| blob | b5ebc8e38fae395252e0ab081f2460d425c23102 |
3 ///////////////////////////////////////////////////////////////////////////
4 // //
5 // NOTICE OF COPYRIGHT //
6 // //
7 // Moodle - Modular Object-Oriented Dynamic Learning Environment //
8 // http://moodle.org //
9 // //
10 // Copyright (C) 1999-2004 Martin Dougiamas http://dougiamas.com //
11 // //
12 // This program is free software; you can redistribute it and/or modify //
13 // it under the terms of the GNU General Public License as published by //
14 // the Free Software Foundation; either version 2 of the License, or //
15 // (at your option) any later version. //
16 // //
17 // This program is distributed in the hope that it will be useful, //
18 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
19 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
20 // GNU General Public License for more details: //
21 // //
22 // http://www.gnu.org/copyleft/gpl.html //
23 // //
24 ///////////////////////////////////////////////////////////////////////////
26 /**
27 * Capability session information format
28 * 2 x 2 array
29 * [context][capability]
30 * where context is the context id of the table 'context'
31 * and capability is a string defining the capability
32 * e.g.
33 *
34 * [Capabilities] => [26][mod/forum:viewpost] = 1
35 * [26][mod/forum:startdiscussion] = -8990
36 * [26][mod/forum:editallpost] = -1
37 * [273][moodle:blahblah] = 1
38 * [273][moodle:blahblahblah] = 2
39 */
43 // permission definitions
49 // context definitions
59 // capability risks - see http://docs.moodle.org/en/Hardening_new_Roles_system
68 $context_cache = array(); // Cache of all used context objects for performance (by level and instance)
73 //this is really slow!!!! - do not use above course context level!
77 // first emulate the parent context capabilities merging into context
81 if ($capabilities = get_records_select('role_capabilities', "roleid = $roleid AND contextid = $cid")) {
85 }
87 }
88 }
89 }
91 // now go through the contexts bellow given context
94 if ($capabilities = get_records_select('role_capabilities', "roleid = $roleid AND contextid = $cid")) {
98 }
100 }
101 }
102 }
105 }
113 }
115 }
116 }
118 }
123 }
127 }
132 }
136 }
138 }
139 }
141 }
143 /**
144 * Loads the capabilities for the default guest role to the current user in a
145 * specific context.
146 * @return object
147 */
156 }
157 }
165 }
166 }
168 /**
169 * Load default not logged in role capabilities when user is not logged in
170 * @return bool
171 */
177 }
184 }
185 }
193 }
194 }
196 /**
197 * Load default logged in role capabilities for all logged in users
198 * @return bool
199 */
205 }
212 }
213 }
217 // fix the guest user heritage:
218 // If the default role is a guest role, then don't copy legacy:guest,
219 // otherwise this user could get confused with a REAL guest. Also don't copy
220 // course:view, which is a hack that's necessary because guest roles are
221 // not really handled properly (see MDL-7513)
225 }
233 }
234 }
237 /**
238 * Get the default guest role
239 * @return object role
240 */
252 }
257 //somebody is messing with guest roles, remove incorrect setting and try to find a new one
260 }
261 }
262 }
265 /**
266 * This functions get all the course categories in proper order
267 * (!)note this only gets course category contexts, and not the site
268 * context
269 * @param object $context
270 * @return array of contextids
271 */
276 // a category can be the parent of another category
277 // there is no limit of depth in this case
282 }
285 }
288 //error?
290 }
296 }
299 }
303 // a course always fall into a category, unless it's a site course
304 // this happens when SITEID == $course->id
305 // in this case the parent of the course is site context
310 }
313 }
317 }
320 return $courseparents[$context->instanceid] = array(); // frontpage course does not have parent cats
321 }
325 //error?
327 }
330 // this should not happen
332 }
337 }
339 return $courseparents[$context->instanceid] = array_merge(get_parent_cats($catcontext), array($catcontext->id)); //recursion :-)
343 // something is very wrong!
346 }
347 }
351 /**
352 * This function checks for a capability assertion being true. If it isn't
353 * then the page is terminated neatly with a standard error message
354 * @param string $capability - name of the capability
355 * @param object $context - a context object (record from context table)
356 * @param integer $userid - a userid number
357 * @param bool $doanything - if false, ignore do anything
358 * @param string $errorstring - an errorstring
359 * @param string $stringfile - which stringfile to get it from
360 */
366 /// If the current user is not logged in, then make sure they are (if needed)
375 }
380 }
384 }
388 }
389 }
391 /// OK, if they still don't have the capability then print a nice error message
396 }
397 }
399 /**
400 * Cheks if current user has allowed permission for any of submitted capabilities
401 * in given or child contexts.
402 * @param object $context - a context object (record from context table)
403 * @param array $capabilitynames array of strings, capability names
404 * @return boolean
405 */
412 }
413 }
418 if (isset($USER->capabilities[$child][$capname]) and $USER->capabilities[$child][$capname] > 0) {
419 // extra check for inherited prevent and prohibit
422 }
423 }
424 }
425 }
426 }
429 }
431 /**
432 * This function returns whether the current user has the capability of performing a function
433 * For example, we can do has_capability('mod/forum:replypost',$context) in forum
434 * This is a recursive function.
435 * @uses $USER
436 * @param string $capability - name of the capability (or debugcache or clearcache)
437 * @param object $context - a context object (record from context table)
438 * @param integer $userid - a userid number
439 * @param bool $doanything - if false, ignore do anything
440 * @return bool
441 */
449 /// Cache management
454 }
456 /// Some sanity checks
461 }
464 }
466 debugging('Capability parameter "doanything" is wierd ("'.$doanything.'"). This should be fixed in code.');
467 }
469 debugging('Incorrect context parameter "'.$context.'" for has_capability(), object expected! This should be fixed in code.');
470 }
471 }
473 /// Make sure we know the current context
479 }
483 }
484 }
486 /// Check and return cache in case we've processed this one before.
487 $requsteduser = empty($userid) ? $USER->id : $userid; // find out the requested user id, $USER->id might have been changed
492 }
495 /// Load up the capabilities list or item as necessary
499 //caching - helps user switching in cron
506 }
511 }
515 // This big SQL is expensive! We reduce it a little by avoiding checking for changed enrolments (false)
519 }
521 }
525 }
530 }
533 }
535 /// We act a little differently when switchroles is active
540 /// First deal with the "doanything" capability
544 /// First make sure that we aren't in a "switched role"
555 }
556 }
557 }
558 }
559 }
561 /// Check the site context for doanything (most common) first
569 }
570 }
571 /// If it's not set at site level, it is possible to be set on other levels
572 /// Though this usage is not common and can cause risks
576 // Check parent cats.
