }
6896
6897 /**
6898 * Returns sql necessary for purging of stale context instances.
6899 *
6900 * @static
6901 * @return string cleanup SQL
6902 */
6903 protected static function get_cleanup_sql() {
6904 $sql = "
6905 SELECT c.*
6906 FROM {context} c
6907 LEFT OUTER JOIN {block_instances} bi ON c.instanceid = bi.id
6908 WHERE bi.id IS NULL AND c.contextlevel = ".CONTEXT_BLOCK."
6909 ";
6910
6911 return $sql;
6912 }
6913
6914 /**
6915 * Rebuild context paths and depths at block context level.
6916 *
6917 * @static
6918 * @param bool $force
6919 */
6920 protected static function build_paths($force) {
6921 global $DB;
6922
6923 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_BLOCK." AND (depth = 0 OR path IS NULL)")) {
6924 if ($force) {
6925 $ctxemptyclause = '';
6926 } else {
6927 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6928 }
6929
6930 // pctx.path IS NOT NULL prevents fatal problems with broken block instances that point to invalid context parent
6931 $sql = "INSERT INTO {context_temp} (id, path, depth)
6932 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6933 FROM {context} ctx
6934 JOIN {block_instances} bi ON (bi.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_BLOCK.")
6935 JOIN {context} pctx ON (pctx.id = bi.parentcontextid)
6936 WHERE (pctx.path IS NOT NULL AND pctx.depth > 0)
6937 $ctxemptyclause";
6938 $trans = $DB->start_delegated_transaction();
6939 $DB->delete_records('context_temp');
6940 $DB->execute($sql);
6941 context::merge_context_temp_table();
6942 $DB->delete_records('context_temp');
6943 $trans->allow_commit();
6944 }
6945 }
6946 }
6947
6948
6949 // ============== DEPRECATED FUNCTIONS ==========================================
6950 // Old context related functions were deprecated in 2.0, it is recommended
6951 // to use context classes in new code. Old function can be used when
6952 // creating patches that are supposed to be backported to older stable branches.
6953 // These deprecated functions will not be removed in near future,
6954 // before removing devs will be warned with a debugging message first,
6955 // then we will add error message and only after that we can remove the functions
6956 // completely.
6957
6958
6959 /**
6960 * Not available any more, use load_temp_course_role() instead.
6961 *
6962 * @deprecated since 2.2
6963 * @param stdClass $context
6964 * @param int $roleid
6965 * @param array $accessdata
6966 * @return array
6967 */
6968 function load_temp_role($context, $roleid, array $accessdata) {
6969 debugging('load_temp_role() is deprecated, please use load_temp_course_role() instead, temp role not loaded.');
6970 return $accessdata;
6971 }
6972
6973 /**
6974 * Not available any more, use remove_temp_course_roles() instead.
6975 *
6976 * @deprecated since 2.2
6977 * @param stdClass $context
6978 * @param array $accessdata
6979 * @return array access data
6980 */
6981 function remove_temp_roles($context, array $accessdata) {
6982 debugging('remove_temp_role() is deprecated, please use remove_temp_course_roles() instead.');
6983 return $accessdata;
6984 }
6985
6986 /**
6987 * Returns system context or null if can not be created yet.
6988 *
6989 * @deprecated since 2.2, use context_system::instance()
6990 * @param bool $cache use caching
6991 * @return context system context (null if context table not created yet)
6992 */
6993 function get_system_context($cache = true) {
6994 return context_system::instance(0, IGNORE_MISSING, $cache);
6995 }
6996
6997 /**
6998 * Get the context instance as an object. This function will create the
6999 * context instance if it does not exist yet.
7000 *
7001 * @deprecated since 2.2, use context_course::instance() or other relevant class instead
7002 * @param integer $contextlevel The context level, for example CONTEXT_COURSE, or CONTEXT_MODULE.
7003 * @param integer $instance The instance id. For $level = CONTEXT_COURSE, this would be $course->id,
7004 * for $level = CONTEXT_MODULE, this would be $cm->id. And so on. Defaults to 0
7005 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
7006 * MUST_EXIST means throw exception if no record or multiple records found
7007 * @return context The context object.
