search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-16043: manage case when administrator set enrol_remotecoursefield or enrol_remote...
[moodle-linuxchix.git] / admin / roles / manage.php
blobc362ecebfe5b9522c67f6ad3a6cc998466932f5e
1 <?php //$Id$
2
3 require_once('../../config.php');
4
5 require_once($CFG->libdir.'/adminlib.php');
6
7 admin_externalpage_setup('defineroles');
8
9 $roleid = optional_param('roleid', 0, PARAM_INT); // if set, we are editing a role
10 $name = optional_param('name', '', PARAM_MULTILANG); // new role name
11 $shortname = optional_param('shortname', '', PARAM_RAW); // new role shortname, special cleaning before storage
12 $description = optional_param('description', '', PARAM_CLEAN); // new role desc
13 $action = optional_param('action', '', PARAM_ALPHA);
14 $confirm = optional_param('confirm', 0, PARAM_BOOL);
15 $cancel = optional_param('cancel', 0, PARAM_BOOL);
16
17 $sitecontext = get_context_instance(CONTEXT_SYSTEM);
18
19 require_capability('moodle/role:manage', $sitecontext);
20
21 if ($cancel) {
22 redirect('manage.php');
23 }
24
25 $errors = array();
26 $newrole = false;
27
28 $roles = get_all_roles();
29 $rolescount = count($roles);
30
31 /// fix sort order if needed
32 $rolesort = array();
33 $i = 0;
34 foreach ($roles as $rolex) {
35 $rolesort[$i] = $rolex->id;
36 if ($rolex->sortorder != $i) {
37 $r = new object();
38 $r->id = $rolex->id;
39 $r->sortorder = $i;
40 update_record('role', $r);
41 $roles[$rolex->id]->sortorder = $i;
42 }
43 $i++;
44 }
45
46 // do not delete these default system roles
47 $defaultroles = array();
48 $defaultroles[] = $CFG->notloggedinroleid;
49 $defaultroles[] = $CFG->guestroleid;
50 $defaultroles[] = $CFG->defaultuserroleid;
51 $defaultroles[] = $CFG->defaultcourseroleid;
52
53 /// form processing, editing a role, adding a role, deleting a role etc.
54 switch ($action) {
55 case 'add':
56 if ($data = data_submitted() and confirm_sesskey()) {
57
58 $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
59 $legacytype = required_param('legacytype', PARAM_RAW);
60
61 $legacyroles = get_legacy_roles();
62 if (!array_key_exists($legacytype, $legacyroles)) {
63 $legacytype = '';
64 }
65
66 if (empty($name)) {
67 $errors['name'] = get_string('errorbadrolename', 'role');
68 } else if (count_records('role', 'name', $name)) {
69 $errors['name'] = get_string('errorexistsrolename', 'role');
70 }
71
72 if (empty($shortname)) {
73 $errors['shortname'] = get_string('errorbadroleshortname', 'role');
74 } else if (count_records('role', 'shortname', $shortname)) {
75 $errors['shortname'] = get_string('errorexistsroleshortname', 'role');
76 }
77
78 if (empty($errors)) {
79 $newroleid = create_role($name, $shortname, $description);
80
81 // set proper legacy type
82 if (!empty($legacytype)) {
83 assign_capability($legacyroles[$legacytype], CAP_ALLOW, $newroleid, $sitecontext->id);
84 }
85
86 } else {
87 $newrole = new object();
88 $newrole->name = $name;
89 $newrole->shortname = $shortname;
90 $newrole->description = $description;
91 $newrole->legacytype = $legacytype;
92 }
93
94 $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
95 $capabilities = fetch_context_capabilities($sitecontext); // capabilities applicable in this context
96
97 foreach ($capabilities as $cap) {
98 if (!isset($data->{$cap->name})) {
99 continue;
100 }
101
102 // legacy caps have their own selector
103 if (islegacy($data->{$cap->name})) {
104 continue;
105 }
106
107 $capname = $cap->name;
108 $value = clean_param($data->{$cap->name}, PARAM_INT);
109 if (!in_array($value, $allowed_values)) {
110 continue;
111 }
112
113 if (empty($errors)) {
114 assign_capability($capname, $value, $newroleid, $sitecontext->id);
115 } else {
116 $newrole->$capname = $value;
117 }
118 }
119
120 // added a role sitewide...
