search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-48804 core: do not set current course until login validated
[moodle.git] / lib / accesslib.php
blob64912f160a59406701a20c7c1da18128421f8e6c
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This file contains functions for managing user access
19 *
20 * <b>Public API vs internals</b>
21 *
22 * General users probably only care about
23 *
24 * Context handling
25 * - context_course::instance($courseid), context_module::instance($cm->id), context_coursecat::instance($catid)
26 * - context::instance_by_id($contextid)
27 * - $context->get_parent_contexts();
28 * - $context->get_child_contexts();
29 *
30 * Whether the user can do something...
31 * - has_capability()
32 * - has_any_capability()
33 * - has_all_capabilities()
34 * - require_capability()
35 * - require_login() (from moodlelib)
36 * - is_enrolled()
37 * - is_viewing()
38 * - is_guest()
39 * - is_siteadmin()
40 * - isguestuser()
41 * - isloggedin()
42 *
43 * What courses has this user access to?
44 * - get_enrolled_users()
45 *
46 * What users can do X in this context?
47 * - get_enrolled_users() - at and bellow course context
48 * - get_users_by_capability() - above course context
49 *
50 * Modify roles
51 * - role_assign()
52 * - role_unassign()
53 * - role_unassign_all()
54 *
55 * Advanced - for internal use only
56 * - load_all_capabilities()
57 * - reload_all_capabilities()
58 * - has_capability_in_accessdata()
59 * - get_user_access_sitewide()
60 * - load_course_context()
61 * - load_role_access_by_context()
62 * - etc.
63 *
64 * <b>Name conventions</b>
65 *
66 * "ctx" means context
67 *
68 * <b>accessdata</b>
69 *
70 * Access control data is held in the "accessdata" array
71 * which - for the logged-in user, will be in $USER->access
72 *
73 * For other users can be generated and passed around (but may also be cached
74 * against userid in $ACCESSLIB_PRIVATE->accessdatabyuser).
75 *
76 * $accessdata is a multidimensional array, holding
77 * role assignments (RAs), role-capabilities-perm sets
78 * (role defs) and a list of courses we have loaded
79 * data for.
80 *
81 * Things are keyed on "contextpaths" (the path field of
82 * the context table) for fast walking up/down the tree.
83 * <code>
84 * $accessdata['ra'][$contextpath] = array($roleid=>$roleid)
85 * [$contextpath] = array($roleid=>$roleid)
86 * [$contextpath] = array($roleid=>$roleid)
87 * </code>
88 *
89 * Role definitions are stored like this
90 * (no cap merge is done - so it's compact)
91 *
92 * <code>
93 * $accessdata['rdef']["$contextpath:$roleid"]['mod/forum:viewpost'] = 1
94 * ['mod/forum:editallpost'] = -1
95 * ['mod/forum:startdiscussion'] = -1000
96 * </code>
97 *
98 * See how has_capability_in_accessdata() walks up the tree.
99 *
100 * First we only load rdef and ra down to the course level, but not below.
101 * This keeps accessdata small and compact. Below-the-course ra/rdef
102 * are loaded as needed. We keep track of which courses we have loaded ra/rdef in
103 * <code>
104 * $accessdata['loaded'] = array($courseid1=>1, $courseid2=>1)
105 * </code>
106 *
107 * <b>Stale accessdata</b>
108 *
109 * For the logged-in user, accessdata is long-lived.
110 *
111 * On each pageload we load $ACCESSLIB_PRIVATE->dirtycontexts which lists
112 * context paths affected by changes. Any check at-or-below
113 * a dirty context will trigger a transparent reload of accessdata.
114 *
115 * Changes at the system level will force the reload for everyone.
116 *
117 * <b>Default role caps</b>
118 * The default role assignment is not in the DB, so we
119 * add it manually to accessdata.
120 *
121 * This means that functions that work directly off the
122 * DB need to ensure that the default role caps
123 * are dealt with appropriately.
124 *
125 * @package core_access
126 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
127 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
128 */
129
130 defined('MOODLE_INTERNAL') || die();
131
132 /** No capability change */
133 define('CAP_INHERIT', 0);
134 /** Allow permission, overrides CAP_PREVENT defined in parent contexts */
135 define('CAP_ALLOW', 1);
136 /** Prevent permission, overrides CAP_ALLOW defined in parent contexts */
137 define('CAP_PREVENT', -1);
138 /** Prohibit permission, overrides everything in current and child contexts */
139 define('CAP_PROHIBIT', -1000);
140
141 /** System context level - only one instance in every system */
142 define('CONTEXT_SYSTEM', 10);
143 /** User context level - one instance for each user describing what others can do to user */
144 define('CONTEXT_USER', 30);
145 /** Course category context level - one instance for each category */
146 define('CONTEXT_COURSECAT', 40);
147 /** Course context level - one instances for each course */
148 define('CONTEXT_COURSE', 50);
149 /** Course module context level - one instance for each course module */
150 define('CONTEXT_MODULE', 70);
151 /**
152 * Block context level - one instance for each block, sticky blocks are tricky
153 * because ppl think they should be able to override them at lower contexts.
154 * Any other context level instance can be parent of block context.
155 */
156 define('CONTEXT_BLOCK', 80);
157
158 /** Capability allow management of trusts - NOT IMPLEMENTED YET - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
159 define('RISK_MANAGETRUST', 0x0001);
160 /** Capability allows changes in system configuration - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
161 define('RISK_CONFIG', 0x0002);
162 /** Capability allows user to add scripted content - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
163 define('RISK_XSS', 0x0004);
164 /** Capability allows access to personal user information - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
165 define('RISK_PERSONAL', 0x0008);
166 /** Capability allows users to add content others may see - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
167 define('RISK_SPAM', 0x0010);
168 /** capability allows mass delete of data belonging to other users - see {@link http://docs.moodle.org/dev/Hardening_new_Roles_system} */
169 define('RISK_DATALOSS', 0x0020);
170
171 /** rolename displays - the name as defined in the role definition, localised if name empty */
172 define('ROLENAME_ORIGINAL', 0);
173 /** rolename displays - the name as defined by a role alias at the course level, falls back to ROLENAME_ORIGINAL if alias not present */
174 define('ROLENAME_ALIAS', 1);
175 /** rolename displays - Both, like this: Role alias (Original) */
176 define('ROLENAME_BOTH', 2);
177 /** rolename displays - the name as defined in the role definition and the shortname in brackets */
178 define('ROLENAME_ORIGINALANDSHORT', 3);
179 /** rolename displays - the name as defined by a role alias, in raw form suitable for editing */
180 define('ROLENAME_ALIAS_RAW', 4);
181 /** rolename displays - the name is simply short role name */
182 define('ROLENAME_SHORT', 5);
183
184 if (!defined('CONTEXT_CACHE_MAX_SIZE')) {
185 /** maximum size of context cache - it is possible to tweak this config.php or in any script before inclusion of context.php */
186 define('CONTEXT_CACHE_MAX_SIZE', 2500);
187 }
188
189 /**
190 * Although this looks like a global variable, it isn't really.
191 *
192 * It is just a private implementation detail to accesslib that MUST NOT be used elsewhere.
193 * It is used to cache various bits of data between function calls for performance reasons.
194 * Sadly, a PHP global variable is the only way to implement this, without rewriting everything
195 * as methods of a class, instead of functions.
196 *
197 * @access private
198 * @global stdClass $ACCESSLIB_PRIVATE
199 * @name $ACCESSLIB_PRIVATE
200 */
201 global $ACCESSLIB_PRIVATE;
202 $ACCESSLIB_PRIVATE = new stdClass();
203 $ACCESSLIB_PRIVATE->dirtycontexts = null; // Dirty contexts cache, loaded from DB once per page
204 $ACCESSLIB_PRIVATE->accessdatabyuser = array(); // Holds the cache of $accessdata structure for users (including $USER)
205 $ACCESSLIB_PRIVATE->rolepermissions = array(); // role permissions cache - helps a lot with mem usage
206 $ACCESSLIB_PRIVATE->capabilities = null; // detailed information about the capabilities
207
208 /**
209 * Clears accesslib's private caches. ONLY BE USED BY UNIT TESTS
210 *
211 * This method should ONLY BE USED BY UNIT TESTS. It clears all of
212 * accesslib's private caches. You need to do this before setting up test data,
213 * and also at the end of the tests.
214 *
215 * @access private
216 * @return void
217 */
218 function accesslib_clear_all_caches_for_unit_testing() {
219 global $USER;
220 if (!PHPUNIT_TEST) {
221 throw new coding_exception('You must not call clear_all_caches outside of unit tests.');
222 }
223
224 accesslib_clear_all_caches(true);
225
226 unset($USER->access);
227 }
228
229 /**
230 * Clears accesslib's private caches. ONLY BE USED FROM THIS LIBRARY FILE!
231 *
232 * This reset does not touch global $USER.
233 *
234 * @access private
235 * @param bool $resetcontexts
236 * @return void
237 */
238 function accesslib_clear_all_caches($resetcontexts) {
239 global $ACCESSLIB_PRIVATE;
240
241 $ACCESSLIB_PRIVATE->dirtycontexts = null;
242 $ACCESSLIB_PRIVATE->accessdatabyuser = array();
243 $ACCESSLIB_PRIVATE->rolepermissions = array();
244 $ACCESSLIB_PRIVATE->capabilities = null;
245
246 if ($resetcontexts) {
247 context_helper::reset_caches();
248 }
249 }
250
251 /**
252 * Gets the accessdata for role "sitewide" (system down to course)
253 *
254 * @access private
255 * @param int $roleid
256 * @return array
257 */
258 function get_role_access($roleid) {
259 global $DB, $ACCESSLIB_PRIVATE;
260
261 /* Get it in 1 DB query...
262 * - relevant role caps at the root and down
263 * to the course level - but not below
264 */
265
266 //TODO: MUC - this could be cached in shared memory to speed up first page loading, web crawlers, etc.
267
268 $accessdata = get_empty_accessdata();
269
270 $accessdata['ra']['/'.SYSCONTEXTID] = array((int)$roleid => (int)$roleid);
271
272 // Overrides for the role IN ANY CONTEXTS down to COURSE - not below -.
273
274 /*
275 $sql = "SELECT ctx.path,
276 rc.capability, rc.permission
277 FROM {context} ctx
278 JOIN {role_capabilities} rc ON rc.contextid = ctx.id
279 LEFT JOIN {context} cctx
280 ON (cctx.contextlevel = ".CONTEXT_COURSE." AND ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'").")
281 WHERE rc.roleid = ? AND cctx.id IS NULL";
282 $params = array($roleid);
283 */
284
285 // Note: the commented out query is 100% accurate but slow, so let's cheat instead by hardcoding the blocks mess directly.
286
287 $sql = "SELECT COALESCE(ctx.path, bctx.path) AS path, rc.capability, rc.permission
288 FROM {role_capabilities} rc
289 LEFT JOIN {context} ctx ON (ctx.id = rc.contextid AND ctx.contextlevel <= ".CONTEXT_COURSE.")
290 LEFT JOIN ({context} bctx
291 JOIN {block_instances} bi ON (bi.id = bctx.instanceid)
292 JOIN {context} pctx ON (pctx.id = bi.parentcontextid AND pctx.contextlevel < ".CONTEXT_COURSE.")
293 ) ON (bctx.id = rc.contextid AND bctx.contextlevel = ".CONTEXT_BLOCK.")
294 WHERE rc.roleid = :roleid AND (ctx.id IS NOT NULL OR bctx.id IS NOT NULL)";
295 $params = array('roleid'=>$roleid);
296
297 // we need extra caching in CLI scripts and cron
298 $rs = $DB->get_recordset_sql($sql, $params);
299 foreach ($rs as $rd) {
300 $k = "{$rd->path}:{$roleid}";
301 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
302 }
303 $rs->close();
304
305 // share the role definitions
306 foreach ($accessdata['rdef'] as $k=>$unused) {
307 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
308 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
309 }
310 $accessdata['rdef_count']++;
311 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
312 }
313
314 return $accessdata;
315 }
316
317 /**
318 * Get the default guest role, this is used for guest account,
319 * search engine spiders, etc.
320 *
321 * @return stdClass role record
322 */
323 function get_guest_role() {
324 global $CFG, $DB;
325
326 if (empty($CFG->guestroleid)) {
327 if ($roles = $DB->get_records('role', array('archetype'=>'guest'))) {
328 $guestrole = array_shift($roles); // Pick the first one
329 set_config('guestroleid', $guestrole->id);
330 return $guestrole;
331 } else {
332 debugging('Can not find any guest role!');
333 return false;
334 }
335 } else {
336 if ($guestrole = $DB->get_record('role', array('id'=>$CFG->guestroleid))) {
337 return $guestrole;
338 } else {
339 // somebody is messing with guest roles, remove incorrect setting and try to find a new one
340 set_config('guestroleid', '');
341 return get_guest_role();
342 }
343 }
344 }
345
346 /**
347 * Check whether a user has a particular capability in a given context.
348 *
349 * For example:
350 * $context = context_module::instance($cm->id);
351 * has_capability('mod/forum:replypost', $context)
352 *
353 * By default checks the capabilities of the current user, but you can pass a
354 * different userid. By default will return true for admin users, but you can override that with the fourth argument.
355 *
356 * Guest and not-logged-in users can never get any dangerous capability - that is any write capability
357 * or capabilities with XSS, config or data loss risks.
358 *
359 * @category access
360 *
361 * @param string $capability the name of the capability to check. For example mod/forum:view
362 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
363 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
364 * @param boolean $doanything If false, ignores effect of admin role assignment
365 * @return boolean true if the user has this capability. Otherwise false.
366 */
367 function has_capability($capability, context $context, $user = null, $doanything = true) {
368 global $USER, $CFG, $SCRIPT, $ACCESSLIB_PRIVATE;
369
370 if (during_initial_install()) {
371 if ($SCRIPT === "/$CFG->admin/index.php" or $SCRIPT === "/$CFG->admin/cli/install.php" or $SCRIPT === "/$CFG->admin/cli/install_database.php") {
372 // we are in an installer - roles can not work yet
373 return true;
374 } else {
375 return false;
376 }
377 }
378
379 if (strpos($capability, 'moodle/legacy:') === 0) {
380 throw new coding_exception('Legacy capabilities can not be used any more!');
381 }
382
383 if (!is_bool($doanything)) {
384 throw new coding_exception('Capability parameter "doanything" is wierd, only true or false is allowed. This has to be fixed in code.');
385 }
386
387 // capability must exist
388 if (!$capinfo = get_capability_info($capability)) {
389 debugging('Capability "'.$capability.'" was not found! This has to be fixed in code.');
390 return false;
391 }
392
393 if (!isset($USER->id)) {
394 // should never happen
395 $USER->id = 0;
396 debugging('Capability check being performed on a user with no ID.', DEBUG_DEVELOPER);
397 }
398
399 // make sure there is a real user specified
400 if ($user === null) {
401 $userid = $USER->id;
402 } else {
403 $userid = is_object($user) ? $user->id : $user;
404 }
405
406 // make sure forcelogin cuts off not-logged-in users if enabled
407 if (!empty($CFG->forcelogin) and $userid == 0) {
408 return false;
409 }
410
411 // make sure the guest account and not-logged-in users never get any risky caps no matter what the actual settings are.
412 if (($capinfo->captype === 'write') or ($capinfo->riskbitmask & (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))) {
413 if (isguestuser($userid) or $userid == 0) {
414 return false;
415 }
416 }
417
418 // somehow make sure the user is not deleted and actually exists
419 if ($userid != 0) {
420 if ($userid == $USER->id and isset($USER->deleted)) {
421 // this prevents one query per page, it is a bit of cheating,
422 // but hopefully session is terminated properly once user is deleted
423 if ($USER->deleted) {
424 return false;
425 }
426 } else {
427 if (!context_user::instance($userid, IGNORE_MISSING)) {
428 // no user context == invalid userid
429 return false;
430 }
431 }
432 }
433
434 // context path/depth must be valid
435 if (empty($context->path) or $context->depth == 0) {
436 // this should not happen often, each upgrade tries to rebuild the context paths
437 debugging('Context id '.$context->id.' does not have valid path, please use build_context_path()');
438 if (is_siteadmin($userid)) {
439 return true;
440 } else {
441 return false;
442 }
443 }
444
445 // Find out if user is admin - it is not possible to override the doanything in any way
446 // and it is not possible to switch to admin role either.
447 if ($doanything) {
448 if (is_siteadmin($userid)) {
449 if ($userid != $USER->id) {
450 return true;
451 }
452 // make sure switchrole is not used in this context
453 if (empty($USER->access['rsw'])) {
454 return true;
455 }
456 $parts = explode('/', trim($context->path, '/'));
457 $path = '';
458 $switched = false;
459 foreach ($parts as $part) {
460 $path .= '/' . $part;
461 if (!empty($USER->access['rsw'][$path])) {
462 $switched = true;
463 break;
464 }
465 }
466 if (!$switched) {
467 return true;
468 }
469 //ok, admin switched role in this context, let's use normal access control rules
470 }
471 }
472
473 // Careful check for staleness...
474 $context->reload_if_dirty();
475
476 if ($USER->id == $userid) {
477 if (!isset($USER->access)) {
478 load_all_capabilities();
479 }
480 $access =& $USER->access;
481
482 } else {
483 // make sure user accessdata is really loaded
484 get_user_accessdata($userid, true);
485 $access =& $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
486 }
487
488
489 // Load accessdata for below-the-course context if necessary,
490 // all contexts at and above all courses are already loaded
491 if ($context->contextlevel != CONTEXT_COURSE and $coursecontext = $context->get_course_context(false)) {
492 load_course_context($userid, $coursecontext, $access);
493 }
494
495 return has_capability_in_accessdata($capability, $context, $access);
496 }
497
498 /**
499 * Check if the user has any one of several capabilities from a list.
500 *
501 * This is just a utility method that calls has_capability in a loop. Try to put
502 * the capabilities that most users are likely to have first in the list for best
503 * performance.
504 *
505 * @category access
506 * @see has_capability()
507 *
508 * @param array $capabilities an array of capability names.
509 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
510 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
511 * @param boolean $doanything If false, ignore effect of admin role assignment
512 * @return boolean true if the user has any of these capabilities. Otherwise false.
513 */
514 function has_any_capability(array $capabilities, context $context, $user = null, $doanything = true) {
515 foreach ($capabilities as $capability) {
516 if (has_capability($capability, $context, $user, $doanything)) {
517 return true;
518 }
519 }
520 return false;
521 }
522
523 /**
524 * Check if the user has all the capabilities in a list.
525 *
526 * This is just a utility method that calls has_capability in a loop. Try to put
527 * the capabilities that fewest users are likely to have first in the list for best
528 * performance.
529 *
530 * @category access
531 * @see has_capability()
532 *
533 * @param array $capabilities an array of capability names.
534 * @param context $context the context to check the capability in. You normally get this with instance method of a context class.
535 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
536 * @param boolean $doanything If false, ignore effect of admin role assignment
537 * @return boolean true if the user has all of these capabilities. Otherwise false.
538 */
539 function has_all_capabilities(array $capabilities, context $context, $user = null, $doanything = true) {
540 foreach ($capabilities as $capability) {
541 if (!has_capability($capability, $context, $user, $doanything)) {
542 return false;
543 }
544 }
545 return true;
546 }
547
548 /**
549 * Is course creator going to have capability in a new course?
550 *
551 * This is intended to be used in enrolment plugins before or during course creation,
552 * do not use after the course is fully created.
553 *
554 * @category access
555 *
556 * @param string $capability the name of the capability to check.
557 * @param context $context course or category context where is course going to be created
558 * @param integer|stdClass $user A user id or object. By default (null) checks the permissions of the current user.
559 * @return boolean true if the user will have this capability.
560 *
561 * @throws coding_exception if different type of context submitted
562 */
563 function guess_if_creator_will_have_course_capability($capability, context $context, $user = null) {
564 global $CFG;
565
566 if ($context->contextlevel != CONTEXT_COURSE and $context->contextlevel != CONTEXT_COURSECAT) {
567 throw new coding_exception('Only course or course category context expected');
568 }
569
570 if (has_capability($capability, $context, $user)) {
571 // User already has the capability, it could be only removed if CAP_PROHIBIT
572 // was involved here, but we ignore that.
573 return true;
574 }
575
576 if (!has_capability('moodle/course:create', $context, $user)) {
577 return false;
578 }
579
580 if (!enrol_is_enabled('manual')) {
581 return false;
582 }
583
584 if (empty($CFG->creatornewroleid)) {
585 return false;
586 }
587
588 if ($context->contextlevel == CONTEXT_COURSE) {
589 if (is_viewing($context, $user, 'moodle/role:assign') or is_enrolled($context, $user, 'moodle/role:assign')) {
590 return false;
591 }
592 } else {
593 if (has_capability('moodle/course:view', $context, $user) and has_capability('moodle/role:assign', $context, $user)) {
594 return false;
595 }
596 }
597
598 // Most likely they will be enrolled after the course creation is finished,
599 // does the new role have the required capability?
600 list($neededroles, $forbiddenroles) = get_roles_with_cap_in_context($context, $capability);
601 return isset($neededroles[$CFG->creatornewroleid]);
602 }
603
604 /**
605 * Check if the user is an admin at the site level.
606 *
607 * Please note that use of proper capabilities is always encouraged,
608 * this function is supposed to be used from core or for temporary hacks.
609 *
610 * @category access
611 *
612 * @param int|stdClass $user_or_id user id or user object
613 * @return bool true if user is one of the administrators, false otherwise
614 */
615 function is_siteadmin($user_or_id = null) {
616 global $CFG, $USER;
617
618 if ($user_or_id === null) {
619 $user_or_id = $USER;
620 }
621
622 if (empty($user_or_id)) {
623 return false;
624 }
625 if (!empty($user_or_id->id)) {
626 $userid = $user_or_id->id;
627 } else {
628 $userid = $user_or_id;
629 }
630
631 // Because this script is called many times (150+ for course page) with
632 // the same parameters, it is worth doing minor optimisations. This static
633 // cache stores the value for a single userid, saving about 2ms from course
634 // page load time without using significant memory. As the static cache
635 // also includes the value it depends on, this cannot break unit tests.
636 static $knownid, $knownresult, $knownsiteadmins;
637 if ($knownid === $userid && $knownsiteadmins === $CFG->siteadmins) {
638 return $knownresult;
639 }
640 $knownid = $userid;
641 $knownsiteadmins = $CFG->siteadmins;
642
643 $siteadmins = explode(',', $CFG->siteadmins);
644 $knownresult = in_array($userid, $siteadmins);
645 return $knownresult;
646 }
647
648 /**
649 * Returns true if user has at least one role assign
650 * of 'coursecontact' role (is potentially listed in some course descriptions).
651 *
652 * @param int $userid
653 * @return bool
654 */
655 function has_coursecontact_role($userid) {
656 global $DB, $CFG;
657
658 if (empty($CFG->coursecontact)) {
659 return false;
660 }
661 $sql = "SELECT 1
662 FROM {role_assignments}
663 WHERE userid = :userid AND roleid IN ($CFG->coursecontact)";
664 return $DB->record_exists_sql($sql, array('userid'=>$userid));
665 }
666
667 /**
668 * Does the user have a capability to do something?
669 *
670 * Walk the accessdata array and return true/false.
671 * Deals with prohibits, role switching, aggregating
672 * capabilities, etc.
673 *
674 * The main feature of here is being FAST and with no
675 * side effects.
676 *
677 * Notes:
678 *
679 * Switch Role merges with default role
680 * ------------------------------------
681 * If you are a teacher in course X, you have at least
682 * teacher-in-X + defaultloggedinuser-sitewide. So in the
683 * course you'll have techer+defaultloggedinuser.
684 * We try to mimic that in switchrole.
685 *
686 * Permission evaluation
687 * ---------------------
688 * Originally there was an extremely complicated way
689 * to determine the user access that dealt with
690 * "locality" or role assignments and role overrides.
691 * Now we simply evaluate access for each role separately
692 * and then verify if user has at least one role with allow
693 * and at the same time no role with prohibit.
694 *
695 * @access private
696 * @param string $capability
697 * @param context $context
698 * @param array $accessdata
699 * @return bool
700 */
701 function has_capability_in_accessdata($capability, context $context, array &$accessdata) {
702 global $CFG;
703
704 // Build $paths as a list of current + all parent "paths" with order bottom-to-top
705 $path = $context->path;
706 $paths = array($path);
707 while($path = rtrim($path, '0123456789')) {
708 $path = rtrim($path, '/');
709 if ($path === '') {
710 break;
711 }
712 $paths[] = $path;
713 }
714
715 $roles = array();
716 $switchedrole = false;
717
718 // Find out if role switched
719 if (!empty($accessdata['rsw'])) {
720 // From the bottom up...
721 foreach ($paths as $path) {
722 if (isset($accessdata['rsw'][$path])) {
723 // Found a switchrole assignment - check for that role _plus_ the default user role
724 $roles = array($accessdata['rsw'][$path]=>null, $CFG->defaultuserroleid=>null);
725 $switchedrole = true;
726 break;
727 }
728 }
729 }
730
731 if (!$switchedrole) {
732 // get all users roles in this context and above
733 foreach ($paths as $path) {
734 if (isset($accessdata['ra'][$path])) {
735 foreach ($accessdata['ra'][$path] as $roleid) {
736 $roles[$roleid] = null;
737 }
738 }
739 }
740 }
741
742 // Now find out what access is given to each role, going bottom-->up direction
743 $allowed = false;
744 foreach ($roles as $roleid => $ignored) {
745 foreach ($paths as $path) {
746 if (isset($accessdata['rdef']["{$path}:$roleid"][$capability])) {
747 $perm = (int)$accessdata['rdef']["{$path}:$roleid"][$capability];
748 if ($perm === CAP_PROHIBIT) {
749 // any CAP_PROHIBIT found means no permission for the user
750 return false;
751 }
752 if (is_null($roles[$roleid])) {
753 $roles[$roleid] = $perm;
754 }
755 }
756 }
757 // CAP_ALLOW in any role means the user has a permission, we continue only to detect prohibits
758 $allowed = ($allowed or $roles[$roleid] === CAP_ALLOW);
759 }
760
761 return $allowed;
762 }
763
764 /**
765 * A convenience function that tests has_capability, and displays an error if
766 * the user does not have that capability.
767 *
768 * NOTE before Moodle 2.0, this function attempted to make an appropriate
769 * require_login call before checking the capability. This is no longer the case.
770 * You must call require_login (or one of its variants) if you want to check the
771 * user is logged in, before you call this function.
772 *
773 * @see has_capability()
774 *
775 * @param string $capability the name of the capability to check. For example mod/forum:view
776 * @param context $context the context to check the capability in. You normally get this with context_xxxx::instance().
777 * @param int $userid A user id. By default (null) checks the permissions of the current user.
778 * @param bool $doanything If false, ignore effect of admin role assignment
779 * @param string $errormessage The error string to to user. Defaults to 'nopermissions'.
780 * @param string $stringfile The language file to load the error string from. Defaults to 'error'.
781 * @return void terminates with an error if the user does not have the given capability.
782 */
783 function require_capability($capability, context $context, $userid = null, $doanything = true,
784 $errormessage = 'nopermissions', $stringfile = '') {
785 if (!has_capability($capability, $context, $userid, $doanything)) {
786 throw new required_capability_exception($context, $capability, $errormessage, $stringfile);
787 }
788 }
789
790 /**
791 * Return a nested array showing role assignments
792 * all relevant role capabilities for the user at
793 * site/course_category/course levels
794 *
795 * We do _not_ delve deeper than courses because the number of
796 * overrides at the module/block levels can be HUGE.
797 *
798 * [ra] => [/path][roleid]=roleid
799 * [rdef] => [/path:roleid][capability]=permission
800 *
801 * @access private
802 * @param int $userid - the id of the user
803 * @return array access info array
804 */
805 function get_user_access_sitewide($userid) {
806 global $CFG, $DB, $ACCESSLIB_PRIVATE;
807
808 /* Get in a few cheap DB queries...
809 * - role assignments
810 * - relevant role caps
811 * - above and within this user's RAs
812 * - below this user's RAs - limited to course level
813 */
814
815 // raparents collects paths & roles we need to walk up the parenthood to build the minimal rdef
816 $raparents = array();
817 $accessdata = get_empty_accessdata();
818
819 // start with the default role
820 if (!empty($CFG->defaultuserroleid)) {
821 $syscontext = context_system::instance();
822 $accessdata['ra'][$syscontext->path][(int)$CFG->defaultuserroleid] = (int)$CFG->defaultuserroleid;
823 $raparents[$CFG->defaultuserroleid][$syscontext->id] = $syscontext->id;
824 }
825
826 // load the "default frontpage role"
827 if (!empty($CFG->defaultfrontpageroleid)) {
828 $frontpagecontext = context_course::instance(get_site()->id);
829 if ($frontpagecontext->path) {
830 $accessdata['ra'][$frontpagecontext->path][(int)$CFG->defaultfrontpageroleid] = (int)$CFG->defaultfrontpageroleid;
831 $raparents[$CFG->defaultfrontpageroleid][$frontpagecontext->id] = $frontpagecontext->id;
832 }
833 }
834
835 // preload every assigned role at and above course context
836 $sql = "SELECT ctx.path, ra.roleid, ra.contextid
837 FROM {role_assignments} ra
838 JOIN {context} ctx
839 ON ctx.id = ra.contextid
840 LEFT JOIN {block_instances} bi
841 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
842 LEFT JOIN {context} bpctx
843 ON (bpctx.id = bi.parentcontextid)
844 WHERE ra.userid = :userid
845 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")";
846 $params = array('userid'=>$userid);
847 $rs = $DB->get_recordset_sql($sql, $params);
848 foreach ($rs as $ra) {
849 // RAs leafs are arrays to support multi-role assignments...
850 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
851 $raparents[$ra->roleid][$ra->contextid] = $ra->contextid;
852 }
853 $rs->close();
854
855 if (empty($raparents)) {
856 return $accessdata;
857 }
858
859 // now get overrides of interesting roles in all interesting child contexts
860 // hopefully we will not run out of SQL limits here,
861 // users would have to have very many roles at/above course context...
862 $sqls = array();
863 $params = array();
864
865 static $cp = 0;
866 foreach ($raparents as $roleid=>$ras) {
867 $cp++;
868 list($sqlcids, $cids) = $DB->get_in_or_equal($ras, SQL_PARAMS_NAMED, 'c'.$cp.'_');
869 $params = array_merge($params, $cids);
870 $params['r'.$cp] = $roleid;
871 $sqls[] = "(SELECT ctx.path, rc.roleid, rc.capability, rc.permission
872 FROM {role_capabilities} rc
873 JOIN {context} ctx
874 ON (ctx.id = rc.contextid)
875 JOIN {context} pctx
876 ON (pctx.id $sqlcids
877 AND (ctx.id = pctx.id
878 OR ctx.path LIKE ".$DB->sql_concat('pctx.path',"'/%'")."
879 OR pctx.path LIKE ".$DB->sql_concat('ctx.path',"'/%'")."))
880 LEFT JOIN {block_instances} bi
881 ON (ctx.contextlevel = ".CONTEXT_BLOCK." AND bi.id = ctx.instanceid)
882 LEFT JOIN {context} bpctx
883 ON (bpctx.id = bi.parentcontextid)
884 WHERE rc.roleid = :r{$cp}
885 AND (ctx.contextlevel <= ".CONTEXT_COURSE." OR bpctx.contextlevel < ".CONTEXT_COURSE.")
886 )";
887 }
888
889 // fixed capability order is necessary for rdef dedupe
890 $rs = $DB->get_recordset_sql(implode("\nUNION\n", $sqls). "ORDER BY capability", $params);
891
892 foreach ($rs as $rd) {
893 $k = $rd->path.':'.$rd->roleid;
894 $accessdata['rdef'][$k][$rd->capability] = (int)$rd->permission;
895 }
896 $rs->close();
897
898 // share the role definitions
899 foreach ($accessdata['rdef'] as $k=>$unused) {
900 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
901 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $accessdata['rdef'][$k];
902 }
903 $accessdata['rdef_count']++;
904 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
905 }
906
907 return $accessdata;
908 }
909
910 /**
911 * Add to the access ctrl array the data needed by a user for a given course.
912 *
913 * This function injects all course related access info into the accessdata array.
