| blob | 7bc3f9ad1d23f86da649a8e80f5ab7be168fbb30 |
3 ///////////////////////////////////////////////////////////////////////////
4 // //
5 // NOTICE OF COPYRIGHT //
6 // //
7 // Moodle - Modular Object-Oriented Dynamic Learning Environment //
8 // http://moodle.org //
9 // //
10 // Copyright (C) 1999-2004 Martin Dougiamas http://dougiamas.com //
11 // //
12 // This program is free software; you can redistribute it and/or modify //
13 // it under the terms of the GNU General Public License as published by //
14 // the Free Software Foundation; either version 2 of the License, or //
15 // (at your option) any later version. //
16 // //
17 // This program is distributed in the hope that it will be useful, //
18 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
19 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
20 // GNU General Public License for more details: //
21 // //
22 // http://www.gnu.org/copyleft/gpl.html //
23 // //
24 ///////////////////////////////////////////////////////////////////////////
26 /**
27 * Capability session information format
28 * 2 x 2 array
29 * [context][capability]
30 * where context is the context id of the table 'context'
31 * and capability is a string defining the capability
32 * e.g.
33 *
34 * [Capabilities] => [26][mod/forum:viewpost] = 1
35 * [26][mod/forum:startdiscussion] = -8990
36 * [26][mod/forum:editallpost] = -1
37 * [273][moodle:blahblah] = 1
38 * [273][moodle:blahblahblah] = 2
39 */
43 // permission definitions
49 // context definitions
59 // capability risks - see http://docs.moodle.org/en/Hardening_new_Roles_system
68 $context_cache = array(); // Cache of all used context objects for performance (by level and instance)
73 //this is really slow!!!! - do not use above course context level!
77 // first emulate the parent context capabilities merging into context
81 if ($capabilities = get_records_select('role_capabilities', "roleid = $roleid AND contextid = $cid")) {
85 }
87 }
88 }
89 }
91 // now go through the contexts bellow given context
94 if ($capabilities = get_records_select('role_capabilities', "roleid = $roleid AND contextid = $cid")) {
98 }
100 }
101 }
102 }
105 }
113 }
115 }
116 }
118 }
123 }
127 }
132 }
136 }
138 }
139 }
141 }
143 /**
144 * Loads the capabilities for the default guest role to the current user in a
145 * specific context.
146 * @return object
147 */
156 }
157 }
165 }
166 }
168 /**
169 * Load default not logged in role capabilities when user is not logged in
170 * @return bool
171 */
177 }
184 }
185 }
193 }
194 }
196 /**
197 * Load default logged in role capabilities for all logged in users
198 * @return bool
199 */
205 }
212 }
213 }
217 // fix the guest user heritage:
218 // If the default role is a guest role, then don't copy legacy:guest,
219 // otherwise this user could get confused with a REAL guest. Also don't copy
220 // course:view, which is a hack that's necessary because guest roles are
221 // not really handled properly (see MDL-7513)
225 }
233 }
234 }
237 /**
238 * Get the default guest role
239 * @return object role
240 */
252 }
257 //somebody is messing with guest roles, remove incorrect setting and try to find a new one
260 }
261 }
262 }
265 /**
266 * This functions get all the course categories in proper order
267 * (!)note this only gets course category contexts, and not the site
268 * context
269 * @param object $context
270 * @param int $type
271 * @return array of contextids
272 */
278 // a category can be the parent of another category
279 // there is no limit of depth in this case
283 }
288 }
291 }
294 // a course always fall into a category, unless it's a site course
295 // this happens when SITEID == $course->id
296 // in this case the parent of the course is site context
300 }
303 }
309 }
310 // Yu: Separating site and site course context
313 }
318 }
321 }
326 }
328 }
332 /**
333 * This function checks for a capability assertion being true. If it isn't
334 * then the page is terminated neatly with a standard error message
335 * @param string $capability - name of the capability
336 * @param object $context - a context object (record from context table)
337 * @param integer $userid - a userid number
338 * @param bool $doanything - if false, ignore do anything
339 * @param string $errorstring - an errorstring
340 * @param string $stringfile - which stringfile to get it from
341 */
347 /// If the current user is not logged in, then make sure they are (if needed)
356 }
361 }
365 }
369 }
370 }
372 /// OK, if they still don't have the capability then print a nice error message
377 }
378 }
381 /**
382 * This function returns whether the current user has the capability of performing a function
383 * For example, we can do has_capability('mod/forum:replypost',$context) in forum
384 * This is a recursive function.
385 * @uses $USER
386 * @param string $capability - name of the capability (or debugcache or clearcache)
387 * @param object $context - a context object (record from context table)
388 * @param integer $userid - a userid number
389 * @param bool $doanything - if false, ignore do anything
390 * @return bool
391 */
399 /// Cache management
404 }
406 /// Some sanity checks
411 }
414 }
416 debugging('Capability parameter "doanything" is wierd ("'.$doanything.'"). This should be fixed in code.');
417 }
419 debugging('Incorrect context parameter "'.$context.'" for has_capability(), object expected! This should be fixed in code.');
420 }
421 }
423 /// Make sure we know the current context
429 }
433 }
434 }
436 /// Check and return cache in case we've processed this one before.
437 $requsteduser = empty($userid) ? $USER->id : $userid; // find out the requested user id, $USER->id might have been changed
442 }
445 /// Load up the capabilities list or item as necessary
449 //caching - helps user switching in cron
456 }
461 }
465 // This big SQL is expensive! We reduce it a little by avoiding checking for changed enrolments (false)
469 }
471 }
475 }
480 }
483 }
485 /// We act a little differently when switchroles is active
490 /// First deal with the "doanything" capability
494 /// First make sure that we aren't in a "switched role"
505 }
506 }
507 }
508 }
509 }
511 /// Check the site context for doanything (most common) first
519 }
520 }
521 /// If it's not set at site level, it is possible to be set on other levels
522 /// Though this usage is not common and can cause risks
526 // Check parent cats.
533 }
534 }
538 // Check parent cat.
546 }
547 }
551 // Find course.
561 }
562 }
569 }
574 // Find course.
584 }
585 }
586 }
592 }
597 // not necessarily 1 to 1 to course.
608 }
609 }
615 }
621 }
622 }
626 // CONTEXT_SYSTEM: CONTEXT_PERSONAL: CONTEXT_USER:
627 // Do nothing, because the parents are site context
628 // which has been checked already
630 }
632 // Last: check self.