121 mark_context_dirty($sitecontext->path);
122
123 if (empty($errors)) {
124 $rolename = get_field('role', 'name', 'id', $newroleid);
125 add_to_log(SITEID, 'role', 'add', 'admin/roles/manage.php?action=add', $rolename, '', $USER->id);
126 redirect('manage.php');
127 }
128 }
129
130 break;
131
132 case 'edit':
133 if ($data = data_submitted() and confirm_sesskey()) {
134
135 $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
136 $legacytype = required_param('legacytype', PARAM_RAW);
137
138 $legacyroles = get_legacy_roles();
139 if (!array_key_exists($legacytype, $legacyroles)) {
140 $legacytype = '';
141 }
142
143 if (empty($name)) {
144 $errors['name'] = get_string('errorbadrolename', 'role');
145 } else if ($rs = get_records('role', 'name', $name)) {
146 unset($rs[$roleid]);
147 if (!empty($rs)) {
148 $errors['name'] = get_string('errorexistsrolename', 'role');
149 }
150 }
151
152 if (empty($shortname)) {
153 $errors['shortname'] = get_string('errorbadroleshortname', 'role');
154 } else if ($rs = get_records('role', 'shortname', $shortname)) {
155 unset($rs[$roleid]);
156 if (!empty($rs)) {
157 $errors['shortname'] = get_string('errorexistsroleshortname', 'role');
158 }
159 }
160 if (!empty($errors)) {
161 $newrole = new object();
162 $newrole->name = $name;
163 $newrole->shortname = $shortname;
164 $newrole->description = $description;
165 $newrole->legacytype = $legacytype;
166 }
167
168 $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
169 $capabilities = fetch_context_capabilities($sitecontext); // capabilities applicable in this context
170
171 foreach ($capabilities as $cap) {
172 if (!isset($data->{$cap->name})) {
173 continue;
174 }
175
176 // legacy caps have their own selector
177 if (islegacy($data->{$cap->name}) === 0 ) {
178 continue;
179 }
180
181 $capname = $cap->name;
182 $value = clean_param($data->{$cap->name}, PARAM_INT);
183 if (!in_array($value, $allowed_values)) {
184 continue;
185 }
186
187 if (!empty($errors)) {
188 $newrole->$capname = $value;
189 continue;
190 }
191
192 // edit default caps
193 $SQL = "SELECT * FROM {$CFG->prefix}role_capabilities
194 WHERE roleid = $roleid AND capability = '$capname'
195 AND contextid = $sitecontext->id";
196
197 $localoverride = get_record_sql($SQL);
198
199 if ($localoverride) { // update current overrides
200 if ($value == CAP_INHERIT) { // inherit = delete
201 unassign_capability($capname, $roleid, $sitecontext->id);
202
203 } else {
204 $localoverride->permission = $value;
205 $localoverride->timemodified = time();
206 $localoverride->modifierid = $USER->id;
207 update_record('role_capabilities', $localoverride);
208 }
209 } else { // insert a record
210 if ($value != CAP_INHERIT) {
211 assign_capability($capname, $value, $roleid, $sitecontext->id);
212 }
213 }
214
215 }
216
217 if (empty($errors)) {
218 // update normal role settings
219 $role->id = $roleid;
220 $role->name = $name;
221 $role->shortname = $shortname;
222 $role->description = $description;
223
224 if (!update_record('role', $role)) {
225 error('Could not update role!');
226 }
227
228 // set proper legacy type
229 foreach($legacyroles as $ltype=>$lcap) {
230 if ($ltype == $legacytype) {
231 assign_capability($lcap, CAP_ALLOW, $roleid, $sitecontext->id);
232 } else {
233 unassign_capability($lcap, $roleid);
234 }
235 }
236
237 // edited a role sitewide...
238 mark_context_dirty($sitecontext->path);
239 add_to_log(SITEID, 'role', 'edit', 'admin/roles/manage.php?action=edit&roleid='.$role->id, $role->name, '', $USER->id);
240
241 redirect('manage.php');
242 }
243
244 // edited a role sitewide - with errors, but still...