914 *
915 * @access private
916 * @param int $userid the id of the user
917 * @param context_course $coursecontext course context
918 * @param array $accessdata accessdata array (modified)
919 * @return void modifies $accessdata parameter
920 */
921 function load_course_context($userid, context_course $coursecontext, &$accessdata) {
922 global $DB, $CFG, $ACCESSLIB_PRIVATE;
923
924 if (empty($coursecontext->path)) {
925 // weird, this should not happen
926 return;
927 }
928
929 if (isset($accessdata['loaded'][$coursecontext->instanceid])) {
930 // already loaded, great!
931 return;
932 }
933
934 $roles = array();
935
936 if (empty($userid)) {
937 if (!empty($CFG->notloggedinroleid)) {
938 $roles[$CFG->notloggedinroleid] = $CFG->notloggedinroleid;
939 }
940
941 } else if (isguestuser($userid)) {
942 if ($guestrole = get_guest_role()) {
943 $roles[$guestrole->id] = $guestrole->id;
944 }
945
946 } else {
947 // Interesting role assignments at, above and below the course context
948 list($parentsaself, $params) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
949 $params['userid'] = $userid;
950 $params['children'] = $coursecontext->path."/%";
951 $sql = "SELECT ra.*, ctx.path
952 FROM {role_assignments} ra
953 JOIN {context} ctx ON ra.contextid = ctx.id
954 WHERE ra.userid = :userid AND (ctx.id $parentsaself OR ctx.path LIKE :children)";
955 $rs = $DB->get_recordset_sql($sql, $params);
956
957 // add missing role definitions
958 foreach ($rs as $ra) {
959 $accessdata['ra'][$ra->path][(int)$ra->roleid] = (int)$ra->roleid;
960 $roles[$ra->roleid] = $ra->roleid;
961 }
962 $rs->close();
963
964 // add the "default frontpage role" when on the frontpage
965 if (!empty($CFG->defaultfrontpageroleid)) {
966 $frontpagecontext = context_course::instance(get_site()->id);
967 if ($frontpagecontext->id == $coursecontext->id) {
968 $roles[$CFG->defaultfrontpageroleid] = $CFG->defaultfrontpageroleid;
969 }
970 }
971
972 // do not forget the default role
973 if (!empty($CFG->defaultuserroleid)) {
974 $roles[$CFG->defaultuserroleid] = $CFG->defaultuserroleid;
975 }
976 }
977
978 if (!$roles) {
979 // weird, default roles must be missing...
980 $accessdata['loaded'][$coursecontext->instanceid] = 1;
981 return;
982 }
983
984 // now get overrides of interesting roles in all interesting contexts (this course + children + parents)
985 $params = array('c'=>$coursecontext->id);
986 list($parentsaself, $rparams) = $DB->get_in_or_equal($coursecontext->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
987 $params = array_merge($params, $rparams);
988 list($roleids, $rparams) = $DB->get_in_or_equal($roles, SQL_PARAMS_NAMED, 'r_');
989 $params = array_merge($params, $rparams);
990
991 $sql = "SELECT ctx.path, rc.roleid, rc.capability, rc.permission
992 FROM {role_capabilities} rc
993 JOIN {context} ctx
994 ON (ctx.id = rc.contextid)
995 JOIN {context} cctx
996 ON (cctx.id = :c
997 AND (ctx.id $parentsaself OR ctx.path LIKE ".$DB->sql_concat('cctx.path',"'/%'")."))
998 WHERE rc.roleid $roleids
999 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
1000 $rs = $DB->get_recordset_sql($sql, $params);
1001
1002 $newrdefs = array();
1003 foreach ($rs as $rd) {
1004 $k = $rd->path.':'.$rd->roleid;
1005 if (isset($accessdata['rdef'][$k])) {
1006 continue;
1007 }
1008 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
1009 }
1010 $rs->close();
1011
1012 // share new role definitions
1013 foreach ($newrdefs as $k=>$unused) {
1014 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
1015 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
1016 }
1017 $accessdata['rdef_count']++;
1018 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1019 }
1020
1021 $accessdata['loaded'][$coursecontext->instanceid] = 1;
1022
1023 // we want to deduplicate the USER->access from time to time, this looks like a good place,
1024 // because we have to do it before the end of session
1025 dedupe_user_access();
1026 }
1027
1028 /**
1029 * Add to the access ctrl array the data needed by a role for a given context.
1030 *
1031 * The data is added in the rdef key.
1032 * This role-centric function is useful for role_switching
1033 * and temporary course roles.
1034 *
1035 * @access private
1036 * @param int $roleid the id of the user
1037 * @param context $context needs path!
1038 * @param array $accessdata accessdata array (is modified)
1039 * @return array
1040 */
1041 function load_role_access_by_context($roleid, context $context, &$accessdata) {
1042 global $DB, $ACCESSLIB_PRIVATE;
1043
1044 /* Get the relevant rolecaps into rdef
1045 * - relevant role caps
1046 * - at ctx and above
1047 * - below this ctx
1048 */
1049
1050 if (empty($context->path)) {
1051 // weird, this should not happen
1052 return;
1053 }
1054
1055 list($parentsaself, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'pc_');
1056 $params['roleid'] = $roleid;
1057 $params['childpath'] = $context->path.'/%';
1058
1059 $sql = "SELECT ctx.path, rc.capability, rc.permission
1060 FROM {role_capabilities} rc
1061 JOIN {context} ctx ON (rc.contextid = ctx.id)
1062 WHERE rc.roleid = :roleid AND (ctx.id $parentsaself OR ctx.path LIKE :childpath)
1063 ORDER BY rc.capability"; // fixed capability order is necessary for rdef dedupe
1064 $rs = $DB->get_recordset_sql($sql, $params);
1065
1066 $newrdefs = array();
1067 foreach ($rs as $rd) {
1068 $k = $rd->path.':'.$roleid;
1069 if (isset($accessdata['rdef'][$k])) {
1070 continue;
1071 }
1072 $newrdefs[$k][$rd->capability] = (int)$rd->permission;
1073 }
1074 $rs->close();
1075
1076 // share new role definitions
1077 foreach ($newrdefs as $k=>$unused) {
1078 if (!isset($ACCESSLIB_PRIVATE->rolepermissions[$k])) {
1079 $ACCESSLIB_PRIVATE->rolepermissions[$k] = $newrdefs[$k];
1080 }
1081 $accessdata['rdef_count']++;
1082 $accessdata['rdef'][$k] =& $ACCESSLIB_PRIVATE->rolepermissions[$k];
1083 }
1084 }
1085
1086 /**
1087 * Returns empty accessdata structure.
1088 *
1089 * @access private
1090 * @return array empt accessdata
1091 */
1092 function get_empty_accessdata() {
1093 $accessdata = array(); // named list
1094 $accessdata['ra'] = array();
1095 $accessdata['rdef'] = array();
1096 $accessdata['rdef_count'] = 0; // this bloody hack is necessary because count($array) is slooooowwww in PHP
1097 $accessdata['rdef_lcc'] = 0; // rdef_count during the last compression
1098 $accessdata['loaded'] = array(); // loaded course contexts
1099 $accessdata['time'] = time();
1100 $accessdata['rsw'] = array();
1101
1102 return $accessdata;
1103 }
1104
1105 /**
1106 * Get accessdata for a given user.
1107 *
1108 * @access private
1109 * @param int $userid
1110 * @param bool $preloadonly true means do not return access array
1111 * @return array accessdata
1112 */
1113 function get_user_accessdata($userid, $preloadonly=false) {
1114 global $CFG, $ACCESSLIB_PRIVATE, $USER;
1115
1116 if (!empty($USER->access['rdef']) and empty($ACCESSLIB_PRIVATE->rolepermissions)) {
1117 // share rdef from USER session with rolepermissions cache in order to conserve memory
1118 foreach ($USER->access['rdef'] as $k=>$v) {
1119 $ACCESSLIB_PRIVATE->rolepermissions[$k] =& $USER->access['rdef'][$k];
1120 }
1121 $ACCESSLIB_PRIVATE->accessdatabyuser[$USER->id] = $USER->access;
1122 }
1123
1124 if (!isset($ACCESSLIB_PRIVATE->accessdatabyuser[$userid])) {
1125 if (empty($userid)) {
1126 if (!empty($CFG->notloggedinroleid)) {
1127 $accessdata = get_role_access($CFG->notloggedinroleid);
1128 } else {
1129 // weird
1130 return get_empty_accessdata();
1131 }
1132
1133 } else if (isguestuser($userid)) {
1134 if ($guestrole = get_guest_role()) {
1135 $accessdata = get_role_access($guestrole->id);
1136 } else {
1137 //weird
1138 return get_empty_accessdata();
1139 }
1140
1141 } else {
1142 $accessdata = get_user_access_sitewide($userid); // includes default role and frontpage role
1143 }
1144
1145 $ACCESSLIB_PRIVATE->accessdatabyuser[$userid] = $accessdata;
1146 }
1147
1148 if ($preloadonly) {
1149 return;
1150 } else {
1151 return $ACCESSLIB_PRIVATE->accessdatabyuser[$userid];
1152 }
1153 }
1154
1155 /**
1156 * Try to minimise the size of $USER->access by eliminating duplicate override storage,
1157 * this function looks for contexts with the same overrides and shares them.
1158 *
1159 * @access private
1160 * @return void
1161 */
1162 function dedupe_user_access() {
1163 global $USER;
1164
1165 if (CLI_SCRIPT) {
1166 // no session in CLI --> no compression necessary
1167 return;
1168 }
1169
1170 if (empty($USER->access['rdef_count'])) {
1171 // weird, this should not happen
1172 return;
1173 }
1174
1175 // the rdef is growing only, we never remove stuff from it, the rdef_lcc helps us to detect new stuff in rdef
1176 if ($USER->access['rdef_count'] - $USER->access['rdef_lcc'] > 10) {
1177 // do not compress after each change, wait till there is more stuff to be done
1178 return;
1179 }
1180
1181 $hashmap = array();
1182 foreach ($USER->access['rdef'] as $k=>$def) {
1183 $hash = sha1(serialize($def));
1184 if (isset($hashmap[$hash])) {
1185 $USER->access['rdef'][$k] =& $hashmap[$hash];
1186 } else {
1187 $hashmap[$hash] =& $USER->access['rdef'][$k];
1188 }
1189 }
1190
1191 $USER->access['rdef_lcc'] = $USER->access['rdef_count'];
1192 }
1193
1194 /**
1195 * A convenience function to completely load all the capabilities
1196 * for the current user. It is called from has_capability() and functions change permissions.
1197 *
1198 * Call it only _after_ you've setup $USER and called check_enrolment_plugins();
1199 * @see check_enrolment_plugins()
1200 *
1201 * @access private
1202 * @return void
1203 */
1204 function load_all_capabilities() {
1205 global $USER;
1206
1207 // roles not installed yet - we are in the middle of installation
1208 if (during_initial_install()) {
1209 return;
1210 }
1211
1212 if (!isset($USER->id)) {
1213 // this should not happen
1214 $USER->id = 0;
1215 }
1216
1217 unset($USER->access);
1218 $USER->access = get_user_accessdata($USER->id);
1219
1220 // deduplicate the overrides to minimize session size
1221 dedupe_user_access();
1222
1223 // Clear to force a refresh
1224 unset($USER->mycourses);
1225
1226 // init/reset internal enrol caches - active course enrolments and temp access
1227 $USER->enrol = array('enrolled'=>array(), 'tempguest'=>array());
1228 }
1229
1230 /**
1231 * A convenience function to completely reload all the capabilities
1232 * for the current user when roles have been updated in a relevant
1233 * context -- but PRESERVING switchroles and loginas.
1234 * This function resets all accesslib and context caches.
1235 *
1236 * That is - completely transparent to the user.
1237 *
1238 * Note: reloads $USER->access completely.
1239 *
1240 * @access private
1241 * @return void
1242 */
1243 function reload_all_capabilities() {
1244 global $USER, $DB, $ACCESSLIB_PRIVATE;
1245
1246 // copy switchroles
1247 $sw = array();
1248 if (!empty($USER->access['rsw'])) {
1249 $sw = $USER->access['rsw'];
1250 }
1251
1252 accesslib_clear_all_caches(true);
1253 unset($USER->access);
1254 $ACCESSLIB_PRIVATE->dirtycontexts = array(); // prevent dirty flags refetching on this page
1255
1256 load_all_capabilities();
1257
1258 foreach ($sw as $path => $roleid) {
1259 if ($record = $DB->get_record('context', array('path'=>$path))) {
1260 $context = context::instance_by_id($record->id);
1261 role_switch($roleid, $context);
1262 }
1263 }
1264 }
1265
1266 /**
1267 * Adds a temp role to current USER->access array.
1268 *
1269 * Useful for the "temporary guest" access we grant to logged-in users.
1270 * This is useful for enrol plugins only.
1271 *
1272 * @since Moodle 2.2
1273 * @param context_course $coursecontext
1274 * @param int $roleid
1275 * @return void
1276 */
1277 function load_temp_course_role(context_course $coursecontext, $roleid) {
1278 global $USER, $SITE;
1279
1280 if (empty($roleid)) {
1281 debugging('invalid role specified in load_temp_course_role()');
1282 return;
1283 }
1284
1285 if ($coursecontext->instanceid == $SITE->id) {
1286 debugging('Can not use temp roles on the frontpage');
1287 return;
1288 }
1289
1290 if (!isset($USER->access)) {
1291 load_all_capabilities();
1292 }
1293
1294 $coursecontext->reload_if_dirty();
1295
1296 if (isset($USER->access['ra'][$coursecontext->path][$roleid])) {
1297 return;
1298 }
1299
1300 // load course stuff first
1301 load_course_context($USER->id, $coursecontext, $USER->access);
1302
1303 $USER->access['ra'][$coursecontext->path][(int)$roleid] = (int)$roleid;
1304
1305 load_role_access_by_context($roleid, $coursecontext, $USER->access);
1306 }
1307
1308 /**
1309 * Removes any extra guest roles from current USER->access array.
1310 * This is useful for enrol plugins only.
1311 *
1312 * @since Moodle 2.2
1313 * @param context_course $coursecontext
1314 * @return void
1315 */
1316 function remove_temp_course_roles(context_course $coursecontext) {
1317 global $DB, $USER, $SITE;
1318
1319 if ($coursecontext->instanceid == $SITE->id) {
1320 debugging('Can not use temp roles on the frontpage');
1321 return;
1322 }
1323
1324 if (empty($USER->access['ra'][$coursecontext->path])) {
1325 //no roles here, weird
1326 return;
1327 }
1328
1329 $sql = "SELECT DISTINCT ra.roleid AS id
1330 FROM {role_assignments} ra
1331 WHERE ra.contextid = :contextid AND ra.userid = :userid";
1332 $ras = $DB->get_records_sql($sql, array('contextid'=>$coursecontext->id, 'userid'=>$USER->id));
1333
1334 $USER->access['ra'][$coursecontext->path] = array();
1335 foreach($ras as $r) {
1336 $USER->access['ra'][$coursecontext->path][(int)$r->id] = (int)$r->id;
1337 }
1338 }
1339
1340 /**
1341 * Returns array of all role archetypes.
1342 *
1343 * @return array
1344 */
1345 function get_role_archetypes() {
1346 return array(
1347 'manager' => 'manager',
1348 'coursecreator' => 'coursecreator',
1349 'editingteacher' => 'editingteacher',
1350 'teacher' => 'teacher',
1351 'student' => 'student',
1352 'guest' => 'guest',
1353 'user' => 'user',
1354 'frontpage' => 'frontpage'
1355 );
1356 }
1357
1358 /**
1359 * Assign the defaults found in this capability definition to roles that have
1360 * the corresponding legacy capabilities assigned to them.
1361 *
1362 * @param string $capability
1363 * @param array $legacyperms an array in the format (example):
1364 * 'guest' => CAP_PREVENT,
1365 * 'student' => CAP_ALLOW,
1366 * 'teacher' => CAP_ALLOW,
1367 * 'editingteacher' => CAP_ALLOW,
1368 * 'coursecreator' => CAP_ALLOW,
1369 * 'manager' => CAP_ALLOW
1370 * @return boolean success or failure.
1371 */
1372 function assign_legacy_capabilities($capability, $legacyperms) {
1373
1374 $archetypes = get_role_archetypes();
1375
1376 foreach ($legacyperms as $type => $perm) {
1377
1378 $systemcontext = context_system::instance();
1379 if ($type === 'admin') {
1380 debugging('Legacy type admin in access.php was renamed to manager, please update the code.');
1381 $type = 'manager';
1382 }
1383
1384 if (!array_key_exists($type, $archetypes)) {
1385 print_error('invalidlegacy', '', '', $type);
1386 }
1387
1388 if ($roles = get_archetype_roles($type)) {
1389 foreach ($roles as $role) {
1390 // Assign a site level capability.
1391 if (!assign_capability($capability, $perm, $role->id, $systemcontext->id)) {
1392 return false;
1393 }
1394 }
1395 }
1396 }
1397 return true;
1398 }
1399
1400 /**
1401 * Verify capability risks.
1402 *
1403 * @param stdClass $capability a capability - a row from the capabilities table.
1404 * @return boolean whether this capability is safe - that is, whether people with the
1405 * safeoverrides capability should be allowed to change it.
1406 */
1407 function is_safe_capability($capability) {
1408 return !((RISK_DATALOSS | RISK_MANAGETRUST | RISK_CONFIG | RISK_XSS | RISK_PERSONAL) & $capability->riskbitmask);
1409 }
1410
1411 /**
1412 * Get the local override (if any) for a given capability in a role in a context
1413 *
1414 * @param int $roleid
1415 * @param int $contextid
1416 * @param string $capability
1417 * @return stdClass local capability override
1418 */
1419 function get_local_override($roleid, $contextid, $capability) {
1420 global $DB;
1421 return $DB->get_record('role_capabilities', array('roleid'=>$roleid, 'capability'=>$capability, 'contextid'=>$contextid));
1422 }
1423
1424 /**
1425 * Returns context instance plus related course and cm instances
1426 *
1427 * @param int $contextid
1428 * @return array of ($context, $course, $cm)
1429 */
1430 function get_context_info_array($contextid) {
1431 global $DB;
1432
1433 $context = context::instance_by_id($contextid, MUST_EXIST);
1434 $course = null;
1435 $cm = null;
1436
1437 if ($context->contextlevel == CONTEXT_COURSE) {
1438 $course = $DB->get_record('course', array('id'=>$context->instanceid), '*', MUST_EXIST);
1439
1440 } else if ($context->contextlevel == CONTEXT_MODULE) {
1441 $cm = get_coursemodule_from_id('', $context->instanceid, 0, false, MUST_EXIST);
1442 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1443
1444 } else if ($context->contextlevel == CONTEXT_BLOCK) {
1445 $parent = $context->get_parent_context();
1446
1447 if ($parent->contextlevel == CONTEXT_COURSE) {
1448 $course = $DB->get_record('course', array('id'=>$parent->instanceid), '*', MUST_EXIST);
1449 } else if ($parent->contextlevel == CONTEXT_MODULE) {
1450 $cm = get_coursemodule_from_id('', $parent->instanceid, 0, false, MUST_EXIST);
1451 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
1452 }
1453 }
1454
1455 return array($context, $course, $cm);
1456 }
1457
1458 /**
1459 * Function that creates a role
1460 *
1461 * @param string $name role name
1462 * @param string $shortname role short name
1463 * @param string $description role description
1464 * @param string $archetype
1465 * @return int id or dml_exception
1466 */
1467 function create_role($name, $shortname, $description, $archetype = '') {
1468 global $DB;
1469
1470 if (strpos($archetype, 'moodle/legacy:') !== false) {
1471 throw new coding_exception('Use new role archetype parameter in create_role() instead of old legacy capabilities.');
1472 }
1473
1474 // verify role archetype actually exists
1475 $archetypes = get_role_archetypes();
1476 if (empty($archetypes[$archetype])) {
1477 $archetype = '';
1478 }
1479
1480 // Insert the role record.
1481 $role = new stdClass();
1482 $role->name = $name;
1483 $role->shortname = $shortname;
1484 $role->description = $description;
1485 $role->archetype = $archetype;
1486
1487 //find free sortorder number
1488 $role->sortorder = $DB->get_field('role', 'MAX(sortorder) + 1', array());
1489 if (empty($role->sortorder)) {
1490 $role->sortorder = 1;
1491 }
1492 $id = $DB->insert_record('role', $role);
1493
1494 return $id;
1495 }
1496
1497 /**
1498 * Function that deletes a role and cleanups up after it
1499 *
1500 * @param int $roleid id of role to delete
1501 * @return bool always true
1502 */
1503 function delete_role($roleid) {
1504 global $DB;
1505
1506 // first unssign all users
1507 role_unassign_all(array('roleid'=>$roleid));
1508
1509 // cleanup all references to this role, ignore errors
1510 $DB->delete_records('role_capabilities', array('roleid'=>$roleid));
1511 $DB->delete_records('role_allow_assign', array('roleid'=>$roleid));
1512 $DB->delete_records('role_allow_assign', array('allowassign'=>$roleid));
1513 $DB->delete_records('role_allow_override', array('roleid'=>$roleid));
1514 $DB->delete_records('role_allow_override', array('allowoverride'=>$roleid));
1515 $DB->delete_records('role_names', array('roleid'=>$roleid));
1516 $DB->delete_records('role_context_levels', array('roleid'=>$roleid));
1517
1518 // Get role record before it's deleted.
1519 $role = $DB->get_record('role', array('id'=>$roleid));
1520
1521 // Finally delete the role itself.
1522 $DB->delete_records('role', array('id'=>$roleid));
1523
1524 // Trigger event.
1525 $event = \core\event\role_deleted::create(
1526 array(
1527 'context' => context_system::instance(),
1528 'objectid' => $roleid,
1529 'other' =>
1530 array(
1531 'shortname' => $role->shortname,
1532 'description' => $role->description,
1533 'archetype' => $role->archetype
1534 )
1535 )
1536 );
1537 $event->add_record_snapshot('role', $role);
1538 $event->trigger();
1539
1540 return true;
1541 }
1542
1543 /**
1544 * Function to write context specific overrides, or default capabilities.
1545 *
1546 * NOTE: use $context->mark_dirty() after this
1547 *
1548 * @param string $capability string name
1549 * @param int $permission CAP_ constants
1550 * @param int $roleid role id
1551 * @param int|context $contextid context id
1552 * @param bool $overwrite
1553 * @return bool always true or exception
1554 */
1555 function assign_capability($capability, $permission, $roleid, $contextid, $overwrite = false) {
1556 global $USER, $DB;
1557
1558 if ($contextid instanceof context) {
1559 $context = $contextid;
1560 } else {
1561 $context = context::instance_by_id($contextid);
1562 }
1563
1564 if (empty($permission) || $permission == CAP_INHERIT) { // if permission is not set
1565 unassign_capability($capability, $roleid, $context->id);
1566 return true;
1567 }
1568
1569 $existing = $DB->get_record('role_capabilities', array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability));
1570
1571 if ($existing and !$overwrite) { // We want to keep whatever is there already
1572 return true;
1573 }
1574
1575 $cap = new stdClass();
1576 $cap->contextid = $context->id;
1577 $cap->roleid = $roleid;
1578 $cap->capability = $capability;
1579 $cap->permission = $permission;
1580 $cap->timemodified = time();
1581 $cap->modifierid = empty($USER->id) ? 0 : $USER->id;
1582
1583 if ($existing) {
1584 $cap->id = $existing->id;
1585 $DB->update_record('role_capabilities', $cap);
1586 } else {
1587 if ($DB->record_exists('context', array('id'=>$context->id))) {
1588 $DB->insert_record('role_capabilities', $cap);
1589 }
1590 }
1591 return true;
1592 }
1593
1594 /**
1595 * Unassign a capability from a role.
1596 *
1597 * NOTE: use $context->mark_dirty() after this
1598 *
1599 * @param string $capability the name of the capability
1600 * @param int $roleid the role id
1601 * @param int|context $contextid null means all contexts
1602 * @return boolean true or exception
1603 */
1604 function unassign_capability($capability, $roleid, $contextid = null) {
1605 global $DB;
1606
1607 if (!empty($contextid)) {
1608 if ($contextid instanceof context) {
1609 $context = $contextid;
1610 } else {
1611 $context = context::instance_by_id($contextid);
1612 }
1613 // delete from context rel, if this is the last override in this context
1614 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid, 'contextid'=>$context->id));
1615 } else {
1616 $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid));
1617 }
1618 return true;
1619 }
1620
1621 /**
1622 * Get the roles that have a given capability assigned to it
1623 *
1624 * This function does not resolve the actual permission of the capability.
1625 * It just checks for permissions and overrides.
1626 * Use get_roles_with_cap_in_context() if resolution is required.
1627 *
1628 * @param string $capability capability name (string)
1629 * @param string $permission optional, the permission defined for this capability
1630 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT. Defaults to null which means any.
1631 * @param stdClass $context null means any
1632 * @return array of role records
1633 */
1634 function get_roles_with_capability($capability, $permission = null, $context = null) {
1635 global $DB;
1636
1637 if ($context) {
1638 $contexts = $context->get_parent_context_ids(true);
1639 list($insql, $params) = $DB->get_in_or_equal($contexts, SQL_PARAMS_NAMED, 'ctx');
1640 $contextsql = "AND rc.contextid $insql";
1641 } else {
1642 $params = array();
1643 $contextsql = '';
1644 }
1645
1646 if ($permission) {
1647 $permissionsql = " AND rc.permission = :permission";
1648 $params['permission'] = $permission;
1649 } else {
1650 $permissionsql = '';
1651 }
1652
1653 $sql = "SELECT r.*
1654 FROM {role} r
1655 WHERE r.id IN (SELECT rc.roleid
1656 FROM {role_capabilities} rc
1657 WHERE rc.capability = :capname
1658 $contextsql
1659 $permissionsql)";
1660 $params['capname'] = $capability;
1661
1662
1663 return $DB->get_records_sql($sql, $params);
1664 }
1665
1666 /**
1667 * This function makes a role-assignment (a role for a user in a particular context)
1668 *
1669 * @param int $roleid the role of the id
1670 * @param int $userid userid
1671 * @param int|context $contextid id of the context
1672 * @param string $component example 'enrol_ldap', defaults to '' which means manual assignment,
1673 * @param int $itemid id of enrolment/auth plugin
1674 * @param string $timemodified defaults to current time
1675 * @return int new/existing id of the assignment
1676 */
1677 function role_assign($roleid, $userid, $contextid, $component = '', $itemid = 0, $timemodified = '') {
1678 global $USER, $DB;
1679
1680 // first of all detect if somebody is using old style parameters
1681 if ($contextid === 0 or is_numeric($component)) {
1682 throw new coding_exception('Invalid call to role_assign(), code needs to be updated to use new order of parameters');
1683 }
1684
1685 // now validate all parameters
1686 if (empty($roleid)) {
1687 throw new coding_exception('Invalid call to role_assign(), roleid can not be empty');
1688 }
1689
1690 if (empty($userid)) {
1691 throw new coding_exception('Invalid call to role_assign(), userid can not be empty');
1692 }
1693
1694 if ($itemid) {
1695 if (strpos($component, '_') === false) {
1696 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as"enrol_" when itemid specified', 'component:'.$component);
1697 }
1698 } else {
1699 $itemid = 0;
1700 if ($component !== '' and strpos($component, '_') === false) {
1701 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1702 }
1703 }
1704
1705 if (!$DB->record_exists('user', array('id'=>$userid, 'deleted'=>0))) {
1706 throw new coding_exception('User ID does not exist or is deleted!', 'userid:'.$userid);
1707 }
1708
1709 if ($contextid instanceof context) {
1710 $context = $contextid;
1711 } else {
1712 $context = context::instance_by_id($contextid, MUST_EXIST);
1713 }
1714
1715 if (!$timemodified) {
1716 $timemodified = time();
1717 }
1718
1719 // Check for existing entry
1720 $ras = $DB->get_records('role_assignments', array('roleid'=>$roleid, 'contextid'=>$context->id, 'userid'=>$userid, 'component'=>$component, 'itemid'=>$itemid), 'id');
1721
1722 if ($ras) {
1723 // role already assigned - this should not happen
1724 if (count($ras) > 1) {
1725 // very weird - remove all duplicates!
1726 $ra = array_shift($ras);
1727 foreach ($ras as $r) {
1728 $DB->delete_records('role_assignments', array('id'=>$r->id));
1729 }
1730 } else {
1731 $ra = reset($ras);
1732 }
1733
1734 // actually there is no need to update, reset anything or trigger any event, so just return
1735 return $ra->id;
1736 }
1737
1738 // Create a new entry
1739 $ra = new stdClass();
1740 $ra->roleid = $roleid;
1741 $ra->contextid = $context->id;
1742 $ra->userid = $userid;
1743 $ra->component = $component;
1744 $ra->itemid = $itemid;
1745 $ra->timemodified = $timemodified;
1746 $ra->modifierid = empty($USER->id) ? 0 : $USER->id;
1747 $ra->sortorder = 0;
1748
1749 $ra->id = $DB->insert_record('role_assignments', $ra);
1750
1751 // mark context as dirty - again expensive, but needed
1752 $context->mark_dirty();
1753
1754 if (!empty($USER->id) && $USER->id == $userid) {
1755 // If the user is the current user, then do full reload of capabilities too.
1756 reload_all_capabilities();
1757 }
1758
1759 $event = \core\event\role_assigned::create(array(
1760 'context' => $context,
1761 'objectid' => $ra->roleid,
1762 'relateduserid' => $ra->userid,
1763 'other' => array(
1764 'id' => $ra->id,
1765 'component' => $ra->component,
1766 'itemid' => $ra->itemid
1767 )
1768 ));
1769 $event->add_record_snapshot('role_assignments', $ra);
1770 $event->trigger();
1771
1772 return $ra->id;
1773 }
1774
1775 /**
1776 * Removes one role assignment
1777 *
1778 * @param int $roleid
1779 * @param int $userid
1780 * @param int $contextid
1781 * @param string $component
1782 * @param int $itemid
1783 * @return void
1784 */
1785 function role_unassign($roleid, $userid, $contextid, $component = '', $itemid = 0) {
1786 // first make sure the params make sense
1787 if ($roleid == 0 or $userid == 0 or $contextid == 0) {
1788 throw new coding_exception('Invalid call to role_unassign(), please use role_unassign_all() when removing multiple role assignments');
1789 }
1790
1791 if ($itemid) {
1792 if (strpos($component, '_') === false) {
1793 throw new coding_exception('Invalid call to role_assign(), component must start with plugin type such as "enrol_" when itemid specified', 'component:'.$component);
1794 }
1795 } else {
1796 $itemid = 0;
1797 if ($component !== '' and strpos($component, '_') === false) {
1798 throw new coding_exception('Invalid call to role_assign(), invalid component string', 'component:'.$component);
1799 }
1800 }
1801
1802 role_unassign_all(array('roleid'=>$roleid, 'userid'=>$userid, 'contextid'=>$contextid, 'component'=>$component, 'itemid'=>$itemid), false, false);
1803 }
1804
1805 /**
1806 * Removes multiple role assignments, parameters may contain:
1807 * 'roleid', 'userid', 'contextid', 'component', 'enrolid'.
1808 *
1809 * @param array $params role assignment parameters
1810 * @param bool $subcontexts unassign in subcontexts too
1811 * @param bool $includemanual include manual role assignments too
1812 * @return void
1813 */
1814 function role_unassign_all(array $params, $subcontexts = false, $includemanual = false) {
1815 global $USER, $CFG, $DB;
1816
1817 if (!$params) {
1818 throw new coding_exception('Missing parameters in role_unsassign_all() call');
1819 }
1820
1821 $allowed = array('roleid', 'userid', 'contextid', 'component', 'itemid');
1822 foreach ($params as $key=>$value) {
1823 if (!in_array($key, $allowed)) {
1824 throw new coding_exception('Unknown role_unsassign_all() parameter key', 'key:'.$key);
1825 }
1826 }
1827
1828 if (isset($params['component']) and $params['component'] !== '' and strpos($params['component'], '_') === false) {
1829 throw new coding_exception('Invalid component paramter in role_unsassign_all() call', 'component:'.$params['component']);
1830 }
1831
1832 if ($includemanual) {
1833 if (!isset($params['component']) or $params['component'] === '') {
1834 throw new coding_exception('include manual parameter requires component parameter in role_unsassign_all() call');
1835 }
1836 }
1837
1838 if ($subcontexts) {
1839 if (empty($params['contextid'])) {
1840 throw new coding_exception('subcontexts paramtere requires component parameter in role_unsassign_all() call');
1841 }
1842 }
1843
1844 $ras = $DB->get_records('role_assignments', $params);
1845 foreach($ras as $ra) {
1846 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1847 if ($context = context::instance_by_id($ra->contextid, IGNORE_MISSING)) {
1848 // this is a bit expensive but necessary
1849 $context->mark_dirty();
1850 // If the user is the current user, then do full reload of capabilities too.