583 }
584 }
588 // Check parent cat.
596 }
597 }
601 // Find course.
611 }
612 }
619 }
624 // Find course.
634 }
635 }
636 }
642 }
647 // not necessarily 1 to 1 to course.
658 }
659 }
665 }
666 }
667 // blocks that do not have course as parent do not need to do any more checks - already done above
672 // CONTEXT_SYSTEM: CONTEXT_PERSONAL: CONTEXT_USER:
673 // Do nothing, because the parents are site context
674 // which has been checked already
676 }
678 // Last: check self.
683 }
684 }
685 // do_anything has not been set, we now look for it the normal way.
690 }
693 /**
694 * In a separate function so that we won't have to deal with do_anything.
695 * again. Used by function has_capability().
696 * @param $capability - capability string
697 * @param $context - the context object
698 * @param $capabilities - either $USER->capability or loaded array (for other users)
699 * @return permission (int)
700 */
707 }
708 // if already set in the array explicitly, no need to look for it in parent
709 // context any longer
712 }
714 /* Then, we check the cache recursively */
735 // if switchrole active, do not check permissions above the course context, blocks are an exception
737 }
738 // break is not here intentionally - because the code is the same for category and course
742 // non recursive - should be faster
747 }
748 }
749 // finally check system context
772 }
773 // ignore the $switchroleactive beause we want the real block view capability defined in system context
780 }
783 }
785 /**
786 * auxillary function for load_user_capabilities()
787 * checks if context c1 is a parent (or itself) of context c2
788 * @param int $c1 - context id of context 1
789 * @param int $c2 - context id of context 2
790 * @return bool
791 */
795 // context can be itself and this is ok
798 }
799 // hit in cache?
802 }
806 }
810 }
814 }
821 }
822 }
825 /**
826 * auxillary function for load_user_capabilities()
827 * handler in usort() to sort contexts according to level
828 * @param object contexta
829 * @param object contextb
830 * @return int
831 */
835 }
837 }
839 /**
840 * It will build an array of all the capabilities at each level
841 * i.e. site/metacourse/course_category/course/moduleinstance
842 * Note we should only load capabilities if they are explicitly assigned already,
843 * we should not load all module's capability!
844 *
845 * [Capabilities] => [26][forum_post] = 1
846 * [26][forum_start] = -8990
847 * [26][forum_edit] = -1
848 * [273][blah blah] = 1
849 * [273][blah blah blah] = 2
850 *
851 * @param $capability string - Only get a specific capability (string)
852 * @param $context object - Only get capabilities for a specific context object
853 * @param $userid integer - the id of the user whose capabilities we want to load
854 * @param $checkenrolments boolean - Should we check enrolment plugins (potentially expensive)
855 * @return array of permissions (or nothing if they get assigned to $USER)
856 */
857 function load_user_capability($capability='', $context=NULL, $userid=NULL, $checkenrolments=true) {
861 // this flag has not been set!
862 // (not clean install, or upgraded successfully to 1.7 and up)
865 }
871 }
876 }
884 }
888 }
891 }
894 /// First we generate a list of all relevant contexts of the user
906 }
907 }
908 }
909 }
911 /// Set up SQL fragments for searching contexts
918 }
921 // the doanything may override the requested capability
922 $capsearch = " AND (rc.capability = '$capability' OR rc.capability = 'moodle/site:doanything') ";
925 }
927 /// Then we use 1 giant SQL to bring out all relevant capabilities.
928 /// The first part gets the capabilities of orginal role.
929 /// The second part gets the capabilities of overriden roles.
934 // SQL for normal capabilities
935 $SQL1 = "SELECT rc.capability, c1.id as id1, c1.id as id2, (c1.contextlevel * 100) AS aggrlevel,
936 SUM(rc.permission) AS sum
937 FROM
941 WHERE
942 ra.contextid=c1.id AND
943 ra.roleid=rc.roleid AND
945 $searchcontexts1
947 $capsearch
948 GROUP BY
949 rc.capability, c1.id, c1.contextlevel * 100
950 HAVING
951 SUM(rc.permission) != 0
953 UNION ALL
955 SELECT rc.capability, c1.id as id1, c2.id as id2, (c1.contextlevel * 100 + c2.contextlevel) AS aggrlevel,
956 SUM(rc.permission) AS sum
957 FROM
963 WHERE
965 $searchcontexts1
967 $capsearch
968 GROUP BY
969 rc.capability, c1.id, c2.id, c1.contextlevel * 100 + c2.contextlevel
970 HAVING
971 SUM(rc.permission) != 0
972 ORDER BY
977 }
989 }
990 }
992 }
994 }
996 // SQL for overrides
997 // this is take out because we have no way of making sure c1 is indeed related to c2 (parent)
998 // if we do not group by sum, it is possible to have multiple records of rc.capability, c1.id, c2.id, tuple having
999 // different values, we can maually sum it when we go through the list
1001 /*
1003 $SQL2 = "SELECT rc.capability, c1.id as id1, c2.id as id2, (c1.contextlevel * 100 + c2.contextlevel) AS aggrlevel,
1004 rc.permission AS sum
1005 FROM
1006 {$CFG->prefix}role_assignments ra,
1007 {$CFG->prefix}role_capabilities rc,
1008 {$CFG->prefix}context c1,
1009 {$CFG->prefix}context c2
1010 WHERE
1011 ra.contextid=c1.id AND
1012 ra.roleid=rc.roleid AND
1013 ra.userid=$userid AND
1014 rc.contextid=c2.id AND
1015 $searchcontexts1
1016 rc.contextid != $siteinstance->id
1017 $capsearch
1019 GROUP BY
1020 rc.capability, (c1.contextlevel * 100 + c2.contextlevel), c1.id, c2.id, rc.permission
1021 ORDER BY
1022 aggrlevel ASC
1023 ";*/
1025 /*
1026 if (!$rs = get_recordset_sql($SQL2)) {
1027 error("Query failed in load_user_capability.");
1028 }
1030 if ($rs && $rs->RecordCount() > 0) {
1031 while ($caprec = rs_fetch_next_record($rs)) {
1032 $array = (array)$caprec;
1033 $temprecord = new object;
1035 foreach ($array as $key=>$val) {
1036 if ($key == 'aggrlevel') {
1037 $temprecord->contextlevel = $val;
1038 } else {
1039 $temprecord->{$key} = $val;
1040 }
1041 }
1042 // for overrides, we have to make sure that context2 is a child of context1
1043 // otherwise the combination makes no sense
1044 //if (is_parent_context($temprecord->id1, $temprecord->id2)) {
1045 $capabilities[] = $temprecord;
1046 //} // only write if relevant
1047 }
1048 rs_close($rs);
1049 }
1051 // this step sorts capabilities according to the contextlevel
1052 // it is very important because the order matters when we
1053 // go through each capabilities later. (i.e. higher level contextlevel
1054 // will override lower contextlevel settings
1055 usort($capabilities, 'roles_context_cmp');
1056 */
1057 /* so up to this point we should have somethign like this
1058 * $capabilities[1] ->contextlevel = 1000
1059 ->module = 0 // changed from SITEID in 1.8 (??)