245 mark_context_dirty($sitecontext->path);
246 }
247
248 break;
249
250 case 'delete':
251 if (in_array($roleid, $defaultroles)) {
252 error('This role is used as one of the default system roles, it can not be deleted');
253 }
254 if ($confirm and data_submitted() and confirm_sesskey()) {
255 if (!delete_role($roleid)) {
256
257 // partially deleted a role sitewide...?
258 mark_context_dirty($sitecontext->path);
259
260 error('Could not delete role with ID '.$roleid);
261 }
262 // deleted a role sitewide...
263 mark_context_dirty($sitecontext->path);
264
265 } else if (confirm_sesskey()){
266 // show confirmation
267 admin_externalpage_print_header();
268 $optionsyes = array('action'=>'delete', 'roleid'=>$roleid, 'sesskey'=>sesskey(), 'confirm'=>1);
269 $a = new object();
270 $a->id = $roleid;
271 $a->name = $roles[$roleid]->name;
272 $a->shortname = $roles[$roleid]->shortname;
273 $a->count = (int)count_records('role_assignments', 'roleid', $roleid);
274 notice_yesno(get_string('deleterolesure', 'role', $a), 'manage.php', 'manage.php', $optionsyes, NULL, 'post', 'get');
275 admin_externalpage_print_footer();
276 die;
277 }
278
279 redirect('manage.php');
280 break;
281
282 case 'moveup':
283 if (array_key_exists($roleid, $roles) and confirm_sesskey()) {
284 $role = $roles[$roleid];
285 if ($role->sortorder > 0) {
286 $above = $roles[$rolesort[$role->sortorder - 1]];
287
288 if (!switch_roles($role, $above)) {
289 error("Cannot move role with ID $roleid");
290 }
291 }
292 }
293
294 redirect('manage.php');
295 break;
296
297 case 'movedown':
298 if (array_key_exists($roleid, $roles) and confirm_sesskey()) {
299 $role = $roles[$roleid];
300 if ($role->sortorder + 1 < $rolescount) {
301 $below = $roles[$rolesort[$role->sortorder + 1]];
302
303 if (!switch_roles($role, $below)) {
304 error("Cannot move role with ID $roleid");
305 }
306 }
307 }
308
309 redirect('manage.php');
310 break;
311
312 case 'duplicate':
313 if (!array_key_exists($roleid, $roles)) {
314 redirect('manage.php');
315 }
316
317 if ($confirm and data_submitted() and confirm_sesskey()) {
318 //ok - lets duplicate!
319 } else {
320 // show confirmation
321 admin_externalpage_print_header();
322 $optionsyes = array('action'=>'duplicate', 'roleid'=>$roleid, 'sesskey'=>sesskey(), 'confirm'=>1);
323 $optionsno = array('action'=>'view', 'roleid'=>$roleid);
324 $a = new object();
325 $a->id = $roleid;
326 $a->name = $roles[$roleid]->name;
327 $a->shortname = $roles[$roleid]->shortname;
328 notice_yesno(get_string('duplicaterolesure', 'role', $a), 'manage.php', 'manage.php', $optionsyes, $optionsno, 'post', 'get');
329 admin_externalpage_print_footer();
330 die;
331 }
332
333 // duplicate current role
334 $sourcerole = get_record('role','id',$roleid);
335
336 $fullname = $sourcerole->name;
337 $shortname = $sourcerole->shortname;
338 $currentfullname = "";
339 $currentshortname = "";
340 $counter = 0;
341
342 // find a name for the duplicated role
343 do {
344 if ($counter) {
345 $suffixfull = " ".get_string("copyasnoun")." ".$counter;
346 $suffixshort = "_".$counter;
347 } else {
348 $suffixfull = "";
349 $suffixshort = "";
350 }
351 $currentfullname = $fullname.$suffixfull;
352 // Limit the size of shortname - database column accepts <= 100 chars
353 $currentshortname = substr($shortname, 0, 100 - strlen($suffixshort)).$suffixshort;
354 $coursefull = get_record("role","name",addslashes($currentfullname));
355 $courseshort = get_record("role","shortname",addslashes($currentshortname));
356 $counter++;
357 } while ($coursefull || $courseshort);
358
359 $description = 'duplicate of '.$fullname;
360 if ($newrole = create_role($currentfullname, $currentshortname, $description)) {
361 // dupilcate all the capabilities
362 role_cap_duplicate($sourcerole, $newrole);
363
364 // dup'ed a role sitewide...