1851 if (!empty($USER->id) && $USER->id == $ra->userid) {
1852 reload_all_capabilities();
1853 }
1854 $event = \core\event\role_unassigned::create(array(
1855 'context' => $context,
1856 'objectid' => $ra->roleid,
1857 'relateduserid' => $ra->userid,
1858 'other' => array(
1859 'id' => $ra->id,
1860 'component' => $ra->component,
1861 'itemid' => $ra->itemid
1862 )
1863 ));
1864 $event->add_record_snapshot('role_assignments', $ra);
1865 $event->trigger();
1866 }
1867 }
1868 unset($ras);
1869
1870 // process subcontexts
1871 if ($subcontexts and $context = context::instance_by_id($params['contextid'], IGNORE_MISSING)) {
1872 if ($params['contextid'] instanceof context) {
1873 $context = $params['contextid'];
1874 } else {
1875 $context = context::instance_by_id($params['contextid'], IGNORE_MISSING);
1876 }
1877
1878 if ($context) {
1879 $contexts = $context->get_child_contexts();
1880 $mparams = $params;
1881 foreach($contexts as $context) {
1882 $mparams['contextid'] = $context->id;
1883 $ras = $DB->get_records('role_assignments', $mparams);
1884 foreach($ras as $ra) {
1885 $DB->delete_records('role_assignments', array('id'=>$ra->id));
1886 // this is a bit expensive but necessary
1887 $context->mark_dirty();
1888 // If the user is the current user, then do full reload of capabilities too.
1889 if (!empty($USER->id) && $USER->id == $ra->userid) {
1890 reload_all_capabilities();
1891 }
1892 $event = \core\event\role_unassigned::create(
1893 array('context'=>$context, 'objectid'=>$ra->roleid, 'relateduserid'=>$ra->userid,
1894 'other'=>array('id'=>$ra->id, 'component'=>$ra->component, 'itemid'=>$ra->itemid)));
1895 $event->add_record_snapshot('role_assignments', $ra);
1896 $event->trigger();
1897 }
1898 }
1899 }
1900 }
1901
1902 // do this once more for all manual role assignments
1903 if ($includemanual) {
1904 $params['component'] = '';
1905 role_unassign_all($params, $subcontexts, false);
1906 }
1907 }
1908
1909 /**
1910 * Determines if a user is currently logged in
1911 *
1912 * @category access
1913 *
1914 * @return bool
1915 */
1916 function isloggedin() {
1917 global $USER;
1918
1919 return (!empty($USER->id));
1920 }
1921
1922 /**
1923 * Determines if a user is logged in as real guest user with username 'guest'.
1924 *
1925 * @category access
1926 *
1927 * @param int|object $user mixed user object or id, $USER if not specified
1928 * @return bool true if user is the real guest user, false if not logged in or other user
1929 */
1930 function isguestuser($user = null) {
1931 global $USER, $DB, $CFG;
1932
1933 // make sure we have the user id cached in config table, because we are going to use it a lot
1934 if (empty($CFG->siteguest)) {
1935 if (!$guestid = $DB->get_field('user', 'id', array('username'=>'guest', 'mnethostid'=>$CFG->mnet_localhost_id))) {
1936 // guest does not exist yet, weird
1937 return false;
1938 }
1939 set_config('siteguest', $guestid);
1940 }
1941 if ($user === null) {
1942 $user = $USER;
1943 }
1944
1945 if ($user === null) {
1946 // happens when setting the $USER
1947 return false;
1948
1949 } else if (is_numeric($user)) {
1950 return ($CFG->siteguest == $user);
1951
1952 } else if (is_object($user)) {
1953 if (empty($user->id)) {
1954 return false; // not logged in means is not be guest
1955 } else {
1956 return ($CFG->siteguest == $user->id);
1957 }
1958
1959 } else {
1960 throw new coding_exception('Invalid user parameter supplied for isguestuser() function!');
1961 }
1962 }
1963
1964 /**
1965 * Does user have a (temporary or real) guest access to course?
1966 *
1967 * @category access
1968 *
1969 * @param context $context
1970 * @param stdClass|int $user
1971 * @return bool
1972 */
1973 function is_guest(context $context, $user = null) {
1974 global $USER;
1975
1976 // first find the course context
1977 $coursecontext = $context->get_course_context();
1978
1979 // make sure there is a real user specified
1980 if ($user === null) {
1981 $userid = isset($USER->id) ? $USER->id : 0;
1982 } else {
1983 $userid = is_object($user) ? $user->id : $user;
1984 }
1985
1986 if (isguestuser($userid)) {
1987 // can not inspect or be enrolled
1988 return true;
1989 }
1990
1991 if (has_capability('moodle/course:view', $coursecontext, $user)) {
1992 // viewing users appear out of nowhere, they are neither guests nor participants
1993 return false;
1994 }
1995
1996 // consider only real active enrolments here
1997 if (is_enrolled($coursecontext, $user, '', true)) {
1998 return false;
1999 }
2000
2001 return true;
2002 }
2003
2004 /**
2005 * Returns true if the user has moodle/course:view capability in the course,
2006 * this is intended for admins, managers (aka small admins), inspectors, etc.
2007 *
2008 * @category access
2009 *
2010 * @param context $context
2011 * @param int|stdClass $user if null $USER is used
2012 * @param string $withcapability extra capability name
2013 * @return bool
2014 */
2015 function is_viewing(context $context, $user = null, $withcapability = '') {
2016 // first find the course context
2017 $coursecontext = $context->get_course_context();
2018
2019 if (isguestuser($user)) {
2020 // can not inspect
2021 return false;
2022 }
2023
2024 if (!has_capability('moodle/course:view', $coursecontext, $user)) {
2025 // admins are allowed to inspect courses
2026 return false;
2027 }
2028
2029 if ($withcapability and !has_capability($withcapability, $context, $user)) {
2030 // site admins always have the capability, but the enrolment above blocks
2031 return false;
2032 }
2033
2034 return true;
2035 }
2036
2037 /**
2038 * Returns true if user is enrolled (is participating) in course
2039 * this is intended for students and teachers.
2040 *
2041 * Since 2.2 the result for active enrolments and current user are cached.
2042 *
2043 * @package core_enrol
2044 * @category access
2045 *
2046 * @param context $context
2047 * @param int|stdClass $user if null $USER is used, otherwise user object or id expected
2048 * @param string $withcapability extra capability name
2049 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2050 * @return bool
2051 */
2052 function is_enrolled(context $context, $user = null, $withcapability = '', $onlyactive = false) {
2053 global $USER, $DB;
2054
2055 // first find the course context
2056 $coursecontext = $context->get_course_context();
2057
2058 // make sure there is a real user specified
2059 if ($user === null) {
2060 $userid = isset($USER->id) ? $USER->id : 0;
2061 } else {
2062 $userid = is_object($user) ? $user->id : $user;
2063 }
2064
2065 if (empty($userid)) {
2066 // not-logged-in!
2067 return false;
2068 } else if (isguestuser($userid)) {
2069 // guest account can not be enrolled anywhere
2070 return false;
2071 }
2072
2073 if ($coursecontext->instanceid == SITEID) {
2074 // everybody participates on frontpage
2075 } else {
2076 // try cached info first - the enrolled flag is set only when active enrolment present
2077 if ($USER->id == $userid) {
2078 $coursecontext->reload_if_dirty();
2079 if (isset($USER->enrol['enrolled'][$coursecontext->instanceid])) {
2080 if ($USER->enrol['enrolled'][$coursecontext->instanceid] > time()) {
2081 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2082 return false;
2083 }
2084 return true;
2085 }
2086 }
2087 }
2088
2089 if ($onlyactive) {
2090 // look for active enrolments only
2091 $until = enrol_get_enrolment_end($coursecontext->instanceid, $userid);
2092
2093 if ($until === false) {
2094 return false;
2095 }
2096
2097 if ($USER->id == $userid) {
2098 if ($until == 0) {
2099 $until = ENROL_MAX_TIMESTAMP;
2100 }
2101 $USER->enrol['enrolled'][$coursecontext->instanceid] = $until;
2102 if (isset($USER->enrol['tempguest'][$coursecontext->instanceid])) {
2103 unset($USER->enrol['tempguest'][$coursecontext->instanceid]);
2104 remove_temp_course_roles($coursecontext);
2105 }
2106 }
2107
2108 } else {
2109 // any enrolment is good for us here, even outdated, disabled or inactive
2110 $sql = "SELECT 'x'
2111 FROM {user_enrolments} ue
2112 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :courseid)
2113 JOIN {user} u ON u.id = ue.userid
2114 WHERE ue.userid = :userid AND u.deleted = 0";
2115 $params = array('userid'=>$userid, 'courseid'=>$coursecontext->instanceid);
2116 if (!$DB->record_exists_sql($sql, $params)) {
2117 return false;
2118 }
2119 }
2120 }
2121
2122 if ($withcapability and !has_capability($withcapability, $context, $userid)) {
2123 return false;
2124 }
2125
2126 return true;
2127 }
2128
2129 /**
2130 * Returns true if the user is able to access the course.
2131 *
2132 * This function is in no way, shape, or form a substitute for require_login.
2133 * It should only be used in circumstances where it is not possible to call require_login
2134 * such as the navigation.
2135 *
2136 * This function checks many of the methods of access to a course such as the view
2137 * capability, enrollments, and guest access. It also makes use of the cache
2138 * generated by require_login for guest access.
2139 *
2140 * The flags within the $USER object that are used here should NEVER be used outside
2141 * of this function can_access_course and require_login. Doing so WILL break future
2142 * versions.
2143 *
2144 * @param stdClass $course record
2145 * @param stdClass|int|null $user user record or id, current user if null
2146 * @param string $withcapability Check for this capability as well.
2147 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2148 * @return boolean Returns true if the user is able to access the course
2149 */
2150 function can_access_course(stdClass $course, $user = null, $withcapability = '', $onlyactive = false) {
2151 global $DB, $USER;
2152
2153 // this function originally accepted $coursecontext parameter
2154 if ($course instanceof context) {
2155 if ($course instanceof context_course) {
2156 debugging('deprecated context parameter, please use $course record');
2157 $coursecontext = $course;
2158 $course = $DB->get_record('course', array('id'=>$coursecontext->instanceid));
2159 } else {
2160 debugging('Invalid context parameter, please use $course record');
2161 return false;
2162 }
2163 } else {
2164 $coursecontext = context_course::instance($course->id);
2165 }
2166
2167 if (!isset($USER->id)) {
2168 // should never happen
2169 $USER->id = 0;
2170 debugging('Course access check being performed on a user with no ID.', DEBUG_DEVELOPER);
2171 }
2172
2173 // make sure there is a user specified
2174 if ($user === null) {
2175 $userid = $USER->id;
2176 } else {
2177 $userid = is_object($user) ? $user->id : $user;
2178 }
2179 unset($user);
2180
2181 if ($withcapability and !has_capability($withcapability, $coursecontext, $userid)) {
2182 return false;
2183 }
2184
2185 if ($userid == $USER->id) {
2186 if (!empty($USER->access['rsw'][$coursecontext->path])) {
2187 // the fact that somebody switched role means they can access the course no matter to what role they switched
2188 return true;
2189 }
2190 }
2191
2192 if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext, $userid)) {
2193 return false;
2194 }
2195
2196 if (is_viewing($coursecontext, $userid)) {
2197 return true;
2198 }
2199
2200 if ($userid != $USER->id) {
2201 // for performance reasons we do not verify temporary guest access for other users, sorry...
2202 return is_enrolled($coursecontext, $userid, '', $onlyactive);
2203 }
2204
2205 // === from here we deal only with $USER ===
2206
2207 $coursecontext->reload_if_dirty();
2208
2209 if (isset($USER->enrol['enrolled'][$course->id])) {
2210 if ($USER->enrol['enrolled'][$course->id] > time()) {
2211 return true;
2212 }
2213 }
2214 if (isset($USER->enrol['tempguest'][$course->id])) {
2215 if ($USER->enrol['tempguest'][$course->id] > time()) {
2216 return true;
2217 }
2218 }
2219
2220 if (is_enrolled($coursecontext, $USER, '', $onlyactive)) {
2221 return true;
2222 }
2223
2224 // if not enrolled try to gain temporary guest access
2225 $instances = $DB->get_records('enrol', array('courseid'=>$course->id, 'status'=>ENROL_INSTANCE_ENABLED), 'sortorder, id ASC');
2226 $enrols = enrol_get_plugins(true);
2227 foreach($instances as $instance) {
2228 if (!isset($enrols[$instance->enrol])) {
2229 continue;
2230 }
2231 // Get a duration for the guest access, a timestamp in the future, 0 (always) or false.
2232 $until = $enrols[$instance->enrol]->try_guestaccess($instance);
2233 if ($until !== false and $until > time()) {
2234 $USER->enrol['tempguest'][$course->id] = $until;
2235 return true;
2236 }
2237 }
2238 if (isset($USER->enrol['tempguest'][$course->id])) {
2239 unset($USER->enrol['tempguest'][$course->id]);
2240 remove_temp_course_roles($coursecontext);
2241 }
2242
2243 return false;
2244 }
2245
2246 /**
2247 * Returns array with sql code and parameters returning all ids
2248 * of users enrolled into course.
2249 *
2250 * This function is using 'eu[0-9]+_' prefix for table names and parameters.
2251 *
2252 * @package core_enrol
2253 * @category access
2254 *
2255 * @param context $context
2256 * @param string $withcapability
2257 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2258 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2259 * @return array list($sql, $params)
2260 */
2261 function get_enrolled_sql(context $context, $withcapability = '', $groupid = 0, $onlyactive = false) {
2262 global $DB, $CFG;
2263
2264 // use unique prefix just in case somebody makes some SQL magic with the result
2265 static $i = 0;
2266 $i++;
2267 $prefix = 'eu'.$i.'_';
2268
2269 // first find the course context
2270 $coursecontext = $context->get_course_context();
2271
2272 $isfrontpage = ($coursecontext->instanceid == SITEID);
2273
2274 $joins = array();
2275 $wheres = array();
2276 $params = array();
2277
2278 list($contextids, $contextpaths) = get_context_info_list($context);
2279
2280 // get all relevant capability info for all roles
2281 if ($withcapability) {
2282 list($incontexts, $cparams) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'ctx');
2283 $cparams['cap'] = $withcapability;
2284
2285 $defs = array();
2286 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.path
2287 FROM {role_capabilities} rc
2288 JOIN {context} ctx on rc.contextid = ctx.id
2289 WHERE rc.contextid $incontexts AND rc.capability = :cap";
2290 $rcs = $DB->get_records_sql($sql, $cparams);
2291 foreach ($rcs as $rc) {
2292 $defs[$rc->path][$rc->roleid] = $rc->permission;
2293 }
2294
2295 $access = array();
2296 if (!empty($defs)) {
2297 foreach ($contextpaths as $path) {
2298 if (empty($defs[$path])) {
2299 continue;
2300 }
2301 foreach($defs[$path] as $roleid => $perm) {
2302 if ($perm == CAP_PROHIBIT) {
2303 $access[$roleid] = CAP_PROHIBIT;
2304 continue;
2305 }
2306 if (!isset($access[$roleid])) {
2307 $access[$roleid] = (int)$perm;
2308 }
2309 }
2310 }
2311 }
2312
2313 unset($defs);
2314
2315 // make lists of roles that are needed and prohibited
2316 $needed = array(); // one of these is enough
2317 $prohibited = array(); // must not have any of these
2318 foreach ($access as $roleid => $perm) {
2319 if ($perm == CAP_PROHIBIT) {
2320 unset($needed[$roleid]);
2321 $prohibited[$roleid] = true;
2322 } else if ($perm == CAP_ALLOW and empty($prohibited[$roleid])) {
2323 $needed[$roleid] = true;
2324 }
2325 }
2326
2327 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
2328 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
2329
2330 $nobody = false;
2331
2332 if ($isfrontpage) {
2333 if (!empty($prohibited[$defaultuserroleid]) or !empty($prohibited[$defaultfrontpageroleid])) {
2334 $nobody = true;
2335 } else if (!empty($needed[$defaultuserroleid]) or !empty($needed[$defaultfrontpageroleid])) {
2336 // everybody not having prohibit has the capability
2337 $needed = array();
2338 } else if (empty($needed)) {
2339 $nobody = true;
2340 }
2341 } else {
2342 if (!empty($prohibited[$defaultuserroleid])) {
2343 $nobody = true;
2344 } else if (!empty($needed[$defaultuserroleid])) {
2345 // everybody not having prohibit has the capability
2346 $needed = array();
2347 } else if (empty($needed)) {
2348 $nobody = true;
2349 }
2350 }
2351
2352 if ($nobody) {
2353 // nobody can match so return some SQL that does not return any results
2354 $wheres[] = "1 = 2";
2355
2356 } else {
2357
2358 if ($needed) {
2359 $ctxids = implode(',', $contextids);
2360 $roleids = implode(',', array_keys($needed));
2361 $joins[] = "JOIN {role_assignments} {$prefix}ra3 ON ({$prefix}ra3.userid = {$prefix}u.id AND {$prefix}ra3.roleid IN ($roleids) AND {$prefix}ra3.contextid IN ($ctxids))";
2362 }
2363
2364 if ($prohibited) {
2365 $ctxids = implode(',', $contextids);
2366 $roleids = implode(',', array_keys($prohibited));
2367 $joins[] = "LEFT JOIN {role_assignments} {$prefix}ra4 ON ({$prefix}ra4.userid = {$prefix}u.id AND {$prefix}ra4.roleid IN ($roleids) AND {$prefix}ra4.contextid IN ($ctxids))";
2368 $wheres[] = "{$prefix}ra4.id IS NULL";
2369 }
2370
2371 if ($groupid) {
2372 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2373 $params["{$prefix}gmid"] = $groupid;
2374 }
2375 }
2376
2377 } else {
2378 if ($groupid) {
2379 $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}u.id AND {$prefix}gm.groupid = :{$prefix}gmid)";
2380 $params["{$prefix}gmid"] = $groupid;
2381 }
2382 }
2383
2384 $wheres[] = "{$prefix}u.deleted = 0 AND {$prefix}u.id <> :{$prefix}guestid";
2385 $params["{$prefix}guestid"] = $CFG->siteguest;
2386
2387 if ($isfrontpage) {
2388 // all users are "enrolled" on the frontpage
2389 } else {
2390 $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$prefix}u.id";
2391 $joins[] = "JOIN {enrol} {$prefix}e ON ({$prefix}e.id = {$prefix}ue.enrolid AND {$prefix}e.courseid = :{$prefix}courseid)";
2392 $params[$prefix.'courseid'] = $coursecontext->instanceid;
2393
2394 if ($onlyactive) {
2395 $wheres[] = "{$prefix}ue.status = :{$prefix}active AND {$prefix}e.status = :{$prefix}enabled";
2396 $wheres[] = "{$prefix}ue.timestart < :{$prefix}now1 AND ({$prefix}ue.timeend = 0 OR {$prefix}ue.timeend > :{$prefix}now2)";
2397 $now = round(time(), -2); // rounding helps caching in DB
2398 $params = array_merge($params, array($prefix.'enabled'=>ENROL_INSTANCE_ENABLED,
2399 $prefix.'active'=>ENROL_USER_ACTIVE,
2400 $prefix.'now1'=>$now, $prefix.'now2'=>$now));
2401 }
2402 }
2403
2404 $joins = implode("\n", $joins);
2405 $wheres = "WHERE ".implode(" AND ", $wheres);
2406
2407 $sql = "SELECT DISTINCT {$prefix}u.id
2408 FROM {user} {$prefix}u
2409 $joins
2410 $wheres";
2411
2412 return array($sql, $params);
2413 }
2414
2415 /**
2416 * Returns list of users enrolled into course.
2417 *
2418 * @package core_enrol
2419 * @category access
2420 *
2421 * @param context $context
2422 * @param string $withcapability
2423 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2424 * @param string $userfields requested user record fields
2425 * @param string $orderby
2426 * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
2427 * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
2428 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2429 * @return array of user records
2430 */
2431 function get_enrolled_users(context $context, $withcapability = '', $groupid = 0, $userfields = 'u.*', $orderby = null,
2432 $limitfrom = 0, $limitnum = 0, $onlyactive = false) {
2433 global $DB;
2434
2435 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid, $onlyactive);
2436 $sql = "SELECT $userfields
2437 FROM {user} u
2438 JOIN ($esql) je ON je.id = u.id
2439 WHERE u.deleted = 0";
2440
2441 if ($orderby) {
2442 $sql = "$sql ORDER BY $orderby";
2443 } else {
2444 list($sort, $sortparams) = users_order_by_sql('u');
2445 $sql = "$sql ORDER BY $sort";
2446 $params = array_merge($params, $sortparams);
2447 }
2448
2449 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
2450 }
2451
2452 /**
2453 * Counts list of users enrolled into course (as per above function)
2454 *
2455 * @package core_enrol
2456 * @category access
2457 *
2458 * @param context $context
2459 * @param string $withcapability
2460 * @param int $groupid 0 means ignore groups, any other value limits the result by group id
2461 * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
2462 * @return array of user records
2463 */
2464 function count_enrolled_users(context $context, $withcapability = '', $groupid = 0, $onlyactive = false) {
2465 global $DB;
2466
2467 list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid, $onlyactive);
2468 $sql = "SELECT count(u.id)
2469 FROM {user} u
2470 JOIN ($esql) je ON je.id = u.id
2471 WHERE u.deleted = 0";
2472
2473 return $DB->count_records_sql($sql, $params);
2474 }
2475
2476 /**
2477 * Loads the capability definitions for the component (from file).
2478 *
2479 * Loads the capability definitions for the component (from file). If no
2480 * capabilities are defined for the component, we simply return an empty array.
2481 *
2482 * @access private
2483 * @param string $component full plugin name, examples: 'moodle', 'mod_forum'
2484 * @return array array of capabilities
2485 */
2486 function load_capability_def($component) {
2487 $defpath = core_component::get_component_directory($component).'/db/access.php';
2488
2489 $capabilities = array();
2490 if (file_exists($defpath)) {
2491 require($defpath);
2492 if (!empty(${$component.'_capabilities'})) {
2493 // BC capability array name
2494 // since 2.0 we prefer $capabilities instead - it is easier to use and matches db/* files
2495 debugging('componentname_capabilities array is deprecated, please use $capabilities array only in access.php files');
2496 $capabilities = ${$component.'_capabilities'};
2497 }
2498 }
2499
2500 return $capabilities;
2501 }
2502
2503 /**
2504 * Gets the capabilities that have been cached in the database for this component.
2505 *
2506 * @access private
2507 * @param string $component - examples: 'moodle', 'mod_forum'
2508 * @return array array of capabilities
2509 */
2510 function get_cached_capabilities($component = 'moodle') {
2511 global $DB;
2512 return $DB->get_records('capabilities', array('component'=>$component));
2513 }
2514
2515 /**
2516 * Returns default capabilities for given role archetype.
2517 *
2518 * @param string $archetype role archetype
2519 * @return array
2520 */
2521 function get_default_capabilities($archetype) {
2522 global $DB;
2523
2524 if (!$archetype) {
2525 return array();
2526 }
2527
2528 $alldefs = array();
2529 $defaults = array();
2530 $components = array();
2531 $allcaps = $DB->get_records('capabilities');
2532
2533 foreach ($allcaps as $cap) {
2534 if (!in_array($cap->component, $components)) {
2535 $components[] = $cap->component;
2536 $alldefs = array_merge($alldefs, load_capability_def($cap->component));
2537 }
2538 }
2539 foreach($alldefs as $name=>$def) {
2540 // Use array 'archetypes if available. Only if not specified, use 'legacy'.
2541 if (isset($def['archetypes'])) {
2542 if (isset($def['archetypes'][$archetype])) {
2543 $defaults[$name] = $def['archetypes'][$archetype];
2544 }
2545 // 'legacy' is for backward compatibility with 1.9 access.php
2546 } else {
2547 if (isset($def['legacy'][$archetype])) {
2548 $defaults[$name] = $def['legacy'][$archetype];
2549 }
2550 }
2551 }
2552
2553 return $defaults;
2554 }
2555
2556 /**
2557 * Return default roles that can be assigned, overridden or switched
2558 * by give role archetype.
2559 *
2560 * @param string $type assign|override|switch
2561 * @param string $archetype
2562 * @return array of role ids
2563 */
2564 function get_default_role_archetype_allows($type, $archetype) {
2565 global $DB;
2566
2567 if (empty($archetype)) {
2568 return array();
2569 }
2570
2571 $roles = $DB->get_records('role');
2572 $archetypemap = array();
2573 foreach ($roles as $role) {
2574 if ($role->archetype) {
2575 $archetypemap[$role->archetype][$role->id] = $role->id;
2576 }
2577 }
2578
2579 $defaults = array(
2580 'assign' => array(
2581 'manager' => array('manager', 'coursecreator', 'editingteacher', 'teacher', 'student'),
2582 'coursecreator' => array(),
2583 'editingteacher' => array('teacher', 'student'),
2584 'teacher' => array(),
2585 'student' => array(),
2586 'guest' => array(),
2587 'user' => array(),
2588 'frontpage' => array(),
2589 ),
2590 'override' => array(
2591 'manager' => array('manager', 'coursecreator', 'editingteacher', 'teacher', 'student', 'guest', 'user', 'frontpage'),
2592 'coursecreator' => array(),
2593 'editingteacher' => array('teacher', 'student', 'guest'),
2594 'teacher' => array(),
2595 'student' => array(),
2596 'guest' => array(),
2597 'user' => array(),
2598 'frontpage' => array(),
2599 ),
2600 'switch' => array(
2601 'manager' => array('editingteacher', 'teacher', 'student', 'guest'),
2602 'coursecreator' => array(),
2603 'editingteacher' => array('teacher', 'student', 'guest'),
2604 'teacher' => array('student', 'guest'),
2605 'student' => array(),
2606 'guest' => array(),
2607 'user' => array(),
2608 'frontpage' => array(),
2609 ),
2610 );
2611
2612 if (!isset($defaults[$type][$archetype])) {
2613 debugging("Unknown type '$type'' or archetype '$archetype''");
2614 return array();
2615 }
2616
2617 $return = array();
2618 foreach ($defaults[$type][$archetype] as $at) {
2619 if (isset($archetypemap[$at])) {
2620 foreach ($archetypemap[$at] as $roleid) {
2621 $return[$roleid] = $roleid;
2622 }
2623 }
2624 }
2625
2626 return $return;
2627 }
2628
2629 /**
2630 * Reset role capabilities to default according to selected role archetype.
2631 * If no archetype selected, removes all capabilities.
2632 *
2633 * This applies to capabilities that are assigned to the role (that you could
2634 * edit in the 'define roles' interface), and not to any capability overrides
2635 * in different locations.
2636 *
2637 * @param int $roleid ID of role to reset capabilities for
2638 */
2639 function reset_role_capabilities($roleid) {
2640 global $DB;
2641
2642 $role = $DB->get_record('role', array('id'=>$roleid), '*', MUST_EXIST);
2643 $defaultcaps = get_default_capabilities($role->archetype);
2644
2645 $systemcontext = context_system::instance();
2646
2647 $DB->delete_records('role_capabilities',
2648 array('roleid' => $roleid, 'contextid' => $systemcontext->id));
2649
2650 foreach($defaultcaps as $cap=>$permission) {
2651 assign_capability($cap, $permission, $roleid, $systemcontext->id);
2652 }
2653
2654 // Mark the system context dirty.
2655 context_system::instance()->mark_dirty();
2656 }
2657
2658 /**
2659 * Updates the capabilities table with the component capability definitions.
2660 * If no parameters are given, the function updates the core moodle
2661 * capabilities.
2662 *
2663 * Note that the absence of the db/access.php capabilities definition file
2664 * will cause any stored capabilities for the component to be removed from
2665 * the database.
2666 *
2667 * @access private
2668 * @param string $component examples: 'moodle', 'mod/forum', 'block/quiz_results'
2669 * @return boolean true if success, exception in case of any problems
2670 */
2671 function update_capabilities($component = 'moodle') {
2672 global $DB, $OUTPUT;
2673
2674 $storedcaps = array();
2675
2676 $filecaps = load_capability_def($component);
2677 foreach($filecaps as $capname=>$unused) {
2678 if (!preg_match('|^[a-z]+/[a-z_0-9]+:[a-z_0-9]+$|', $capname)) {
2679 debugging("Coding problem: Invalid capability name '$capname', use 'clonepermissionsfrom' field for migration.");
2680 }
2681 }
2682
2683 $cachedcaps = get_cached_capabilities($component);
2684 if ($cachedcaps) {
2685 foreach ($cachedcaps as $cachedcap) {
2686 array_push($storedcaps, $cachedcap->name);
2687 // update risk bitmasks and context levels in existing capabilities if needed
2688 if (array_key_exists($cachedcap->name, $filecaps)) {
2689 if (!array_key_exists('riskbitmask', $filecaps[$cachedcap->name])) {
2690 $filecaps[$cachedcap->name]['riskbitmask'] = 0; // no risk if not specified
2691 }
2692 if ($cachedcap->captype != $filecaps[$cachedcap->name]['captype']) {
2693 $updatecap = new stdClass();
2694 $updatecap->id = $cachedcap->id;
2695 $updatecap->captype = $filecaps[$cachedcap->name]['captype'];
2696 $DB->update_record('capabilities', $updatecap);
2697 }
2698 if ($cachedcap->riskbitmask != $filecaps[$cachedcap->name]['riskbitmask']) {
2699 $updatecap = new stdClass();
2700 $updatecap->id = $cachedcap->id;
2701 $updatecap->riskbitmask = $filecaps[$cachedcap->name]['riskbitmask'];
2702 $DB->update_record('capabilities', $updatecap);
2703 }
2704
2705 if (!array_key_exists('contextlevel', $filecaps[$cachedcap->name])) {
2706 $filecaps[$cachedcap->name]['contextlevel'] = 0; // no context level defined
2707 }
2708 if ($cachedcap->contextlevel != $filecaps[$cachedcap->name]['contextlevel']) {
2709 $updatecap = new stdClass();
2710 $updatecap->id = $cachedcap->id;
2711 $updatecap->contextlevel = $filecaps[$cachedcap->name]['contextlevel'];
2712 $DB->update_record('capabilities', $updatecap);
2713 }
2714 }
2715 }
2716 }
2717
2718 // Are there new capabilities in the file definition?
2719 $newcaps = array();
2720
2721 foreach ($filecaps as $filecap => $def) {
2722 if (!$storedcaps ||
2723 ($storedcaps && in_array($filecap, $storedcaps) === false)) {
2724 if (!array_key_exists('riskbitmask', $def)) {
2725 $def['riskbitmask'] = 0; // no risk if not specified
2726 }
2727 $newcaps[$filecap] = $def;
2728 }
2729 }
2730 // Add new capabilities to the stored definition.
2731 $existingcaps = $DB->get_records_menu('capabilities', array(), 'id', 'id, name');
2732 foreach ($newcaps as $capname => $capdef) {
2733 $capability = new stdClass();
2734 $capability->name = $capname;
2735 $capability->captype = $capdef['captype'];
2736 $capability->contextlevel = $capdef['contextlevel'];
2737 $capability->component = $component;
2738 $capability->riskbitmask = $capdef['riskbitmask'];
2739
2740 $DB->insert_record('capabilities', $capability, false);
2741
2742 if (isset($capdef['clonepermissionsfrom']) && in_array($capdef['clonepermissionsfrom'], $existingcaps)){
2743 if ($rolecapabilities = $DB->get_records('role_capabilities', array('capability'=>$capdef['clonepermissionsfrom']))){
2744 foreach ($rolecapabilities as $rolecapability){
2745 //assign_capability will update rather than insert if capability exists
2746 if (!assign_capability($capname, $rolecapability->permission,
2747 $rolecapability->roleid, $rolecapability->contextid, true)){
2748 echo $OUTPUT->notification('Could not clone capabilities for '.$capname);
2749 }
2750 }
2751 }
2752 // we ignore archetype key if we have cloned permissions
2753 } else if (isset($capdef['archetypes']) && is_array($capdef['archetypes'])) {
2754 assign_legacy_capabilities($capname, $capdef['archetypes']);
2755 // 'legacy' is for backward compatibility with 1.9 access.php
2756 } else if (isset($capdef['legacy']) && is_array($capdef['legacy'])) {
2757 assign_legacy_capabilities($capname, $capdef['legacy']);
2758 }
2759 }
2760 // Are there any capabilities that have been removed from the file
2761 // definition that we need to delete from the stored capabilities and
2762 // role assignments?