637 }
638 }
639 // do_anything has not been set, we now look for it the normal way.
644 }
647 /**
648 * In a separate function so that we won't have to deal with do_anything.
649 * again. Used by function has_capability().
650 * @param $capability - capability string
651 * @param $context - the context object
652 * @param $capabilities - either $USER->capability or loaded array (for other users)
653 * @return permission (int)
654 */
661 }
662 // if already set in the array explicitly, no need to look for it in parent
663 // context any longer
666 }
668 /* Then, we check the cache recursively */
693 }
699 // find the course cat, and return its value
705 }
707 }
728 }
735 }
738 }
740 /**
741 * auxillary function for load_user_capabilities()
742 * checks if context c1 is a parent (or itself) of context c2
743 * @param int $c1 - context id of context 1
744 * @param int $c2 - context id of context 2
745 * @return bool
746 */
750 // context can be itself and this is ok
753 }
754 // hit in cache?
757 }
761 }
765 }
769 }
776 }
777 }
780 /**
781 * auxillary function for load_user_capabilities()
782 * handler in usort() to sort contexts according to level
783 * @param object contexta
784 * @param object contextb
785 * @return int
786 */
790 }
792 }
794 /**
795 * It will build an array of all the capabilities at each level
796 * i.e. site/metacourse/course_category/course/moduleinstance
797 * Note we should only load capabilities if they are explicitly assigned already,
798 * we should not load all module's capability!
799 *
800 * [Capabilities] => [26][forum_post] = 1
801 * [26][forum_start] = -8990
802 * [26][forum_edit] = -1
803 * [273][blah blah] = 1
804 * [273][blah blah blah] = 2
805 *
806 * @param $capability string - Only get a specific capability (string)
807 * @param $context object - Only get capabilities for a specific context object
808 * @param $userid integer - the id of the user whose capabilities we want to load
809 * @param $checkenrolments boolean - Should we check enrolment plugins (potentially expensive)
810 * @return array of permissions (or nothing if they get assigned to $USER)
811 */
812 function load_user_capability($capability='', $context=NULL, $userid=NULL, $checkenrolments=true) {
816 // this flag has not been set!
817 // (not clean install, or upgraded successfully to 1.7 and up)
820 }
826 }
831 }
839 }
843 }
846 }
849 /// First we generate a list of all relevant contexts of the user
861 }
862 }
863 }
864 }
866 /// Set up SQL fragments for searching contexts
873 }
876 // the doanything may override the requested capability
877 $capsearch = " AND (rc.capability = '$capability' OR rc.capability = 'moodle/site:doanything') ";
880 }
882 /// Then we use 1 giant SQL to bring out all relevant capabilities.
883 /// The first part gets the capabilities of orginal role.
884 /// The second part gets the capabilities of overriden roles.
889 // SQL for normal capabilities
890 $SQL1 = "SELECT rc.capability, c1.id as id1, c1.id as id2, (c1.contextlevel * 100) AS aggrlevel,
891 SUM(rc.permission) AS sum
892 FROM
896 WHERE
897 ra.contextid=c1.id AND
898 ra.roleid=rc.roleid AND
900 $searchcontexts1
902 $capsearch
903 GROUP BY
904 rc.capability, c1.id, c1.contextlevel * 100
905 HAVING
906 SUM(rc.permission) != 0
908 UNION ALL
910 SELECT rc.capability, c1.id as id1, c2.id as id2, (c1.contextlevel * 100 + c2.contextlevel) AS aggrlevel,
911 SUM(rc.permission) AS sum
912 FROM
918 WHERE
920 $searchcontexts1
922 $capsearch
923 GROUP BY
924 rc.capability, c1.id, c2.id, c1.contextlevel * 100 + c2.contextlevel
925 HAVING
926 SUM(rc.permission) != 0
927 ORDER BY
932 }
944 }
945 }
947 }
949 }
951 // SQL for overrides
952 // this is take out because we have no way of making sure c1 is indeed related to c2 (parent)
953 // if we do not group by sum, it is possible to have multiple records of rc.capability, c1.id, c2.id, tuple having
954 // different values, we can maually sum it when we go through the list
956 /*
958 $SQL2 = "SELECT rc.capability, c1.id as id1, c2.id as id2, (c1.contextlevel * 100 + c2.contextlevel) AS aggrlevel,
959 rc.permission AS sum
960 FROM
961 {$CFG->prefix}role_assignments ra,
962 {$CFG->prefix}role_capabilities rc,
963 {$CFG->prefix}context c1,
964 {$CFG->prefix}context c2
965 WHERE
966 ra.contextid=c1.id AND
967 ra.roleid=rc.roleid AND
968 ra.userid=$userid AND
969 rc.contextid=c2.id AND
970 $searchcontexts1
971 rc.contextid != $siteinstance->id
972 $capsearch
974 GROUP BY
975 rc.capability, (c1.contextlevel * 100 + c2.contextlevel), c1.id, c2.id, rc.permission
976 ORDER BY
977 aggrlevel ASC
978 ";*/
980 /*
981 if (!$rs = get_recordset_sql($SQL2)) {
982 error("Query failed in load_user_capability.");
983 }
985 if ($rs && $rs->RecordCount() > 0) {
986 while ($caprec = rs_fetch_next_record($rs)) {
987 $array = (array)$caprec;
988 $temprecord = new object;
990 foreach ($array as $key=>$val) {
991 if ($key == 'aggrlevel') {
992 $temprecord->contextlevel = $val;
993 } else {
994 $temprecord->{$key} = $val;
995 }
996 }
997 // for overrides, we have to make sure that context2 is a child of context1
998 // otherwise the combination makes no sense
999 //if (is_parent_context($temprecord->id1, $temprecord->id2)) {
1000 $capabilities[] = $temprecord;
1001 //} // only write if relevant
1002 }
1003 rs_close($rs);
1004 }
1006 // this step sorts capabilities according to the contextlevel
1007 // it is very important because the order matters when we
1008 // go through each capabilities later. (i.e. higher level contextlevel
1009 // will override lower contextlevel settings
1010 usort($capabilities, 'roles_context_cmp');
1011 */
1012 /* so up to this point we should have somethign like this
1013 * $capabilities[1] ->contextlevel = 1000
1014 ->module = 0 // changed from SITEID in 1.8 (??)