7008 */
7009 function get_context_instance($contextlevel, $instance = 0, $strictness = IGNORE_MISSING) {
7010 $instances = (array)$instance;
7011 $contexts = array();
7012
7013 $classname = context_helper::get_class_for_level($contextlevel);
7014
7015 // we do not load multiple contexts any more, PAGE should be responsible for any preloading
7016 foreach ($instances as $inst) {
7017 $contexts[$inst] = $classname::instance($inst, $strictness);
7018 }
7019
7020 if (is_array($instance)) {
7021 return $contexts;
7022 } else {
7023 return $contexts[$instance];
7024 }
7025 }
7026
7027 /**
7028 * Get a context instance as an object, from a given context id.
7029 *
7030 * @deprecated since 2.2, use context::instance_by_id($id) instead
7031 * @param int $id context id
7032 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
7033 * MUST_EXIST means throw exception if no record or multiple records found
7034 * @return context|bool the context object or false if not found.
7035 */
7036 function get_context_instance_by_id($id, $strictness = IGNORE_MISSING) {
7037 return context::instance_by_id($id, $strictness);
7038 }
7039
7040 /**
7041 * Recursive function which, given a context, find all parent context ids,
7042 * and return the array in reverse order, i.e. parent first, then grand
7043 * parent, etc.
7044 *
7045 * @deprecated since 2.2, use $context->get_parent_context_ids() instead
7046 * @param context $context
7047 * @param bool $includeself optional, defaults to false
7048 * @return array
7049 */
7050 function get_parent_contexts(context $context, $includeself = false) {
7051 return $context->get_parent_context_ids($includeself);
7052 }
7053
7054 /**
7055 * Return the id of the parent of this context, or false if there is no parent (only happens if this
7056 * is the site context.)
7057 *
7058 * @deprecated since 2.2, use $context->get_parent_context() instead
7059 * @param context $context
7060 * @return integer the id of the parent context.
7061 */
7062 function get_parent_contextid(context $context) {
7063 if ($parent = $context->get_parent_context()) {
7064 return $parent->id;
7065 } else {
7066 return false;
7067 }
7068 }
7069
7070 /**
7071 * Recursive function which, given a context, find all its children context ids.
7072 *
7073 * For course category contexts it will return immediate children only categories and courses.
7074 * It will NOT recurse into courses or child categories.
7075 * If you want to do that, call it on the returned courses/categories.
7076 *
7077 * When called for a course context, it will return the modules and blocks
7078 * displayed in the course page.
7079 *
7080 * If called on a user/course/module context it _will_ populate the cache with the appropriate
7081 * contexts ;-)
7082 *
7083 * @deprecated since 2.2, use $context->get_child_contexts() instead
7084 * @param context $context
7085 * @return array Array of child records
7086 */
7087 function get_child_contexts(context $context) {
7088 return $context->get_child_contexts();
7089 }
7090
7091 /**
7092 * Precreates all contexts including all parents
7093 *
7094 * @deprecated since 2.2
7095 * @param int $contextlevel empty means all
7096 * @param bool $buildpaths update paths and depths
7097 * @return void
7098 */
7099 function create_contexts($contextlevel = null, $buildpaths = true) {
7100 context_helper::create_instances($contextlevel, $buildpaths);
7101 }
7102
7103 /**
7104 * Remove stale context records
7105 *
7106 * @deprecated since 2.2, use context_helper::cleanup_instances() instead
7107 * @return bool
7108 */
7109 function cleanup_contexts() {
7110 context_helper::cleanup_instances();
7111 return true;
7112 }
7113
7114 /**
7115 * Populate context.path and context.depth where missing.
7116 *
7117 * @deprecated since 2.2, use context_helper::build_all_paths() instead
7118 * @param bool $force force a complete rebuild of the path and depth fields, defaults to false
7119 * @return void
7120 */
7121 function build_context_path($force = false) {
7122 context_helper::build_all_paths($force);
7123 }
7124
7125 /**
7126 * Rebuild all related context depth and path caches
7127 *
7128 * @deprecated since 2.2
7129 * @param array $fixcontexts array of contexts, strongtyped
7130 * @return void
7131 */
7132 function rebuild_contexts(array $fixcontexts) {
7133 foreach ($fixcontexts as $fixcontext) {
7134 $fixcontext->reset_paths(false);
7135 }
7136 context_helper::build_all_paths(false);
7137 }
7138
7139 /**
7140 * Preloads all contexts relating to a course: course, modules. Block contexts
7141 * are no longer loaded here. The contexts for all the blocks on the current
7142 * page are now efficiently loaded by {@link block_manager::load_blocks()}.