2763 capabilities_cleanup($component, $filecaps);
2764
2765 // reset static caches
2766 accesslib_clear_all_caches(false);
2767
2768 return true;
2769 }
2770
2771 /**
2772 * Deletes cached capabilities that are no longer needed by the component.
2773 * Also unassigns these capabilities from any roles that have them.
2774 * NOTE: this function is called from lib/db/upgrade.php
2775 *
2776 * @access private
2777 * @param string $component examples: 'moodle', 'mod_forum', 'block_quiz_results'
2778 * @param array $newcapdef array of the new capability definitions that will be
2779 * compared with the cached capabilities
2780 * @return int number of deprecated capabilities that have been removed
2781 */
2782 function capabilities_cleanup($component, $newcapdef = null) {
2783 global $DB;
2784
2785 $removedcount = 0;
2786
2787 if ($cachedcaps = get_cached_capabilities($component)) {
2788 foreach ($cachedcaps as $cachedcap) {
2789 if (empty($newcapdef) ||
2790 array_key_exists($cachedcap->name, $newcapdef) === false) {
2791
2792 // Remove from capabilities cache.
2793 $DB->delete_records('capabilities', array('name'=>$cachedcap->name));
2794 $removedcount++;
2795 // Delete from roles.
2796 if ($roles = get_roles_with_capability($cachedcap->name)) {
2797 foreach($roles as $role) {
2798 if (!unassign_capability($cachedcap->name, $role->id)) {
2799 print_error('cannotunassigncap', 'error', '', (object)array('cap'=>$cachedcap->name, 'role'=>$role->name));
2800 }
2801 }
2802 }
2803 } // End if.
2804 }
2805 }
2806 return $removedcount;
2807 }
2808
2809 /**
2810 * Returns an array of all the known types of risk
2811 * The array keys can be used, for example as CSS class names, or in calls to
2812 * print_risk_icon. The values are the corresponding RISK_ constants.
2813 *
2814 * @return array all the known types of risk.
2815 */
2816 function get_all_risks() {
2817 return array(
2818 'riskmanagetrust' => RISK_MANAGETRUST,
2819 'riskconfig' => RISK_CONFIG,
2820 'riskxss' => RISK_XSS,
2821 'riskpersonal' => RISK_PERSONAL,
2822 'riskspam' => RISK_SPAM,
2823 'riskdataloss' => RISK_DATALOSS,
2824 );
2825 }
2826
2827 /**
2828 * Return a link to moodle docs for a given capability name
2829 *
2830 * @param stdClass $capability a capability - a row from the mdl_capabilities table.
2831 * @return string the human-readable capability name as a link to Moodle Docs.
2832 */
2833 function get_capability_docs_link($capability) {
2834 $url = get_docs_url('Capabilities/' . $capability->name);
2835 return '<a onclick="this.target=\'docspopup\'" href="' . $url . '">' . get_capability_string($capability->name) . '</a>';
2836 }
2837
2838 /**
2839 * This function pulls out all the resolved capabilities (overrides and
2840 * defaults) of a role used in capability overrides in contexts at a given
2841 * context.
2842 *
2843 * @param int $roleid
2844 * @param context $context
2845 * @param string $cap capability, optional, defaults to ''
2846 * @return array Array of capabilities
2847 */
2848 function role_context_capabilities($roleid, context $context, $cap = '') {
2849 global $DB;
2850
2851 $contexts = $context->get_parent_context_ids(true);
2852 $contexts = '('.implode(',', $contexts).')';
2853
2854 $params = array($roleid);
2855
2856 if ($cap) {
2857 $search = " AND rc.capability = ? ";
2858 $params[] = $cap;
2859 } else {
2860 $search = '';
2861 }
2862
2863 $sql = "SELECT rc.*
2864 FROM {role_capabilities} rc, {context} c
2865 WHERE rc.contextid in $contexts
2866 AND rc.roleid = ?
2867 AND rc.contextid = c.id $search
2868 ORDER BY c.contextlevel DESC, rc.capability DESC";
2869
2870 $capabilities = array();
2871
2872 if ($records = $DB->get_records_sql($sql, $params)) {
2873 // We are traversing via reverse order.
2874 foreach ($records as $record) {
2875 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
2876 if (!isset($capabilities[$record->capability]) || $record->permission<-500) {
2877 $capabilities[$record->capability] = $record->permission;
2878 }
2879 }
2880 }
2881 return $capabilities;
2882 }
2883
2884 /**
2885 * Constructs array with contextids as first parameter and context paths,
2886 * in both cases bottom top including self.
2887 *
2888 * @access private
2889 * @param context $context
2890 * @return array
2891 */
2892 function get_context_info_list(context $context) {
2893 $contextids = explode('/', ltrim($context->path, '/'));
2894 $contextpaths = array();
2895 $contextids2 = $contextids;
2896 while ($contextids2) {
2897 $contextpaths[] = '/' . implode('/', $contextids2);
2898 array_pop($contextids2);
2899 }
2900 return array($contextids, $contextpaths);
2901 }
2902
2903 /**
2904 * Check if context is the front page context or a context inside it
2905 *
2906 * Returns true if this context is the front page context, or a context inside it,
2907 * otherwise false.
2908 *
2909 * @param context $context a context object.
2910 * @return bool
2911 */
2912 function is_inside_frontpage(context $context) {
2913 $frontpagecontext = context_course::instance(SITEID);
2914 return strpos($context->path . '/', $frontpagecontext->path . '/') === 0;
2915 }
2916
2917 /**
2918 * Returns capability information (cached)
2919 *
2920 * @param string $capabilityname
2921 * @return stdClass or null if capability not found
2922 */
2923 function get_capability_info($capabilityname) {
2924 global $ACCESSLIB_PRIVATE, $DB; // one request per page only
2925
2926 //TODO: MUC - this could be cached in shared memory, it would eliminate 1 query per page
2927
2928 if (empty($ACCESSLIB_PRIVATE->capabilities)) {
2929 $ACCESSLIB_PRIVATE->capabilities = array();
2930 $caps = $DB->get_records('capabilities', array(), '', 'id, name, captype, riskbitmask');
2931 foreach ($caps as $cap) {
2932 $capname = $cap->name;
2933 unset($cap->id);
2934 unset($cap->name);
2935 $cap->riskbitmask = (int)$cap->riskbitmask;
2936 $ACCESSLIB_PRIVATE->capabilities[$capname] = $cap;
2937 }
2938 }
2939
2940 return isset($ACCESSLIB_PRIVATE->capabilities[$capabilityname]) ? $ACCESSLIB_PRIVATE->capabilities[$capabilityname] : null;
2941 }
2942
2943 /**
2944 * Returns the human-readable, translated version of the capability.
2945 * Basically a big switch statement.
2946 *
2947 * @param string $capabilityname e.g. mod/choice:readresponses
2948 * @return string
2949 */
2950 function get_capability_string($capabilityname) {
2951
2952 // Typical capability name is 'plugintype/pluginname:capabilityname'
2953 list($type, $name, $capname) = preg_split('|[/:]|', $capabilityname);
2954
2955 if ($type === 'moodle') {
2956 $component = 'core_role';
2957 } else if ($type === 'quizreport') {
2958 //ugly hack!!
2959 $component = 'quiz_'.$name;
2960 } else {
2961 $component = $type.'_'.$name;
2962 }
2963
2964 $stringname = $name.':'.$capname;
2965
2966 if ($component === 'core_role' or get_string_manager()->string_exists($stringname, $component)) {
2967 return get_string($stringname, $component);
2968 }
2969
2970 $dir = core_component::get_component_directory($component);
2971 if (!file_exists($dir)) {
2972 // plugin broken or does not exist, do not bother with printing of debug message
2973 return $capabilityname.' ???';
2974 }
2975
2976 // something is wrong in plugin, better print debug
2977 return get_string($stringname, $component);
2978 }
2979
2980 /**
2981 * This gets the mod/block/course/core etc strings.
2982 *
2983 * @param string $component
2984 * @param int $contextlevel
2985 * @return string|bool String is success, false if failed
2986 */
2987 function get_component_string($component, $contextlevel) {
2988
2989 if ($component === 'moodle' or $component === 'core') {
2990 switch ($contextlevel) {
2991 // TODO: this should probably use context level names instead
2992 case CONTEXT_SYSTEM: return get_string('coresystem');
2993 case CONTEXT_USER: return get_string('users');
2994 case CONTEXT_COURSECAT: return get_string('categories');
2995 case CONTEXT_COURSE: return get_string('course');
2996 case CONTEXT_MODULE: return get_string('activities');
2997 case CONTEXT_BLOCK: return get_string('block');
2998 default: print_error('unknowncontext');
2999 }
3000 }
3001
3002 list($type, $name) = core_component::normalize_component($component);
3003 $dir = core_component::get_plugin_directory($type, $name);
3004 if (!file_exists($dir)) {
3005 // plugin not installed, bad luck, there is no way to find the name
3006 return $component.' ???';
3007 }
3008
3009 switch ($type) {
3010 // TODO: this is really hacky, anyway it should be probably moved to lib/pluginlib.php
3011 case 'quiz': return get_string($name.':componentname', $component);// insane hack!!!
3012 case 'repository': return get_string('repository', 'repository').': '.get_string('pluginname', $component);
3013 case 'gradeimport': return get_string('gradeimport', 'grades').': '.get_string('pluginname', $component);
3014 case 'gradeexport': return get_string('gradeexport', 'grades').': '.get_string('pluginname', $component);
3015 case 'gradereport': return get_string('gradereport', 'grades').': '.get_string('pluginname', $component);
3016 case 'webservice': return get_string('webservice', 'webservice').': '.get_string('pluginname', $component);
3017 case 'block': return get_string('block').': '.get_string('pluginname', basename($component));
3018 case 'mod':
3019 if (get_string_manager()->string_exists('pluginname', $component)) {
3020 return get_string('activity').': '.get_string('pluginname', $component);
3021 } else {
3022 return get_string('activity').': '.get_string('modulename', $component);
3023 }
3024 default: return get_string('pluginname', $component);
3025 }
3026 }
3027
3028 /**
3029 * Gets the list of roles assigned to this context and up (parents)
3030 * from the list of roles that are visible on user profile page
3031 * and participants page.
3032 *
3033 * @param context $context
3034 * @return array
3035 */
3036 function get_profile_roles(context $context) {
3037 global $CFG, $DB;
3038
3039 if (empty($CFG->profileroles)) {
3040 return array();
3041 }
3042
3043 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
3044 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
3045 $params = array_merge($params, $cparams);
3046
3047 if ($coursecontext = $context->get_course_context(false)) {
3048 $params['coursecontext'] = $coursecontext->id;
3049 } else {
3050 $params['coursecontext'] = 0;
3051 }
3052
3053 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3054 FROM {role_assignments} ra, {role} r
3055 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3056 WHERE r.id = ra.roleid
3057 AND ra.contextid $contextlist
3058 AND r.id $rallowed
3059 ORDER BY r.sortorder ASC";
3060
3061 return $DB->get_records_sql($sql, $params);
3062 }
3063
3064 /**
3065 * Gets the list of roles assigned to this context and up (parents)
3066 *
3067 * @param context $context
3068 * @return array
3069 */
3070 function get_roles_used_in_context(context $context) {
3071 global $DB;
3072
3073 list($contextlist, $params) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'cl');
3074
3075 if ($coursecontext = $context->get_course_context(false)) {
3076 $params['coursecontext'] = $coursecontext->id;
3077 } else {
3078 $params['coursecontext'] = 0;
3079 }
3080
3081 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3082 FROM {role_assignments} ra, {role} r
3083 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3084 WHERE r.id = ra.roleid
3085 AND ra.contextid $contextlist
3086 ORDER BY r.sortorder ASC";
3087
3088 return $DB->get_records_sql($sql, $params);
3089 }
3090
3091 /**
3092 * This function is used to print roles column in user profile page.
3093 * It is using the CFG->profileroles to limit the list to only interesting roles.
3094 * (The permission tab has full details of user role assignments.)
3095 *
3096 * @param int $userid
3097 * @param int $courseid
3098 * @return string
3099 */
3100 function get_user_roles_in_course($userid, $courseid) {
3101 global $CFG, $DB;
3102
3103 if (empty($CFG->profileroles)) {
3104 return '';
3105 }
3106
3107 if ($courseid == SITEID) {
3108 $context = context_system::instance();
3109 } else {
3110 $context = context_course::instance($courseid);
3111 }
3112
3113 list($rallowed, $params) = $DB->get_in_or_equal(explode(',', $CFG->profileroles), SQL_PARAMS_NAMED, 'a');
3114 list($contextlist, $cparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true), SQL_PARAMS_NAMED, 'p');
3115 $params = array_merge($params, $cparams);
3116
3117 if ($coursecontext = $context->get_course_context(false)) {
3118 $params['coursecontext'] = $coursecontext->id;
3119 } else {
3120 $params['coursecontext'] = 0;
3121 }
3122
3123 $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder, rn.name AS coursealias
3124 FROM {role_assignments} ra, {role} r
3125 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3126 WHERE r.id = ra.roleid
3127 AND ra.contextid $contextlist
3128 AND r.id $rallowed
3129 AND ra.userid = :userid
3130 ORDER BY r.sortorder ASC";
3131 $params['userid'] = $userid;
3132
3133 $rolestring = '';
3134
3135 if ($roles = $DB->get_records_sql($sql, $params)) {
3136 $rolenames = role_fix_names($roles, $context, ROLENAME_ALIAS, true); // Substitute aliases
3137
3138 foreach ($rolenames as $roleid => $rolename) {
3139 $rolenames[$roleid] = '<a href="'.$CFG->wwwroot.'/user/index.php?contextid='.$context->id.'&amp;roleid='.$roleid.'">'.$rolename.'</a>';
3140 }
3141 $rolestring = implode(',', $rolenames);
3142 }
3143
3144 return $rolestring;
3145 }
3146
3147 /**
3148 * Checks if a user can assign users to a particular role in this context
3149 *
3150 * @param context $context
3151 * @param int $targetroleid - the id of the role you want to assign users to
3152 * @return boolean
3153 */
3154 function user_can_assign(context $context, $targetroleid) {
3155 global $DB;
3156
3157 // First check to see if the user is a site administrator.
3158 if (is_siteadmin()) {
3159 return true;
3160 }
3161
3162 // Check if user has override capability.
3163 // If not return false.
3164 if (!has_capability('moodle/role:assign', $context)) {
3165 return false;
3166 }
3167 // pull out all active roles of this user from this context(or above)
3168 if ($userroles = get_user_roles($context)) {
3169 foreach ($userroles as $userrole) {
3170 // if any in the role_allow_override table, then it's ok
3171 if ($DB->get_record('role_allow_assign', array('roleid'=>$userrole->roleid, 'allowassign'=>$targetroleid))) {
3172 return true;
3173 }
3174 }
3175 }
3176
3177 return false;
3178 }
3179
3180 /**
3181 * Returns all site roles in correct sort order.
3182 *
3183 * Note: this method does not localise role names or descriptions,
3184 * use role_get_names() if you need role names.
3185 *
3186 * @param context $context optional context for course role name aliases
3187 * @return array of role records with optional coursealias property
3188 */
3189 function get_all_roles(context $context = null) {
3190 global $DB;
3191
3192 if (!$context or !$coursecontext = $context->get_course_context(false)) {
3193 $coursecontext = null;
3194 }
3195
3196 if ($coursecontext) {
3197 $sql = "SELECT r.*, rn.name AS coursealias
3198 FROM {role} r
3199 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3200 ORDER BY r.sortorder ASC";
3201 return $DB->get_records_sql($sql, array('coursecontext'=>$coursecontext->id));
3202
3203 } else {
3204 return $DB->get_records('role', array(), 'sortorder ASC');
3205 }
3206 }
3207
3208 /**
3209 * Returns roles of a specified archetype
3210 *
3211 * @param string $archetype
3212 * @return array of full role records
3213 */
3214 function get_archetype_roles($archetype) {
3215 global $DB;
3216 return $DB->get_records('role', array('archetype'=>$archetype), 'sortorder ASC');
3217 }
3218
3219 /**
3220 * Gets all the user roles assigned in this context, or higher contexts
3221 * this is mainly used when checking if a user can assign a role, or overriding a role
3222 * i.e. we need to know what this user holds, in order to verify against allow_assign and
3223 * allow_override tables
3224 *
3225 * @param context $context
3226 * @param int $userid
3227 * @param bool $checkparentcontexts defaults to true
3228 * @param string $order defaults to 'c.contextlevel DESC, r.sortorder ASC'
3229 * @return array
3230 */
3231 function get_user_roles(context $context, $userid = 0, $checkparentcontexts = true, $order = 'c.contextlevel DESC, r.sortorder ASC') {
3232 global $USER, $DB;
3233
3234 if (empty($userid)) {
3235 if (empty($USER->id)) {
3236 return array();
3237 }
3238 $userid = $USER->id;
3239 }
3240
3241 if ($checkparentcontexts) {
3242 $contextids = $context->get_parent_context_ids();
3243 } else {
3244 $contextids = array();
3245 }
3246 $contextids[] = $context->id;
3247
3248 list($contextids, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_QM);
3249
3250 array_unshift($params, $userid);
3251
3252 $sql = "SELECT ra.*, r.name, r.shortname
3253 FROM {role_assignments} ra, {role} r, {context} c
3254 WHERE ra.userid = ?
3255 AND ra.roleid = r.id
3256 AND ra.contextid = c.id
3257 AND ra.contextid $contextids
3258 ORDER BY $order";
3259
3260 return $DB->get_records_sql($sql ,$params);
3261 }
3262
3263 /**
3264 * Like get_user_roles, but adds in the authenticated user role, and the front
3265 * page roles, if applicable.
3266 *
3267 * @param context $context the context.
3268 * @param int $userid optional. Defaults to $USER->id
3269 * @return array of objects with fields ->userid, ->contextid and ->roleid.
3270 */
3271 function get_user_roles_with_special(context $context, $userid = 0) {
3272 global $CFG, $USER;
3273
3274 if (empty($userid)) {
3275 if (empty($USER->id)) {
3276 return array();
3277 }
3278 $userid = $USER->id;
3279 }
3280
3281 $ras = get_user_roles($context, $userid);
3282
3283 // Add front-page role if relevant.
3284 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3285 $isfrontpage = ($context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID) ||
3286 is_inside_frontpage($context);
3287 if ($defaultfrontpageroleid && $isfrontpage) {
3288 $frontpagecontext = context_course::instance(SITEID);
3289 $ra = new stdClass();
3290 $ra->userid = $userid;
3291 $ra->contextid = $frontpagecontext->id;
3292 $ra->roleid = $defaultfrontpageroleid;
3293 $ras[] = $ra;
3294 }
3295
3296 // Add authenticated user role if relevant.
3297 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3298 if ($defaultuserroleid && !isguestuser($userid)) {
3299 $systemcontext = context_system::instance();
3300 $ra = new stdClass();
3301 $ra->userid = $userid;
3302 $ra->contextid = $systemcontext->id;
3303 $ra->roleid = $defaultuserroleid;
3304 $ras[] = $ra;
3305 }
3306
3307 return $ras;
3308 }
3309
3310 /**
3311 * Creates a record in the role_allow_override table
3312 *
3313 * @param int $sroleid source roleid
3314 * @param int $troleid target roleid
3315 * @return void
3316 */
3317 function allow_override($sroleid, $troleid) {
3318 global $DB;
3319
3320 $record = new stdClass();
3321 $record->roleid = $sroleid;
3322 $record->allowoverride = $troleid;
3323 $DB->insert_record('role_allow_override', $record);
3324 }
3325
3326 /**
3327 * Creates a record in the role_allow_assign table
3328 *
3329 * @param int $fromroleid source roleid
3330 * @param int $targetroleid target roleid
3331 * @return void
3332 */
3333 function allow_assign($fromroleid, $targetroleid) {
3334 global $DB;
3335
3336 $record = new stdClass();
3337 $record->roleid = $fromroleid;
3338 $record->allowassign = $targetroleid;
3339 $DB->insert_record('role_allow_assign', $record);
3340 }
3341
3342 /**
3343 * Creates a record in the role_allow_switch table
3344 *
3345 * @param int $fromroleid source roleid
3346 * @param int $targetroleid target roleid
3347 * @return void
3348 */
3349 function allow_switch($fromroleid, $targetroleid) {
3350 global $DB;
3351
3352 $record = new stdClass();
3353 $record->roleid = $fromroleid;
3354 $record->allowswitch = $targetroleid;
3355 $DB->insert_record('role_allow_switch', $record);
3356 }
3357
3358 /**
3359 * Gets a list of roles that this user can assign in this context
3360 *
3361 * @param context $context the context.
3362 * @param int $rolenamedisplay the type of role name to display. One of the
3363 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3364 * @param bool $withusercounts if true, count the number of users with each role.
3365 * @param integer|object $user A user id or object. By default (null) checks the permissions of the current user.
3366 * @return array if $withusercounts is false, then an array $roleid => $rolename.
3367 * if $withusercounts is true, returns a list of three arrays,
3368 * $rolenames, $rolecounts, and $nameswithcounts.
3369 */
3370 function get_assignable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withusercounts = false, $user = null) {
3371 global $USER, $DB;
3372
3373 // make sure there is a real user specified
3374 if ($user === null) {
3375 $userid = isset($USER->id) ? $USER->id : 0;
3376 } else {
3377 $userid = is_object($user) ? $user->id : $user;
3378 }
3379
3380 if (!has_capability('moodle/role:assign', $context, $userid)) {
3381 if ($withusercounts) {
3382 return array(array(), array(), array());
3383 } else {
3384 return array();
3385 }
3386 }
3387
3388 $params = array();
3389 $extrafields = '';
3390
3391 if ($withusercounts) {
3392 $extrafields = ', (SELECT count(u.id)
3393 FROM {role_assignments} cra JOIN {user} u ON cra.userid = u.id
3394 WHERE cra.roleid = r.id AND cra.contextid = :conid AND u.deleted = 0
3395 ) AS usercount';
3396 $params['conid'] = $context->id;
3397 }
3398
3399 if (is_siteadmin($userid)) {
3400 // show all roles allowed in this context to admins
3401 $assignrestriction = "";
3402 } else {
3403 $parents = $context->get_parent_context_ids(true);
3404 $contexts = implode(',' , $parents);
3405 $assignrestriction = "JOIN (SELECT DISTINCT raa.allowassign AS id
3406 FROM {role_allow_assign} raa
3407 JOIN {role_assignments} ra ON ra.roleid = raa.roleid
3408 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3409 ) ar ON ar.id = r.id";
3410 $params['userid'] = $userid;
3411 }
3412 $params['contextlevel'] = $context->contextlevel;
3413
3414 if ($coursecontext = $context->get_course_context(false)) {
3415 $params['coursecontext'] = $coursecontext->id;
3416 } else {
3417 $params['coursecontext'] = 0; // no course aliases
3418 $coursecontext = null;
3419 }
3420 $sql = "SELECT r.id, r.name, r.shortname, rn.name AS coursealias $extrafields
3421 FROM {role} r
3422 $assignrestriction
3423 JOIN {role_context_levels} rcl ON (rcl.contextlevel = :contextlevel AND r.id = rcl.roleid)
3424 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3425 ORDER BY r.sortorder ASC";
3426 $roles = $DB->get_records_sql($sql, $params);
3427
3428 $rolenames = role_fix_names($roles, $coursecontext, $rolenamedisplay, true);
3429
3430 if (!$withusercounts) {
3431 return $rolenames;
3432 }
3433
3434 $rolecounts = array();
3435 $nameswithcounts = array();
3436 foreach ($roles as $role) {
3437 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->usercount . ')';
3438 $rolecounts[$role->id] = $roles[$role->id]->usercount;
3439 }
3440 return array($rolenames, $rolecounts, $nameswithcounts);
3441 }
3442
3443 /**
3444 * Gets a list of roles that this user can switch to in a context
3445 *
3446 * Gets a list of roles that this user can switch to in a context, for the switchrole menu.
3447 * This function just process the contents of the role_allow_switch table. You also need to
3448 * test the moodle/role:switchroles to see if the user is allowed to switch in the first place.
3449 *
3450 * @param context $context a context.
3451 * @return array an array $roleid => $rolename.
3452 */
3453 function get_switchable_roles(context $context) {
3454 global $USER, $DB;
3455
3456 $params = array();
3457 $extrajoins = '';
3458 $extrawhere = '';
3459 if (!is_siteadmin()) {
3460 // Admins are allowed to switch to any role with.
3461 // Others are subject to the additional constraint that the switch-to role must be allowed by
3462 // 'role_allow_switch' for some role they have assigned in this context or any parent.
3463 $parents = $context->get_parent_context_ids(true);
3464 $contexts = implode(',' , $parents);
3465
3466 $extrajoins = "JOIN {role_allow_switch} ras ON ras.allowswitch = rc.roleid
3467 JOIN {role_assignments} ra ON ra.roleid = ras.roleid";
3468 $extrawhere = "WHERE ra.userid = :userid AND ra.contextid IN ($contexts)";
3469 $params['userid'] = $USER->id;
3470 }
3471
3472 if ($coursecontext = $context->get_course_context(false)) {
3473 $params['coursecontext'] = $coursecontext->id;
3474 } else {
3475 $params['coursecontext'] = 0; // no course aliases
3476 $coursecontext = null;
3477 }
3478
3479 $query = "
3480 SELECT r.id, r.name, r.shortname, rn.name AS coursealias
3481 FROM (SELECT DISTINCT rc.roleid
3482 FROM {role_capabilities} rc
3483 $extrajoins
3484 $extrawhere) idlist
3485 JOIN {role} r ON r.id = idlist.roleid
3486 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3487 ORDER BY r.sortorder";
3488 $roles = $DB->get_records_sql($query, $params);
3489
3490 return role_fix_names($roles, $context, ROLENAME_ALIAS, true);
3491 }
3492
3493 /**
3494 * Gets a list of roles that this user can override in this context.
3495 *
3496 * @param context $context the context.
3497 * @param int $rolenamedisplay the type of role name to display. One of the
3498 * ROLENAME_X constants. Default ROLENAME_ALIAS.
3499 * @param bool $withcounts if true, count the number of overrides that are set for each role.
3500 * @return array if $withcounts is false, then an array $roleid => $rolename.
3501 * if $withusercounts is true, returns a list of three arrays,
3502 * $rolenames, $rolecounts, and $nameswithcounts.
3503 */
3504 function get_overridable_roles(context $context, $rolenamedisplay = ROLENAME_ALIAS, $withcounts = false) {
3505 global $USER, $DB;
3506
3507 if (!has_any_capability(array('moodle/role:safeoverride', 'moodle/role:override'), $context)) {
3508 if ($withcounts) {
3509 return array(array(), array(), array());
3510 } else {
3511 return array();
3512 }
3513 }
3514
3515 $parents = $context->get_parent_context_ids(true);
3516 $contexts = implode(',' , $parents);
3517
3518 $params = array();
3519 $extrafields = '';
3520
3521 $params['userid'] = $USER->id;
3522 if ($withcounts) {
3523 $extrafields = ', (SELECT COUNT(rc.id) FROM {role_capabilities} rc
3524 WHERE rc.roleid = ro.id AND rc.contextid = :conid) AS overridecount';
3525 $params['conid'] = $context->id;
3526 }
3527
3528 if ($coursecontext = $context->get_course_context(false)) {
3529 $params['coursecontext'] = $coursecontext->id;
3530 } else {
3531 $params['coursecontext'] = 0; // no course aliases
3532 $coursecontext = null;
3533 }
3534
3535 if (is_siteadmin()) {
3536 // show all roles to admins
3537 $roles = $DB->get_records_sql("
3538 SELECT ro.id, ro.name, ro.shortname, rn.name AS coursealias $extrafields
3539 FROM {role} ro
3540 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = ro.id)
3541 ORDER BY ro.sortorder ASC", $params);
3542
3543 } else {
3544 $roles = $DB->get_records_sql("
3545 SELECT ro.id, ro.name, ro.shortname, rn.name AS coursealias $extrafields
3546 FROM {role} ro
3547 JOIN (SELECT DISTINCT r.id
3548 FROM {role} r
3549 JOIN {role_allow_override} rao ON r.id = rao.allowoverride
3550 JOIN {role_assignments} ra ON rao.roleid = ra.roleid
3551 WHERE ra.userid = :userid AND ra.contextid IN ($contexts)
3552 ) inline_view ON ro.id = inline_view.id
3553 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = ro.id)
3554 ORDER BY ro.sortorder ASC", $params);
3555 }
3556
3557 $rolenames = role_fix_names($roles, $context, $rolenamedisplay, true);
3558
3559 if (!$withcounts) {
3560 return $rolenames;
3561 }
3562
3563 $rolecounts = array();
3564 $nameswithcounts = array();
3565 foreach ($roles as $role) {
3566 $nameswithcounts[$role->id] = $rolenames[$role->id] . ' (' . $roles[$role->id]->overridecount . ')';
3567 $rolecounts[$role->id] = $roles[$role->id]->overridecount;
3568 }
3569 return array($rolenames, $rolecounts, $nameswithcounts);
3570 }
3571
3572 /**
3573 * Create a role menu suitable for default role selection in enrol plugins.
3574 *
3575 * @package core_enrol
3576 *
3577 * @param context $context
3578 * @param int $addroleid current or default role - always added to list
3579 * @return array roleid=>localised role name
3580 */
3581 function get_default_enrol_roles(context $context, $addroleid = null) {
3582 global $DB;
3583
3584 $params = array('contextlevel'=>CONTEXT_COURSE);
3585
3586 if ($coursecontext = $context->get_course_context(false)) {
3587 $params['coursecontext'] = $coursecontext->id;
3588 } else {
3589 $params['coursecontext'] = 0; // no course names
3590 $coursecontext = null;
3591 }
3592
3593 if ($addroleid) {
3594 $addrole = "OR r.id = :addroleid";
3595 $params['addroleid'] = $addroleid;
3596 } else {
3597 $addrole = "";
3598 }
3599
3600 $sql = "SELECT r.id, r.name, r.shortname, rn.name AS coursealias
3601 FROM {role} r
3602 LEFT JOIN {role_context_levels} rcl ON (rcl.roleid = r.id AND rcl.contextlevel = :contextlevel)
3603 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
3604 WHERE rcl.id IS NOT NULL $addrole
3605 ORDER BY sortorder DESC";
3606
3607 $roles = $DB->get_records_sql($sql, $params);
3608
3609 return role_fix_names($roles, $context, ROLENAME_BOTH, true);
3610 }
3611
3612 /**
3613 * Return context levels where this role is assignable.
3614 *
3615 * @param integer $roleid the id of a role.
3616 * @return array list of the context levels at which this role may be assigned.
3617 */
3618 function get_role_contextlevels($roleid) {
3619 global $DB;
3620 return $DB->get_records_menu('role_context_levels', array('roleid' => $roleid),
3621 'contextlevel', 'id,contextlevel');
3622 }
3623
3624 /**
3625 * Return roles suitable for assignment at the specified context level.
3626 *
3627 * NOTE: this function name looks like a typo, should be probably get_roles_for_contextlevel()
3628 *
3629 * @param integer $contextlevel a contextlevel.
3630 * @return array list of role ids that are assignable at this context level.
3631 */
3632 function get_roles_for_contextlevels($contextlevel) {
3633 global $DB;
3634 return $DB->get_records_menu('role_context_levels', array('contextlevel' => $contextlevel),
3635 '', 'id,roleid');
3636 }
3637
3638 /**
3639 * Returns default context levels where roles can be assigned.
3640 *
3641 * @param string $rolearchetype one of the role archetypes - that is, one of the keys
3642 * from the array returned by get_role_archetypes();
3643 * @return array list of the context levels at which this type of role may be assigned by default.
3644 */
3645 function get_default_contextlevels($rolearchetype) {
3646 static $defaults = array(
3647 'manager' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE),
3648 'coursecreator' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT),
3649 'editingteacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3650 'teacher' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3651 'student' => array(CONTEXT_COURSE, CONTEXT_MODULE),
3652 'guest' => array(),
3653 'user' => array(),
3654 'frontpage' => array());
3655
3656 if (isset($defaults[$rolearchetype])) {
3657 return $defaults[$rolearchetype];
3658 } else {
3659 return array();
3660 }
3661 }
3662
3663 /**
3664 * Set the context levels at which a particular role can be assigned.
3665 * Throws exceptions in case of error.
3666 *
3667 * @param integer $roleid the id of a role.