1015 ->capability = do_anything
1016 ->id = 1 (id is the context id)
1017 ->sum = 0
1019 * $capabilities[2] ->contextlevel = 1000
1020 ->module = 0 // changed from SITEID in 1.8 (??)
1021 ->capability = post_messages
1022 ->id = 1
1023 ->sum = -9000
1025 * $capabilittes[3] ->contextlevel = 3000
1026 ->module = course
1027 ->capability = view_course_activities
1028 ->id = 25
1029 ->sum = 1
1031 * $capabilittes[4] ->contextlevel = 3000
1032 ->module = course
1033 ->capability = view_course_activities
1034 ->id = 26
1035 ->sum = 0 (this is another course)
1037 * $capabilities[5] ->contextlevel = 3050
1038 ->module = course
1039 ->capability = view_course_activities
1040 ->id = 25 (override in course 25)
1041 ->sum = -1
1042 * ....
1043 * now we proceed to write the session array, going from top to bottom
1044 * at anypoint, we need to go up and check parent to look for prohibit
1045 */
1046 // print_object($capabilities);
1048 /* This is where we write to the actualy capabilities array
1049 * what we need to do from here on is
1050 * going down the array from lowest level to highest level
1051 * 1) recursively check for prohibit,
1052 * if any, we write prohibit
1053 * else, we write the value
1054 * 2) at an override level, we overwrite current level
1055 * if it's not set to prohibit already, and if different
1056 * ........ that should be it ........
1057 */
1059 // This is the flag used for detecting the current context level. Since we are going through
1060 // the array in ascending order of context level. For normal capabilities, there should only
1061 // be 1 value per (capability, contextlevel, context), because they are already summed. But,
1062 // for overrides, since we are processing them separate, we need to sum the relevcant entries.
1063 // We set this flag when we hit a new level.
1064 // If the flag is already set, we keep adding (summing), otherwise, we just override previous
1065 // settings (from lower level contexts)
1072 }
1074 if (!empty($otheruserid)) { // we are pulling out other user's capabilities, do not write to session
1079 }
1080 if (isset($usercap[$capability->id2][$capability->capability])) { // use isset because it can be sum 0
1086 }
1090 }
1094 if (capability_prohibits($capability->capability, $context, $capability->sum)) { // if any parent or parent's parent is set to prohibit
1097 }
1099 // if no parental prohibit set
1100 // just write to session, i am not sure this is correct yet
1101 // since 3050 shows up after 3000, and 3070 shows up after 3050,
1102 // it should be ok just to overwrite like this, provided that there's no
1103 // parental prohibits
1104 // we need to write even if it's 0, because it could be an inherit override
1111 }
1115 }
1116 }
1117 }
1119 // now we don't care about the huge array anymore, we can dispose it.
1125 }
1126 }
1129 /**
1130 * A convenience function to completely load all the capabilities
1131 * for the current user. This is what gets called from login, for example.
1132 */
1136 //caching - helps user switching in cron
1147 }
1151 // when in "course login as" - load only course caqpabilitites (it may not always work as expected)
1158 }
1159 }
1160 }
1162 // handle role switching in courses
1167 // first prune context and any child contexts
1171 }
1174 // now merge all switched role caps in context and bellow
1177 }
1178 }
1184 }
1188 }
1189 }
1192 /**
1193 * Check all the login enrolment information for the given user object
1194 * by querying the enrolment plugins
1195 */
1203 }
1211 }
1215 if (method_exists($enrol, 'setup_enrolments')) { /// Plugin supports Roles (Moodle 1.7 and later)
1220 }
1223 }
1225 /// deal with $user->students and $user->teachers stuff
1228 }
1230 }
1233 }
1236 /**
1237 * This is a recursive function that checks whether the capability in this
1238 * context, or the parent capabilities are set to prohibit.
1239 *
1240 * At this point, we can probably just use the values already set in the
1241 * session variable, since we are going down the level. Any prohit set in
1242 * parents would already reflect in the session.
1243 *
1244 * @param $capability - capability name
1245 * @param $sum - sum of all capabilities values
1246 * @param $context - the context object
1247 * @param $array - when loading another user caps, their caps are not stored in session but an array
1248 */
1252 // caching, mainly to save unnecessary sqls
1256 }
1261 }
1266 }
1269 // If this capability is set to prohibit.
1272 }
1279 }
1281 // Else if set in session.
1286 }
1287 }
1291 // By now it's a definite an inherit.
1308 // Coursecat -> coursecat or site.
1312 }
1314 // return parent value if exist.
1317 // Return site value.
1319 }
1325 // 1 to 1 to course cat.
1326 // Find the course cat, and return its value.
1330 }
1331 // Yu: Separating site and site course context
1336 }
1342 // 1 to 1 to course.
1346 }
1353 // 1 to 1 to course.
1357 }
1364 // 1 to 1 to course.
1368 }
1373 }
1381 }
1382 }
1385 /**
1386 * A print form function. This should either grab all the capabilities from
1387 * files or a central table for that particular module instance, then present
1388 * them in check boxes. Only relevant capabilities should print for known
1389 * context.
1390 * @param $mod - module id of the mod
1391 */
1398 // We are in a module specific context.
1400 // Get the mod's name.
1401 // Call the function that grabs the file and parse.
1406 // Print all capabilities.
1408 // Prints the check box component.
1409 }
1410 }
1411 }
1414 /**
1415 * Installs the roles system.
1416 * This function runs on a fresh install as well as on an upgrade from the old
1417 * hard-coded student/teacher/admin etc. roles to the new roles system.
1418 */
1423 /// Create a system wide context for assignemnt.
1427 /// Create default/legacy roles and capabilities.
1428 /// (1 legacy capability per legacy role at system level).
1434 $editteacherrole = create_role(addslashes(get_string('defaultcourseteacher')), 'editingteacher',
1445 /// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles
1449 }
1452 }
1454 /// Look inside user_admin, user_creator, user_teachers, user_students and
1455 /// assign above new roles. If a user has both teacher and student role,
1456 /// only teacher role is assigned. The assignment should be system level.
1460 /// Set up the progress bar
1468 }
1469 }
1473 /// Upgrade the admins.
1474 /// Sort using id ASC, first one is primary admin.
1482 }
1484 }
1486 // This is a fresh install.