7143 *
7144 * @deprecated since 2.2
7145 * @param int $courseid Course ID
7146 * @return void
7147 */
7148 function preload_course_contexts($courseid) {
7149 context_helper::preload_course($courseid);
7150 }
7151
7152 /**
7153 * Preloads context information together with instances.
7154 * Use context_instance_preload() to strip the context info from the record and cache the context instance.
7155 *
7156 * @deprecated since 2.2
7157 * @param string $joinon for example 'u.id'
7158 * @param string $contextlevel context level of instance in $joinon
7159 * @param string $tablealias context table alias
7160 * @return array with two values - select and join part
7161 */
7162 function context_instance_preload_sql($joinon, $contextlevel, $tablealias) {
7163 $select = ", ".context_helper::get_preload_record_columns_sql($tablealias);
7164 $join = "LEFT JOIN {context} $tablealias ON ($tablealias.instanceid = $joinon AND $tablealias.contextlevel = $contextlevel)";
7165 return array($select, $join);
7166 }
7167
7168 /**
7169 * Preloads context information from db record and strips the cached info.
7170 * The db request has to contain both the $join and $select from context_instance_preload_sql()
7171 *
7172 * @deprecated since 2.2
7173 * @param stdClass $rec
7174 * @return void (modifies $rec)
7175 */
7176 function context_instance_preload(stdClass $rec) {
7177 context_helper::preload_from_record($rec);
7178 }
7179
7180 /**
7181 * Mark a context as dirty (with timestamp) so as to force reloading of the context.
7182 *
7183 * @deprecated since 2.2, use $context->mark_dirty() instead
7184 * @param string $path context path
7185 */
7186 function mark_context_dirty($path) {
7187 global $CFG, $USER, $ACCESSLIB_PRIVATE;
7188
7189 if (during_initial_install()) {
7190 return;
7191 }
7192
7193 // only if it is a non-empty string
7194 if (is_string($path) && $path !== '') {
7195 set_cache_flag('accesslib/dirtycontexts', $path, 1, time()+$CFG->sessiontimeout);
7196 if (isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
7197 $ACCESSLIB_PRIVATE->dirtycontexts[$path] = 1;
7198 } else {
7199 if (CLI_SCRIPT) {
7200 $ACCESSLIB_PRIVATE->dirtycontexts = array($path => 1);
7201 } else {
7202 if (isset($USER->access['time'])) {
7203 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
7204 } else {
7205 $ACCESSLIB_PRIVATE->dirtycontexts = array($path => 1);
7206 }
7207 // flags not loaded yet, it will be done later in $context->reload_if_dirty()
7208 }
7209 }
7210 }
7211 }
7212
7213 /**
7214 * Update the path field of the context and all dep. subcontexts that follow
7215 *
7216 * Update the path field of the context and
7217 * all the dependent subcontexts that follow
7218 * the move.
7219 *
7220 * The most important thing here is to be as
7221 * DB efficient as possible. This op can have a
7222 * massive impact in the DB.
7223 *
7224 * @deprecated since 2.2
7225 * @param context $context context obj
7226 * @param context $newparent new parent obj
7227 * @return void
7228 */
7229 function context_moved(context $context, context $newparent) {
7230 $context->update_moved($newparent);
7231 }
7232
7233 /**
7234 * Remove a context record and any dependent entries,
7235 * removes context from static context cache too
7236 *
7237 * @deprecated since 2.2, use $context->delete_content() instead
7238 * @param int $contextlevel
7239 * @param int $instanceid
7240 * @param bool $deleterecord false means keep record for now
7241 * @return bool returns true or throws an exception
7242 */
7243 function delete_context($contextlevel, $instanceid, $deleterecord = true) {
7244 if ($deleterecord) {
7245 context_helper::delete_instance($contextlevel, $instanceid);
7246 } else {
7247 $classname = context_helper::get_class_for_level($contextlevel);
7248 if ($context = $classname::instance($instanceid, IGNORE_MISSING)) {
7249 $context->delete_content();
7250 }
7251 }
7252
7253 return true;
7254 }
7255
7256 /**
7257 * Returns context level name
7258 *
7259 * @deprecated since 2.2
7260 * @param integer $contextlevel $context->context level. One of the CONTEXT_... constants.