3668 * @param array $contextlevels the context levels at which this role should be assignable,
3669 * duplicate levels are removed.
3670 * @return void
3671 */
3672 function set_role_contextlevels($roleid, array $contextlevels) {
3673 global $DB;
3674 $DB->delete_records('role_context_levels', array('roleid' => $roleid));
3675 $rcl = new stdClass();
3676 $rcl->roleid = $roleid;
3677 $contextlevels = array_unique($contextlevels);
3678 foreach ($contextlevels as $level) {
3679 $rcl->contextlevel = $level;
3680 $DB->insert_record('role_context_levels', $rcl, false, true);
3681 }
3682 }
3683
3684 /**
3685 * Who has this capability in this context?
3686 *
3687 * This can be a very expensive call - use sparingly and keep
3688 * the results if you are going to need them again soon.
3689 *
3690 * Note if $fields is empty this function attempts to get u.*
3691 * which can get rather large - and has a serious perf impact
3692 * on some DBs.
3693 *
3694 * @param context $context
3695 * @param string|array $capability - capability name(s)
3696 * @param string $fields - fields to be pulled. The user table is aliased to 'u'. u.id MUST be included.
3697 * @param string $sort - the sort order. Default is lastaccess time.
3698 * @param mixed $limitfrom - number of records to skip (offset)
3699 * @param mixed $limitnum - number of records to fetch
3700 * @param string|array $groups - single group or array of groups - only return
3701 * users who are in one of these group(s).
3702 * @param string|array $exceptions - list of users to exclude, comma separated or array
3703 * @param bool $doanything_ignored not used any more, admin accounts are never returned
3704 * @param bool $view_ignored - use get_enrolled_sql() instead
3705 * @param bool $useviewallgroups if $groups is set the return users who
3706 * have capability both $capability and moodle/site:accessallgroups
3707 * in this context, as well as users who have $capability and who are
3708 * in $groups.
3709 * @return array of user records
3710 */
3711 function get_users_by_capability(context $context, $capability, $fields = '', $sort = '', $limitfrom = '', $limitnum = '',
3712 $groups = '', $exceptions = '', $doanything_ignored = null, $view_ignored = null, $useviewallgroups = false) {
3713 global $CFG, $DB;
3714
3715 $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
3716 $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
3717
3718 $ctxids = trim($context->path, '/');
3719 $ctxids = str_replace('/', ',', $ctxids);
3720
3721 // Context is the frontpage
3722 $iscoursepage = false; // coursepage other than fp
3723 $isfrontpage = false;
3724 if ($context->contextlevel == CONTEXT_COURSE) {
3725 if ($context->instanceid == SITEID) {
3726 $isfrontpage = true;
3727 } else {
3728 $iscoursepage = true;
3729 }
3730 }
3731 $isfrontpage = ($isfrontpage || is_inside_frontpage($context));
3732
3733 $caps = (array)$capability;
3734
3735 // construct list of context paths bottom-->top
3736 list($contextids, $paths) = get_context_info_list($context);
3737
3738 // we need to find out all roles that have these capabilities either in definition or in overrides
3739 $defs = array();
3740 list($incontexts, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'con');
3741 list($incaps, $params2) = $DB->get_in_or_equal($caps, SQL_PARAMS_NAMED, 'cap');
3742 $params = array_merge($params, $params2);
3743 $sql = "SELECT rc.id, rc.roleid, rc.permission, rc.capability, ctx.path
3744 FROM {role_capabilities} rc
3745 JOIN {context} ctx on rc.contextid = ctx.id
3746 WHERE rc.contextid $incontexts AND rc.capability $incaps";
3747
3748 $rcs = $DB->get_records_sql($sql, $params);
3749 foreach ($rcs as $rc) {
3750 $defs[$rc->capability][$rc->path][$rc->roleid] = $rc->permission;
3751 }
3752
3753 // go through the permissions bottom-->top direction to evaluate the current permission,
3754 // first one wins (prohibit is an exception that always wins)
3755 $access = array();
3756 foreach ($caps as $cap) {
3757 foreach ($paths as $path) {
3758 if (empty($defs[$cap][$path])) {
3759 continue;
3760 }
3761 foreach($defs[$cap][$path] as $roleid => $perm) {
3762 if ($perm == CAP_PROHIBIT) {
3763 $access[$cap][$roleid] = CAP_PROHIBIT;
3764 continue;
3765 }
3766 if (!isset($access[$cap][$roleid])) {
3767 $access[$cap][$roleid] = (int)$perm;
3768 }
3769 }
3770 }
3771 }
3772
3773 // make lists of roles that are needed and prohibited in this context
3774 $needed = array(); // one of these is enough
3775 $prohibited = array(); // must not have any of these
3776 foreach ($caps as $cap) {
3777 if (empty($access[$cap])) {
3778 continue;
3779 }
3780 foreach ($access[$cap] as $roleid => $perm) {
3781 if ($perm == CAP_PROHIBIT) {
3782 unset($needed[$cap][$roleid]);
3783 $prohibited[$cap][$roleid] = true;
3784 } else if ($perm == CAP_ALLOW and empty($prohibited[$cap][$roleid])) {
3785 $needed[$cap][$roleid] = true;
3786 }
3787 }
3788 if (empty($needed[$cap]) or !empty($prohibited[$cap][$defaultuserroleid])) {
3789 // easy, nobody has the permission
3790 unset($needed[$cap]);
3791 unset($prohibited[$cap]);
3792 } else if ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid])) {
3793 // everybody is disqualified on the frontpage
3794 unset($needed[$cap]);
3795 unset($prohibited[$cap]);
3796 }
3797 if (empty($prohibited[$cap])) {
3798 unset($prohibited[$cap]);
3799 }
3800 }
3801
3802 if (empty($needed)) {
3803 // there can not be anybody if no roles match this request
3804 return array();
3805 }
3806
3807 if (empty($prohibited)) {
3808 // we can compact the needed roles
3809 $n = array();
3810 foreach ($needed as $cap) {
3811 foreach ($cap as $roleid=>$unused) {
3812 $n[$roleid] = true;
3813 }
3814 }
3815 $needed = array('any'=>$n);
3816 unset($n);
3817 }
3818
3819 // ***** Set up default fields ******
3820 if (empty($fields)) {
3821 if ($iscoursepage) {
3822 $fields = 'u.*, ul.timeaccess AS lastaccess';
3823 } else {
3824 $fields = 'u.*';
3825 }
3826 } else {
3827 if ($CFG->debugdeveloper && strpos($fields, 'u.*') === false && strpos($fields, 'u.id') === false) {
3828 debugging('u.id must be included in the list of fields passed to get_users_by_capability().', DEBUG_DEVELOPER);
3829 }
3830 }
3831
3832 // Set up default sort
3833 if (empty($sort)) { // default to course lastaccess or just lastaccess
3834 if ($iscoursepage) {
3835 $sort = 'ul.timeaccess';
3836 } else {
3837 $sort = 'u.lastaccess';
3838 }
3839 }
3840
3841 // Prepare query clauses
3842 $wherecond = array();
3843 $params = array();
3844 $joins = array();
3845
3846 // User lastaccess JOIN
3847 if ((strpos($sort, 'ul.timeaccess') === false) and (strpos($fields, 'ul.timeaccess') === false)) {
3848 // user_lastaccess is not required MDL-13810
3849 } else {
3850 if ($iscoursepage) {
3851 $joins[] = "LEFT OUTER JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = {$context->instanceid})";
3852 } else {
3853 throw new coding_exception('Invalid sort in get_users_by_capability(), ul.timeaccess allowed only for course contexts.');
3854 }
3855 }
3856
3857 // We never return deleted users or guest account.
3858 $wherecond[] = "u.deleted = 0 AND u.id <> :guestid";
3859 $params['guestid'] = $CFG->siteguest;
3860
3861 // Groups
3862 if ($groups) {
3863 $groups = (array)$groups;
3864 list($grouptest, $grpparams) = $DB->get_in_or_equal($groups, SQL_PARAMS_NAMED, 'grp');
3865 $grouptest = "u.id IN (SELECT userid FROM {groups_members} gm WHERE gm.groupid $grouptest)";
3866 $params = array_merge($params, $grpparams);
3867
3868 if ($useviewallgroups) {
3869 $viewallgroupsusers = get_users_by_capability($context, 'moodle/site:accessallgroups', 'u.id, u.id', '', '', '', '', $exceptions);
3870 if (!empty($viewallgroupsusers)) {
3871 $wherecond[] = "($grouptest OR u.id IN (" . implode(',', array_keys($viewallgroupsusers)) . '))';
3872 } else {
3873 $wherecond[] = "($grouptest)";
3874 }
3875 } else {
3876 $wherecond[] = "($grouptest)";
3877 }
3878 }
3879
3880 // User exceptions
3881 if (!empty($exceptions)) {
3882 $exceptions = (array)$exceptions;
3883 list($exsql, $exparams) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'exc', false);
3884 $params = array_merge($params, $exparams);
3885 $wherecond[] = "u.id $exsql";
3886 }
3887
3888 // now add the needed and prohibited roles conditions as joins
3889 if (!empty($needed['any'])) {
3890 // simple case - there are no prohibits involved
3891 if (!empty($needed['any'][$defaultuserroleid]) or ($isfrontpage and !empty($needed['any'][$defaultfrontpageroleid]))) {
3892 // everybody
3893 } else {
3894 $joins[] = "JOIN (SELECT DISTINCT userid
3895 FROM {role_assignments}
3896 WHERE contextid IN ($ctxids)
3897 AND roleid IN (".implode(',', array_keys($needed['any'])) .")
3898 ) ra ON ra.userid = u.id";
3899 }
3900 } else {
3901 $unions = array();
3902 $everybody = false;
3903 foreach ($needed as $cap=>$unused) {
3904 if (empty($prohibited[$cap])) {
3905 if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3906 $everybody = true;
3907 break;
3908 } else {
3909 $unions[] = "SELECT userid
3910 FROM {role_assignments}
3911 WHERE contextid IN ($ctxids)
3912 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")";
3913 }
3914 } else {
3915 if (!empty($prohibited[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($prohibited[$cap][$defaultfrontpageroleid]))) {
3916 // nobody can have this cap because it is prevented in default roles
3917 continue;
3918
3919 } else if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) {
3920 // everybody except the prohibitted - hiding does not matter
3921 $unions[] = "SELECT id AS userid
3922 FROM {user}
3923 WHERE id NOT IN (SELECT userid
3924 FROM {role_assignments}
3925 WHERE contextid IN ($ctxids)
3926 AND roleid IN (".implode(',', array_keys($prohibited[$cap])) ."))";
3927
3928 } else {
3929 $unions[] = "SELECT userid
3930 FROM {role_assignments}
3931 WHERE contextid IN ($ctxids)
3932 AND roleid IN (".implode(',', array_keys($needed[$cap])) .")
3933 AND roleid NOT IN (".implode(',', array_keys($prohibited[$cap])) .")";
3934 }
3935 }
3936 }
3937 if (!$everybody) {
3938 if ($unions) {
3939 $joins[] = "JOIN (SELECT DISTINCT userid FROM ( ".implode(' UNION ', $unions)." ) us) ra ON ra.userid = u.id";
3940 } else {
3941 // only prohibits found - nobody can be matched
3942 $wherecond[] = "1 = 2";
3943 }
3944 }
3945 }
3946
3947 // Collect WHERE conditions and needed joins
3948 $where = implode(' AND ', $wherecond);
3949 if ($where !== '') {
3950 $where = 'WHERE ' . $where;
3951 }
3952 $joins = implode("\n", $joins);
3953
3954 // Ok, let's get the users!
3955 $sql = "SELECT $fields
3956 FROM {user} u
3957 $joins
3958 $where
3959 ORDER BY $sort";
3960
3961 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
3962 }
3963
3964 /**
3965 * Re-sort a users array based on a sorting policy
3966 *
3967 * Will re-sort a $users results array (from get_users_by_capability(), usually)
3968 * based on a sorting policy. This is to support the odd practice of
3969 * sorting teachers by 'authority', where authority was "lowest id of the role
3970 * assignment".
3971 *
3972 * Will execute 1 database query. Only suitable for small numbers of users, as it
3973 * uses an u.id IN() clause.
3974 *
3975 * Notes about the sorting criteria.
3976 *
3977 * As a default, we cannot rely on role.sortorder because then
3978 * admins/coursecreators will always win. That is why the sane
3979 * rule "is locality matters most", with sortorder as 2nd
3980 * consideration.
3981 *
3982 * If you want role.sortorder, use the 'sortorder' policy, and
3983 * name explicitly what roles you want to cover. It's probably
3984 * a good idea to see what roles have the capabilities you want
3985 * (array_diff() them against roiles that have 'can-do-anything'
3986 * to weed out admin-ish roles. Or fetch a list of roles from
3987 * variables like $CFG->coursecontact .
3988 *
3989 * @param array $users Users array, keyed on userid
3990 * @param context $context
3991 * @param array $roles ids of the roles to include, optional
3992 * @param string $sortpolicy defaults to locality, more about
3993 * @return array sorted copy of the array
3994 */
3995 function sort_by_roleassignment_authority($users, context $context, $roles = array(), $sortpolicy = 'locality') {
3996 global $DB;
3997
3998 $userswhere = ' ra.userid IN (' . implode(',',array_keys($users)) . ')';
3999 $contextwhere = 'AND ra.contextid IN ('.str_replace('/', ',',substr($context->path, 1)).')';
4000 if (empty($roles)) {
4001 $roleswhere = '';
4002 } else {
4003 $roleswhere = ' AND ra.roleid IN ('.implode(',',$roles).')';
4004 }
4005
4006 $sql = "SELECT ra.userid
4007 FROM {role_assignments} ra
4008 JOIN {role} r
4009 ON ra.roleid=r.id
4010 JOIN {context} ctx
4011 ON ra.contextid=ctx.id
4012 WHERE $userswhere
4013 $contextwhere
4014 $roleswhere";
4015
4016 // Default 'locality' policy -- read PHPDoc notes
4017 // about sort policies...
4018 $orderby = 'ORDER BY '
4019 .'ctx.depth DESC, ' /* locality wins */
4020 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
4021 .'ra.id'; /* role assignment order tie-breaker */
4022 if ($sortpolicy === 'sortorder') {
4023 $orderby = 'ORDER BY '
4024 .'r.sortorder ASC, ' /* rolesorting 2nd criteria */
4025 .'ra.id'; /* role assignment order tie-breaker */
4026 }
4027
4028 $sortedids = $DB->get_fieldset_sql($sql . $orderby);
4029 $sortedusers = array();
4030 $seen = array();
4031
4032 foreach ($sortedids as $id) {
4033 // Avoid duplicates
4034 if (isset($seen[$id])) {
4035 continue;
4036 }
4037 $seen[$id] = true;
4038
4039 // assign
4040 $sortedusers[$id] = $users[$id];
4041 }
4042 return $sortedusers;
4043 }
4044
4045 /**
4046 * Gets all the users assigned this role in this context or higher
4047 *
4048 * @param int $roleid (can also be an array of ints!)
4049 * @param context $context
4050 * @param bool $parent if true, get list of users assigned in higher context too
4051 * @param string $fields fields from user (u.) , role assignment (ra) or role (r.)
4052 * @param string $sort sort from user (u.) , role assignment (ra.) or role (r.).
4053 * null => use default sort from users_order_by_sql.
4054 * @param bool $all true means all, false means limit to enrolled users
4055 * @param string $group defaults to ''
4056 * @param mixed $limitfrom defaults to ''
4057 * @param mixed $limitnum defaults to ''
4058 * @param string $extrawheretest defaults to ''
4059 * @param array $whereorsortparams any paramter values used by $sort or $extrawheretest.
4060 * @return array
4061 */
4062 function get_role_users($roleid, context $context, $parent = false, $fields = '',
4063 $sort = null, $all = true, $group = '',
4064 $limitfrom = '', $limitnum = '', $extrawheretest = '', $whereorsortparams = array()) {
4065 global $DB;
4066
4067 if (empty($fields)) {
4068 $allnames = get_all_user_name_fields(true, 'u');
4069 $fields = 'u.id, u.confirmed, u.username, '. $allnames . ', ' .
4070 'u.maildisplay, u.mailformat, u.maildigest, u.email, u.emailstop, u.city, '.
4071 'u.country, u.picture, u.idnumber, u.department, u.institution, '.
4072 'u.lang, u.timezone, u.lastaccess, u.mnethostid, r.name AS rolename, r.sortorder, '.
4073 'r.shortname AS roleshortname, rn.name AS rolecoursealias';
4074 }
4075
4076 $parentcontexts = '';
4077 if ($parent) {
4078 $parentcontexts = substr($context->path, 1); // kill leading slash
4079 $parentcontexts = str_replace('/', ',', $parentcontexts);
4080 if ($parentcontexts !== '') {
4081 $parentcontexts = ' OR ra.contextid IN ('.$parentcontexts.' )';
4082 }
4083 }
4084
4085 if ($roleid) {
4086 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_NAMED, 'r');
4087 $roleselect = "AND ra.roleid $rids";
4088 } else {
4089 $params = array();
4090 $roleselect = '';
4091 }
4092
4093 if ($coursecontext = $context->get_course_context(false)) {
4094 $params['coursecontext'] = $coursecontext->id;
4095 } else {
4096 $params['coursecontext'] = 0;
4097 }
4098
4099 if ($group) {
4100 $groupjoin = "JOIN {groups_members} gm ON gm.userid = u.id";
4101 $groupselect = " AND gm.groupid = :groupid ";
4102 $params['groupid'] = $group;
4103 } else {
4104 $groupjoin = '';
4105 $groupselect = '';
4106 }
4107
4108 $params['contextid'] = $context->id;
4109
4110 if ($extrawheretest) {
4111 $extrawheretest = ' AND ' . $extrawheretest;
4112 }
4113
4114 if ($whereorsortparams) {
4115 $params = array_merge($params, $whereorsortparams);
4116 }
4117
4118 if (!$sort) {
4119 list($sort, $sortparams) = users_order_by_sql('u');
4120 $params = array_merge($params, $sortparams);
4121 }
4122
4123 if ($all === null) {
4124 // Previously null was used to indicate that parameter was not used.
4125 $all = true;
4126 }
4127 if (!$all and $coursecontext) {
4128 // Do not use get_enrolled_sql() here for performance reasons.
4129 $ejoin = "JOIN {user_enrolments} ue ON ue.userid = u.id
4130 JOIN {enrol} e ON (e.id = ue.enrolid AND e.courseid = :ecourseid)";
4131 $params['ecourseid'] = $coursecontext->instanceid;
4132 } else {
4133 $ejoin = "";
4134 }
4135
4136 $sql = "SELECT DISTINCT $fields, ra.roleid
4137 FROM {role_assignments} ra
4138 JOIN {user} u ON u.id = ra.userid
4139 JOIN {role} r ON ra.roleid = r.id
4140 $ejoin
4141 LEFT JOIN {role_names} rn ON (rn.contextid = :coursecontext AND rn.roleid = r.id)
4142 $groupjoin
4143 WHERE (ra.contextid = :contextid $parentcontexts)
4144 $roleselect
4145 $groupselect
4146 $extrawheretest
4147 ORDER BY $sort"; // join now so that we can just use fullname() later
4148
4149 return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum);
4150 }
4151
4152 /**
4153 * Counts all the users assigned this role in this context or higher
4154 *
4155 * @param int|array $roleid either int or an array of ints
4156 * @param context $context
4157 * @param bool $parent if true, get list of users assigned in higher context too
4158 * @return int Returns the result count
4159 */
4160 function count_role_users($roleid, context $context, $parent = false) {
4161 global $DB;
4162
4163 if ($parent) {
4164 if ($contexts = $context->get_parent_context_ids()) {
4165 $parentcontexts = ' OR r.contextid IN ('.implode(',', $contexts).')';
4166 } else {
4167 $parentcontexts = '';
4168 }
4169 } else {
4170 $parentcontexts = '';
4171 }
4172
4173 if ($roleid) {
4174 list($rids, $params) = $DB->get_in_or_equal($roleid, SQL_PARAMS_QM);
4175 $roleselect = "AND r.roleid $rids";
4176 } else {
4177 $params = array();
4178 $roleselect = '';
4179 }
4180
4181 array_unshift($params, $context->id);
4182
4183 $sql = "SELECT COUNT(u.id)
4184 FROM {role_assignments} r
4185 JOIN {user} u ON u.id = r.userid
4186 WHERE (r.contextid = ? $parentcontexts)
4187 $roleselect
4188 AND u.deleted = 0";
4189
4190 return $DB->count_records_sql($sql, $params);
4191 }
4192
4193 /**
4194 * This function gets the list of courses that this user has a particular capability in.
4195 * It is still not very efficient.
4196 *
4197 * @param string $capability Capability in question
4198 * @param int $userid User ID or null for current user
4199 * @param bool $doanything True if 'doanything' is permitted (default)
4200 * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records;
4201 * otherwise use a comma-separated list of the fields you require, not including id
4202 * @param string $orderby If set, use a comma-separated list of fields from course
4203 * table with sql modifiers (DESC) if needed
4204 * @return array|bool Array of courses, if none found false is returned.
4205 */
4206 function get_user_capability_course($capability, $userid = null, $doanything = true, $fieldsexceptid = '', $orderby = '') {
4207 global $DB;
4208
4209 // Convert fields list and ordering
4210 $fieldlist = '';
4211 if ($fieldsexceptid) {
4212 $fields = explode(',', $fieldsexceptid);
4213 foreach($fields as $field) {
4214 $fieldlist .= ',c.'.$field;
4215 }
4216 }
4217 if ($orderby) {
4218 $fields = explode(',', $orderby);
4219 $orderby = '';
4220 foreach($fields as $field) {
4221 if ($orderby) {
4222 $orderby .= ',';
4223 }
4224 $orderby .= 'c.'.$field;
4225 }
4226 $orderby = 'ORDER BY '.$orderby;
4227 }
4228
4229 // Obtain a list of everything relevant about all courses including context.
4230 // Note the result can be used directly as a context (we are going to), the course
4231 // fields are just appended.
4232
4233 $contextpreload = context_helper::get_preload_record_columns_sql('x');
4234
4235 $courses = array();
4236 $rs = $DB->get_recordset_sql("SELECT c.id $fieldlist, $contextpreload
4237 FROM {course} c
4238 JOIN {context} x ON (c.id=x.instanceid AND x.contextlevel=".CONTEXT_COURSE.")
4239 $orderby");
4240 // Check capability for each course in turn
4241 foreach ($rs as $course) {
4242 context_helper::preload_from_record($course);
4243 $context = context_course::instance($course->id);
4244 if (has_capability($capability, $context, $userid, $doanything)) {
4245 // We've got the capability. Make the record look like a course record
4246 // and store it
4247 $courses[] = $course;
4248 }
4249 }
4250 $rs->close();
4251 return empty($courses) ? false : $courses;
4252 }
4253
4254 /**
4255 * This function finds the roles assigned directly to this context only
4256 * i.e. no roles in parent contexts
4257 *
4258 * @param context $context
4259 * @return array
4260 */
4261 function get_roles_on_exact_context(context $context) {
4262 global $DB;
4263
4264 return $DB->get_records_sql("SELECT r.*
4265 FROM {role_assignments} ra, {role} r
4266 WHERE ra.roleid = r.id AND ra.contextid = ?",
4267 array($context->id));
4268 }
4269
4270 /**
4271 * Switches the current user to another role for the current session and only
4272 * in the given context.
4273 *
4274 * The caller *must* check
4275 * - that this op is allowed
4276 * - that the requested role can be switched to in this context (use get_switchable_roles)
4277 * - that the requested role is NOT $CFG->defaultuserroleid
4278 *
4279 * To "unswitch" pass 0 as the roleid.
4280 *
4281 * This function *will* modify $USER->access - beware
4282 *
4283 * @param integer $roleid the role to switch to.
4284 * @param context $context the context in which to perform the switch.
4285 * @return bool success or failure.
4286 */
4287 function role_switch($roleid, context $context) {
4288 global $USER;
4289
4290 //
4291 // Plan of action
4292 //
4293 // - Add the ghost RA to $USER->access
4294 // as $USER->access['rsw'][$path] = $roleid
4295 //
4296 // - Make sure $USER->access['rdef'] has the roledefs
4297 // it needs to honour the switcherole
4298 //
4299 // Roledefs will get loaded "deep" here - down to the last child
4300 // context. Note that
4301 //
4302 // - When visiting subcontexts, our selective accessdata loading
4303 // will still work fine - though those ra/rdefs will be ignored
4304 // appropriately while the switch is in place
4305 //
4306 // - If a switcherole happens at a category with tons of courses
4307 // (that have many overrides for switched-to role), the session
4308 // will get... quite large. Sometimes you just can't win.
4309 //
4310 // To un-switch just unset($USER->access['rsw'][$path])
4311 //
4312 // Note: it is not possible to switch to roles that do not have course:view
4313
4314 if (!isset($USER->access)) {
4315 load_all_capabilities();
4316 }
4317
4318
4319 // Add the switch RA
4320 if ($roleid == 0) {
4321 unset($USER->access['rsw'][$context->path]);
4322 return true;
4323 }
4324
4325 $USER->access['rsw'][$context->path] = $roleid;
4326
4327 // Load roledefs
4328 load_role_access_by_context($roleid, $context, $USER->access);
4329
4330 return true;
4331 }
4332
4333 /**
4334 * Checks if the user has switched roles within the given course.
4335 *
4336 * Note: You can only switch roles within the course, hence it takes a course id
4337 * rather than a context. On that note Petr volunteered to implement this across
4338 * all other contexts, all requests for this should be forwarded to him ;)
4339 *
4340 * @param int $courseid The id of the course to check
4341 * @return bool True if the user has switched roles within the course.
4342 */
4343 function is_role_switched($courseid) {
4344 global $USER;
4345 $context = context_course::instance($courseid, MUST_EXIST);
4346 return (!empty($USER->access['rsw'][$context->path]));
4347 }
4348
4349 /**
4350 * Get any role that has an override on exact context
4351 *
4352 * @param context $context The context to check
4353 * @return array An array of roles
4354 */
4355 function get_roles_with_override_on_context(context $context) {
4356 global $DB;
4357
4358 return $DB->get_records_sql("SELECT r.*
4359 FROM {role_capabilities} rc, {role} r
4360 WHERE rc.roleid = r.id AND rc.contextid = ?",
4361 array($context->id));
4362 }
4363
4364 /**
4365 * Get all capabilities for this role on this context (overrides)
4366 *
4367 * @param stdClass $role
4368 * @param context $context
4369 * @return array
4370 */
4371 function get_capabilities_from_role_on_context($role, context $context) {
4372 global $DB;
4373
4374 return $DB->get_records_sql("SELECT *
4375 FROM {role_capabilities}
4376 WHERE contextid = ? AND roleid = ?",
4377 array($context->id, $role->id));
4378 }
4379
4380 /**
4381 * Find out which roles has assignment on this context
4382 *
4383 * @param context $context
4384 * @return array
4385 *
4386 */
4387 function get_roles_with_assignment_on_context(context $context) {
4388 global $DB;
4389
4390 return $DB->get_records_sql("SELECT r.*
4391 FROM {role_assignments} ra, {role} r
4392 WHERE ra.roleid = r.id AND ra.contextid = ?",
4393 array($context->id));
4394 }
4395
4396 /**
4397 * Find all user assignment of users for this role, on this context
4398 *
4399 * @param stdClass $role
4400 * @param context $context
4401 * @return array
4402 */
4403 function get_users_from_role_on_context($role, context $context) {
4404 global $DB;
4405
4406 return $DB->get_records_sql("SELECT *
4407 FROM {role_assignments}
4408 WHERE contextid = ? AND roleid = ?",
4409 array($context->id, $role->id));
4410 }
4411
4412 /**
4413 * Simple function returning a boolean true if user has roles
4414 * in context or parent contexts, otherwise false.
4415 *
4416 * @param int $userid
4417 * @param int $roleid
4418 * @param int $contextid empty means any context
4419 * @return bool
4420 */
4421 function user_has_role_assignment($userid, $roleid, $contextid = 0) {
4422 global $DB;
4423
4424 if ($contextid) {
4425 if (!$context = context::instance_by_id($contextid, IGNORE_MISSING)) {
4426 return false;
4427 }
4428 $parents = $context->get_parent_context_ids(true);
4429 list($contexts, $params) = $DB->get_in_or_equal($parents, SQL_PARAMS_NAMED, 'r');
4430 $params['userid'] = $userid;
4431 $params['roleid'] = $roleid;
4432
4433 $sql = "SELECT COUNT(ra.id)
4434 FROM {role_assignments} ra
4435 WHERE ra.userid = :userid AND ra.roleid = :roleid AND ra.contextid $contexts";
4436
4437 $count = $DB->get_field_sql($sql, $params);
4438 return ($count > 0);
4439
4440 } else {
4441 return $DB->record_exists('role_assignments', array('userid'=>$userid, 'roleid'=>$roleid));
4442 }
4443 }
4444
4445 /**
4446 * Get localised role name or alias if exists and format the text.
4447 *
4448 * @param stdClass $role role object
4449 * - optional 'coursealias' property should be included for performance reasons if course context used
4450 * - description property is not required here
4451 * @param context|bool $context empty means system context
4452 * @param int $rolenamedisplay type of role name
4453 * @return string localised role name or course role name alias
4454 */
4455 function role_get_name(stdClass $role, $context = null, $rolenamedisplay = ROLENAME_ALIAS) {
4456 global $DB;
4457
4458 if ($rolenamedisplay == ROLENAME_SHORT) {
4459 return $role->shortname;
4460 }
4461
4462 if (!$context or !$coursecontext = $context->get_course_context(false)) {
4463 $coursecontext = null;
4464 }
4465
4466 if ($coursecontext and !property_exists($role, 'coursealias') and ($rolenamedisplay == ROLENAME_ALIAS or $rolenamedisplay == ROLENAME_BOTH or $rolenamedisplay == ROLENAME_ALIAS_RAW)) {
4467 $role = clone($role); // Do not modify parameters.
4468 if ($r = $DB->get_record('role_names', array('roleid'=>$role->id, 'contextid'=>$coursecontext->id))) {
4469 $role->coursealias = $r->name;
4470 } else {
4471 $role->coursealias = null;
4472 }
4473 }
4474
4475 if ($rolenamedisplay == ROLENAME_ALIAS_RAW) {
4476 if ($coursecontext) {
4477 return $role->coursealias;
4478 } else {
4479 return null;
4480 }
4481 }
4482
4483 if (trim($role->name) !== '') {
4484 // For filtering always use context where was the thing defined - system for roles here.
4485 $original = format_string($role->name, true, array('context'=>context_system::instance()));
4486
4487 } else {
4488 // Empty role->name means we want to see localised role name based on shortname,
4489 // only default roles are supposed to be localised.
4490 switch ($role->shortname) {
4491 case 'manager': $original = get_string('manager', 'role'); break;
4492 case 'coursecreator': $original = get_string('coursecreators'); break;
4493 case 'editingteacher': $original = get_string('defaultcourseteacher'); break;
4494 case 'teacher': $original = get_string('noneditingteacher'); break;
4495 case 'student': $original = get_string('defaultcoursestudent'); break;
4496 case 'guest': $original = get_string('guest'); break;
4497 case 'user': $original = get_string('authenticateduser'); break;
4498 case 'frontpage': $original = get_string('frontpageuser', 'role'); break;
4499 // We should not get here, the role UI should require the name for custom roles!
4500 default: $original = $role->shortname; break;
4501 }
4502 }
4503
4504 if ($rolenamedisplay == ROLENAME_ORIGINAL) {
4505 return $original;
4506 }
4507
4508 if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) {
4509 return "$original ($role->shortname)";
4510 }
4511
4512 if ($rolenamedisplay == ROLENAME_ALIAS) {
4513 if ($coursecontext and trim($role->coursealias) !== '') {
4514 return format_string($role->coursealias, true, array('context'=>$coursecontext));
4515 } else {
4516 return $original;
4517 }
4518 }
4519
4520 if ($rolenamedisplay == ROLENAME_BOTH) {
4521 if ($coursecontext and trim($role->coursealias) !== '') {
4522 return format_string($role->coursealias, true, array('context'=>$coursecontext)) . " ($original)";
4523 } else {
4524 return $original;
4525 }
4526 }
4527
4528 throw new coding_exception('Invalid $rolenamedisplay parameter specified in role_get_name()');
4529 }
4530
4531 /**
4532 * Returns localised role description if available.
4533 * If the name is empty it tries to find the default role name using
4534 * hardcoded list of default role names or other methods in the future.