1487 }
1490 /// Upgrade course creators.
1497 }
1499 }
1500 }
1503 /// Upgrade editting teachers and non-editting teachers.
1508 // removed code here to ignore site level assignments
1509 // since the contexts are separated now
1511 // populate the user_lastaccess table
1518 // assign the default student role
1520 // hidden teacher
1525 }
1530 role_assign($noneditteacherrole, $teacher->userid, 0, $coursecontext->id, 0, 0, $hiddenteacher);
1531 }
1534 }
1536 }
1537 }
1540 /// Upgrade students.
1545 // populate the user_lastaccess table
1552 // assign the default student role
1557 }
1559 }
1560 }
1563 /// Upgrade guest (only 1 entry).
1566 }
1570 /// Insert the correct records for legacy roles
1587 /// Set up default permissions for overrides
1597 /// Delete the old user tables when we are done
1604 }
1606 /**
1607 * Returns array of all legacy roles.
1608 */
1618 );
1619 }
1629 //choose first selected legacy capability - reset the rest
1634 }
1635 }
1636 }
1639 }
1641 /**
1642 * Assign the defaults found in this capabality definition to roles that have
1643 * the corresponding legacy capabilities assigned to them.
1644 * @param $legacyperms - an array in the format (example):
1645 * 'guest' => CAP_PREVENT,
1646 * 'student' => CAP_ALLOW,
1647 * 'teacher' => CAP_ALLOW,
1648 * 'editingteacher' => CAP_ALLOW,
1649 * 'coursecreator' => CAP_ALLOW,
1650 * 'admin' => CAP_ALLOW
1651 * @return boolean - success or failure.
1652 */
1663 }
1667 // Assign a site level capability.
1670 }
1671 }
1672 }
1673 }
1675 }
1678 /**
1679 * Checks to see if a capability is a legacy capability.
1680 * @param $capabilityname
1681 * @return boolean
1682 */
1688 }
1689 }
1693 /**********************************
1694 * Context Manipulation functions *
1695 **********************************/
1697 /**
1698 * Create a new context record for use by all roles-related stuff
1699 * @param $level
1700 * @param $instanceid
1701 *
1702 * @return object newly created context (or existing one with a debug warning)
1703 */
1707 debugging('Error: Invalid context creation request for level "'.s($contextlevel).'", instance "'.s($instanceid).'".');
1709 }
1713 }
1721 debugging('Error: could not insert new context level "'.s($contextlevel).'", instance "'.s($instanceid).'".');
1723 }
1725 debugging('Warning: Context id "'.s($context->id).'" not created, because it already exists.');
1727 }
1728 }
1730 /**
1731 * This hacky function is needed because we can not change system context instanceid using normal upgrade routine.
1732 */
1735 // we are going to change instanceid of system context to 0 now
1738 //context rel not affected
1746 // we need not to populate context_rel for system context
1751 }
1752 }
1753 }
1754 /**
1755 * Create a new context record for use by all roles-related stuff
1756 * @param $level
1757 * @param $instanceid
1758 *
1759 * @return true if properly deleted
1760 */
1768 }
1770 }
1772 /**
1773 * Validate that object with instanceid really exists in given context level.
1774 *
1775 * return if instanceid object exists
1776 */
1792 }
1809 }
1810 }
1812 /**
1813 * Get the context instance as an object. This function will create the
1814 * context instance if it does not exist yet.
1815 * @param integer $level The context level, for example CONTEXT_COURSE, or CONTEXT_MODULE.
1816 * @param integer $instance The instance id. For $level = CONTEXT_COURSE, this would be $course->id,
1817 * for $level = CONTEXT_MODULE, this would be $cm->id. And so on.
1818 * @return object The context object.
1819 */
1823 static $allowed_contexts = array(CONTEXT_SYSTEM, CONTEXT_PERSONAL, CONTEXT_USER, CONTEXT_COURSECAT, CONTEXT_COURSE, CONTEXT_GROUP, CONTEXT_MODULE, CONTEXT_BLOCK);
1825 // Yu: Separating site and site course context - removed CONTEXT_COURSE override when SITEID
1827 // fix for MDL-9016
1829 // Clear ALL cache
1834 }
1836 /// If no level is supplied then return the current global context if there is one
1839 //fatal error, code must be fixed
1843 }
1844 }
1846 /// Backwards compatibility with obsoleted (CONTEXT_SYSTEM, SITEID)
1849 }
1851 /// check allowed context levels
1853 // fatal error, code must be fixed - probably typo or switched parameters
1854 error('Error: get_context_instance() called with incorrect context level "'.s($contextlevel).'"');
1855 }
1857 /// Check the cache
1860 }
1862 /// Get it from the database, or create it
1863 if (!$context = get_record('context', 'contextlevel', $contextlevel, 'instanceid', $instance)) {
1866 }
1868 /// Only add to cache if context isn't empty.
1872 }
1875 }
1878 /**
1879 * Get a context instance as an object, from a given context id.
1880 * @param $id a context id.
1881 * @return object The context object.
1882 */
1889 }
1895 }
1898 }
1901 /**
1902 * Get the local override (if any) for a given capability in a role in a context
1903 * @param $roleid
1904 * @param $contextid
1905 * @param $capability
1906 */
1908 return get_record('role_capabilities', 'roleid', $roleid, 'capability', $capability, 'contextid', $contextid);
1909 }
1913 /************************************
1914 * DB TABLE RELATED FUNCTIONS *
1915 ************************************/
1917 /**
1918 * function that creates a role
1919 * @param name - role name
1920 * @param shortname - role short name
1921 * @param description - role description
1922 * @param legacy - optional legacy capability
1923 * @return id or false
1924 */
1927 // check for duplicate role name
1931 }
1935 }
1942 //find free sortorder number
1946 }
1950 }
1955 }
1957 /// By default, users with role:manage at site level
1958 /// should be able to assign users to this new role, and override this new role's capabilities
1960 // find all admin roles
1962 // foreach admin role
1964 // write allow_assign and allow_overrid
1967 }
1968 }
1973 }
1975 }
1977 /**
1978 * function that deletes a role and cleanups up after it
1979 * @param roleid - id of role to delete
1980 * @return success
1981 */
1986 // mdl 10149, check if this is the last active admin role
1987 // if we make the admin role not deletable then this part can go
1992 if (record_exists('role_capabilities', 'contextid', $systemcontext->id, 'roleid', $roleid, 'capability', 'moodle/site:doanything')) {
1993 // deleting an admin role
1995 if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext)) {
1998 // some other admin role
1999 if (record_exists('role_assignments', 'roleid', $adminrole->id, 'contextid', $systemcontext->id)) {
2000 // found another admin role with at least 1 user assigned
2003 }
2004 }
2005 }
2006 }
2008 error ('You can not delete this role because there is no other admin roles with users assigned');
2009 }
2010 }
2011 }
2013 // first unssign all users
2017 }
2019 // cleanup all references to this role, ignore errors
2022 // MDL-10679 find all contexts where this role has an override
2029 // MDL-10679, delete from context_rel if this role holds the last override in these contexts
2034 }
2035 }
2036 }
2043 }
2045 // finally delete the role itself
2049 }
2052 }
2054 /**
2055 * Function to write context specific overrides, or default capabilities.