1060 ->capability = do_anything
1061 ->id = 1 (id is the context id)
1062 ->sum = 0
1064 * $capabilities[2] ->contextlevel = 1000
1065 ->module = 0 // changed from SITEID in 1.8 (??)
1066 ->capability = post_messages
1067 ->id = 1
1068 ->sum = -9000
1070 * $capabilittes[3] ->contextlevel = 3000
1071 ->module = course
1072 ->capability = view_course_activities
1073 ->id = 25
1074 ->sum = 1
1076 * $capabilittes[4] ->contextlevel = 3000
1077 ->module = course
1078 ->capability = view_course_activities
1079 ->id = 26
1080 ->sum = 0 (this is another course)
1082 * $capabilities[5] ->contextlevel = 3050
1083 ->module = course
1084 ->capability = view_course_activities
1085 ->id = 25 (override in course 25)
1086 ->sum = -1
1087 * ....
1088 * now we proceed to write the session array, going from top to bottom
1089 * at anypoint, we need to go up and check parent to look for prohibit
1090 */
1091 // print_object($capabilities);
1093 /* This is where we write to the actualy capabilities array
1094 * what we need to do from here on is
1095 * going down the array from lowest level to highest level
1096 * 1) recursively check for prohibit,
1097 * if any, we write prohibit
1098 * else, we write the value
1099 * 2) at an override level, we overwrite current level
1100 * if it's not set to prohibit already, and if different
1101 * ........ that should be it ........
1102 */
1104 // This is the flag used for detecting the current context level. Since we are going through
1105 // the array in ascending order of context level. For normal capabilities, there should only
1106 // be 1 value per (capability, contextlevel, context), because they are already summed. But,
1107 // for overrides, since we are processing them separate, we need to sum the relevcant entries.
1108 // We set this flag when we hit a new level.
1109 // If the flag is already set, we keep adding (summing), otherwise, we just override previous
1110 // settings (from lower level contexts)
1117 }
1119 if (!empty($otheruserid)) { // we are pulling out other user's capabilities, do not write to session
1124 }
1125 if (isset($usercap[$capability->id2][$capability->capability])) { // use isset because it can be sum 0
1131 }
1135 }
1139 if (capability_prohibits($capability->capability, $context, $capability->sum)) { // if any parent or parent's parent is set to prohibit
1142 }
1144 // if no parental prohibit set
1145 // just write to session, i am not sure this is correct yet
1146 // since 3050 shows up after 3000, and 3070 shows up after 3050,
1147 // it should be ok just to overwrite like this, provided that there's no
1148 // parental prohibits
1149 // we need to write even if it's 0, because it could be an inherit override
1156 }
1160 }
1161 }
1162 }
1164 // now we don't care about the huge array anymore, we can dispose it.
1170 }
1171 }
1174 /**
1175 * A convenience function to completely load all the capabilities
1176 * for the current user. This is what gets called from login, for example.
1177 */
1181 //caching - helps user switching in cron
1192 }
1196 // when in "course login as" - load only course caqpabilitites (it may not always work as expected)
1203 }
1204 }
1205 }
1207 // handle role switching in courses
1212 // first prune context and any child contexts
1216 }
1219 // now merge all switched role caps in context and bellow
1222 }
1223 }
1229 }
1233 }
1234 }
1237 /**
1238 * Check all the login enrolment information for the given user object
1239 * by querying the enrolment plugins
1240 */
1248 }
1256 }
1260 if (method_exists($enrol, 'setup_enrolments')) { /// Plugin supports Roles (Moodle 1.7 and later)
1265 }
1268 }
1270 /// deal with $user->students and $user->teachers stuff
1273 }
1275 }
1278 }
1281 /**
1282 * This is a recursive function that checks whether the capability in this
1283 * context, or the parent capabilities are set to prohibit.
1284 *
1285 * At this point, we can probably just use the values already set in the
1286 * session variable, since we are going down the level. Any prohit set in
1287 * parents would already reflect in the session.
1288 *
1289 * @param $capability - capability name
1290 * @param $sum - sum of all capabilities values
1291 * @param $context - the context object
1292 * @param $array - when loading another user caps, their caps are not stored in session but an array
1293 */
1297 // caching, mainly to save unnecessary sqls
1301 }
1306 }
1311 }
1314 // If this capability is set to prohibit.
1317 }
1324 }
1326 // Else if set in session.
1331 }
1332 }
1336 // By now it's a definite an inherit.
1355 // no workaround for recursion now - it needs some more work and maybe fixing
1358 // system context - this is either top category or frontpage course
1361 // parent context - recursion
1364 }
1370 // 1 to 1 to course.
1374 }
1381 // 1 to 1 to course.
1385 }
1392 // not necessarily 1 to 1 to course.
1396 }
1401 }
1409 }
1410 }
1413 /**
1414 * A print form function. This should either grab all the capabilities from
1415 * files or a central table for that particular module instance, then present
1416 * them in check boxes. Only relevant capabilities should print for known
1417 * context.
1418 * @param $mod - module id of the mod
1419 */
1426 // We are in a module specific context.
1428 // Get the mod's name.
1429 // Call the function that grabs the file and parse.
1434 // Print all capabilities.
1436 // Prints the check box component.
1437 }
1438 }
1439 }
1442 /**
1443 * Installs the roles system.
1444 * This function runs on a fresh install as well as on an upgrade from the old
1445 * hard-coded student/teacher/admin etc. roles to the new roles system.
1446 */
1451 /// Create a system wide context for assignemnt.
1455 /// Create default/legacy roles and capabilities.