4535 *
4536 * @param stdClass $role
4537 * @return string localised role name
4538 */
4539 function role_get_description(stdClass $role) {
4540 if (!html_is_blank($role->description)) {
4541 return format_text($role->description, FORMAT_HTML, array('context'=>context_system::instance()));
4542 }
4543
4544 switch ($role->shortname) {
4545 case 'manager': return get_string('managerdescription', 'role');
4546 case 'coursecreator': return get_string('coursecreatorsdescription');
4547 case 'editingteacher': return get_string('defaultcourseteacherdescription');
4548 case 'teacher': return get_string('noneditingteacherdescription');
4549 case 'student': return get_string('defaultcoursestudentdescription');
4550 case 'guest': return get_string('guestdescription');
4551 case 'user': return get_string('authenticateduserdescription');
4552 case 'frontpage': return get_string('frontpageuserdescription', 'role');
4553 default: return '';
4554 }
4555 }
4556
4557 /**
4558 * Get all the localised role names for a context.
4559 *
4560 * In new installs default roles have empty names, this function
4561 * add localised role names using current language pack.
4562 *
4563 * @param context $context the context, null means system context
4564 * @param array of role objects with a ->localname field containing the context-specific role name.
4565 * @param int $rolenamedisplay
4566 * @param bool $returnmenu true means id=>localname, false means id=>rolerecord
4567 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4568 */
4569 function role_get_names(context $context = null, $rolenamedisplay = ROLENAME_ALIAS, $returnmenu = null) {
4570 return role_fix_names(get_all_roles($context), $context, $rolenamedisplay, $returnmenu);
4571 }
4572
4573 /**
4574 * Prepare list of roles for display, apply aliases and localise default role names.
4575 *
4576 * @param array $roleoptions array roleid => roleobject (with optional coursealias), strings are accepted for backwards compatibility only
4577 * @param context $context the context, null means system context
4578 * @param int $rolenamedisplay
4579 * @param bool $returnmenu null means keep the same format as $roleoptions, true means id=>localname, false means id=>rolerecord
4580 * @return array Array of context-specific role names, or role objects with a ->localname field added.
4581 */
4582 function role_fix_names($roleoptions, context $context = null, $rolenamedisplay = ROLENAME_ALIAS, $returnmenu = null) {
4583 global $DB;
4584
4585 if (empty($roleoptions)) {
4586 return array();
4587 }
4588
4589 if (!$context or !$coursecontext = $context->get_course_context(false)) {
4590 $coursecontext = null;
4591 }
4592
4593 // We usually need all role columns...
4594 $first = reset($roleoptions);
4595 if ($returnmenu === null) {
4596 $returnmenu = !is_object($first);
4597 }
4598
4599 if (!is_object($first) or !property_exists($first, 'shortname')) {
4600 $allroles = get_all_roles($context);
4601 foreach ($roleoptions as $rid => $unused) {
4602 $roleoptions[$rid] = $allroles[$rid];
4603 }
4604 }
4605
4606 // Inject coursealias if necessary.
4607 if ($coursecontext and ($rolenamedisplay == ROLENAME_ALIAS_RAW or $rolenamedisplay == ROLENAME_ALIAS or $rolenamedisplay == ROLENAME_BOTH)) {
4608 $first = reset($roleoptions);
4609 if (!property_exists($first, 'coursealias')) {
4610 $aliasnames = $DB->get_records('role_names', array('contextid'=>$coursecontext->id));
4611 foreach ($aliasnames as $alias) {
4612 if (isset($roleoptions[$alias->roleid])) {
4613 $roleoptions[$alias->roleid]->coursealias = $alias->name;
4614 }
4615 }
4616 }
4617 }
4618
4619 // Add localname property.
4620 foreach ($roleoptions as $rid => $role) {
4621 $roleoptions[$rid]->localname = role_get_name($role, $coursecontext, $rolenamedisplay);
4622 }
4623
4624 if (!$returnmenu) {
4625 return $roleoptions;
4626 }
4627
4628 $menu = array();
4629 foreach ($roleoptions as $rid => $role) {
4630 $menu[$rid] = $role->localname;
4631 }
4632
4633 return $menu;
4634 }
4635
4636 /**
4637 * Aids in detecting if a new line is required when reading a new capability
4638 *
4639 * This function helps admin/roles/manage.php etc to detect if a new line should be printed
4640 * when we read in a new capability.
4641 * Most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client)
4642 * but when we are in grade, all reports/import/export capabilities should be together
4643 *
4644 * @param string $cap component string a
4645 * @param string $comp component string b
4646 * @param int $contextlevel
4647 * @return bool whether 2 component are in different "sections"
4648 */
4649 function component_level_changed($cap, $comp, $contextlevel) {
4650
4651 if (strstr($cap->component, '/') && strstr($comp, '/')) {
4652 $compsa = explode('/', $cap->component);
4653 $compsb = explode('/', $comp);
4654
4655 // list of system reports
4656 if (($compsa[0] == 'report') && ($compsb[0] == 'report')) {
4657 return false;
4658 }
4659
4660 // we are in gradebook, still
4661 if (($compsa[0] == 'gradeexport' || $compsa[0] == 'gradeimport' || $compsa[0] == 'gradereport') &&
4662 ($compsb[0] == 'gradeexport' || $compsb[0] == 'gradeimport' || $compsb[0] == 'gradereport')) {
4663 return false;
4664 }
4665
4666 if (($compsa[0] == 'coursereport') && ($compsb[0] == 'coursereport')) {
4667 return false;
4668 }
4669 }
4670
4671 return ($cap->component != $comp || $cap->contextlevel != $contextlevel);
4672 }
4673
4674 /**
4675 * Fix the roles.sortorder field in the database, so it contains sequential integers,
4676 * and return an array of roleids in order.
4677 *
4678 * @param array $allroles array of roles, as returned by get_all_roles();
4679 * @return array $role->sortorder =-> $role->id with the keys in ascending order.
4680 */
4681 function fix_role_sortorder($allroles) {
4682 global $DB;
4683
4684 $rolesort = array();
4685 $i = 0;
4686 foreach ($allroles as $role) {
4687 $rolesort[$i] = $role->id;
4688 if ($role->sortorder != $i) {
4689 $r = new stdClass();
4690 $r->id = $role->id;
4691 $r->sortorder = $i;
4692 $DB->update_record('role', $r);
4693 $allroles[$role->id]->sortorder = $i;
4694 }
4695 $i++;
4696 }
4697 return $rolesort;
4698 }
4699
4700 /**
4701 * Switch the sort order of two roles (used in admin/roles/manage.php).
4702 *
4703 * @param stdClass $first The first role. Actually, only ->sortorder is used.
4704 * @param stdClass $second The second role. Actually, only ->sortorder is used.
4705 * @return boolean success or failure
4706 */
4707 function switch_roles($first, $second) {
4708 global $DB;
4709 $temp = $DB->get_field('role', 'MAX(sortorder) + 1', array());
4710 $result = $DB->set_field('role', 'sortorder', $temp, array('sortorder' => $first->sortorder));
4711 $result = $result && $DB->set_field('role', 'sortorder', $first->sortorder, array('sortorder' => $second->sortorder));
4712 $result = $result && $DB->set_field('role', 'sortorder', $second->sortorder, array('sortorder' => $temp));
4713 return $result;
4714 }
4715
4716 /**
4717 * Duplicates all the base definitions of a role
4718 *
4719 * @param stdClass $sourcerole role to copy from
4720 * @param int $targetrole id of role to copy to
4721 */
4722 function role_cap_duplicate($sourcerole, $targetrole) {
4723 global $DB;
4724
4725 $systemcontext = context_system::instance();
4726 $caps = $DB->get_records_sql("SELECT *
4727 FROM {role_capabilities}
4728 WHERE roleid = ? AND contextid = ?",
4729 array($sourcerole->id, $systemcontext->id));
4730 // adding capabilities
4731 foreach ($caps as $cap) {
4732 unset($cap->id);
4733 $cap->roleid = $targetrole;
4734 $DB->insert_record('role_capabilities', $cap);
4735 }
4736 }
4737
4738 /**
4739 * Returns two lists, this can be used to find out if user has capability.
4740 * Having any needed role and no forbidden role in this context means
4741 * user has this capability in this context.
4742 * Use get_role_names_with_cap_in_context() if you need role names to display in the UI
4743 *
4744 * @param stdClass $context
4745 * @param string $capability
4746 * @return array($neededroles, $forbiddenroles)
4747 */
4748 function get_roles_with_cap_in_context($context, $capability) {
4749 global $DB;
4750
4751 $ctxids = trim($context->path, '/'); // kill leading slash
4752 $ctxids = str_replace('/', ',', $ctxids);
4753
4754 $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.depth
4755 FROM {role_capabilities} rc
4756 JOIN {context} ctx ON ctx.id = rc.contextid
4757 WHERE rc.capability = :cap AND ctx.id IN ($ctxids)
4758 ORDER BY rc.roleid ASC, ctx.depth DESC";
4759 $params = array('cap'=>$capability);
4760
4761 if (!$capdefs = $DB->get_records_sql($sql, $params)) {
4762 // no cap definitions --> no capability
4763 return array(array(), array());
4764 }
4765
4766 $forbidden = array();
4767 $needed = array();
4768 foreach($capdefs as $def) {
4769 if (isset($forbidden[$def->roleid])) {
4770 continue;
4771 }
4772 if ($def->permission == CAP_PROHIBIT) {
4773 $forbidden[$def->roleid] = $def->roleid;
4774 unset($needed[$def->roleid]);
4775 continue;
4776 }
4777 if (!isset($needed[$def->roleid])) {
4778 if ($def->permission == CAP_ALLOW) {
4779 $needed[$def->roleid] = true;
4780 } else if ($def->permission == CAP_PREVENT) {
4781 $needed[$def->roleid] = false;
4782 }
4783 }
4784 }
4785 unset($capdefs);
4786
4787 // remove all those roles not allowing
4788 foreach($needed as $key=>$value) {
4789 if (!$value) {
4790 unset($needed[$key]);
4791 } else {
4792 $needed[$key] = $key;
4793 }
4794 }
4795
4796 return array($needed, $forbidden);
4797 }
4798
4799 /**
4800 * Returns an array of role IDs that have ALL of the the supplied capabilities
4801 * Uses get_roles_with_cap_in_context(). Returns $allowed minus $forbidden
4802 *
4803 * @param stdClass $context
4804 * @param array $capabilities An array of capabilities
4805 * @return array of roles with all of the required capabilities
4806 */
4807 function get_roles_with_caps_in_context($context, $capabilities) {
4808 $neededarr = array();
4809 $forbiddenarr = array();
4810 foreach($capabilities as $caprequired) {
4811 list($neededarr[], $forbiddenarr[]) = get_roles_with_cap_in_context($context, $caprequired);
4812 }
4813
4814 $rolesthatcanrate = array();
4815 if (!empty($neededarr)) {
4816 foreach ($neededarr as $needed) {
4817 if (empty($rolesthatcanrate)) {
4818 $rolesthatcanrate = $needed;
4819 } else {
4820 //only want roles that have all caps
4821 $rolesthatcanrate = array_intersect_key($rolesthatcanrate,$needed);
4822 }
4823 }
4824 }
4825 if (!empty($forbiddenarr) && !empty($rolesthatcanrate)) {
4826 foreach ($forbiddenarr as $forbidden) {
4827 //remove any roles that are forbidden any of the caps
4828 $rolesthatcanrate = array_diff($rolesthatcanrate, $forbidden);
4829 }
4830 }
4831 return $rolesthatcanrate;
4832 }
4833
4834 /**
4835 * Returns an array of role names that have ALL of the the supplied capabilities
4836 * Uses get_roles_with_caps_in_context(). Returns $allowed minus $forbidden
4837 *
4838 * @param stdClass $context
4839 * @param array $capabilities An array of capabilities
4840 * @return array of roles with all of the required capabilities
4841 */
4842 function get_role_names_with_caps_in_context($context, $capabilities) {
4843 global $DB;
4844
4845 $rolesthatcanrate = get_roles_with_caps_in_context($context, $capabilities);
4846 $allroles = $DB->get_records('role', null, 'sortorder DESC');
4847
4848 $roles = array();
4849 foreach ($rolesthatcanrate as $r) {
4850 $roles[$r] = $allroles[$r];
4851 }
4852
4853 return role_fix_names($roles, $context, ROLENAME_ALIAS, true);
4854 }
4855
4856 /**
4857 * This function verifies the prohibit comes from this context
4858 * and there are no more prohibits in parent contexts.
4859 *
4860 * @param int $roleid
4861 * @param context $context
4862 * @param string $capability name
4863 * @return bool
4864 */
4865 function prohibit_is_removable($roleid, context $context, $capability) {
4866 global $DB;
4867
4868 $ctxids = trim($context->path, '/'); // kill leading slash
4869 $ctxids = str_replace('/', ',', $ctxids);
4870
4871 $params = array('roleid'=>$roleid, 'cap'=>$capability, 'prohibit'=>CAP_PROHIBIT);
4872
4873 $sql = "SELECT ctx.id
4874 FROM {role_capabilities} rc
4875 JOIN {context} ctx ON ctx.id = rc.contextid
4876 WHERE rc.roleid = :roleid AND rc.permission = :prohibit AND rc.capability = :cap AND ctx.id IN ($ctxids)
4877 ORDER BY ctx.depth DESC";
4878
4879 if (!$prohibits = $DB->get_records_sql($sql, $params)) {
4880 // no prohibits == nothing to remove
4881 return true;
4882 }
4883
4884 if (count($prohibits) > 1) {
4885 // more prohibits can not be removed
4886 return false;
4887 }
4888
4889 return !empty($prohibits[$context->id]);
4890 }
4891
4892 /**
4893 * More user friendly role permission changing,
4894 * it should produce as few overrides as possible.
4895 *
4896 * @param int $roleid
4897 * @param stdClass $context
4898 * @param string $capname capability name
4899 * @param int $permission
4900 * @return void
4901 */
4902 function role_change_permission($roleid, $context, $capname, $permission) {
4903 global $DB;
4904
4905 if ($permission == CAP_INHERIT) {
4906 unassign_capability($capname, $roleid, $context->id);
4907 $context->mark_dirty();
4908 return;
4909 }
4910
4911 $ctxids = trim($context->path, '/'); // kill leading slash
4912 $ctxids = str_replace('/', ',', $ctxids);
4913
4914 $params = array('roleid'=>$roleid, 'cap'=>$capname);
4915
4916 $sql = "SELECT ctx.id, rc.permission, ctx.depth
4917 FROM {role_capabilities} rc
4918 JOIN {context} ctx ON ctx.id = rc.contextid
4919 WHERE rc.roleid = :roleid AND rc.capability = :cap AND ctx.id IN ($ctxids)
4920 ORDER BY ctx.depth DESC";
4921
4922 if ($existing = $DB->get_records_sql($sql, $params)) {
4923 foreach($existing as $e) {
4924 if ($e->permission == CAP_PROHIBIT) {
4925 // prohibit can not be overridden, no point in changing anything
4926 return;
4927 }
4928 }
4929 $lowest = array_shift($existing);
4930 if ($lowest->permission == $permission) {
4931 // permission already set in this context or parent - nothing to do
4932 return;
4933 }
4934 if ($existing) {
4935 $parent = array_shift($existing);
4936 if ($parent->permission == $permission) {
4937 // permission already set in parent context or parent - just unset in this context
4938 // we do this because we want as few overrides as possible for performance reasons
4939 unassign_capability($capname, $roleid, $context->id);
4940 $context->mark_dirty();
4941 return;
4942 }
4943 }
4944
4945 } else {
4946 if ($permission == CAP_PREVENT) {
4947 // nothing means role does not have permission
4948 return;
4949 }
4950 }
4951
4952 // assign the needed capability
4953 assign_capability($capname, $permission, $roleid, $context->id, true);
4954
4955 // force cap reloading
4956 $context->mark_dirty();
4957 }
4958
4959
4960 /**
4961 * Basic moodle context abstraction class.
4962 *
4963 * Google confirms that no other important framework is using "context" class,
4964 * we could use something else like mcontext or moodle_context, but we need to type
4965 * this very often which would be annoying and it would take too much space...
4966 *
4967 * This class is derived from stdClass for backwards compatibility with
4968 * odl $context record that was returned from DML $DB->get_record()
4969 *
4970 * @package core_access
4971 * @category access
4972 * @copyright Petr Skoda {@link http://skodak.org}
4973 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
4974 * @since Moodle 2.2
4975 *
4976 * @property-read int $id context id
4977 * @property-read int $contextlevel CONTEXT_SYSTEM, CONTEXT_COURSE, etc.
4978 * @property-read int $instanceid id of related instance in each context
4979 * @property-read string $path path to context, starts with system context
4980 * @property-read int $depth
4981 */
4982 abstract class context extends stdClass implements IteratorAggregate {
4983
4984 /**
4985 * The context id
4986 * Can be accessed publicly through $context->id
4987 * @var int
4988 */
4989 protected $_id;
4990
4991 /**
4992 * The context level
4993 * Can be accessed publicly through $context->contextlevel
4994 * @var int One of CONTEXT_* e.g. CONTEXT_COURSE, CONTEXT_MODULE
4995 */
4996 protected $_contextlevel;
4997
4998 /**
4999 * Id of the item this context is related to e.g. COURSE_CONTEXT => course.id
5000 * Can be accessed publicly through $context->instanceid
5001 * @var int
5002 */
5003 protected $_instanceid;
5004
5005 /**
5006 * The path to the context always starting from the system context
5007 * Can be accessed publicly through $context->path
5008 * @var string
5009 */
5010 protected $_path;
5011
5012 /**
5013 * The depth of the context in relation to parent contexts
5014 * Can be accessed publicly through $context->depth
5015 * @var int
5016 */
5017 protected $_depth;
5018
5019 /**
5020 * @var array Context caching info
5021 */
5022 private static $cache_contextsbyid = array();
5023
5024 /**
5025 * @var array Context caching info
5026 */
5027 private static $cache_contexts = array();
5028
5029 /**
5030 * Context count
5031 * Why do we do count contexts? Because count($array) is horribly slow for large arrays
5032 * @var int
5033 */
5034 protected static $cache_count = 0;
5035
5036 /**
5037 * @var array Context caching info
5038 */
5039 protected static $cache_preloaded = array();
5040
5041 /**
5042 * @var context_system The system context once initialised
5043 */
5044 protected static $systemcontext = null;
5045
5046 /**
5047 * Resets the cache to remove all data.
5048 * @static
5049 */
5050 protected static function reset_caches() {
5051 self::$cache_contextsbyid = array();
5052 self::$cache_contexts = array();
5053 self::$cache_count = 0;
5054 self::$cache_preloaded = array();
5055
5056 self::$systemcontext = null;
5057 }
5058
5059 /**
5060 * Adds a context to the cache. If the cache is full, discards a batch of
5061 * older entries.
5062 *
5063 * @static
5064 * @param context $context New context to add
5065 * @return void
5066 */
5067 protected static function cache_add(context $context) {
5068 if (isset(self::$cache_contextsbyid[$context->id])) {
5069 // already cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
5070 return;
5071 }
5072
5073 if (self::$cache_count >= CONTEXT_CACHE_MAX_SIZE) {
5074 $i = 0;
5075 foreach(self::$cache_contextsbyid as $ctx) {
5076 $i++;
5077 if ($i <= 100) {
5078 // we want to keep the first contexts to be loaded on this page, hopefully they will be needed again later
5079 continue;
5080 }
5081 if ($i > (CONTEXT_CACHE_MAX_SIZE / 3)) {
5082 // we remove oldest third of the contexts to make room for more contexts
5083 break;
5084 }
5085 unset(self::$cache_contextsbyid[$ctx->id]);
5086 unset(self::$cache_contexts[$ctx->contextlevel][$ctx->instanceid]);
5087 self::$cache_count--;
5088 }
5089 }
5090
5091 self::$cache_contexts[$context->contextlevel][$context->instanceid] = $context;
5092 self::$cache_contextsbyid[$context->id] = $context;
5093 self::$cache_count++;
5094 }
5095
5096 /**
5097 * Removes a context from the cache.
5098 *
5099 * @static
5100 * @param context $context Context object to remove
5101 * @return void
5102 */
5103 protected static function cache_remove(context $context) {
5104 if (!isset(self::$cache_contextsbyid[$context->id])) {
5105 // not cached, no need to do anything - this is relatively cheap, we do all this because count() is slow
5106 return;
5107 }
5108 unset(self::$cache_contexts[$context->contextlevel][$context->instanceid]);
5109 unset(self::$cache_contextsbyid[$context->id]);
5110
5111 self::$cache_count--;
5112
5113 if (self::$cache_count < 0) {
5114 self::$cache_count = 0;
5115 }
5116 }
5117
5118 /**
5119 * Gets a context from the cache.
5120 *
5121 * @static
5122 * @param int $contextlevel Context level
5123 * @param int $instance Instance ID
5124 * @return context|bool Context or false if not in cache
5125 */
5126 protected static function cache_get($contextlevel, $instance) {
5127 if (isset(self::$cache_contexts[$contextlevel][$instance])) {
5128 return self::$cache_contexts[$contextlevel][$instance];
5129 }
5130 return false;
5131 }
5132
5133 /**
5134 * Gets a context from the cache based on its id.
5135 *
5136 * @static
5137 * @param int $id Context ID
5138 * @return context|bool Context or false if not in cache
5139 */
5140 protected static function cache_get_by_id($id) {
5141 if (isset(self::$cache_contextsbyid[$id])) {
5142 return self::$cache_contextsbyid[$id];
5143 }
5144 return false;
5145 }
5146
5147 /**
5148 * Preloads context information from db record and strips the cached info.
5149 *
5150 * @static
5151 * @param stdClass $rec
5152 * @return void (modifies $rec)
5153 */
5154 protected static function preload_from_record(stdClass $rec) {
5155 if (empty($rec->ctxid) or empty($rec->ctxlevel) or empty($rec->ctxinstance) or empty($rec->ctxpath) or empty($rec->ctxdepth)) {
5156 // $rec does not have enough data, passed here repeatedly or context does not exist yet
5157 return;
5158 }
5159
5160 // note: in PHP5 the objects are passed by reference, no need to return $rec
5161 $record = new stdClass();
5162 $record->id = $rec->ctxid; unset($rec->ctxid);
5163 $record->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel);
5164 $record->instanceid = $rec->ctxinstance; unset($rec->ctxinstance);
5165 $record->path = $rec->ctxpath; unset($rec->ctxpath);
5166 $record->depth = $rec->ctxdepth; unset($rec->ctxdepth);
5167
5168 return context::create_instance_from_record($record);
5169 }
5170
5171
5172 // ====== magic methods =======
5173
5174 /**
5175 * Magic setter method, we do not want anybody to modify properties from the outside
5176 * @param string $name
5177 * @param mixed $value
5178 */
5179 public function __set($name, $value) {
5180 debugging('Can not change context instance properties!');
5181 }
5182
5183 /**
5184 * Magic method getter, redirects to read only values.
5185 * @param string $name
5186 * @return mixed
5187 */
5188 public function __get($name) {
5189 switch ($name) {
5190 case 'id': return $this->_id;
5191 case 'contextlevel': return $this->_contextlevel;
5192 case 'instanceid': return $this->_instanceid;
5193 case 'path': return $this->_path;
5194 case 'depth': return $this->_depth;
5195
5196 default:
5197 debugging('Invalid context property accessed! '.$name);
5198 return null;
5199 }
5200 }
5201
5202 /**
5203 * Full support for isset on our magic read only properties.
5204 * @param string $name
5205 * @return bool
5206 */
5207 public function __isset($name) {
5208 switch ($name) {
5209 case 'id': return isset($this->_id);
5210 case 'contextlevel': return isset($this->_contextlevel);
5211 case 'instanceid': return isset($this->_instanceid);
5212 case 'path': return isset($this->_path);
5213 case 'depth': return isset($this->_depth);
5214
5215 default: return false;
5216 }
5217
5218 }
5219
5220 /**
5221 * ALl properties are read only, sorry.
5222 * @param string $name
5223 */
5224 public function __unset($name) {
5225 debugging('Can not unset context instance properties!');
5226 }
5227
5228 // ====== implementing method from interface IteratorAggregate ======
5229
5230 /**
5231 * Create an iterator because magic vars can't be seen by 'foreach'.
5232 *
5233 * Now we can convert context object to array using convert_to_array(),
5234 * and feed it properly to json_encode().
5235 */
5236 public function getIterator() {
5237 $ret = array(
5238 'id' => $this->id,
5239 'contextlevel' => $this->contextlevel,
5240 'instanceid' => $this->instanceid,
5241 'path' => $this->path,
5242 'depth' => $this->depth
5243 );
5244 return new ArrayIterator($ret);
5245 }
5246
5247 // ====== general context methods ======
5248
5249 /**
5250 * Constructor is protected so that devs are forced to
5251 * use context_xxx::instance() or context::instance_by_id().
5252 *
5253 * @param stdClass $record
5254 */
5255 protected function __construct(stdClass $record) {
5256 $this->_id = (int)$record->id;
5257 $this->_contextlevel = (int)$record->contextlevel;
5258 $this->_instanceid = $record->instanceid;
5259 $this->_path = $record->path;
5260 $this->_depth = $record->depth;
5261 }
5262
5263 /**
5264 * This function is also used to work around 'protected' keyword problems in context_helper.
5265 * @static
5266 * @param stdClass $record
5267 * @return context instance
5268 */
5269 protected static function create_instance_from_record(stdClass $record) {
5270 $classname = context_helper::get_class_for_level($record->contextlevel);
5271
5272 if ($context = context::cache_get_by_id($record->id)) {
5273 return $context;
5274 }
5275
5276 $context = new $classname($record);
5277 context::cache_add($context);
5278
5279 return $context;
5280 }
5281
5282 /**
5283 * Copy prepared new contexts from temp table to context table,
5284 * we do this in db specific way for perf reasons only.
5285 * @static
5286 */
5287 protected static function merge_context_temp_table() {
5288 global $DB;
5289
5290 /* MDL-11347:
5291 * - mysql does not allow to use FROM in UPDATE statements
5292 * - using two tables after UPDATE works in mysql, but might give unexpected
5293 * results in pg 8 (depends on configuration)
5294 * - using table alias in UPDATE does not work in pg < 8.2
5295 *
5296 * Different code for each database - mostly for performance reasons
5297 */
5298
5299 $dbfamily = $DB->get_dbfamily();
5300 if ($dbfamily == 'mysql') {
5301 $updatesql = "UPDATE {context} ct, {context_temp} temp
5302 SET ct.path = temp.path,
5303 ct.depth = temp.depth
5304 WHERE ct.id = temp.id";
5305 } else if ($dbfamily == 'oracle') {
5306 $updatesql = "UPDATE {context} ct
5307 SET (ct.path, ct.depth) =
5308 (SELECT temp.path, temp.depth
5309 FROM {context_temp} temp
5310 WHERE temp.id=ct.id)
5311 WHERE EXISTS (SELECT 'x'
5312 FROM {context_temp} temp
5313 WHERE temp.id = ct.id)";
5314 } else if ($dbfamily == 'postgres' or $dbfamily == 'mssql') {
5315 $updatesql = "UPDATE {context}
5316 SET path = temp.path,
5317 depth = temp.depth
5318 FROM {context_temp} temp
5319 WHERE temp.id={context}.id";
5320 } else {
5321 // sqlite and others
5322 $updatesql = "UPDATE {context}
5323 SET path = (SELECT path FROM {context_temp} WHERE id = {context}.id),
5324 depth = (SELECT depth FROM {context_temp} WHERE id = {context}.id)
5325 WHERE id IN (SELECT id FROM {context_temp})";
5326 }
5327
5328 $DB->execute($updatesql);
5329 }
5330
5331 /**
5332 * Get a context instance as an object, from a given context id.
5333 *
5334 * @static
5335 * @param int $id context id
5336 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
5337 * MUST_EXIST means throw exception if no record found
5338 * @return context|bool the context object or false if not found
5339 */
5340 public static function instance_by_id($id, $strictness = MUST_EXIST) {
5341 global $DB;
5342
5343 if (get_called_class() !== 'context' and get_called_class() !== 'context_helper') {
5344 // some devs might confuse context->id and instanceid, better prevent these mistakes completely
5345 throw new coding_exception('use only context::instance_by_id() for real context levels use ::instance() methods');
5346 }
5347
5348 if ($id == SYSCONTEXTID) {
5349 return context_system::instance(0, $strictness);
5350 }
5351
5352 if (is_array($id) or is_object($id) or empty($id)) {
5353 throw new coding_exception('Invalid context id specified context::instance_by_id()');
5354 }
5355
5356 if ($context = context::cache_get_by_id($id)) {
5357 return $context;
5358 }
5359
5360 if ($record = $DB->get_record('context', array('id'=>$id), '*', $strictness)) {
5361 return context::create_instance_from_record($record);
5362 }
5363
5364 return false;
5365 }
5366
5367 /**
5368 * Update context info after moving context in the tree structure.
5369 *
5370 * @param context $newparent
5371 * @return void
5372 */
5373 public function update_moved(context $newparent) {
5374 global $DB;
5375
5376 $frompath = $this->_path;
5377 $newpath = $newparent->path . '/' . $this->_id;
5378
5379 $trans = $DB->start_delegated_transaction();
5380
5381 $this->mark_dirty();
5382
5383 $setdepth = '';
5384 if (($newparent->depth +1) != $this->_depth) {
5385 $diff = $newparent->depth - $this->_depth + 1;
5386 $setdepth = ", depth = depth + $diff";
5387 }
5388 $sql = "UPDATE {context}
5389 SET path = ?
5390 $setdepth
5391 WHERE id = ?";
5392 $params = array($newpath, $this->_id);
5393 $DB->execute($sql, $params);
5394
5395 $this->_path = $newpath;
5396 $this->_depth = $newparent->depth + 1;
5397
5398 $sql = "UPDATE {context}
5399 SET path = ".$DB->sql_concat("?", $DB->sql_substr("path", strlen($frompath)+1))."
5400 $setdepth
5401 WHERE path LIKE ?";
5402 $params = array($newpath, "{$frompath}/%");
5403 $DB->execute($sql, $params);
5404
5405 $this->mark_dirty();
5406
5407 context::reset_caches();
5408
5409 $trans->allow_commit();
5410 }
5411
5412 /**
5413 * Remove all context path info and optionally rebuild it.
5414 *
5415 * @param bool $rebuild
5416 * @return void
5417 */
5418 public function reset_paths($rebuild = true) {
5419 global $DB;
5420
5421 if ($this->_path) {
5422 $this->mark_dirty();
5423 }
5424 $DB->set_field_select('context', 'depth', 0, "path LIKE '%/$this->_id/%'");
5425 $DB->set_field_select('context', 'path', NULL, "path LIKE '%/$this->_id/%'");
5426 if ($this->_contextlevel != CONTEXT_SYSTEM) {
5427 $DB->set_field('context', 'depth', 0, array('id'=>$this->_id));
5428 $DB->set_field('context', 'path', NULL, array('id'=>$this->_id));
5429 $this->_depth = 0;
5430 $this->_path = null;
5431 }
5432
5433 if ($rebuild) {
5434 context_helper::build_all_paths(false);
5435 }
5436
5437 context::reset_caches();
5438 }
5439
5440 /**
5441 * Delete all data linked to content, do not delete the context record itself
5442 */
5443 public function delete_content() {
5444 global $CFG, $DB;
5445
5446 blocks_delete_all_for_context($this->_id);
5447 filter_delete_all_for_context($this->_id);
5448
5449 require_once($CFG->dirroot . '/comment/lib.php');
5450 comment::delete_comments(array('contextid'=>$this->_id));
5451
5452 require_once($CFG->dirroot.'/rating/lib.php');
5453 $delopt = new stdclass();
5454 $delopt->contextid = $this->_id;
5455 $rm = new rating_manager();
5456 $rm->delete_ratings($delopt);
5457
5458 // delete all files attached to this context
5459 $fs = get_file_storage();
5460 $fs->delete_area_files($this->_id);
5461
5462 // Delete all repository instances attached to this context.