365 mark_context_dirty($sitecontext->path);
366
367 }
368 $rolename = get_field('role', 'name', 'id', $newrole);
369 add_to_log(SITEID, 'role', 'duplicate', 'admin/roles/manage.php?roleid='.$newrole.'&action=duplicate', $rolename, '', $USER->id);
370 redirect('manage.php');
371 break;
372
373 case 'reset':
374 if (!array_key_exists($roleid, $roles)) {
375 redirect('manage.php');
376 }
377
378 if ($confirm and data_submitted() and confirm_sesskey()) {
379 reset_role_capabilities($roleid);
380
381 // reset a role sitewide...
382 mark_context_dirty($sitecontext->path);
383
384 $rolename = get_field('role', 'name', 'id', $roleid);
385 add_to_log(SITEID, 'role', 'reset', 'admin/roles/manage.php?roleid='.$roleid.'&action=reset', $rolename, '', $USER->id);
386
387 redirect('manage.php?action=view&amp;roleid='.$roleid);
388
389 } else {
390 // show confirmation
391 admin_externalpage_print_header();
392 $optionsyes = array('action'=>'reset', 'roleid'=>$roleid, 'sesskey'=>sesskey(), 'confirm'=>1);
393 $optionsno = array('action'=>'view', 'roleid'=>$roleid);
394 $a = new object();
395 $a->id = $roleid;
396 $a->name = $roles[$roleid]->name;
397 $a->shortname = $roles[$roleid]->shortname;
398 $a->legacytype = get_legacy_type($roleid);
399 if (empty($a->legacytype)) {
400 $warning = get_string('resetrolesurenolegacy', 'role', $a);
401 } else {
402 $warning = get_string('resetrolesure', 'role', $a);
403 }
404 notice_yesno($warning, 'manage.php', 'manage.php', $optionsyes, $optionsno, 'post', 'get');
405 admin_externalpage_print_footer();
406 die;
407 }
408
409 break;
410
411 default:
412 break;
413 }
414
415 /// print UI now
416
417 admin_externalpage_print_header();
418
419 $currenttab = 'manage';
420 include_once('managetabs.php');
421
422 if (($roleid and ($action == 'view' or $action == 'edit')) or $action == 'add') { // view or edit role details
423
424 if ($action == 'add') {
425 $roleid = 0;
426 if (empty($errors) or empty($newrole)) {
427 $role = new object();
428 $role->name = '';
429 $role->shortname = '';
430 $role->description = '';
431 $role->legacytype = '';
432 } else {
433 $role = stripslashes_safe($newrole);
434 }
435 } else if ($action == 'edit' and !empty($errors) and !empty($newrole)) {
436 $role = stripslashes_safe($newrole);
437 } else {
438 if(!$role = get_record('role', 'id', $roleid)) {
439 error('Incorrect role ID!');
440 }
441 $role->legacytype = get_legacy_type($role->id);
442 }
443
444 foreach ($roles as $rolex) {
445 $roleoptions[$rolex->id] = strip_tags(format_string($rolex->name));
446 }
447
448 // this is the array holding capabilities of this role sorted till this context
449 $r_caps = role_context_capabilities($roleid, $sitecontext);
450
451 // this is the available capabilities assignable in this context
452 $capabilities = fetch_context_capabilities($sitecontext);
453
454 $usehtmleditor = can_use_html_editor();
455
456 switch ($action) {
457 case 'add':
458 print_heading_with_help(get_string('addrole', 'role'), 'roles');
459 break;
460 case 'view':
461 print_heading_with_help(get_string('viewrole', 'role'), 'roles');
462 break;
463 case 'edit':
464 print_heading_with_help(get_string('editrole', 'role'), 'roles');
465 break;
466 }
467
468 echo '<div class="selector">';
469 if ($action == 'view') {
470 popup_form('manage.php?action=view&amp;roleid=', $roleoptions, 'switchrole', $roleid, '', '', '',
471 false, 'self', get_string('selectrole', 'role'));
472
473 echo '<div class="buttons">';
474
475 $legacytype = get_legacy_type($roleid);
476 $options = array();
477 $options['roleid'] = $roleid;