1456 /// (1 legacy capability per legacy role at system level).
1462 $editteacherrole = create_role(addslashes(get_string('defaultcourseteacher')), 'editingteacher',
1473 /// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles
1477 }
1480 }
1482 /// Look inside user_admin, user_creator, user_teachers, user_students and
1483 /// assign above new roles. If a user has both teacher and student role,
1484 /// only teacher role is assigned. The assignment should be system level.
1488 /// Set up the progress bar
1496 }
1497 }
1501 /// Upgrade the admins.
1502 /// Sort using id ASC, first one is primary admin.
1510 }
1512 }
1514 // This is a fresh install.
1515 }
1518 /// Upgrade course creators.
1525 }
1527 }
1528 }
1531 /// Upgrade editting teachers and non-editting teachers.
1536 // removed code here to ignore site level assignments
1537 // since the contexts are separated now
1539 // populate the user_lastaccess table
1546 // assign the default student role
1548 // hidden teacher
1553 }
1558 role_assign($noneditteacherrole, $teacher->userid, 0, $coursecontext->id, 0, 0, $hiddenteacher);
1559 }
1562 }
1564 }
1565 }
1568 /// Upgrade students.
1573 // populate the user_lastaccess table
1580 // assign the default student role
1585 }
1587 }
1588 }
1591 /// Upgrade guest (only 1 entry).
1594 }
1598 /// Insert the correct records for legacy roles
1615 /// Set up default permissions for overrides
1625 /// Delete the old user tables when we are done
1632 }
1634 /**
1635 * Returns array of all legacy roles.
1636 */
1646 );
1647 }
1657 //choose first selected legacy capability - reset the rest
1662 }
1663 }
1664 }
1667 }
1669 /**
1670 * Assign the defaults found in this capabality definition to roles that have
1671 * the corresponding legacy capabilities assigned to them.
1672 * @param $legacyperms - an array in the format (example):
1673 * 'guest' => CAP_PREVENT,
1674 * 'student' => CAP_ALLOW,
1675 * 'teacher' => CAP_ALLOW,
1676 * 'editingteacher' => CAP_ALLOW,
1677 * 'coursecreator' => CAP_ALLOW,
1678 * 'admin' => CAP_ALLOW
1679 * @return boolean - success or failure.
1680 */
1691 }
1695 // Assign a site level capability.
1698 }
1699 }
1700 }
1701 }
1703 }
1706 /**
1707 * Checks to see if a capability is a legacy capability.
1708 * @param $capabilityname
1709 * @return boolean
1710 */
1716 }
1717 }
1721 /**********************************
1722 * Context Manipulation functions *
1723 **********************************/
1725 /**
1726 * Create a new context record for use by all roles-related stuff
1727 * @param $level
1728 * @param $instanceid
1729 *
1730 * @return object newly created context (or existing one with a debug warning)
1731 */
1735 debugging('Error: Invalid context creation request for level "'.s($contextlevel).'", instance "'.s($instanceid).'".');
1737 }
1741 }
1749 debugging('Error: could not insert new context level "'.s($contextlevel).'", instance "'.s($instanceid).'".');
1751 }
1753 debugging('Warning: Context id "'.s($context->id).'" not created, because it already exists.');
1755 }
1756 }
1758 /**
1759 * This hacky function is needed because we can not change system context instanceid using normal upgrade routine.
1760 */
1763 // we are going to change instanceid of system context to 0 now
1766 //context rel not affected
1774 // we need not to populate context_rel for system context
1779 }
1780 }
1781 }
1782 /**
1783 * Create a new context record for use by all roles-related stuff
1784 * @param $level
1785 * @param $instanceid
1786 *
1787 * @return true if properly deleted
1788 */
1796 }
1798 }
1800 /**
1801 * Validate that object with instanceid really exists in given context level.
1802 *
1803 * return if instanceid object exists
1804 */
1820 }
1837 }
1838 }
1840 /**
1841 * Get the context instance as an object. This function will create the
1842 * context instance if it does not exist yet.
1843 * @param integer $level The context level, for example CONTEXT_COURSE, or CONTEXT_MODULE.
1844 * @param integer $instance The instance id. For $level = CONTEXT_COURSE, this would be $course->id,
1845 * for $level = CONTEXT_MODULE, this would be $cm->id. And so on.
1846 * @return object The context object.
1847 */
1851 static $allowed_contexts = array(CONTEXT_SYSTEM, CONTEXT_PERSONAL, CONTEXT_USER, CONTEXT_COURSECAT, CONTEXT_COURSE, CONTEXT_GROUP, CONTEXT_MODULE, CONTEXT_BLOCK);
1853 // Yu: Separating site and site course context - removed CONTEXT_COURSE override when SITEID
1855 // fix for MDL-9016
1857 // Clear ALL cache
1862 }
1864 /// If no level is supplied then return the current global context if there is one
1867 //fatal error, code must be fixed
1871 }
1872 }
1874 /// Backwards compatibility with obsoleted (CONTEXT_SYSTEM, SITEID)
1877 }
1879 /// check allowed context levels
1881 // fatal error, code must be fixed - probably typo or switched parameters
1882 error('Error: get_context_instance() called with incorrect context level "'.s($contextlevel).'"');
1883 }
1885 /// Check the cache
1888 }
1890 /// Get it from the database, or create it
1891 if (!$context = get_record('context', 'contextlevel', $contextlevel, 'instanceid', $instance)) {
1894 }
1896 /// Only add to cache if context isn't empty.
1900 }
1903 }
1906 /**
1907 * Get a context instance as an object, from a given context id.
1908 * @param $id a context id.
1909 * @return object The context object.