2056 * @param module - string name
2057 * @param capability - string name
2058 * @param contextid - context id
2059 * @param roleid - role id
2060 * @param permission - int 1,-1 or -1000
2061 * should not be writing if permission is 0
2062 */
2070 }
2072 $existing = get_record('role_capabilities', 'contextid', $contextid, 'roleid', $roleid, 'capability', $capability);
2076 }
2091 /// MDL-10679 insert context rel here
2094 }
2095 }
2098 /**
2099 * Unassign a capability from a role.
2100 * @param $roleid - the role id
2101 * @param $capability - the name of the capability
2102 * @return boolean - success or failure
2103 */
2107 // delete from context rel, if this is the last override in this context
2111 // MDL-10679, if this is no more overrides for this context
2112 // delete entries from context where this context is a child
2115 }
2118 // There is no need to delete from context_rel here because
2119 // this is only used for legacy, for now
2122 }
2124 }
2127 /**
2128 * Get the roles that have a given capability assigned to it. This function
2129 * does not resolve the actual permission of the capability. It just checks
2130 * for assignment only.
2131 * @param $capability - capability name (string)
2132 * @param $permission - optional, the permission defined for this capability
2133 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT
2134 * @return array or role objects
2135 */
2146 }
2150 }
2160 }
2162 }
2165 /**
2166 * This function makes a role-assignment (a role for a user or group in a particular context)
2167 * @param $roleid - the role of the id
2168 * @param $userid - userid
2169 * @param $groupid - group id
2170 * @param $contextid - id of the context
2171 * @param $timestart - time this assignment becomes effective
2172 * @param $timeend - time this assignemnt ceases to be effective
2173 * @uses $USER
2174 * @return id - new id of the assigment
2175 */
2176 function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $timeend=0, $hidden=0, $enrol='manual',$timemodified='') {
2181 /// Do some data validation
2186 }
2191 }
2196 }
2201 }
2206 }
2211 }
2215 }
2217 /// Check for existing entry
2219 $ra = get_record('role_assignments', 'roleid', $roleid, 'contextid', $context->id, 'userid', $userid);
2221 $ra = get_record('role_assignments', 'roleid', $roleid, 'contextid', $context->id, 'groupid', $groupid);
2222 }
2233 /// Always round timestart downto 100 secs to help DBs to use their own caching algorithms
2234 /// by repeating queries with the same exact parameters in a 100 secs time window
2247 /// Always round timestart downto 100 secs to help DBs to use their own caching algorithms
2248 /// by repeating queries with the same exact parameters in a 100 secs time window
2255 }
2259 /// If the user is the current user, then reload the capabilities too.
2262 }
2264 /// Ask all the modules if anything needs to be done for this user
2271 }
2272 }
2273 }
2275 /// Make sure they have an entry in user_lastaccess for courses they can access
2276 // role_add_lastaccess_entries($userid, $context);
2277 }
2279 /// now handle metacourse role assignments if in course context
2284 }
2285 }
2286 }
2289 }
2292 /**
2293 * Deletes one or more role assignments. You must specify at least one parameter.
2294 * @param $roleid
2295 * @param $userid
2296 * @param $groupid
2297 * @param $contextid
2298 * @param $enrol unassign only if enrolment type matches, NULL means anything
2299 * @return boolean - success or failure
2300 */
2312 }
2313 }
2316 }
2322 /// infinite loop protection when deleting recursively
2325 }
2328 /// If the user is the current user, then reload the capabilities too.
2331 }
2334 /// Ask all the modules if anything needs to be done for this user
2339 $functionname($ra->userid, $context); // watch out, $context might be NULL if something goes wrong
2340 }
2341 }
2343 /// now handle metacourse role unassigment and removing from goups if in course context
2346 // cleanup leftover course groups/subscriptions etc when user has
2347 // no capability to view course
2348 // this may be slow, but this is the proper way of doing it
2350 // remove from groups
2354 }
2355 }
2357 // delete lastaccess records
2359 }
2361 //unassign roles in metacourses if needed
2365 }
2366 }
2367 }
2368 }
2369 }
2370 }
2373 }
2375 /**
2376 * A convenience function to take care of the common case where you
2377 * just want to enrol someone using the default role into a course
2378 *
2379 * @param object $course
2380 * @param object $user
2381 * @param string $enrol - the plugin used to do this enrolment
2382 */
2386 // remove time part from the timestamp and keep only the date part
2387 $timestart = make_timestamp(date('Y', $timestart), date('m', $timestart), date('d', $timestart), 0, 0, 0);
2392 }
2400 }
2407 }
2410 }
2412 /**
2413 * Add last access times to user_lastaccess as required
2414 * @param $userid
2415 * @param $context
2416 * @return boolean - success or failure
2417 */
2424 }
2437 }
2438 }
2446 }
2447 }
2452 }
2453 }
2461 }
2463 }
2464 }
2466 /**
2467 * Delete last access times from user_lastaccess as required
2468 * @param $userid
2469 * @param $context
2470 * @return boolean - success or failure
2471 */
2476 }
2479 /**
2480 * Loads the capability definitions for the component (from file). If no
2481 * capabilities are defined for the component, we simply return an empty array.
2482 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2483 * @return array of capabilities
2484 */
2495 // Blocks are an exception. Blocks directory is 'blocks', and not
2496 // 'block'. So we need to jump through hoops.
2502 // Similar to the above, course formats are 'format' while they
2503 // are stored in 'course/format'.