5463 require_once($CFG->dirroot . '/repository/lib.php');
5464 repository::delete_all_for_context($this->_id);
5465
5466 // delete all advanced grading data attached to this context
5467 require_once($CFG->dirroot.'/grade/grading/lib.php');
5468 grading_manager::delete_all_for_context($this->_id);
5469
5470 // now delete stuff from role related tables, role_unassign_all
5471 // and unenrol should be called earlier to do proper cleanup
5472 $DB->delete_records('role_assignments', array('contextid'=>$this->_id));
5473 $DB->delete_records('role_capabilities', array('contextid'=>$this->_id));
5474 $DB->delete_records('role_names', array('contextid'=>$this->_id));
5475 }
5476
5477 /**
5478 * Delete the context content and the context record itself
5479 */
5480 public function delete() {
5481 global $DB;
5482
5483 if ($this->_contextlevel <= CONTEXT_SYSTEM) {
5484 throw new coding_exception('Cannot delete system context');
5485 }
5486
5487 // double check the context still exists
5488 if (!$DB->record_exists('context', array('id'=>$this->_id))) {
5489 context::cache_remove($this);
5490 return;
5491 }
5492
5493 $this->delete_content();
5494 $DB->delete_records('context', array('id'=>$this->_id));
5495 // purge static context cache if entry present
5496 context::cache_remove($this);
5497
5498 // do not mark dirty contexts if parents unknown
5499 if (!is_null($this->_path) and $this->_depth > 0) {
5500 $this->mark_dirty();
5501 }
5502 }
5503
5504 // ====== context level related methods ======
5505
5506 /**
5507 * Utility method for context creation
5508 *
5509 * @static
5510 * @param int $contextlevel
5511 * @param int $instanceid
5512 * @param string $parentpath
5513 * @return stdClass context record
5514 */
5515 protected static function insert_context_record($contextlevel, $instanceid, $parentpath) {
5516 global $DB;
5517
5518 $record = new stdClass();
5519 $record->contextlevel = $contextlevel;
5520 $record->instanceid = $instanceid;
5521 $record->depth = 0;
5522 $record->path = null; //not known before insert
5523
5524 $record->id = $DB->insert_record('context', $record);
5525
5526 // now add path if known - it can be added later
5527 if (!is_null($parentpath)) {
5528 $record->path = $parentpath.'/'.$record->id;
5529 $record->depth = substr_count($record->path, '/');
5530 $DB->update_record('context', $record);
5531 }
5532
5533 return $record;
5534 }
5535
5536 /**
5537 * Returns human readable context identifier.
5538 *
5539 * @param boolean $withprefix whether to prefix the name of the context with the
5540 * type of context, e.g. User, Course, Forum, etc.
5541 * @param boolean $short whether to use the short name of the thing. Only applies
5542 * to course contexts
5543 * @return string the human readable context name.
5544 */
5545 public function get_context_name($withprefix = true, $short = false) {
5546 // must be implemented in all context levels
5547 throw new coding_exception('can not get name of abstract context');
5548 }
5549
5550 /**
5551 * Returns the most relevant URL for this context.
5552 *
5553 * @return moodle_url
5554 */
5555 public abstract function get_url();
5556
5557 /**
5558 * Returns array of relevant context capability records.
5559 *
5560 * @return array
5561 */
5562 public abstract function get_capabilities();
5563
5564 /**
5565 * Recursive function which, given a context, find all its children context ids.
5566 *
5567 * For course category contexts it will return immediate children and all subcategory contexts.
5568 * It will NOT recurse into courses or subcategories categories.
5569 * If you want to do that, call it on the returned courses/categories.
5570 *
5571 * When called for a course context, it will return the modules and blocks
5572 * displayed in the course page and blocks displayed on the module pages.
5573 *
5574 * If called on a user/course/module context it _will_ populate the cache with the appropriate
5575 * contexts ;-)
5576 *
5577 * @return array Array of child records
5578 */
5579 public function get_child_contexts() {
5580 global $DB;
5581
5582 if (empty($this->_path) or empty($this->_depth)) {
5583 debugging('Can not find child contexts of context '.$this->_id.' try rebuilding of context paths');
5584 return array();
5585 }
5586
5587 $sql = "SELECT ctx.*
5588 FROM {context} ctx
5589 WHERE ctx.path LIKE ?";
5590 $params = array($this->_path.'/%');
5591 $records = $DB->get_records_sql($sql, $params);
5592
5593 $result = array();
5594 foreach ($records as $record) {
5595 $result[$record->id] = context::create_instance_from_record($record);
5596 }
5597
5598 return $result;
5599 }
5600
5601 /**
5602 * Returns parent contexts of this context in reversed order, i.e. parent first,
5603 * then grand parent, etc.
5604 *
5605 * @param bool $includeself tre means include self too
5606 * @return array of context instances
5607 */
5608 public function get_parent_contexts($includeself = false) {
5609 if (!$contextids = $this->get_parent_context_ids($includeself)) {
5610 return array();
5611 }
5612
5613 $result = array();
5614 foreach ($contextids as $contextid) {
5615 $parent = context::instance_by_id($contextid, MUST_EXIST);
5616 $result[$parent->id] = $parent;
5617 }
5618
5619 return $result;
5620 }
5621
5622 /**
5623 * Returns parent contexts of this context in reversed order, i.e. parent first,
5624 * then grand parent, etc.
5625 *
5626 * @param bool $includeself tre means include self too
5627 * @return array of context ids
5628 */
5629 public function get_parent_context_ids($includeself = false) {
5630 if (empty($this->_path)) {
5631 return array();
5632 }
5633
5634 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5635 $parentcontexts = explode('/', $parentcontexts);
5636 if (!$includeself) {
5637 array_pop($parentcontexts); // and remove its own id
5638 }
5639
5640 return array_reverse($parentcontexts);
5641 }
5642
5643 /**
5644 * Returns parent context
5645 *
5646 * @return context
5647 */
5648 public function get_parent_context() {
5649 if (empty($this->_path) or $this->_id == SYSCONTEXTID) {
5650 return false;
5651 }
5652
5653 $parentcontexts = trim($this->_path, '/'); // kill leading slash
5654 $parentcontexts = explode('/', $parentcontexts);
5655 array_pop($parentcontexts); // self
5656 $contextid = array_pop($parentcontexts); // immediate parent
5657
5658 return context::instance_by_id($contextid, MUST_EXIST);
5659 }
5660
5661 /**
5662 * Is this context part of any course? If yes return course context.
5663 *
5664 * @param bool $strict true means throw exception if not found, false means return false if not found
5665 * @return context_course context of the enclosing course, null if not found or exception
5666 */
5667 public function get_course_context($strict = true) {
5668 if ($strict) {
5669 throw new coding_exception('Context does not belong to any course.');
5670 } else {
5671 return false;
5672 }
5673 }
5674
5675 /**
5676 * Returns sql necessary for purging of stale context instances.
5677 *
5678 * @static
5679 * @return string cleanup SQL
5680 */
5681 protected static function get_cleanup_sql() {
5682 throw new coding_exception('get_cleanup_sql() method must be implemented in all context levels');
5683 }
5684
5685 /**
5686 * Rebuild context paths and depths at context level.
5687 *
5688 * @static
5689 * @param bool $force
5690 * @return void
5691 */
5692 protected static function build_paths($force) {
5693 throw new coding_exception('build_paths() method must be implemented in all context levels');
5694 }
5695
5696 /**
5697 * Create missing context instances at given level
5698 *
5699 * @static
5700 * @return void
5701 */
5702 protected static function create_level_instances() {
5703 throw new coding_exception('create_level_instances() method must be implemented in all context levels');
5704 }
5705
5706 /**
5707 * Reset all cached permissions and definitions if the necessary.
5708 * @return void
5709 */
5710 public function reload_if_dirty() {
5711 global $ACCESSLIB_PRIVATE, $USER;
5712
5713 // Load dirty contexts list if needed
5714 if (CLI_SCRIPT) {
5715 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5716 // we do not load dirty flags in CLI and cron
5717 $ACCESSLIB_PRIVATE->dirtycontexts = array();
5718 }
5719 } else {
5720 if (!isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5721 if (!isset($USER->access['time'])) {
5722 // nothing was loaded yet, we do not need to check dirty contexts now
5723 return;
5724 }
5725 // no idea why -2 is there, server cluster time difference maybe... (skodak)
5726 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5727 }
5728 }
5729
5730 foreach ($ACCESSLIB_PRIVATE->dirtycontexts as $path=>$unused) {
5731 if ($path === $this->_path or strpos($this->_path, $path.'/') === 0) {
5732 // reload all capabilities of USER and others - preserving loginas, roleswitches, etc
5733 // and then cleanup any marks of dirtyness... at least from our short term memory! :-)
5734 reload_all_capabilities();
5735 break;
5736 }
5737 }
5738 }
5739
5740 /**
5741 * Mark a context as dirty (with timestamp) so as to force reloading of the context.
5742 */
5743 public function mark_dirty() {
5744 global $CFG, $USER, $ACCESSLIB_PRIVATE;
5745
5746 if (during_initial_install()) {
5747 return;
5748 }
5749
5750 // only if it is a non-empty string
5751 if (is_string($this->_path) && $this->_path !== '') {
5752 set_cache_flag('accesslib/dirtycontexts', $this->_path, 1, time()+$CFG->sessiontimeout);
5753 if (isset($ACCESSLIB_PRIVATE->dirtycontexts)) {
5754 $ACCESSLIB_PRIVATE->dirtycontexts[$this->_path] = 1;
5755 } else {
5756 if (CLI_SCRIPT) {
5757 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5758 } else {
5759 if (isset($USER->access['time'])) {
5760 $ACCESSLIB_PRIVATE->dirtycontexts = get_cache_flags('accesslib/dirtycontexts', $USER->access['time']-2);
5761 } else {
5762 $ACCESSLIB_PRIVATE->dirtycontexts = array($this->_path => 1);
5763 }
5764 // flags not loaded yet, it will be done later in $context->reload_if_dirty()
5765 }
5766 }
5767 }
5768 }
5769 }
5770
5771
5772 /**
5773 * Context maintenance and helper methods.
5774 *
5775 * This is "extends context" is a bloody hack that tires to work around the deficiencies
5776 * in the "protected" keyword in PHP, this helps us to hide all the internals of context
5777 * level implementation from the rest of code, the code completion returns what developers need.
5778 *
5779 * Thank you Tim Hunt for helping me with this nasty trick.
5780 *
5781 * @package core_access
5782 * @category access
5783 * @copyright Petr Skoda {@link http://skodak.org}
5784 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
5785 * @since Moodle 2.2
5786 */
5787 class context_helper extends context {
5788
5789 /**
5790 * @var array An array mapping context levels to classes
5791 */
5792 private static $alllevels;
5793
5794 /**
5795 * Instance does not make sense here, only static use
5796 */
5797 protected function __construct() {
5798 }
5799
5800 /**
5801 * Reset internal context levels array.
5802 */
5803 public static function reset_levels() {
5804 self::$alllevels = null;
5805 }
5806
5807 /**
5808 * Initialise context levels, call before using self::$alllevels.
5809 */
5810 private static function init_levels() {
5811 global $CFG;
5812
5813 if (isset(self::$alllevels)) {
5814 return;
5815 }
5816 self::$alllevels = array(
5817 CONTEXT_SYSTEM => 'context_system',
5818 CONTEXT_USER => 'context_user',
5819 CONTEXT_COURSECAT => 'context_coursecat',
5820 CONTEXT_COURSE => 'context_course',
5821 CONTEXT_MODULE => 'context_module',
5822 CONTEXT_BLOCK => 'context_block',
5823 );
5824
5825 if (empty($CFG->custom_context_classes)) {
5826 return;
5827 }
5828
5829 $levels = $CFG->custom_context_classes;
5830 if (!is_array($levels)) {
5831 $levels = @unserialize($levels);
5832 }
5833 if (!is_array($levels)) {
5834 debugging('Invalid $CFG->custom_context_classes detected, value ignored.', DEBUG_DEVELOPER);
5835 return;
5836 }
5837
5838 // Unsupported custom levels, use with care!!!
5839 foreach ($levels as $level => $classname) {
5840 self::$alllevels[$level] = $classname;
5841 }
5842 ksort(self::$alllevels);
5843 }
5844
5845 /**
5846 * Returns a class name of the context level class
5847 *
5848 * @static
5849 * @param int $contextlevel (CONTEXT_SYSTEM, etc.)
5850 * @return string class name of the context class
5851 */
5852 public static function get_class_for_level($contextlevel) {
5853 self::init_levels();
5854 if (isset(self::$alllevels[$contextlevel])) {
5855 return self::$alllevels[$contextlevel];
5856 } else {
5857 throw new coding_exception('Invalid context level specified');
5858 }
5859 }
5860
5861 /**
5862 * Returns a list of all context levels
5863 *
5864 * @static
5865 * @return array int=>string (level=>level class name)
5866 */
5867 public static function get_all_levels() {
5868 self::init_levels();
5869 return self::$alllevels;
5870 }
5871
5872 /**
5873 * Remove stale contexts that belonged to deleted instances.
5874 * Ideally all code should cleanup contexts properly, unfortunately accidents happen...
5875 *
5876 * @static
5877 * @return void
5878 */
5879 public static function cleanup_instances() {
5880 global $DB;
5881 self::init_levels();
5882
5883 $sqls = array();
5884 foreach (self::$alllevels as $level=>$classname) {
5885 $sqls[] = $classname::get_cleanup_sql();
5886 }
5887
5888 $sql = implode(" UNION ", $sqls);
5889
5890 // it is probably better to use transactions, it might be faster too
5891 $transaction = $DB->start_delegated_transaction();
5892
5893 $rs = $DB->get_recordset_sql($sql);
5894 foreach ($rs as $record) {
5895 $context = context::create_instance_from_record($record);
5896 $context->delete();
5897 }
5898 $rs->close();
5899
5900 $transaction->allow_commit();
5901 }
5902
5903 /**
5904 * Create all context instances at the given level and above.
5905 *
5906 * @static
5907 * @param int $contextlevel null means all levels
5908 * @param bool $buildpaths
5909 * @return void
5910 */
5911 public static function create_instances($contextlevel = null, $buildpaths = true) {
5912 self::init_levels();
5913 foreach (self::$alllevels as $level=>$classname) {
5914 if ($contextlevel and $level > $contextlevel) {
5915 // skip potential sub-contexts
5916 continue;
5917 }
5918 $classname::create_level_instances();
5919 if ($buildpaths) {
5920 $classname::build_paths(false);
5921 }
5922 }
5923 }
5924
5925 /**
5926 * Rebuild paths and depths in all context levels.
5927 *
5928 * @static
5929 * @param bool $force false means add missing only
5930 * @return void
5931 */
5932 public static function build_all_paths($force = false) {
5933 self::init_levels();
5934 foreach (self::$alllevels as $classname) {
5935 $classname::build_paths($force);
5936 }
5937
5938 // reset static course cache - it might have incorrect cached data
5939 accesslib_clear_all_caches(true);
5940 }
5941
5942 /**
5943 * Resets the cache to remove all data.
5944 * @static
5945 */
5946 public static function reset_caches() {
5947 context::reset_caches();
5948 }
5949
5950 /**
5951 * Returns all fields necessary for context preloading from user $rec.
5952 *
5953 * This helps with performance when dealing with hundreds of contexts.
5954 *
5955 * @static
5956 * @param string $tablealias context table alias in the query
5957 * @return array (table.column=>alias, ...)
5958 */
5959 public static function get_preload_record_columns($tablealias) {
5960 return array("$tablealias.id"=>"ctxid", "$tablealias.path"=>"ctxpath", "$tablealias.depth"=>"ctxdepth", "$tablealias.contextlevel"=>"ctxlevel", "$tablealias.instanceid"=>"ctxinstance");
5961 }
5962
5963 /**
5964 * Returns all fields necessary for context preloading from user $rec.
5965 *
5966 * This helps with performance when dealing with hundreds of contexts.
5967 *
5968 * @static
5969 * @param string $tablealias context table alias in the query
5970 * @return string
5971 */
5972 public static function get_preload_record_columns_sql($tablealias) {
5973 return "$tablealias.id AS ctxid, $tablealias.path AS ctxpath, $tablealias.depth AS ctxdepth, $tablealias.contextlevel AS ctxlevel, $tablealias.instanceid AS ctxinstance";
5974 }
5975
5976 /**
5977 * Preloads context information from db record and strips the cached info.
5978 *
5979 * The db request has to contain all columns from context_helper::get_preload_record_columns().
5980 *
5981 * @static
5982 * @param stdClass $rec
5983 * @return void (modifies $rec)
5984 */
5985 public static function preload_from_record(stdClass $rec) {
5986 context::preload_from_record($rec);
5987 }
5988
5989 /**
5990 * Preload all contexts instances from course.
5991 *
5992 * To be used if you expect multiple queries for course activities...
5993 *
5994 * @static
5995 * @param int $courseid
5996 */
5997 public static function preload_course($courseid) {
5998 // Users can call this multiple times without doing any harm
5999 if (isset(context::$cache_preloaded[$courseid])) {
6000 return;
6001 }
6002 $coursecontext = context_course::instance($courseid);
6003 $coursecontext->get_child_contexts();
6004
6005 context::$cache_preloaded[$courseid] = true;
6006 }
6007
6008 /**
6009 * Delete context instance
6010 *
6011 * @static
6012 * @param int $contextlevel
6013 * @param int $instanceid
6014 * @return void
6015 */
6016 public static function delete_instance($contextlevel, $instanceid) {
6017 global $DB;
6018
6019 // double check the context still exists
6020 if ($record = $DB->get_record('context', array('contextlevel'=>$contextlevel, 'instanceid'=>$instanceid))) {
6021 $context = context::create_instance_from_record($record);
6022 $context->delete();
6023 } else {
6024 // we should try to purge the cache anyway
6025 }
6026 }
6027
6028 /**
6029 * Returns the name of specified context level
6030 *
6031 * @static
6032 * @param int $contextlevel
6033 * @return string name of the context level
6034 */
6035 public static function get_level_name($contextlevel) {
6036 $classname = context_helper::get_class_for_level($contextlevel);
6037 return $classname::get_level_name();
6038 }
6039
6040 /**
6041 * not used
6042 */
6043 public function get_url() {
6044 }
6045
6046 /**
6047 * not used
6048 */
6049 public function get_capabilities() {
6050 }
6051 }
6052
6053
6054 /**
6055 * System context class
6056 *
6057 * @package core_access
6058 * @category access
6059 * @copyright Petr Skoda {@link http://skodak.org}
6060 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6061 * @since Moodle 2.2
6062 */
6063 class context_system extends context {
6064 /**
6065 * Please use context_system::instance() if you need the instance of context.
6066 *
6067 * @param stdClass $record
6068 */
6069 protected function __construct(stdClass $record) {
6070 parent::__construct($record);
6071 if ($record->contextlevel != CONTEXT_SYSTEM) {
6072 throw new coding_exception('Invalid $record->contextlevel in context_system constructor.');
6073 }
6074 }
6075
6076 /**
6077 * Returns human readable context level name.
6078 *
6079 * @static
6080 * @return string the human readable context level name.
6081 */
6082 public static function get_level_name() {
6083 return get_string('coresystem');
6084 }
6085
6086 /**
6087 * Returns human readable context identifier.
6088 *
6089 * @param boolean $withprefix does not apply to system context
6090 * @param boolean $short does not apply to system context
6091 * @return string the human readable context name.
6092 */
6093 public function get_context_name($withprefix = true, $short = false) {
6094 return self::get_level_name();
6095 }
6096
6097 /**
6098 * Returns the most relevant URL for this context.
6099 *
6100 * @return moodle_url
6101 */
6102 public function get_url() {
6103 return new moodle_url('/');
6104 }
6105
6106 /**
6107 * Returns array of relevant context capability records.
6108 *
6109 * @return array
6110 */
6111 public function get_capabilities() {
6112 global $DB;
6113
6114 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6115
6116 $params = array();
6117 $sql = "SELECT *
6118 FROM {capabilities}";
6119
6120 return $DB->get_records_sql($sql.' '.$sort, $params);
6121 }
6122
6123 /**
6124 * Create missing context instances at system context
6125 * @static
6126 */
6127 protected static function create_level_instances() {
6128 // nothing to do here, the system context is created automatically in installer
6129 self::instance(0);
6130 }
6131
6132 /**
6133 * Returns system context instance.
6134 *
6135 * @static
6136 * @param int $instanceid
6137 * @param int $strictness
6138 * @param bool $cache
6139 * @return context_system context instance
6140 */
6141 public static function instance($instanceid = 0, $strictness = MUST_EXIST, $cache = true) {
6142 global $DB;
6143
6144 if ($instanceid != 0) {
6145 debugging('context_system::instance(): invalid $id parameter detected, should be 0');
6146 }
6147
6148 if (defined('SYSCONTEXTID') and $cache) { // dangerous: define this in config.php to eliminate 1 query/page
6149 if (!isset(context::$systemcontext)) {
6150 $record = new stdClass();
6151 $record->id = SYSCONTEXTID;
6152 $record->contextlevel = CONTEXT_SYSTEM;
6153 $record->instanceid = 0;
6154 $record->path = '/'.SYSCONTEXTID;
6155 $record->depth = 1;
6156 context::$systemcontext = new context_system($record);
6157 }
6158 return context::$systemcontext;
6159 }
6160
6161
6162 try {
6163 // We ignore the strictness completely because system context must exist except during install.
6164 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
6165 } catch (dml_exception $e) {
6166 //table or record does not exist
6167 if (!during_initial_install()) {
6168 // do not mess with system context after install, it simply must exist
6169 throw $e;
6170 }
6171 $record = null;
6172 }
6173
6174 if (!$record) {
6175 $record = new stdClass();
6176 $record->contextlevel = CONTEXT_SYSTEM;
6177 $record->instanceid = 0;
6178 $record->depth = 1;
6179 $record->path = null; //not known before insert
6180
6181 try {
6182 if ($DB->count_records('context')) {
6183 // contexts already exist, this is very weird, system must be first!!!
6184 return null;
6185 }
6186 if (defined('SYSCONTEXTID')) {
6187 // this would happen only in unittest on sites that went through weird 1.7 upgrade
6188 $record->id = SYSCONTEXTID;
6189 $DB->import_record('context', $record);
6190 $DB->get_manager()->reset_sequence('context');
6191 } else {
6192 $record->id = $DB->insert_record('context', $record);
6193 }
6194 } catch (dml_exception $e) {
6195 // can not create context - table does not exist yet, sorry
6196 return null;
6197 }
6198 }
6199
6200 if ($record->instanceid != 0) {
6201 // this is very weird, somebody must be messing with context table
6202 debugging('Invalid system context detected');
6203 }
6204
6205 if ($record->depth != 1 or $record->path != '/'.$record->id) {
6206 // fix path if necessary, initial install or path reset
6207 $record->depth = 1;
6208 $record->path = '/'.$record->id;
6209 $DB->update_record('context', $record);
6210 }
6211
6212 if (!defined('SYSCONTEXTID')) {
6213 define('SYSCONTEXTID', $record->id);
6214 }
6215
6216 context::$systemcontext = new context_system($record);
6217 return context::$systemcontext;
6218 }
6219
6220 /**
6221 * Returns all site contexts except the system context, DO NOT call on production servers!!
6222 *
6223 * Contexts are not cached.
6224 *
6225 * @return array
6226 */
6227 public function get_child_contexts() {
6228 global $DB;
6229
6230 debugging('Fetching of system context child courses is strongly discouraged on production servers (it may eat all available memory)!');
6231
6232 // Just get all the contexts except for CONTEXT_SYSTEM level
6233 // and hope we don't OOM in the process - don't cache
6234 $sql = "SELECT c.*
6235 FROM {context} c
6236 WHERE contextlevel > ".CONTEXT_SYSTEM;
6237 $records = $DB->get_records_sql($sql);
6238
6239 $result = array();
6240 foreach ($records as $record) {
6241 $result[$record->id] = context::create_instance_from_record($record);
6242 }
6243
6244 return $result;
6245 }
6246
6247 /**
6248 * Returns sql necessary for purging of stale context instances.
6249 *
6250 * @static
6251 * @return string cleanup SQL
6252 */
6253 protected static function get_cleanup_sql() {
6254 $sql = "
6255 SELECT c.*
6256 FROM {context} c
6257 WHERE 1=2
6258 ";
6259
6260 return $sql;
6261 }
6262
6263 /**
6264 * Rebuild context paths and depths at system context level.
6265 *
6266 * @static
6267 * @param bool $force
6268 */
6269 protected static function build_paths($force) {
6270 global $DB;
6271
6272 /* note: ignore $force here, we always do full test of system context */
6273
6274 // exactly one record must exist
6275 $record = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM), '*', MUST_EXIST);
6276
6277 if ($record->instanceid != 0) {
6278 debugging('Invalid system context detected');
6279 }
6280
6281 if (defined('SYSCONTEXTID') and $record->id != SYSCONTEXTID) {
6282 debugging('Invalid SYSCONTEXTID detected');
6283 }
6284
6285 if ($record->depth != 1 or $record->path != '/'.$record->id) {
6286 // fix path if necessary, initial install or path reset
6287 $record->depth = 1;
6288 $record->path = '/'.$record->id;
6289 $DB->update_record('context', $record);
6290 }
6291 }
6292 }
6293
6294
6295 /**
6296 * User context class
6297 *
6298 * @package core_access
6299 * @category access
6300 * @copyright Petr Skoda {@link http://skodak.org}
6301 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6302 * @since Moodle 2.2
6303 */
6304 class context_user extends context {
6305 /**
6306 * Please use context_user::instance($userid) if you need the instance of context.
6307 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6308 *
6309 * @param stdClass $record
6310 */
6311 protected function __construct(stdClass $record) {
6312 parent::__construct($record);
6313 if ($record->contextlevel != CONTEXT_USER) {
6314 throw new coding_exception('Invalid $record->contextlevel in context_user constructor.');
6315 }
6316 }
6317
6318 /**
6319 * Returns human readable context level name.
6320 *
6321 * @static
6322 * @return string the human readable context level name.
6323 */
6324 public static function get_level_name() {
6325 return get_string('user');
6326 }
6327
6328 /**
6329 * Returns human readable context identifier.
6330 *
6331 * @param boolean $withprefix whether to prefix the name of the context with User
6332 * @param boolean $short does not apply to user context
6333 * @return string the human readable context name.
6334 */
6335 public function get_context_name($withprefix = true, $short = false) {
6336 global $DB;
6337
6338 $name = '';
6339 if ($user = $DB->get_record('user', array('id'=>$this->_instanceid, 'deleted'=>0))) {
6340 if ($withprefix){
6341 $name = get_string('user').': ';
6342 }
6343 $name .= fullname($user);
6344 }
6345 return $name;
6346 }
6347
6348 /**
6349 * Returns the most relevant URL for this context.
6350 *
6351 * @return moodle_url
6352 */
6353 public function get_url() {
6354 global $COURSE;
6355
6356 if ($COURSE->id == SITEID) {
6357 $url = new moodle_url('/user/profile.php', array('id'=>$this->_instanceid));
6358 } else {
6359 $url = new moodle_url('/user/view.php', array('id'=>$this->_instanceid, 'courseid'=>$COURSE->id));
6360 }
6361 return $url;
6362 }
6363
6364 /**
6365 * Returns array of relevant context capability records.
6366 *
6367 * @return array
6368 */
6369 public function get_capabilities() {
6370 global $DB;
6371
6372 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6373
6374 $extracaps = array('moodle/grade:viewall');
6375 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
6376 $sql = "SELECT *
6377 FROM {capabilities}
6378 WHERE contextlevel = ".CONTEXT_USER."
6379 OR name $extra";
6380
6381 return $records = $DB->get_records_sql($sql.' '.$sort, $params);
6382 }
6383
6384 /**
6385 * Returns user context instance.
6386 *
6387 * @static
6388 * @param int $instanceid
6389 * @param int $strictness
6390 * @return context_user context instance
6391 */
6392 public static function instance($instanceid, $strictness = MUST_EXIST) {
6393 global $DB;
6394
6395 if ($context = context::cache_get(CONTEXT_USER, $instanceid)) {
6396 return $context;
6397 }
6398
6399 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_USER, 'instanceid'=>$instanceid))) {
6400 if ($user = $DB->get_record('user', array('id'=>$instanceid, 'deleted'=>0), 'id', $strictness)) {
6401 $record = context::insert_context_record(CONTEXT_USER, $user->id, '/'.SYSCONTEXTID, 0);
6402 }
6403 }
6404
6405 if ($record) {
6406 $context = new context_user($record);
6407 context::cache_add($context);
6408 return $context;
6409 }
6410
6411 return false;
6412 }
6413
6414 /**
6415 * Create missing context instances at user context level
6416 * @static
6417 */
6418 protected static function create_level_instances() {
6419 global $DB;
6420
6421 $sql = "SELECT ".CONTEXT_USER.", u.id
6422 FROM {user} u
6423 WHERE u.deleted = 0
6424 AND NOT EXISTS (SELECT 'x'
6425 FROM {context} cx
6426 WHERE u.id = cx.instanceid AND cx.contextlevel=".CONTEXT_USER.")";
6427 $contextdata = $DB->get_recordset_sql($sql);
6428 foreach ($contextdata as $context) {
6429 context::insert_context_record(CONTEXT_USER, $context->id, null);
6430 }
6431 $contextdata->close();
6432 }
6433
6434 /**
6435 * Returns sql necessary for purging of stale context instances.
6436 *
6437 * @static
6438 * @return string cleanup SQL
6439 */
6440 protected static function get_cleanup_sql() {
6441 $sql = "
6442 SELECT c.*
6443 FROM {context} c
6444 LEFT OUTER JOIN {user} u ON (c.instanceid = u.id AND u.deleted = 0)
6445 WHERE u.id IS NULL AND c.contextlevel = ".CONTEXT_USER."
6446 ";
6447
6448 return $sql;
6449 }
6450
6451 /**
6452 * Rebuild context paths and depths at user context level.
6453 *
6454 * @static
6455 * @param bool $force
6456 */
6457 protected static function build_paths($force) {
6458 global $DB;
6459
6460 // First update normal users.
6461 $path = $DB->sql_concat('?', 'id');
6462 $pathstart = '/' . SYSCONTEXTID . '/';
6463 $params = array($pathstart);
6464
6465 if ($force) {
6466 $where = "depth <> 2 OR path IS NULL OR path <> ({$path})";
6467 $params[] = $pathstart;
6468 } else {
6469 $where = "depth = 0 OR path IS NULL";
6470 }
6471
6472 $sql = "UPDATE {context}
6473 SET depth = 2,
6474 path = {$path}
6475 WHERE contextlevel = " . CONTEXT_USER . "
6476 AND ($where)";
6477 $DB->execute($sql, $params);
6478 }
6479 }
6480
6481
6482 /**
6483 * Course category context class
6484 *
6485 * @package core_access
6486 * @category access
6487 * @copyright Petr Skoda {@link http://skodak.org}
6488 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6489 * @since Moodle 2.2
6490 */
6491 class context_coursecat extends context {
6492 /**
6493 * Please use context_coursecat::instance($coursecatid) if you need the instance of context.
6494 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6495 *
6496 * @param stdClass $record
6497 */
6498 protected function __construct(stdClass $record) {
6499 parent::__construct($record);
6500 if ($record->contextlevel != CONTEXT_COURSECAT) {
6501 throw new coding_exception('Invalid $record->contextlevel in context_coursecat constructor.');
6502 }
6503 }
6504
6505 /**
6506 * Returns human readable context level name.
6507 *
6508 * @static
6509 * @return string the human readable context level name.
6510 */
6511 public static function get_level_name() {
6512 return get_string('category');
6513 }
6514
6515 /**
6516 * Returns human readable context identifier.
6517 *
6518 * @param boolean $withprefix whether to prefix the name of the context with Category
6519 * @param boolean $short does not apply to course categories
6520 * @return string the human readable context name.
6521 */
6522 public function get_context_name($withprefix = true, $short = false) {
6523 global $DB;
6524
6525 $name = '';
6526 if ($category = $DB->get_record('course_categories', array('id'=>$this->_instanceid))) {
6527 if ($withprefix){
6528 $name = get_string('category').': ';
6529 }
6530 $name .= format_string($category->name, true, array('context' => $this));
6531 }
6532 return $name;
6533 }
6534
6535 /**
6536 * Returns the most relevant URL for this context.
6537 *
6538 * @return moodle_url
6539 */
6540 public function get_url() {
6541 return new moodle_url('/course/index.php', array('categoryid' => $this->_instanceid));
6542 }
6543
6544 /**
6545 * Returns array of relevant context capability records.
6546 *
6547 * @return array
6548 */
6549 public function get_capabilities() {
6550 global $DB;
6551
6552 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6553
6554 $params = array();
6555 $sql = "SELECT *
6556 FROM {capabilities}
6557 WHERE contextlevel IN (".CONTEXT_COURSECAT.",".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6558
6559 return $DB->get_records_sql($sql.' '.$sort, $params);
6560 }
6561
6562 /**
6563 * Returns course category context instance.