1910 */
1917 }
1923 }
1926 }
1929 /**
1930 * Get the local override (if any) for a given capability in a role in a context
1931 * @param $roleid
1932 * @param $contextid
1933 * @param $capability
1934 */
1936 return get_record('role_capabilities', 'roleid', $roleid, 'capability', $capability, 'contextid', $contextid);
1937 }
1941 /************************************
1942 * DB TABLE RELATED FUNCTIONS *
1943 ************************************/
1945 /**
1946 * function that creates a role
1947 * @param name - role name
1948 * @param shortname - role short name
1949 * @param description - role description
1950 * @param legacy - optional legacy capability
1951 * @return id or false
1952 */
1955 // check for duplicate role name
1959 }
1963 }
1970 //find free sortorder number
1974 }
1978 }
1983 }
1985 /// By default, users with role:manage at site level
1986 /// should be able to assign users to this new role, and override this new role's capabilities
1988 // find all admin roles
1990 // foreach admin role
1992 // write allow_assign and allow_overrid
1995 }
1996 }
2001 }
2003 }
2005 /**
2006 * function that deletes a role and cleanups up after it
2007 * @param roleid - id of role to delete
2008 * @return success
2009 */
2014 // mdl 10149, check if this is the last active admin role
2015 // if we make the admin role not deletable then this part can go
2020 if (record_exists('role_capabilities', 'contextid', $systemcontext->id, 'roleid', $roleid, 'capability', 'moodle/site:doanything')) {
2021 // deleting an admin role
2023 if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext)) {
2026 // some other admin role
2027 if (record_exists('role_assignments', 'roleid', $adminrole->id, 'contextid', $systemcontext->id)) {
2028 // found another admin role with at least 1 user assigned
2031 }
2032 }
2033 }
2034 }
2036 error ('You can not delete this role because there is no other admin roles with users assigned');
2037 }
2038 }
2039 }
2041 // first unssign all users
2045 }
2047 // cleanup all references to this role, ignore errors
2050 // MDL-10679 find all contexts where this role has an override
2057 // MDL-10679, delete from context_rel if this role holds the last override in these contexts
2062 }
2063 }
2064 }
2071 }
2073 // finally delete the role itself
2077 }
2080 }
2082 /**
2083 * Function to write context specific overrides, or default capabilities.
2084 * @param module - string name
2085 * @param capability - string name
2086 * @param contextid - context id
2087 * @param roleid - role id
2088 * @param permission - int 1,-1 or -1000
2089 * should not be writing if permission is 0
2090 */
2098 }
2100 $existing = get_record('role_capabilities', 'contextid', $contextid, 'roleid', $roleid, 'capability', $capability);
2104 }
2119 /// MDL-10679 insert context rel here
2122 }
2123 }
2126 /**
2127 * Unassign a capability from a role.
2128 * @param $roleid - the role id
2129 * @param $capability - the name of the capability
2130 * @return boolean - success or failure
2131 */
2135 // delete from context rel, if this is the last override in this context
2139 // MDL-10679, if this is no more overrides for this context
2140 // delete entries from context where this context is a child
2143 }
2146 // There is no need to delete from context_rel here because
2147 // this is only used for legacy, for now
2150 }
2152 }
2155 /**
2156 * Get the roles that have a given capability assigned to it. This function
2157 * does not resolve the actual permission of the capability. It just checks
2158 * for assignment only.
2159 * @param $capability - capability name (string)
2160 * @param $permission - optional, the permission defined for this capability
2161 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT
2162 * @return array or role objects
2163 */
2174 }
2178 }
2188 }
2190 }
2193 /**
2194 * This function makes a role-assignment (a role for a user or group in a particular context)
2195 * @param $roleid - the role of the id
2196 * @param $userid - userid
2197 * @param $groupid - group id
2198 * @param $contextid - id of the context
2199 * @param $timestart - time this assignment becomes effective
2200 * @param $timeend - time this assignemnt ceases to be effective
2201 * @uses $USER
2202 * @return id - new id of the assigment
2203 */
2204 function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $timeend=0, $hidden=0, $enrol='manual',$timemodified='') {
2209 /// Do some data validation
2214 }
2219 }
2224 }
2229 }
2234 }
2239 }
2243 }
2245 /// Check for existing entry
2247 $ra = get_record('role_assignments', 'roleid', $roleid, 'contextid', $context->id, 'userid', $userid);
2249 $ra = get_record('role_assignments', 'roleid', $roleid, 'contextid', $context->id, 'groupid', $groupid);
2250 }
2261 /// Always round timestart downto 100 secs to help DBs to use their own caching algorithms
2262 /// by repeating queries with the same exact parameters in a 100 secs time window
2275 /// Always round timestart downto 100 secs to help DBs to use their own caching algorithms
2276 /// by repeating queries with the same exact parameters in a 100 secs time window
2283 }
2287 /// If the user is the current user, then reload the capabilities too.
2290 }
2292 /// Ask all the modules if anything needs to be done for this user
2299 }
2300 }
2301 }
2303 /// Make sure they have an entry in user_lastaccess for courses they can access
2304 // role_add_lastaccess_entries($userid, $context);
2305 }
2307 /// now handle metacourse role assignments if in course context
2312 }
2313 }
2314 }
2317 }
2320 /**
2321 * Deletes one or more role assignments. You must specify at least one parameter.
2322 * @param $roleid
2323 * @param $userid
2324 * @param $groupid
2325 * @param $contextid
2326 * @param $enrol unassign only if enrolment type matches, NULL means anything
2327 * @return boolean - success or failure
2328 */
2340 }
2341 }
2344 }
2350 /// infinite loop protection when deleting recursively
2353 }
2356 /// If the user is the current user, then reload the capabilities too.
2359 }
2362 /// Ask all the modules if anything needs to be done for this user
2367 $functionname($ra->userid, $context); // watch out, $context might be NULL if something goes wrong
2368 }
2369 }
2371 /// now handle metacourse role unassigment and removing from goups if in course context
2374 // cleanup leftover course groups/subscriptions etc when user has
2375 // no capability to view course
2376 // this may be slow, but this is the proper way of doing it
2378 // remove from groups
2382 }
2383 }
2385 // delete lastaccess records
2387 }
2389 //unassign roles in metacourses if needed
2393 }
2394 }
2395 }
2396 }
2397 }
2398 }
2401 }
2403 /**
2404 * A convenience function to take care of the common case where you
2405 * just want to enrol someone using the default role into a course
2406 *
2407 * @param object $course
2408 * @param object $user
2409 * @param string $enrol - the plugin used to do this enrolment
2410 */
2414 // remove time part from the timestamp and keep only the date part
2415 $timestart = make_timestamp(date('Y', $timestart), date('m', $timestart), date('d', $timestart), 0, 0, 0);
2420 }
2428 }
2435 }
2438 }
2440 /**
2441 * Add last access times to user_lastaccess as required
2442 * @param $userid
2443 * @param $context
2444 * @return boolean - success or failure
2445 */
2452 }
2465 }
2466 }
2474 }
2475 }
2480 }
2481 }
2489 }
2491 }
2492 }
2494 /**
2495 * Delete last access times from user_lastaccess as required
2496 * @param $userid
2497 * @param $context
2498 * @return boolean - success or failure
2499 */
2504 }
2507 /**
2508 * Loads the capability definitions for the component (from file). If no
2509 * capabilities are defined for the component, we simply return an empty array.