2522 }
2523 }
2529 }
2531 }
2534 /**
2535 * Gets the capabilities that have been cached in the database for this
2536 * component.
2537 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2538 * @return array of capabilities
2539 */
2547 }
2549 }
2551 /**
2552 * Returns default capabilities for given legacy role type.
2553 *
2554 * @param string legacy role name
2555 * @return array
2556 */
2560 }
2568 }
2569 }
2573 }
2574 }
2576 //some exceptions
2580 }
2582 }
2584 /**
2585 * Reset role capabilitites to default according to selected legacy capability.
2586 * If several legacy caps selected, use the first from get_default_capabilities.
2587 * If no legacy selected, removes all capabilities.
2588 *
2589 * @param int @roleid
2590 */
2599 //choose first selected legacy capability
2602 }
2603 }
2609 }
2610 }
2611 }
2613 /**
2614 * Updates the capabilities table with the component capability definitions.
2615 * If no parameters are given, the function updates the core moodle
2616 * capabilities.
2617 *
2618 * Note that the absence of the db/access.php capabilities definition file
2619 * will cause any stored capabilities for the component to be removed from
2620 * the database.
2621 *
2622 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2623 * @return boolean
2624 */
2634 // update risk bitmasks and context levels in existing capabilities if needed
2638 }
2645 }
2646 }
2650 }
2657 }
2658 }
2659 }
2660 }
2661 }
2663 // Are there new capabilities in the file definition?
2671 }
2673 }
2674 }
2675 // Add new capabilities to the stored definition.
2686 }
2689 if (isset($capdef['clonepermissionsfrom']) && in_array($capdef['clonepermissionsfrom'], $storedcaps)){
2690 if ($rolecapabilities = get_records('role_capabilities', 'capability', $capdef['clonepermissionsfrom'])){
2692 //assign_capability will update rather than insert if capability exists
2696 }
2697 }
2698 }
2699 // Do we need to assign the new capabilities to roles that have the
2700 // legacy capabilities moodle/legacy:* as well?
2701 // we ignore legacy key if we have cloned permissions
2705 }
2706 }
2707 // Are there any capabilities that have been removed from the file
2708 // definition that we need to delete from the stored capabilities and
2709 // role assignments?
2713 }
2716 /**
2717 * Deletes cached capabilities that are no longer needed by the component.
2718 * Also unassigns these capabilities from any roles that have them.
2719 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2720 * @param $newcapdef - array of the new capability definitions that will be
2721 * compared with the cached capabilities
2722 * @return int - number of deprecated capabilities that have been removed
2723 */
2733 // Remove from capabilities cache.
2738 }
2739 // Delete from roles.
2745 }
2746 }
2747 }
2749 }
2750 }
2752 }
2756 /****************
2757 * UI FUNCTIONS *
2758 ****************/
2761 /**
2762 * prints human readable context identifier.
2763 */
2781 }
2783 }
2790 }
2792 }
2802 }
2803 }
2808 }
2810 }
2817 }
2818 }
2827 }
2829 }
2830 }
2831 }
2844 }
2846 }
2847 }
2848 }
2855 }
2857 }
2860 /**
2861 * Extracts the relevant capabilities given a contextid.
2862 * All case based, example an instance of forum context.
2863 * Will fetch all forum related capabilities, while course contexts
2864 * Will fetch all capabilities
2865 * @param object context
2866 * @return array();
2867 *
2868 * capabilities
2869 * `name` varchar(150) NOT NULL,
2870 * `captype` varchar(50) NOT NULL,
2871 * `contextlevel` int(10) NOT NULL,
2872 * `component` varchar(100) NOT NULL,
2873 */
2925 }
2929 }
2931 /// the rest of code is a bit hacky, think twice before modifying it :-(
2933 // special sorting of core system capabiltites and enrollments
2934 if (in_array($context->contextlevel, array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE))) {
2942 }
2943 }
2946 }
2950 }
2954 }
2957 /**
2958 * Gets the context-independent capabilities that should be overrridable in
2959 * any context.
2960 * @return array of capability records from the capabilities table.
2961 */
2964 //only CONTEXT_SYSTEM capabilities here or it will break the hack in fetch_context_capabilities()
2966 'moodle/site:accessallgroups'
2967 );
2974 }
2976 }
2979 /**
2980 * This function pulls out all the resolved capabilities (overrides and
2981 * defaults) of a role used in capability overrides in contexts at a given
2982 * context.
2983 * @param obj $context
2984 * @param int $roleid
2985 * @param bool self - if set to true, resolve till this level, else stop at immediate parent level
2986 * @return array
2987 */
2999 }
3007 ORDER BY c.contextlevel DESC,
3013 // We are traversing via reverse order.
3015 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
3018 }
3019 }
3020 }
3022 }
3024 /**
3025 * Recursive function which, given a context, find all parent context ids,
3026 * and return the array in reverse order, i.e. parent first, then grand
3027 * parent, etc.
3028 * @param object $context
3029 * @return array()
3030 */
3036 }
3051 }
3061 }
3067 }
3078 }
3084 }
3090 // Yu: Separating site and site course context
3095 }
3101 }
3108 }
3114 }
3121 }
3127 }
3128 // fix for MDL-9656, block parents are not necessarily courses
3133 }
3141 }
3147 }
3148 }
3151 /**
3152 * Recursive function which, given a context, find all its children context ids.
3153 * @param object $context.
3154 * @return array of children context ids.
3155 */
3164 // No children.
3169 // No children.
3174 // No children.
3179 // Find all block instances for the course.
3187 }
3188 }
3192 }
3193 }
3194 }
3195 // Find all module instances for the course.
3200 }
3201 }
3202 }
3203 // Find all group instances for the course.
3208 }
3209 }
3210 }
3215 // We need to get the contexts for:
3216 // 1) The subcategories of the given category
3217 // 2) The courses in the given category and all its subcategories
3218 // 3) All the child contexts for these courses
3222 // Add the contexts for all the subcategories.
3226 }
3227 }
3229 // Add the parent category as well so we can find the contexts
3230 // for its courses.
3234 // Find all courses for the category.
3240 }
3241 }
3242 }
3243 }
3248 // No children.
3253 // No children.
3258 // Just get all the contexts except for CONTEXT_SYSTEM level.