7261 * @return string the name for this type of context.
7262 */
7263 function get_contextlevel_name($contextlevel) {
7264 return context_helper::get_level_name($contextlevel);
7265 }
7266
7267 /**
7268 * Prints human readable context identifier.
7269 *
7270 * @deprecated since 2.2
7271 * @param context $context the context.
7272 * @param boolean $withprefix whether to prefix the name of the context with the
7273 * type of context, e.g. User, Course, Forum, etc.
7274 * @param boolean $short whether to user the short name of the thing. Only applies
7275 * to course contexts
7276 * @return string the human readable context name.
7277 */
7278 function print_context_name(context $context, $withprefix = true, $short = false) {
7279 return $context->get_context_name($withprefix, $short);
7280 }
7281
7282 /**
7283 * Get a URL for a context, if there is a natural one. For example, for
7284 * CONTEXT_COURSE, this is the course page. For CONTEXT_USER it is the
7285 * user profile page.
7286 *
7287 * @deprecated since 2.2
7288 * @param context $context the context.
7289 * @return moodle_url
7290 */
7291 function get_context_url(context $context) {
7292 return $context->get_url();
7293 }
7294
7295 /**
7296 * Is this context part of any course? if yes return course context,
7297 * if not return null or throw exception.
7298 *
7299 * @deprecated since 2.2, use $context->get_course_context() instead
7300 * @param context $context
7301 * @return course_context context of the enclosing course, null if not found or exception
7302 */
7303 function get_course_context(context $context) {
7304 return $context->get_course_context(true);
7305 }
7306
7307 /**
7308 * Returns current course id or null if outside of course based on context parameter.
7309 *
7310 * @deprecated since 2.2, use $context->get_course_context instead
7311 * @param context $context
7312 * @return int|bool related course id or false
7313 */
7314 function get_courseid_from_context(context $context) {
7315 if ($coursecontext = $context->get_course_context(false)) {
7316 return $coursecontext->instanceid;
7317 } else {
7318 return false;
7319 }
7320 }
7321
7322 /**
7323 * Get an array of courses where cap requested is available
7324 * and user is enrolled, this can be relatively slow.
7325 *
7326 * @deprecated since 2.2, use enrol_get_users_courses() instead
7327 * @param int $userid A user id. By default (null) checks the permissions of the current user.
7328 * @param string $cap - name of the capability
7329 * @param array $accessdata_ignored
7330 * @param bool $doanything_ignored
7331 * @param string $sort - sorting fields - prefix each fieldname with "c."
7332 * @param array $fields - additional fields you are interested in...
7333 * @param int $limit_ignored
7334 * @return array $courses - ordered array of course objects - see notes above
7335 */
7336 function get_user_courses_bycap($userid, $cap, $accessdata_ignored, $doanything_ignored, $sort = 'c.sortorder ASC', $fields = null, $limit_ignored = 0) {
7337
7338 $courses = enrol_get_users_courses($userid, true, $fields, $sort);
7339 foreach ($courses as $id=>$course) {
7340 $context = context_course::instance($id);
7341 if (!has_capability($cap, $context, $userid)) {
7342 unset($courses[$id]);
7343 }
7344 }
7345
7346 return $courses;
7347 }
7348
7349 /**
7350 * Extracts the relevant capabilities given a contextid.
7351 * All case based, example an instance of forum context.
7352 * Will fetch all forum related capabilities, while course contexts
7353 * Will fetch all capabilities
7354 *
7355 * capabilities
7356 * `name` varchar(150) NOT NULL,
7357 * `captype` varchar(50) NOT NULL,
7358 * `contextlevel` int(10) NOT NULL,
7359 * `component` varchar(100) NOT NULL,
7360 *
7361 * @deprecated since 2.2
7362 * @param context $context
7363 * @return array
7364 */
7365 function fetch_context_capabilities(context $context) {
7366 return $context->get_capabilities();
7367 }
7368
7369 /**
7370 * Runs get_records select on context table and returns the result
7371 * Does get_records_select on the context table, and returns the results ordered
7372 * by contextlevel, and then the natural sort order within each level.