2510 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2511 * @return array of capabilities
2512 */
2523 // Blocks are an exception. Blocks directory is 'blocks', and not
2524 // 'block'. So we need to jump through hoops.
2530 // Similar to the above, course formats are 'format' while they
2531 // are stored in 'course/format'.
2550 }
2551 }
2557 }
2559 }
2562 /**
2563 * Gets the capabilities that have been cached in the database for this
2564 * component.
2565 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2566 * @return array of capabilities
2567 */
2575 }
2577 }
2579 /**
2580 * Returns default capabilities for given legacy role type.
2581 *
2582 * @param string legacy role name
2583 * @return array
2584 */
2588 }
2596 }
2597 }
2601 }
2602 }
2604 //some exceptions
2608 }
2610 }
2612 /**
2613 * Reset role capabilitites to default according to selected legacy capability.
2614 * If several legacy caps selected, use the first from get_default_capabilities.
2615 * If no legacy selected, removes all capabilities.
2616 *
2617 * @param int @roleid
2618 */
2627 //choose first selected legacy capability
2630 }
2631 }
2637 }
2638 }
2639 }
2641 /**
2642 * Updates the capabilities table with the component capability definitions.
2643 * If no parameters are given, the function updates the core moodle
2644 * capabilities.
2645 *
2646 * Note that the absence of the db/access.php capabilities definition file
2647 * will cause any stored capabilities for the component to be removed from
2648 * the database.
2649 *
2650 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2651 * @return boolean
2652 */
2662 // update risk bitmasks and context levels in existing capabilities if needed
2666 }
2673 }
2674 }
2678 }
2685 }
2686 }
2687 }
2688 }
2689 }
2691 // Are there new capabilities in the file definition?
2699 }
2701 }
2702 }
2703 // Add new capabilities to the stored definition.
2714 }
2717 if (isset($capdef['clonepermissionsfrom']) && in_array($capdef['clonepermissionsfrom'], $storedcaps)){
2718 if ($rolecapabilities = get_records('role_capabilities', 'capability', $capdef['clonepermissionsfrom'])){
2720 //assign_capability will update rather than insert if capability exists
2724 }
2725 }
2726 }
2727 // Do we need to assign the new capabilities to roles that have the
2728 // legacy capabilities moodle/legacy:* as well?
2729 // we ignore legacy key if we have cloned permissions
2733 }
2734 }
2735 // Are there any capabilities that have been removed from the file
2736 // definition that we need to delete from the stored capabilities and
2737 // role assignments?
2741 }
2744 /**
2745 * Deletes cached capabilities that are no longer needed by the component.
2746 * Also unassigns these capabilities from any roles that have them.
2747 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
2748 * @param $newcapdef - array of the new capability definitions that will be
2749 * compared with the cached capabilities
2750 * @return int - number of deprecated capabilities that have been removed
2751 */
2761 // Remove from capabilities cache.
2766 }
2767 // Delete from roles.
2773 }
2774 }
2775 }
2777 }
2778 }
2780 }
2784 /****************
2785 * UI FUNCTIONS *
2786 ****************/
2789 /**
2790 * prints human readable context identifier.
2791 */
2809 }
2811 }
2818 }
2820 }
2830 }
2831 }
2836 }
2838 }
2845 }
2846 }
2855 }
2857 }
2858 }
2859 }
2872 }
2874 }
2875 }
2876 }
2883 }
2885 }
2888 /**
2889 * Extracts the relevant capabilities given a contextid.
2890 * All case based, example an instance of forum context.
2891 * Will fetch all forum related capabilities, while course contexts
2892 * Will fetch all capabilities
2893 * @param object context
2894 * @return array();
2895 *
2896 * capabilities
2897 * `name` varchar(150) NOT NULL,
2898 * `captype` varchar(50) NOT NULL,
2899 * `contextlevel` int(10) NOT NULL,
2900 * `component` varchar(100) NOT NULL,
2901 */
2953 }
2957 }
2959 /// the rest of code is a bit hacky, think twice before modifying it :-(
2961 // special sorting of core system capabiltites and enrollments
2962 if (in_array($context->contextlevel, array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE))) {
2970 }
2971 }
2974 }
2978 }
2982 }
2985 /**
2986 * Gets the context-independent capabilities that should be overrridable in
2987 * any context.
2988 * @return array of capability records from the capabilities table.
2989 */
2992 //only CONTEXT_SYSTEM capabilities here or it will break the hack in fetch_context_capabilities()
2994 'moodle/site:accessallgroups'
2995 );
3002 }
3004 }
3007 /**
3008 * This function pulls out all the resolved capabilities (overrides and
3009 * defaults) of a role used in capability overrides in contexts at a given
3010 * context.
3011 * @param obj $context
3012 * @param int $roleid
3013 * @param bool self - if set to true, resolve till this level, else stop at immediate parent level
3014 * @return array
3015 */
3027 }
3035 ORDER BY c.contextlevel DESC,
3041 // We are traversing via reverse order.
3043 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
3046 }
3047 }
3048 }
3050 }
3052 /**
3053 * Recursive function which, given a context, find all parent context ids,
3054 * and return the array in reverse order, i.e. parent first, then grand
3055 * parent, etc.
3056 * @param object $context
3057 * @return array()
3058 */
3064 }
3079 }
3089 }
3103 }
3110 }
3116 }
3123 }
3129 }
3130 // fix for MDL-9656, block parents are not necessarily courses
3135 }
3143 }
3149 }
3150 }
3153 /**
3154 * Recursive function which, given a context, find all its children context ids.
3155 * @param object $context.
3156 * @return array of children context ids.
3157 */
3166 // No children.
3171 // No children.
3176 // No children.
3181 // Find all block instances for the course.
3189 }
3190 }
3194 }
3195 }
3196 }
3197 // Find all module instances for the course.
3202 }
3203 }
3204 }
3205 // Find all group instances for the course.
3210 }
3211 }
3212 }
3217 // We need to get the contexts for:
3218 // 1) The subcategories of the given category
3219 // 2) The courses in the given category and all its subcategories
3220 // 3) All the child contexts for these courses
3224 // Add the contexts for all the subcategories.
3228 }
3229 }
3231 // Add the parent category as well so we can find the contexts
3232 // for its courses.
3236 // Find all courses for the category.