3266 }
3273 }
3274 }
3277 /**
3278 * Gets a string for sql calls, searching for stuff in this context or above
3279 * @param object $context
3280 * @return string
3281 */
3287 }
3288 }
3291 /**
3292 * This function gets the capability of a role in a given context.
3293 * It is needed when printing override forms.
3294 * @param int $contextid
3295 * @param string $capability
3296 * @param array $capabilities - array loaded using role_context_capabilities
3297 * @return int (allow, prevent, prohibit, inherit)
3298 */
3302 }
3305 }
3306 }
3309 /**
3310 * Returns the human-readable, translated version of the capability.
3311 * Basically a big switch statement.
3312 * @param $capabilityname - e.g. mod/choice:readresponses
3313 */
3316 // Typical capabilityname is mod/choice:readresponses
3348 }
3350 }
3353 /**
3354 * This gets the mod/block/course/core etc strings.
3355 * @param $component
3356 * @param $contextlevel
3357 */
3371 }
3393 }
3409 }
3413 error ('This is an unknown context $contextlevel (' . $contextlevel . ') in get_component_string!');
3416 }
3418 }
3420 /**
3421 * Gets the list of roles assigned to this context and up (parents)
3422 * @param object $context
3423 * @param view - set to true when roles are pulled for display only
3424 * this is so that we can filter roles with no visible
3425 * assignment, for example, you might want to "hide" all
3426 * course creators when browsing the course participants
3427 * list.
3428 * @return array
3429 */
3434 // filter for roles with all hidden assignments
3435 // no need to return when only pulling roles for reviewing
3436 // e.g. participants page.
3437 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':'';
3441 r.name,
3442 r.shortname,
3443 r.sortorder
3446 WHERE r.id = ra.roleid
3448 $hiddensql
3452 }
3454 /** this function is used to print roles column in user profile page.
3455 * @param int userid
3456 * @param int contextid
3457 * @return string
3458 */
3463 $SQL = 'select * from '.$CFG->prefix.'role_assignments ra, '.$CFG->prefix.'role r where ra.userid='.$userid.' and ra.contextid='.$contextid.' and ra.roleid = r.id';
3466 $rolestring .= '<a href="'.$CFG->wwwroot.'/user/index.php?contextid='.$userrole->contextid.'&roleid='.$userrole->roleid.'">'.$userrole->name.'</a>, ';
3467 }
3469 }
3471 }
3474 /**
3475 * Checks if a user can override capabilities of a particular role in this context
3476 * @param object $context
3477 * @param int targetroleid - the id of the role you want to override
3478 * @return boolean
3479 */
3481 // first check if user has override capability
3482 // if not return false;
3485 }
3486 // pull out all active roles of this user from this context(or above)
3489 // if any in the role_allow_override table, then it's ok
3490 if (get_record('role_allow_override', 'roleid', $userrole->roleid, 'allowoverride', $targetroleid)) {
3492 }
3493 }
3494 }
3498 }
3500 /**
3501 * Checks if a user can assign users to a particular role in this context
3502 * @param object $context
3503 * @param int targetroleid - the id of the role you want to assign users to
3504 * @return boolean
3505 */
3508 // first check if user has override capability
3509 // if not return false;
3512 }
3513 // pull out all active roles of this user from this context(or above)
3516 // if any in the role_allow_override table, then it's ok
3517 if (get_record('role_allow_assign', 'roleid', $userrole->roleid, 'allowassign', $targetroleid)) {
3519 }
3520 }
3521 }
3524 }
3526 /** Returns all site roles in correct sort order.
3527 *
3528 */
3531 }
3533 /**
3534 * gets all the user roles assigned in this context, or higher contexts
3535 * this is mainly used when checking if a user can assign a role, or overriding a role
3536 * i.e. we need to know what this user holds, in order to verify against allow_assign and
3537 * allow_override tables
3538 * @param object $context
3539 * @param int $userid
3540 * @param view - set to true when roles are pulled for display only
3541 * this is so that we can filter roles with no visible
3542 * assignment, for example, you might want to "hide" all
3543 * course creators when browsing the course participants
3544 * list.
3545 * @return array
3546 */
3547 function get_user_roles($context, $userid=0, $checkparentcontexts=true, $order='c.contextlevel DESC, r.sortorder ASC', $view=false) {
3554 }
3556 }
3557 // set up hidden sql
3558 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':'';
3564 }
3571 ' AND ra.roleid = r.id
3572 AND ra.contextid = c.id
3575 }
3577 /**
3578 * Creates a record in the allow_override table
3579 * @param int sroleid - source roleid
3580 * @param int troleid - target roleid
3581 * @return int - id or false
3582 */
3588 }
3590 /**
3591 * Creates a record in the allow_assign table
3592 * @param int sroleid - source roleid
3593 * @param int troleid - target roleid
3594 * @return int - id or false
3595 */
3601 }
3603 /**
3604 * Gets a list of roles that this user can assign in this context
3605 * @param object $context
3606 * @return array
3607 */
3616 }
3617 }
3618 }
3620 }
3622 /**
3623 * Gets a list of roles that this user can override in this context
3624 * @param object $context
3625 * @return array
3626 */
3635 }
3636 }
3637 }
3640 }
3642 /**
3643 * Returns a role object that is the default role for new enrolments
3644 * in a given course
3645 *
3646 * @param object $course
3647 * @return object $role
3648 */
3652 /// First let's take the default role the course may have
3656 }
3657 }
3659 /// Otherwise the site setting should tell us
3663 }
3664 }
3666 /// It's unlikely we'll get here, but just in case, try and find a student role
3669 }
3672 }
3675 /**
3676 * who has this capability in this context
3677 * does not handling user level resolving!!!
3678 * (!)pleaes note if $fields is empty this function attempts to get u.*
3679 * which can get rather large.
3680 * i.e 1 person has 2 roles 1 allow, 1 prevent, this will not work properly
3681 * @param $context - object
3682 * @param $capability - string capability
3683 * @param $fields - fields to be pulled
3684 * @param $sort - the sort order
3685 * @param $limitfrom - number of records to skip (offset)
3686 * @param $limitnum - number of records to fetch
3687 * @param $groups - single group or array of groups - only return
3688 * users who are in one of these group(s).
3689 * @param $exceptions - list of users to exclude
3690 * @param view - set to true when roles are pulled for display only
3691 * this is so that we can filter roles with no visible
3692 * assignment, for example, you might want to "hide" all
3693 * course creators when browsing the course participants
3694 * list.