7373 * for the purpose of $select, you need to know that the context table has been
7374 * aliased to ctx, so for example, you can call get_sorted_contexts('ctx.depth = 3');
7375 *
7376 * @deprecated since 2.2
7377 * @param string $select the contents of the WHERE clause. Remember to do ctx.fieldname.
7378 * @param array $params any parameters required by $select.
7379 * @return array the requested context records.
7380 */
7381 function get_sorted_contexts($select, $params = array()) {
7382
7383 //TODO: we should probably rewrite all the code that is using this thing, the trouble is we MUST NOT modify the context instances...
7384
7385 global $DB;
7386 if ($select) {
7387 $select = 'WHERE ' . $select;
7388 }
7389 return $DB->get_records_sql("
7390 SELECT ctx.*
7391 FROM {context} ctx
7392 LEFT JOIN {user} u ON ctx.contextlevel = " . CONTEXT_USER . " AND u.id = ctx.instanceid
7393 LEFT JOIN {course_categories} cat ON ctx.contextlevel = " . CONTEXT_COURSECAT . " AND cat.id = ctx.instanceid
7394 LEFT JOIN {course} c ON ctx.contextlevel = " . CONTEXT_COURSE . " AND c.id = ctx.instanceid
7395 LEFT JOIN {course_modules} cm ON ctx.contextlevel = " . CONTEXT_MODULE . " AND cm.id = ctx.instanceid
7396 LEFT JOIN {block_instances} bi ON ctx.contextlevel = " . CONTEXT_BLOCK . " AND bi.id = ctx.instanceid
7397 $select
7398 ORDER BY ctx.contextlevel, bi.defaultregion, COALESCE(cat.sortorder, c.sortorder, cm.section, bi.defaultweight), u.lastname, u.firstname, cm.id
7399 ", $params);
7400 }
7401
7402 /**
7403 * This is really slow!!! do not use above course context level
7404 *
7405 * @deprecated since 2.2
7406 * @param int $roleid
7407 * @param context $context
7408 * @return array
7409 */
7410 function get_role_context_caps($roleid, context $context) {
7411 global $DB;
7412
7413 //this is really slow!!!! - do not use above course context level!
7414 $result = array();
7415 $result[$context->id] = array();
7416
7417 // first emulate the parent context capabilities merging into context
7418 $searchcontexts = array_reverse($context->get_parent_context_ids(true));
7419 foreach ($searchcontexts as $cid) {
7420 if ($capabilities = $DB->get_records('role_capabilities', array('roleid'=>$roleid, 'contextid'=>$cid))) {
7421 foreach ($capabilities as $cap) {
7422 if (!array_key_exists($cap->capability, $result[$context->id])) {
7423 $result[$context->id][$cap->capability] = 0;
7424 }
7425 $result[$context->id][$cap->capability] += $cap->permission;
7426 }
7427 }
7428 }
7429
7430 // now go through the contexts below given context
7431 $searchcontexts = array_keys($context->get_child_contexts());
7432 foreach ($searchcontexts as $cid) {
7433 if ($capabilities = $DB->get_records('role_capabilities', array('roleid'=>$roleid, 'contextid'=>$cid))) {
7434 foreach ($capabilities as $cap) {
7435 if (!array_key_exists($cap->contextid, $result)) {
7436 $result[$cap->contextid] = array();
7437 }
7438 $result[$cap->contextid][$cap->capability] = $cap->permission;
7439 }
7440 }
7441 }
7442
7443 return $result;
7444 }
7445
7446 /**
7447 * Gets a string for sql calls, searching for stuff in this context or above
7448 *
7449 * NOTE: use $DB->get_in_or_equal($context->get_parent_context_ids()...
7450 *
7451 * @deprecated since 2.2, $context->use get_parent_context_ids() instead
7452 * @param context $context
7453 * @return string
7454 */
7455 function get_related_contexts_string(context $context) {
7456
7457 if ($parents = $context->get_parent_context_ids()) {
7458 return (' IN ('.$context->id.','.implode(',', $parents).')');
7459 } else {
7460 return (' ='.$context->id);
7461 }
7462 }
Read-only mirror of the Moodle CVS