3242 }
3243 }
3244 }
3245 }
3250 // No children.
3255 // No children.
3260 // Just get all the contexts except for CONTEXT_SYSTEM level.
3268 }
3275 }
3276 }
3279 /**
3280 * Gets a string for sql calls, searching for stuff in this context or above
3281 * @param object $context
3282 * @return string
3283 */
3289 }
3290 }
3293 /**
3294 * This function gets the capability of a role in a given context.
3295 * It is needed when printing override forms.
3296 * @param int $contextid
3297 * @param string $capability
3298 * @param array $capabilities - array loaded using role_context_capabilities
3299 * @return int (allow, prevent, prohibit, inherit)
3300 */
3304 }
3307 }
3308 }
3311 /**
3312 * Returns the human-readable, translated version of the capability.
3313 * Basically a big switch statement.
3314 * @param $capabilityname - e.g. mod/choice:readresponses
3315 */
3318 // Typical capabilityname is mod/choice:readresponses
3362 }
3364 }
3367 /**
3368 * This gets the mod/block/course/core etc strings.
3369 * @param $component
3370 * @param $contextlevel
3371 */
3385 }
3407 }
3423 }
3427 error ('This is an unknown context $contextlevel (' . $contextlevel . ') in get_component_string!');
3430 }
3432 }
3434 /**
3435 * Gets the list of roles assigned to this context and up (parents)
3436 * @param object $context
3437 * @param view - set to true when roles are pulled for display only
3438 * this is so that we can filter roles with no visible
3439 * assignment, for example, you might want to "hide" all
3440 * course creators when browsing the course participants
3441 * list.
3442 * @return array
3443 */
3448 // filter for roles with all hidden assignments
3449 // no need to return when only pulling roles for reviewing
3450 // e.g. participants page.
3451 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':'';
3455 r.name,
3456 r.shortname,
3457 r.sortorder
3460 WHERE r.id = ra.roleid
3462 $hiddensql
3466 }
3468 /** this function is used to print roles column in user profile page.
3469 * @param int userid
3470 * @param int contextid
3471 * @return string
3472 */
3477 $SQL = 'select * from '.$CFG->prefix.'role_assignments ra, '.$CFG->prefix.'role r where ra.userid='.$userid.' and ra.contextid='.$contextid.' and ra.roleid = r.id';
3480 $rolestring .= '<a href="'.$CFG->wwwroot.'/user/index.php?contextid='.$userrole->contextid.'&roleid='.$userrole->roleid.'">'.$userrole->name.'</a>, ';
3481 }
3483 }
3485 }
3488 /**
3489 * Checks if a user can override capabilities of a particular role in this context
3490 * @param object $context
3491 * @param int targetroleid - the id of the role you want to override
3492 * @return boolean
3493 */
3495 // first check if user has override capability
3496 // if not return false;
3499 }
3500 // pull out all active roles of this user from this context(or above)
3503 // if any in the role_allow_override table, then it's ok
3504 if (get_record('role_allow_override', 'roleid', $userrole->roleid, 'allowoverride', $targetroleid)) {
3506 }
3507 }
3508 }
3512 }
3514 /**
3515 * Checks if a user can assign users to a particular role in this context
3516 * @param object $context
3517 * @param int targetroleid - the id of the role you want to assign users to
3518 * @return boolean
3519 */
3522 // first check if user has override capability
3523 // if not return false;
3526 }
3527 // pull out all active roles of this user from this context(or above)
3530 // if any in the role_allow_override table, then it's ok
3531 if (get_record('role_allow_assign', 'roleid', $userrole->roleid, 'allowassign', $targetroleid)) {
3533 }
3534 }
3535 }
3538 }
3540 /** Returns all site roles in correct sort order.
3541 *
3542 */
3545 }
3547 /**
3548 * gets all the user roles assigned in this context, or higher contexts
3549 * this is mainly used when checking if a user can assign a role, or overriding a role
3550 * i.e. we need to know what this user holds, in order to verify against allow_assign and
3551 * allow_override tables
3552 * @param object $context
3553 * @param int $userid
3554 * @param view - set to true when roles are pulled for display only
3555 * this is so that we can filter roles with no visible
3556 * assignment, for example, you might want to "hide" all
3557 * course creators when browsing the course participants
3558 * list.
3559 * @return array
3560 */
3561 function get_user_roles($context, $userid=0, $checkparentcontexts=true, $order='c.contextlevel DESC, r.sortorder ASC', $view=false) {
3568 }
3570 }
3571 // set up hidden sql
3572 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':'';
3578 }
3585 ' AND ra.roleid = r.id
3586 AND ra.contextid = c.id
3589 }
3591 /**
3592 * Creates a record in the allow_override table
3593 * @param int sroleid - source roleid
3594 * @param int troleid - target roleid
3595 * @return int - id or false
3596 */
3602 }
3604 /**
3605 * Creates a record in the allow_assign table
3606 * @param int sroleid - source roleid
3607 * @param int troleid - target roleid
3608 * @return int - id or false
3609 */
3615 }
3617 /**
3618 * Gets a list of roles that this user can assign in this context
3619 * @param object $context
3620 * @return array
3621 */
3630 }
3631 }
3632 }
3634 }
3636 /**
3637 * Gets a list of roles that this user can override in this context
3638 * @param object $context
3639 * @return array
3640 */
3649 }
3650 }
3651 }
3654 }
3656 /**
3657 * Returns a role object that is the default role for new enrolments
3658 * in a given course
3659 *
3660 * @param object $course
3661 * @return object $role
3662 */
3666 /// First let's take the default role the course may have
3670 }
3671 }
3673 /// Otherwise the site setting should tell us
3677 }
3678 }
3680 /// It's unlikely we'll get here, but just in case, try and find a student role
3683 }
3686 }
3689 /**
3690 * who has this capability in this context
3691 * does not handling user level resolving!!!
3692 * (!)pleaes note if $fields is empty this function attempts to get u.*
3693 * which can get rather large.
3694 * i.e 1 person has 2 roles 1 allow, 1 prevent, this will not work properly
3695 * @param $context - object
3696 * @param $capability - string capability
3697 * @param $fields - fields to be pulled
3698 * @param $sort - the sort order
3699 * @param $limitfrom - number of records to skip (offset)
3700 * @param $limitnum - number of records to fetch
3701 * @param $groups - single group or array of groups - only return
3702 * users who are in one of these group(s).