6564 *
6565 * @static
6566 * @param int $instanceid
6567 * @param int $strictness
6568 * @return context_coursecat context instance
6569 */
6570 public static function instance($instanceid, $strictness = MUST_EXIST) {
6571 global $DB;
6572
6573 if ($context = context::cache_get(CONTEXT_COURSECAT, $instanceid)) {
6574 return $context;
6575 }
6576
6577 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSECAT, 'instanceid'=>$instanceid))) {
6578 if ($category = $DB->get_record('course_categories', array('id'=>$instanceid), 'id,parent', $strictness)) {
6579 if ($category->parent) {
6580 $parentcontext = context_coursecat::instance($category->parent);
6581 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, $parentcontext->path);
6582 } else {
6583 $record = context::insert_context_record(CONTEXT_COURSECAT, $category->id, '/'.SYSCONTEXTID, 0);
6584 }
6585 }
6586 }
6587
6588 if ($record) {
6589 $context = new context_coursecat($record);
6590 context::cache_add($context);
6591 return $context;
6592 }
6593
6594 return false;
6595 }
6596
6597 /**
6598 * Returns immediate child contexts of category and all subcategories,
6599 * children of subcategories and courses are not returned.
6600 *
6601 * @return array
6602 */
6603 public function get_child_contexts() {
6604 global $DB;
6605
6606 if (empty($this->_path) or empty($this->_depth)) {
6607 debugging('Can not find child contexts of context '.$this->_id.' try rebuilding of context paths');
6608 return array();
6609 }
6610
6611 $sql = "SELECT ctx.*
6612 FROM {context} ctx
6613 WHERE ctx.path LIKE ? AND (ctx.depth = ? OR ctx.contextlevel = ?)";
6614 $params = array($this->_path.'/%', $this->depth+1, CONTEXT_COURSECAT);
6615 $records = $DB->get_records_sql($sql, $params);
6616
6617 $result = array();
6618 foreach ($records as $record) {
6619 $result[$record->id] = context::create_instance_from_record($record);
6620 }
6621
6622 return $result;
6623 }
6624
6625 /**
6626 * Create missing context instances at course category context level
6627 * @static
6628 */
6629 protected static function create_level_instances() {
6630 global $DB;
6631
6632 $sql = "SELECT ".CONTEXT_COURSECAT.", cc.id
6633 FROM {course_categories} cc
6634 WHERE NOT EXISTS (SELECT 'x'
6635 FROM {context} cx
6636 WHERE cc.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSECAT.")";
6637 $contextdata = $DB->get_recordset_sql($sql);
6638 foreach ($contextdata as $context) {
6639 context::insert_context_record(CONTEXT_COURSECAT, $context->id, null);
6640 }
6641 $contextdata->close();
6642 }
6643
6644 /**
6645 * Returns sql necessary for purging of stale context instances.
6646 *
6647 * @static
6648 * @return string cleanup SQL
6649 */
6650 protected static function get_cleanup_sql() {
6651 $sql = "
6652 SELECT c.*
6653 FROM {context} c
6654 LEFT OUTER JOIN {course_categories} cc ON c.instanceid = cc.id
6655 WHERE cc.id IS NULL AND c.contextlevel = ".CONTEXT_COURSECAT."
6656 ";
6657
6658 return $sql;
6659 }
6660
6661 /**
6662 * Rebuild context paths and depths at course category context level.
6663 *
6664 * @static
6665 * @param bool $force
6666 */
6667 protected static function build_paths($force) {
6668 global $DB;
6669
6670 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSECAT." AND (depth = 0 OR path IS NULL)")) {
6671 if ($force) {
6672 $ctxemptyclause = $emptyclause = '';
6673 } else {
6674 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6675 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6676 }
6677
6678 $base = '/'.SYSCONTEXTID;
6679
6680 // Normal top level categories
6681 $sql = "UPDATE {context}
6682 SET depth=2,
6683 path=".$DB->sql_concat("'$base/'", 'id')."
6684 WHERE contextlevel=".CONTEXT_COURSECAT."
6685 AND EXISTS (SELECT 'x'
6686 FROM {course_categories} cc
6687 WHERE cc.id = {context}.instanceid AND cc.depth=1)
6688 $emptyclause";
6689 $DB->execute($sql);
6690
6691 // Deeper categories - one query per depthlevel
6692 $maxdepth = $DB->get_field_sql("SELECT MAX(depth) FROM {course_categories}");
6693 for ($n=2; $n<=$maxdepth; $n++) {
6694 $sql = "INSERT INTO {context_temp} (id, path, depth)
6695 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6696 FROM {context} ctx
6697 JOIN {course_categories} cc ON (cc.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSECAT." AND cc.depth = $n)
6698 JOIN {context} pctx ON (pctx.instanceid = cc.parent AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6699 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6700 $ctxemptyclause";
6701 $trans = $DB->start_delegated_transaction();
6702 $DB->delete_records('context_temp');
6703 $DB->execute($sql);
6704 context::merge_context_temp_table();
6705 $DB->delete_records('context_temp');
6706 $trans->allow_commit();
6707
6708 }
6709 }
6710 }
6711 }
6712
6713
6714 /**
6715 * Course context class
6716 *
6717 * @package core_access
6718 * @category access
6719 * @copyright Petr Skoda {@link http://skodak.org}
6720 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6721 * @since Moodle 2.2
6722 */
6723 class context_course extends context {
6724 /**
6725 * Please use context_course::instance($courseid) if you need the instance of context.
6726 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6727 *
6728 * @param stdClass $record
6729 */
6730 protected function __construct(stdClass $record) {
6731 parent::__construct($record);
6732 if ($record->contextlevel != CONTEXT_COURSE) {
6733 throw new coding_exception('Invalid $record->contextlevel in context_course constructor.');
6734 }
6735 }
6736
6737 /**
6738 * Returns human readable context level name.
6739 *
6740 * @static
6741 * @return string the human readable context level name.
6742 */
6743 public static function get_level_name() {
6744 return get_string('course');
6745 }
6746
6747 /**
6748 * Returns human readable context identifier.
6749 *
6750 * @param boolean $withprefix whether to prefix the name of the context with Course
6751 * @param boolean $short whether to use the short name of the thing.
6752 * @return string the human readable context name.
6753 */
6754 public function get_context_name($withprefix = true, $short = false) {
6755 global $DB;
6756
6757 $name = '';
6758 if ($this->_instanceid == SITEID) {
6759 $name = get_string('frontpage', 'admin');
6760 } else {
6761 if ($course = $DB->get_record('course', array('id'=>$this->_instanceid))) {
6762 if ($withprefix){
6763 $name = get_string('course').': ';
6764 }
6765 if ($short){
6766 $name .= format_string($course->shortname, true, array('context' => $this));
6767 } else {
6768 $name .= format_string(get_course_display_name_for_list($course));
6769 }
6770 }
6771 }
6772 return $name;
6773 }
6774
6775 /**
6776 * Returns the most relevant URL for this context.
6777 *
6778 * @return moodle_url
6779 */
6780 public function get_url() {
6781 if ($this->_instanceid != SITEID) {
6782 return new moodle_url('/course/view.php', array('id'=>$this->_instanceid));
6783 }
6784
6785 return new moodle_url('/');
6786 }
6787
6788 /**
6789 * Returns array of relevant context capability records.
6790 *
6791 * @return array
6792 */
6793 public function get_capabilities() {
6794 global $DB;
6795
6796 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
6797
6798 $params = array();
6799 $sql = "SELECT *
6800 FROM {capabilities}
6801 WHERE contextlevel IN (".CONTEXT_COURSE.",".CONTEXT_MODULE.",".CONTEXT_BLOCK.")";
6802
6803 return $DB->get_records_sql($sql.' '.$sort, $params);
6804 }
6805
6806 /**
6807 * Is this context part of any course? If yes return course context.
6808 *
6809 * @param bool $strict true means throw exception if not found, false means return false if not found
6810 * @return context_course context of the enclosing course, null if not found or exception
6811 */
6812 public function get_course_context($strict = true) {
6813 return $this;
6814 }
6815
6816 /**
6817 * Returns course context instance.
6818 *
6819 * @static
6820 * @param int $instanceid
6821 * @param int $strictness
6822 * @return context_course context instance
6823 */
6824 public static function instance($instanceid, $strictness = MUST_EXIST) {
6825 global $DB;
6826
6827 if ($context = context::cache_get(CONTEXT_COURSE, $instanceid)) {
6828 return $context;
6829 }
6830
6831 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_COURSE, 'instanceid'=>$instanceid))) {
6832 if ($course = $DB->get_record('course', array('id'=>$instanceid), 'id,category', $strictness)) {
6833 if ($course->category) {
6834 $parentcontext = context_coursecat::instance($course->category);
6835 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, $parentcontext->path);
6836 } else {
6837 $record = context::insert_context_record(CONTEXT_COURSE, $course->id, '/'.SYSCONTEXTID, 0);
6838 }
6839 }
6840 }
6841
6842 if ($record) {
6843 $context = new context_course($record);
6844 context::cache_add($context);
6845 return $context;
6846 }
6847
6848 return false;
6849 }
6850
6851 /**
6852 * Create missing context instances at course context level
6853 * @static
6854 */
6855 protected static function create_level_instances() {
6856 global $DB;
6857
6858 $sql = "SELECT ".CONTEXT_COURSE.", c.id
6859 FROM {course} c
6860 WHERE NOT EXISTS (SELECT 'x'
6861 FROM {context} cx
6862 WHERE c.id = cx.instanceid AND cx.contextlevel=".CONTEXT_COURSE.")";
6863 $contextdata = $DB->get_recordset_sql($sql);
6864 foreach ($contextdata as $context) {
6865 context::insert_context_record(CONTEXT_COURSE, $context->id, null);
6866 }
6867 $contextdata->close();
6868 }
6869
6870 /**
6871 * Returns sql necessary for purging of stale context instances.
6872 *
6873 * @static
6874 * @return string cleanup SQL
6875 */
6876 protected static function get_cleanup_sql() {
6877 $sql = "
6878 SELECT c.*
6879 FROM {context} c
6880 LEFT OUTER JOIN {course} co ON c.instanceid = co.id
6881 WHERE co.id IS NULL AND c.contextlevel = ".CONTEXT_COURSE."
6882 ";
6883
6884 return $sql;
6885 }
6886
6887 /**
6888 * Rebuild context paths and depths at course context level.
6889 *
6890 * @static
6891 * @param bool $force
6892 */
6893 protected static function build_paths($force) {
6894 global $DB;
6895
6896 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_COURSE." AND (depth = 0 OR path IS NULL)")) {
6897 if ($force) {
6898 $ctxemptyclause = $emptyclause = '';
6899 } else {
6900 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
6901 $emptyclause = "AND ({context}.path IS NULL OR {context}.depth = 0)";
6902 }
6903
6904 $base = '/'.SYSCONTEXTID;
6905
6906 // Standard frontpage
6907 $sql = "UPDATE {context}
6908 SET depth = 2,
6909 path = ".$DB->sql_concat("'$base/'", 'id')."
6910 WHERE contextlevel = ".CONTEXT_COURSE."
6911 AND EXISTS (SELECT 'x'
6912 FROM {course} c
6913 WHERE c.id = {context}.instanceid AND c.category = 0)
6914 $emptyclause";
6915 $DB->execute($sql);
6916
6917 // standard courses
6918 $sql = "INSERT INTO {context_temp} (id, path, depth)
6919 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
6920 FROM {context} ctx
6921 JOIN {course} c ON (c.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSE." AND c.category <> 0)
6922 JOIN {context} pctx ON (pctx.instanceid = c.category AND pctx.contextlevel = ".CONTEXT_COURSECAT.")
6923 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
6924 $ctxemptyclause";
6925 $trans = $DB->start_delegated_transaction();
6926 $DB->delete_records('context_temp');
6927 $DB->execute($sql);
6928 context::merge_context_temp_table();
6929 $DB->delete_records('context_temp');
6930 $trans->allow_commit();
6931 }
6932 }
6933 }
6934
6935
6936 /**
6937 * Course module context class
6938 *
6939 * @package core_access
6940 * @category access
6941 * @copyright Petr Skoda {@link http://skodak.org}
6942 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
6943 * @since Moodle 2.2
6944 */
6945 class context_module extends context {
6946 /**
6947 * Please use context_module::instance($cmid) if you need the instance of context.
6948 * Alternatively if you know only the context id use context::instance_by_id($contextid)
6949 *
6950 * @param stdClass $record
6951 */
6952 protected function __construct(stdClass $record) {
6953 parent::__construct($record);
6954 if ($record->contextlevel != CONTEXT_MODULE) {
6955 throw new coding_exception('Invalid $record->contextlevel in context_module constructor.');
6956 }
6957 }
6958
6959 /**
6960 * Returns human readable context level name.
6961 *
6962 * @static
6963 * @return string the human readable context level name.
6964 */
6965 public static function get_level_name() {
6966 return get_string('activitymodule');
6967 }
6968
6969 /**
6970 * Returns human readable context identifier.
6971 *
6972 * @param boolean $withprefix whether to prefix the name of the context with the
6973 * module name, e.g. Forum, Glossary, etc.
6974 * @param boolean $short does not apply to module context
6975 * @return string the human readable context name.
6976 */
6977 public function get_context_name($withprefix = true, $short = false) {
6978 global $DB;
6979
6980 $name = '';
6981 if ($cm = $DB->get_record_sql("SELECT cm.*, md.name AS modname
6982 FROM {course_modules} cm
6983 JOIN {modules} md ON md.id = cm.module
6984 WHERE cm.id = ?", array($this->_instanceid))) {
6985 if ($mod = $DB->get_record($cm->modname, array('id' => $cm->instance))) {
6986 if ($withprefix){
6987 $name = get_string('modulename', $cm->modname).': ';
6988 }
6989 $name .= format_string($mod->name, true, array('context' => $this));
6990 }
6991 }
6992 return $name;
6993 }
6994
6995 /**
6996 * Returns the most relevant URL for this context.
6997 *
6998 * @return moodle_url
6999 */
7000 public function get_url() {
7001 global $DB;
7002
7003 if ($modname = $DB->get_field_sql("SELECT md.name AS modname
7004 FROM {course_modules} cm
7005 JOIN {modules} md ON md.id = cm.module
7006 WHERE cm.id = ?", array($this->_instanceid))) {
7007 return new moodle_url('/mod/' . $modname . '/view.php', array('id'=>$this->_instanceid));
7008 }
7009
7010 return new moodle_url('/');
7011 }
7012
7013 /**
7014 * Returns array of relevant context capability records.
7015 *
7016 * @return array
7017 */
7018 public function get_capabilities() {
7019 global $DB, $CFG;
7020
7021 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
7022
7023 $cm = $DB->get_record('course_modules', array('id'=>$this->_instanceid));
7024 $module = $DB->get_record('modules', array('id'=>$cm->module));
7025
7026 $subcaps = array();
7027 $subpluginsfile = "$CFG->dirroot/mod/$module->name/db/subplugins.php";
7028 if (file_exists($subpluginsfile)) {
7029 $subplugins = array(); // should be redefined in the file
7030 include($subpluginsfile);
7031 if (!empty($subplugins)) {
7032 foreach (array_keys($subplugins) as $subplugintype) {
7033 foreach (array_keys(core_component::get_plugin_list($subplugintype)) as $subpluginname) {
7034 $subcaps = array_merge($subcaps, array_keys(load_capability_def($subplugintype.'_'.$subpluginname)));
7035 }
7036 }
7037 }
7038 }
7039
7040 $modfile = "$CFG->dirroot/mod/$module->name/lib.php";
7041 $extracaps = array();
7042 if (file_exists($modfile)) {
7043 include_once($modfile);
7044 $modfunction = $module->name.'_get_extra_capabilities';
7045 if (function_exists($modfunction)) {
7046 $extracaps = $modfunction();
7047 }
7048 }
7049
7050 $extracaps = array_merge($subcaps, $extracaps);
7051 $extra = '';
7052 list($extra, $params) = $DB->get_in_or_equal(
7053 $extracaps, SQL_PARAMS_NAMED, 'cap0', true, '');
7054 if (!empty($extra)) {
7055 $extra = "OR name $extra";
7056 }
7057 $sql = "SELECT *
7058 FROM {capabilities}
7059 WHERE (contextlevel = ".CONTEXT_MODULE."
7060 AND (component = :component OR component = 'moodle'))
7061 $extra";
7062 $params['component'] = "mod_$module->name";
7063
7064 return $DB->get_records_sql($sql.' '.$sort, $params);
7065 }
7066
7067 /**
7068 * Is this context part of any course? If yes return course context.
7069 *
7070 * @param bool $strict true means throw exception if not found, false means return false if not found
7071 * @return context_course context of the enclosing course, null if not found or exception
7072 */
7073 public function get_course_context($strict = true) {
7074 return $this->get_parent_context();
7075 }
7076
7077 /**
7078 * Returns module context instance.
7079 *
7080 * @static
7081 * @param int $instanceid
7082 * @param int $strictness
7083 * @return context_module context instance
7084 */
7085 public static function instance($instanceid, $strictness = MUST_EXIST) {
7086 global $DB;
7087
7088 if ($context = context::cache_get(CONTEXT_MODULE, $instanceid)) {
7089 return $context;
7090 }
7091
7092 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_MODULE, 'instanceid'=>$instanceid))) {
7093 if ($cm = $DB->get_record('course_modules', array('id'=>$instanceid), 'id,course', $strictness)) {
7094 $parentcontext = context_course::instance($cm->course);
7095 $record = context::insert_context_record(CONTEXT_MODULE, $cm->id, $parentcontext->path);
7096 }
7097 }
7098
7099 if ($record) {
7100 $context = new context_module($record);
7101 context::cache_add($context);
7102 return $context;
7103 }
7104
7105 return false;
7106 }
7107
7108 /**
7109 * Create missing context instances at module context level
7110 * @static
7111 */
7112 protected static function create_level_instances() {
7113 global $DB;
7114
7115 $sql = "SELECT ".CONTEXT_MODULE.", cm.id
7116 FROM {course_modules} cm
7117 WHERE NOT EXISTS (SELECT 'x'
7118 FROM {context} cx
7119 WHERE cm.id = cx.instanceid AND cx.contextlevel=".CONTEXT_MODULE.")";
7120 $contextdata = $DB->get_recordset_sql($sql);
7121 foreach ($contextdata as $context) {
7122 context::insert_context_record(CONTEXT_MODULE, $context->id, null);
7123 }
7124 $contextdata->close();
7125 }
7126
7127 /**
7128 * Returns sql necessary for purging of stale context instances.
7129 *
7130 * @static
7131 * @return string cleanup SQL
7132 */
7133 protected static function get_cleanup_sql() {
7134 $sql = "
7135 SELECT c.*
7136 FROM {context} c
7137 LEFT OUTER JOIN {course_modules} cm ON c.instanceid = cm.id
7138 WHERE cm.id IS NULL AND c.contextlevel = ".CONTEXT_MODULE."
7139 ";
7140
7141 return $sql;
7142 }
7143
7144 /**
7145 * Rebuild context paths and depths at module context level.
7146 *
7147 * @static
7148 * @param bool $force
7149 */
7150 protected static function build_paths($force) {
7151 global $DB;
7152
7153 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_MODULE." AND (depth = 0 OR path IS NULL)")) {
7154 if ($force) {
7155 $ctxemptyclause = '';
7156 } else {
7157 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
7158 }
7159
7160 $sql = "INSERT INTO {context_temp} (id, path, depth)
7161 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
7162 FROM {context} ctx
7163 JOIN {course_modules} cm ON (cm.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_MODULE.")
7164 JOIN {context} pctx ON (pctx.instanceid = cm.course AND pctx.contextlevel = ".CONTEXT_COURSE.")
7165 WHERE pctx.path IS NOT NULL AND pctx.depth > 0
7166 $ctxemptyclause";
7167 $trans = $DB->start_delegated_transaction();
7168 $DB->delete_records('context_temp');
7169 $DB->execute($sql);
7170 context::merge_context_temp_table();
7171 $DB->delete_records('context_temp');
7172 $trans->allow_commit();
7173 }
7174 }
7175 }
7176
7177
7178 /**
7179 * Block context class
7180 *
7181 * @package core_access
7182 * @category access
7183 * @copyright Petr Skoda {@link http://skodak.org}
7184 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
7185 * @since Moodle 2.2
7186 */
7187 class context_block extends context {
7188 /**
7189 * Please use context_block::instance($blockinstanceid) if you need the instance of context.
7190 * Alternatively if you know only the context id use context::instance_by_id($contextid)
7191 *
7192 * @param stdClass $record
7193 */
7194 protected function __construct(stdClass $record) {
7195 parent::__construct($record);
7196 if ($record->contextlevel != CONTEXT_BLOCK) {
7197 throw new coding_exception('Invalid $record->contextlevel in context_block constructor');
7198 }
7199 }
7200
7201 /**
7202 * Returns human readable context level name.
7203 *
7204 * @static
7205 * @return string the human readable context level name.
7206 */
7207 public static function get_level_name() {
7208 return get_string('block');
7209 }
7210
7211 /**
7212 * Returns human readable context identifier.
7213 *
7214 * @param boolean $withprefix whether to prefix the name of the context with Block
7215 * @param boolean $short does not apply to block context
7216 * @return string the human readable context name.
7217 */
7218 public function get_context_name($withprefix = true, $short = false) {
7219 global $DB, $CFG;
7220
7221 $name = '';
7222 if ($blockinstance = $DB->get_record('block_instances', array('id'=>$this->_instanceid))) {
7223 global $CFG;
7224 require_once("$CFG->dirroot/blocks/moodleblock.class.php");
7225 require_once("$CFG->dirroot/blocks/$blockinstance->blockname/block_$blockinstance->blockname.php");
7226 $blockname = "block_$blockinstance->blockname";
7227 if ($blockobject = new $blockname()) {
7228 if ($withprefix){
7229 $name = get_string('block').': ';
7230 }
7231 $name .= $blockobject->title;
7232 }
7233 }
7234
7235 return $name;
7236 }
7237
7238 /**
7239 * Returns the most relevant URL for this context.
7240 *
7241 * @return moodle_url
7242 */
7243 public function get_url() {
7244 $parentcontexts = $this->get_parent_context();
7245 return $parentcontexts->get_url();
7246 }
7247
7248 /**
7249 * Returns array of relevant context capability records.
7250 *
7251 * @return array
7252 */
7253 public function get_capabilities() {
7254 global $DB;
7255
7256 $sort = 'ORDER BY contextlevel,component,name'; // To group them sensibly for display
7257
7258 $params = array();
7259 $bi = $DB->get_record('block_instances', array('id' => $this->_instanceid));
7260
7261 $extra = '';
7262 $extracaps = block_method_result($bi->blockname, 'get_extra_capabilities');
7263 if ($extracaps) {
7264 list($extra, $params) = $DB->get_in_or_equal($extracaps, SQL_PARAMS_NAMED, 'cap');
7265 $extra = "OR name $extra";
7266 }
7267
7268 $sql = "SELECT *
7269 FROM {capabilities}
7270 WHERE (contextlevel = ".CONTEXT_BLOCK."
7271 AND component = :component)
7272 $extra";
7273 $params['component'] = 'block_' . $bi->blockname;
7274
7275 return $DB->get_records_sql($sql.' '.$sort, $params);
7276 }
7277
7278 /**
7279 * Is this context part of any course? If yes return course context.
7280 *
7281 * @param bool $strict true means throw exception if not found, false means return false if not found
7282 * @return context_course context of the enclosing course, null if not found or exception
7283 */
7284 public function get_course_context($strict = true) {
7285 $parentcontext = $this->get_parent_context();
7286 return $parentcontext->get_course_context($strict);
7287 }
7288
7289 /**
7290 * Returns block context instance.
7291 *
7292 * @static
7293 * @param int $instanceid
7294 * @param int $strictness
7295 * @return context_block context instance
7296 */
7297 public static function instance($instanceid, $strictness = MUST_EXIST) {
7298 global $DB;
7299
7300 if ($context = context::cache_get(CONTEXT_BLOCK, $instanceid)) {
7301 return $context;
7302 }
7303
7304 if (!$record = $DB->get_record('context', array('contextlevel'=>CONTEXT_BLOCK, 'instanceid'=>$instanceid))) {
7305 if ($bi = $DB->get_record('block_instances', array('id'=>$instanceid), 'id,parentcontextid', $strictness)) {
7306 $parentcontext = context::instance_by_id($bi->parentcontextid);
7307 $record = context::insert_context_record(CONTEXT_BLOCK, $bi->id, $parentcontext->path);
7308 }
7309 }
7310
7311 if ($record) {
7312 $context = new context_block($record);
7313 context::cache_add($context);
7314 return $context;
7315 }
7316
7317 return false;
7318 }
7319
7320 /**
7321 * Block do not have child contexts...
7322 * @return array
7323 */
7324 public function get_child_contexts() {
7325 return array();
7326 }
7327
7328 /**
7329 * Create missing context instances at block context level
7330 * @static
7331 */
7332 protected static function create_level_instances() {
7333 global $DB;
7334
7335 $sql = "SELECT ".CONTEXT_BLOCK.", bi.id
7336 FROM {block_instances} bi
7337 WHERE NOT EXISTS (SELECT 'x'
7338 FROM {context} cx
7339 WHERE bi.id = cx.instanceid AND cx.contextlevel=".CONTEXT_BLOCK.")";
7340 $contextdata = $DB->get_recordset_sql($sql);
7341 foreach ($contextdata as $context) {
7342 context::insert_context_record(CONTEXT_BLOCK, $context->id, null);
7343 }
7344 $contextdata->close();
7345 }
7346
7347 /**
7348 * Returns sql necessary for purging of stale context instances.
7349 *
7350 * @static
7351 * @return string cleanup SQL
7352 */
7353 protected static function get_cleanup_sql() {
7354 $sql = "
7355 SELECT c.*
7356 FROM {context} c
7357 LEFT OUTER JOIN {block_instances} bi ON c.instanceid = bi.id
7358 WHERE bi.id IS NULL AND c.contextlevel = ".CONTEXT_BLOCK."
7359 ";
7360
7361 return $sql;
7362 }
7363
7364 /**
7365 * Rebuild context paths and depths at block context level.
7366 *
7367 * @static
7368 * @param bool $force
7369 */
7370 protected static function build_paths($force) {
7371 global $DB;
7372
7373 if ($force or $DB->record_exists_select('context', "contextlevel = ".CONTEXT_BLOCK." AND (depth = 0 OR path IS NULL)")) {
7374 if ($force) {
7375 $ctxemptyclause = '';
7376 } else {
7377 $ctxemptyclause = "AND (ctx.path IS NULL OR ctx.depth = 0)";
7378 }
7379
7380 // pctx.path IS NOT NULL prevents fatal problems with broken block instances that point to invalid context parent
7381 $sql = "INSERT INTO {context_temp} (id, path, depth)
7382 SELECT ctx.id, ".$DB->sql_concat('pctx.path', "'/'", 'ctx.id').", pctx.depth+1
7383 FROM {context} ctx
7384 JOIN {block_instances} bi ON (bi.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_BLOCK.")
7385 JOIN {context} pctx ON (pctx.id = bi.parentcontextid)
7386 WHERE (pctx.path IS NOT NULL AND pctx.depth > 0)
7387 $ctxemptyclause";
7388 $trans = $DB->start_delegated_transaction();
7389 $DB->delete_records('context_temp');
7390 $DB->execute($sql);
7391 context::merge_context_temp_table();
7392 $DB->delete_records('context_temp');
7393 $trans->allow_commit();
7394 }
7395 }
7396 }
7397
7398
7399 // ============== DEPRECATED FUNCTIONS ==========================================
7400 // Old context related functions were deprecated in 2.0, it is recommended
7401 // to use context classes in new code. Old function can be used when
7402 // creating patches that are supposed to be backported to older stable branches.
7403 // These deprecated functions will not be removed in near future,
7404 // before removing devs will be warned with a debugging message first,
7405 // then we will add error message and only after that we can remove the functions
7406 // completely.
7407
7408 /**
7409 * Runs get_records select on context table and returns the result
7410 * Does get_records_select on the context table, and returns the results ordered
7411 * by contextlevel, and then the natural sort order within each level.
7412 * for the purpose of $select, you need to know that the context table has been
7413 * aliased to ctx, so for example, you can call get_sorted_contexts('ctx.depth = 3');
7414 *
7415 * @param string $select the contents of the WHERE clause. Remember to do ctx.fieldname.
7416 * @param array $params any parameters required by $select.
7417 * @return array the requested context records.
7418 */
7419 function get_sorted_contexts($select, $params = array()) {
7420
7421 //TODO: we should probably rewrite all the code that is using this thing, the trouble is we MUST NOT modify the context instances...
7422
7423 global $DB;
7424 if ($select) {
7425 $select = 'WHERE ' . $select;
7426 }
7427 return $DB->get_records_sql("
7428 SELECT ctx.*
7429 FROM {context} ctx
7430 LEFT JOIN {user} u ON ctx.contextlevel = " . CONTEXT_USER . " AND u.id = ctx.instanceid
7431 LEFT JOIN {course_categories} cat ON ctx.contextlevel = " . CONTEXT_COURSECAT . " AND cat.id = ctx.instanceid
7432 LEFT JOIN {course} c ON ctx.contextlevel = " . CONTEXT_COURSE . " AND c.id = ctx.instanceid
7433 LEFT JOIN {course_modules} cm ON ctx.contextlevel = " . CONTEXT_MODULE . " AND cm.id = ctx.instanceid
7434 LEFT JOIN {block_instances} bi ON ctx.contextlevel = " . CONTEXT_BLOCK . " AND bi.id = ctx.instanceid
7435 $select
7436 ORDER BY ctx.contextlevel, bi.defaultregion, COALESCE(cat.sortorder, c.sortorder, cm.section, bi.defaultweight), u.lastname, u.firstname, cm.id
7437 ", $params);
7438 }
7439
7440 /**
7441 * Given context and array of users, returns array of users whose enrolment status is suspended,
7442 * or enrolment has expired or has not started. Also removes those users from the given array
7443 *
7444 * @param context $context context in which suspended users should be extracted.
7445 * @param array $users list of users.
7446 * @param array $ignoreusers array of user ids to ignore, e.g. guest
7447 * @return array list of suspended users.
7448 */
7449 function extract_suspended_users($context, &$users, $ignoreusers=array()) {
7450 global $DB;
7451
7452 // Get active enrolled users.
7453 list($sql, $params) = get_enrolled_sql($context, null, null, true);
7454 $activeusers = $DB->get_records_sql($sql, $params);
7455
7456 // Move suspended users to a separate array & remove from the initial one.
7457 $susers = array();
7458 if (sizeof($activeusers)) {
7459 foreach ($users as $userid => $user) {
7460 if (!array_key_exists($userid, $activeusers) && !in_array($userid, $ignoreusers)) {
7461 $susers[$userid] = $user;
7462 unset($users[$userid]);
7463 }
7464 }
7465 }
7466 return $susers;
7467 }
7468
7469 /**
7470 * Given context and array of users, returns array of user ids whose enrolment status is suspended,
7471 * or enrolment has expired or not started.
7472 *
7473 * @param context $context context in which user enrolment is checked.
7474 * @param bool $usecache Enable or disable (default) the request cache
7475 * @return array list of suspended user id's.
7476 */
7477 function get_suspended_userids(context $context, $usecache = false) {
7478 global $DB;
7479
7480 // Check the cache first for performance reasons if enabled.
7481 if ($usecache) {
7482 $cache = cache::make('core', 'suspended_userids');
7483 $susers = $cache->get($context->id);
7484 if ($susers !== false) {
7485 return $susers;
7486 }
7487 }
7488
7489 // Get all enrolled users.
7490 list($sql, $params) = get_enrolled_sql($context);
7491 $users = $DB->get_records_sql($sql, $params);
7492
7493 // Get active enrolled users.
7494 list($sql, $params) = get_enrolled_sql($context, null, null, true);
7495 $activeusers = $DB->get_records_sql($sql, $params);
7496
7497 $susers = array();
7498 if (sizeof($activeusers) != sizeof($users)) {
7499 foreach ($users as $userid => $user) {
7500 if (!array_key_exists($userid, $activeusers)) {
7501 $susers[$userid] = $userid;
7502 }
7503 }
7504 }
7505
7506 // Cache results for the remainder of this request.
7507 if ($usecache) {
7508 $cache->set($context->id, $susers);
7509 }
7510
7511 // Return.
7512 return $susers;
7513 }
Read-only mirror of the Moodle CVS