3695 * @param boolean $useviewallgroups if $groups is set the return users who
3696 * have capability both $capability and moodle/site:accessallgroups
3697 * in this context, as well as users who have $capability and who are
3698 * in $groups.
3699 */
3705 /// Sorting out groups
3711 }
3722 }
3725 }
3727 /// Sorting out exceptions
3730 /// Set up default fields
3733 }
3735 /// Set up default sort
3738 }
3741 /// Set up hidden sql
3742 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':'';
3744 /// If context is a course, then construct sql for ul
3750 }
3752 /// Sorting out roles with this capability set
3757 }
3758 $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
3759 }
3766 }
3767 }
3768 if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list
3771 }
3772 }
3773 }
3776 }
3780 }
3782 /// Construct the main SQL
3789 AND u.deleted = 0
3791 $exceptionsql
3792 $groupsql
3796 }
3798 /**
3799 * gets all the users assigned this role in this context or higher
3800 * @param int roleid
3801 * @param int contextid
3802 * @param bool parent if true, get list of users assigned in higher context too
3803 * @return array()
3804 */
3805 function get_role_users($roleid, $context, $parent=false, $fields='', $sort='u.lastname ASC', $view=false, $limitfrom='', $limitnum='', $group='') {
3813 }
3815 // whether this assignment is hidden
3816 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND r.hidden = 0 ':'';
3822 }
3825 }
3831 }
3839 }
3843 $groupsql
3846 $groupwheresql
3848 $hiddensql
3853 }
3855 /**
3856 * Counts all the users assigned this role in this context or higher
3857 * @param int roleid
3858 * @param int contextid
3859 * @param bool parent if true, get list of users assigned in higher context too
3860 * @return array()
3861 */
3870 }
3873 }
3881 }
3883 /**
3884 * This function gets the list of courses that this user has a particular capability in.
3885 * It is still not very efficient.
3886 * @param string $capability Capability in question
3887 * @param int $userid User ID or null for current user
3888 * @param bool $doanything True if 'doanything' is permitted (default)
3889 * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records;
3890 * otherwise use a comma-separated list of the fields you require, not including id
3891 * @param string $orderby If set, use a comma-separated list of fields from course
3892 * table with sql modifiers (DESC) if needed
3893 * @return array Array of courses, may have zero entries. Or false if query failed.
3894 */
3895 function get_user_capability_course($capability, $userid=NULL,$doanything=true,$fieldsexceptid='',$orderby='') {
3896 // Convert fields list and ordering
3902 }
3903 }
3910 }
3912 }
3914 }
3916 // Obtain a list of everything relevant about all courses including context.
3917 // Note the result can be used directly as a context (we are going to), the course
3918 // fields are just appended.
3921 SELECT
3923 FROM
3926 $orderby
3930 }
3932 // Check capability for each course in turn
3936 // We've got the capability. Make the record look like a course record
3937 // and store it
3943 }
3944 }
3946 }
3948 /** This function finds the roles assigned directly to this context only
3949 * i.e. no parents role
3950 * @param object $context
3951 * @return array
3952 */
3960 WHERE ra.roleid = r.id
3963 }
3965 /**
3966 * Switches the current user to another role for the current session and only
3967 * in the given context. If roleid is not valid (eg 0) or the current user
3968 * doesn't have permissions to be switching roles then the user's session
3969 * is compltely reset to have their normal roles.
3970 * @param integer $roleid
3971 * @param object $context
3972 * @return bool
3973 */
3977 /// If we can't use this or are already using it or no role was specified then bail completely and reset
3984 }
3986 /// We're allowed to switch but can we switch to the specified role? Use assignable roles to check.
3989 }
3991 /// unset default user role - it would not work anyway
3996 }
3998 /// We have a valid roleid that this user can switch to, so let's set up the session
4004 /// Add some permissions we are really going to always need, even if the role doesn't have them!
4010 }
4013 // get any role that has an override on exact context
4021 WHERE rc.roleid = r.id
4023 }
4025 // get all capabilities for this role on this context (overrids)
4034 }
4036 // find out which roles has assignment on this context
4044 WHERE ra.roleid = r.id
4046 }
4050 /**
4051 * Find all user assignemnt of users for this role, on this context
4052 */
4061 }
4063 /**
4064 * Simple function returning a boolean true if roles exist, otherwise false
4065 */
4069 return record_exists('role_assignments', 'userid', $userid, 'roleid', $roleid, 'contextid', $contextid);
4072 }
4073 }
4075 /**
4076 * Inserts all parental context and self into context_rel table
4077 *
4078 * @param object $context-context to be deleted
4079 * @param bool deletechild - deltes child contexts dependencies
4080 */
4083 // first check validity
4084 // MDL-9057
4089 }
4091 // removes all parents
4094 }
4098 }
4099 // insert all parents
4107 }
4108 }
4109 }
4111 /**
4112 * rebuild context_rel table without deleting
4113 */
4119 // MDL-10679, only identify contexts with overrides in them
4123 // total number of records
4124 // subtract one because the site context should not be calculated, will not be processed
4127 // processed records
4132 //if ($contexts = get_records('context')) {
4134 // no need to delete because it's all empty
4139 }
4142 }
4145 // gets the custom name of the role in course
4146 // TODO: proper documentation
4153 }
4154 }
4156 /*
4157 * @param int object - context object (node), from which we find all it's children
4158 * and rebuild all associated context_rel info
4159 * this is needed when a course or course category is moved
4160 * as the children's relationship to grandparents needs to be fixed
4161 * @return int number of contexts rebuilt
4162 */
4169 }
4171 // find all children used in context_rel
4175 }
4176 }
4179 // rebuild all the contexts of this list
4183 }
4186 }
4188 /**
4189 * This function helps admin/roles/manage.php etc to detect if a new line should be printed
4190 * when we read in a new capability
4191 * most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client)
4192 * but when we are in grade, all reports/import/export capabilites should be together
4193 * @param string a - component string a
4194 * @param string b - component string b
4195 * @return bool - whether 2 component are in different "sections"
4196 */
4201 }
4209 // we are in gradebook, still
4210 if (($compsa[0] == 'gradeexport' || $compsa[0] == 'gradeimport' || $compsa[0] == 'gradereport') &&
4213 }
4214 }
4218 }
4220 ?>