3703 * @param $exceptions - list of users to exclude
3704 * @param view - set to true when roles are pulled for display only
3705 * this is so that we can filter roles with no visible
3706 * assignment, for example, you might want to "hide" all
3707 * course creators when browsing the course participants
3708 * list.
3709 * @param boolean $useviewallgroups if $groups is set the return users who
3710 * have capability both $capability and moodle/site:accessallgroups
3711 * in this context, as well as users who have $capability and who are
3712 * in $groups.
3713 */
3719 /// Sorting out groups
3725 }
3736 }
3739 }
3741 /// Sorting out exceptions
3744 /// Set up default fields
3747 }
3749 /// Set up default sort
3752 }
3755 /// Set up hidden sql
3756 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':'';
3758 /// If context is a course, then construct sql for ul
3764 }
3766 /// Sorting out roles with this capability set
3771 }
3772 $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext);
3773 }
3780 }
3781 }
3782 if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list
3785 }
3786 }
3787 }
3790 }
3794 }
3796 /// Construct the main SQL
3803 AND u.deleted = 0
3805 $exceptionsql
3806 $groupsql
3810 }
3812 /**
3813 * gets all the users assigned this role in this context or higher
3814 * @param int roleid
3815 * @param int contextid
3816 * @param bool parent if true, get list of users assigned in higher context too
3817 * @return array()
3818 */
3819 function get_role_users($roleid, $context, $parent=false, $fields='', $sort='u.lastname ASC', $view=false, $limitfrom='', $limitnum='', $group='') {
3827 }
3829 // whether this assignment is hidden
3830 $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND r.hidden = 0 ':'';
3836 }
3839 }
3845 }
3853 }
3857 $groupsql
3860 $groupwheresql
3862 $hiddensql
3867 }
3869 /**
3870 * Counts all the users assigned this role in this context or higher
3871 * @param int roleid
3872 * @param int contextid
3873 * @param bool parent if true, get list of users assigned in higher context too
3874 * @return array()
3875 */
3884 }
3887 }
3895 }
3897 /**
3898 * This function gets the list of courses that this user has a particular capability in.
3899 * It is still not very efficient.
3900 * @param string $capability Capability in question
3901 * @param int $userid User ID or null for current user
3902 * @param bool $doanything True if 'doanything' is permitted (default)
3903 * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records;
3904 * otherwise use a comma-separated list of the fields you require, not including id
3905 * @param string $orderby If set, use a comma-separated list of fields from course
3906 * table with sql modifiers (DESC) if needed
3907 * @return array Array of courses, may have zero entries. Or false if query failed.
3908 */
3909 function get_user_capability_course($capability, $userid=NULL,$doanything=true,$fieldsexceptid='',$orderby='') {
3910 // Convert fields list and ordering
3916 }
3917 }
3924 }
3926 }
3928 }
3930 // Obtain a list of everything relevant about all courses including context.
3931 // Note the result can be used directly as a context (we are going to), the course
3932 // fields are just appended.
3935 SELECT
3937 FROM
3940 $orderby
3944 }
3946 // Check capability for each course in turn
3950 // We've got the capability. Make the record look like a course record
3951 // and store it
3957 }
3958 }
3960 }
3962 /** This function finds the roles assigned directly to this context only
3963 * i.e. no parents role
3964 * @param object $context
3965 * @return array
3966 */
3974 WHERE ra.roleid = r.id
3977 }
3979 /**
3980 * Switches the current user to another role for the current session and only
3981 * in the given context. If roleid is not valid (eg 0) or the current user
3982 * doesn't have permissions to be switching roles then the user's session
3983 * is compltely reset to have their normal roles.
3984 * @param integer $roleid
3985 * @param object $context
3986 * @return bool
3987 */
3991 /// If we can't use this or are already using it or no role was specified then bail completely and reset
3999 }
4001 /// We're allowed to switch but can we switch to the specified role? Use assignable roles to check.
4004 }
4006 /// unset default user role - it would not work anyway
4011 }
4013 /// We have a valid roleid that this user can switch to, so let's set up the session
4020 /// Add some permissions we are really going to always need, even if the role doesn't have them!
4026 }
4029 // get any role that has an override on exact context
4037 WHERE rc.roleid = r.id
4039 }
4041 // get all capabilities for this role on this context (overrids)
4050 }
4052 // find out which roles has assignment on this context
4060 WHERE ra.roleid = r.id
4062 }
4066 /**
4067 * Find all user assignemnt of users for this role, on this context
4068 */
4077 }
4079 /**
4080 * Simple function returning a boolean true if roles exist, otherwise false
4081 */
4085 return record_exists('role_assignments', 'userid', $userid, 'roleid', $roleid, 'contextid', $contextid);
4088 }
4089 }
4091 /**
4092 * Inserts all parental context and self into context_rel table
4093 *
4094 * @param object $context-context to be deleted
4095 * @param bool deletechild - deltes child contexts dependencies
4096 */
4099 // first check validity
4100 // MDL-9057
4105 }
4107 // removes all parents
4110 }
4114 }
4115 // insert all parents
4123 }
4124 }
4125 }
4127 /**
4128 * rebuild context_rel table without deleting
4129 */
4135 // MDL-10679, only identify contexts with overrides in them
4139 // total number of records
4140 // subtract one because the site context should not be calculated, will not be processed
4143 // processed records
4148 //if ($contexts = get_records('context')) {
4150 // no need to delete because it's all empty
4155 }
4158 }
4161 // gets the custom name of the role in course
4162 // TODO: proper documentation
4169 }
4170 }
4172 /*
4173 * @param int object - context object (node), from which we find all it's children
4174 * and rebuild all associated context_rel info
4175 * this is needed when a course or course category is moved
4176 * as the children's relationship to grandparents needs to be fixed
4177 * @return int number of contexts rebuilt
4178 */
4185 }
4187 // find all children used in context_rel
4191 }
4192 }
4195 // rebuild all the contexts of this list
4199 }
4202 }
4204 /**
4205 * This function helps admin/roles/manage.php etc to detect if a new line should be printed
4206 * when we read in a new capability
4207 * most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client)
4208 * but when we are in grade, all reports/import/export capabilites should be together
4209 * @param string a - component string a
4210 * @param string b - component string b
4211 * @return bool - whether 2 component are in different "sections"
4212 */
4217 }
4225 // we are in gradebook, still
4226 if (($compsa[0] == 'gradeexport' || $compsa[0] == 'gradeimport' || $compsa[0] == 'gradereport') &&
4229 }
4230 }
4234 }
4236 ?>