478 $options['action'] = 'edit';
479 print_single_button('manage.php', $options, get_string('edit'));
480 $options['action'] = 'reset';
481 if (empty($legacytype)) {
482 print_single_button('manage.php', $options, get_string('resetrolenolegacy', 'role'));
483 } else {
484 print_single_button('manage.php', $options, get_string('resetrole', 'role'));
485 }
486 $options['action'] = 'duplicate';
487 print_single_button('manage.php', $options, get_string('duplicaterole', 'role'));
488 print_single_button('manage.php', null, get_string('listallroles', 'role'));
489 echo '</div>';
490 }
491 echo '</div>';
492
493 $lang = str_replace('_utf8', '', current_language());
494
495 print_simple_box_start('center');
496 include_once('manage.html');
497 print_simple_box_end();
498
499 if ($usehtmleditor) {
500 use_html_editor('description');
501 }
502
503 } else {
504
505 print_heading_with_help(get_string('roles', 'role'), 'roles');
506
507 $table = new object;
508
509 $table->tablealign = 'center';
510 $table->align = array('right', 'left', 'left', 'left');
511 $table->wrap = array('nowrap', '', 'nowrap','nowrap');
512 $table->cellpadding = 5;
513 $table->cellspacing = 0;
514 $table->width = '90%';
515 $table->data = array();
516
517 $table->head = array(get_string('name'),
518 get_string('description'),
519 get_string('shortname'),
520 get_string('edit'));
521
522 /*************************
523 * List all current roles *
524 **************************/
525
526 foreach ($roles as $role) {
527
528 $stredit = get_string('edit');
529 $strdelete = get_string('delete');
530 $strmoveup = get_string('moveup');
531 $strmovedown = get_string('movedown');
532
533 $row = array();
534 $row[0] = '<a href="manage.php?roleid='.$role->id.'&amp;action=view">'.format_string($role->name).'</a>';
535 $row[1] = format_text($role->description, FORMAT_HTML);
536 $row[2] = s($role->shortname);
537 $row[3] = '<a title="'.$stredit.'" href="manage.php?action=edit&amp;roleid='.$role->id.'">'.
538 '<img src="'.$CFG->pixpath.'/t/edit.gif" class="iconsmall" alt="'.$stredit.'" /></a> ';
539 if (in_array($role->id, $defaultroles)) {
540 $row[3] .= '<img src="'.$CFG->wwwroot.'/pix/spacer.gif" class="iconsmall" alt="" /> ';
541 } else {
542 $row[3] .= '<a title="'.$strdelete.'" href="manage.php?action=delete&amp;roleid='.$role->id.'&amp;sesskey='.sesskey().'">'.
543 '<img src="'.$CFG->pixpath.'/t/delete.gif" class="iconsmall" alt="'.$strdelete.'" /></a> ';
544 }
545 if ($role->sortorder != 0) {
546 $row[3] .= '<a title="'.$strmoveup.'" href="manage.php?action=moveup&amp;roleid='.$role->id.'&amp;sesskey='.sesskey().'">'.
547 '<img src="'.$CFG->pixpath.'/t/up.gif" class="iconsmall" alt="'.$strmoveup.'" /></a> ';
548 } else {
549 $row[3] .= '<img src="'.$CFG->wwwroot.'/pix/spacer.gif" class="iconsmall" alt="" /> ';
550 }
551 if ($role->sortorder+1 < $rolescount) {
552 $row[3] .= '<a title="'.$strmovedown.'" href="manage.php?action=movedown&amp;roleid='.$role->id.'&amp;sesskey='.sesskey().'">'.
553 '<img src="'.$CFG->pixpath.'/t/down.gif" class="iconsmall" alt="'.$strmovedown.'" /></a> ';
554 } else {
555 $row[3] .= '<img src="'.$CFG->wwwroot.'/pix/spacer.gif" class="iconsmall" alt="" /> ';
556 }
557
558 $table->data[] = $row;
559
560 }
561 print_table($table);
562
563 $options = new object();
564 $options->action = 'add';
565 echo '<div class="buttons">';
566 print_single_button('manage.php', $options, get_string('addrole', 'role'), 'get');
567 echo '</div>';
568 }
569
570 admin_externalpage_print_footer();
571 die;
572
573
574
575 ?>
Moodle Repo, with LinuxChix modifications