moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ROLES AND PERMISSIONS - FIRST CHECK-IN

Browse source 
=======================================

WARNING:  DEV IS CURRENTLY VERY UNSTABLE.

This is a mega-checkin of the new Roles system.   A lot of changes have
been made in core and modules.

Currently there are a lot of rough edges and known problems.  We are
working hard on these .. .the reason for getting this into HEAD at this
stage is enable us to move faster (our branch was diverging from HEAD
too much).

Please keep an eye on http://docs.moodle.org/en/Roles for current status
and information for developers on how to use the new Roles system.
This commit is contained in:
moodler 2006-08-08 05:13:06 +00:00
parent 394577c3e4
commit bbbf2d4015
139 changed files with 40452 additions and 2001 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/blocks.php
View file

@ -117,6 +117,8 @@
}
}
}
// Delete the capabilities that were defined by this block
capabilities_cleanup('block/'.$block->name);
$a->block = $strblockname;
$a->directory = $CFG->dirroot.'/blocks/'.$block->name;

5
admin/config.php
View file

@ -7,7 +7,8 @@
if ($site = get_site()) { // If false then this is a new installation
require_login();
if (!isadmin()) {
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!has_capability('moodle/site:config', $context->id)) {
error('Only the admin can use this page');
}
}
@ -23,7 +24,7 @@
if ($config = data_submitted($match)) {
if (!empty($USER->id)) { // Additional identity check
if (!empty($USER->id)) { // Additional identity check
if (!confirm_sesskey()) {
error(get_string('confirmsesskeybad', 'error'));
}

5
admin/configure.php
View file

@ -4,8 +4,9 @@
require_login();
if (!isadmin()) {
error('Only admins can access this page');
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!has_capability('moodle/site:config', $context->id)) {
error('Only the admin can use this page');
}
if (!$site = get_site()) {

53
admin/index.php
View file

@ -28,9 +28,8 @@
$confirmupgrade = optional_param('confirmupgrade', 0, PARAM_BOOL);
$agreelicence = optional_param('agreelicence',0, PARAM_BOOL);
/// check upgrade status first
upgrade_check_running("Upgrade already running, please wait!", 10);
#upgrade_check_running("Upgrade already running, please wait!", 10);
/// Check some PHP server settings
@ -79,6 +78,12 @@
$CFG->version = "";
}
/// Turn off time limits and try to flush everything all the time, sometimes upgrades can be slow.
@set_time_limit(0);
@ob_implicit_flush(true);
@ob_end_flush();
/// Check if the main tables have been installed yet or not.
if (! $tables = $db->Metatables() ) { // No tables yet at all.
@ -165,6 +170,12 @@
print_heading($strdatabasechecking);
$db->debug=true;
if (main_upgrade($CFG->version)) {
if (empty($CFG->rolesactive)) {
moodle_upgrade_roles_system_17();
}
if (!update_capabilities()) {
error('Had trouble upgrading the core capabilities for Roles');
}
$db->debug=false;
if (set_config("version", $version)) {
remove_dir($CFG->dataroot . '/cache', true); // flush cache
@ -240,6 +251,7 @@
redirect("config.php");
}
/// Find and check all main modules and load them up or upgrade them if necessary
upgrade_activity_modules("$CFG->wwwroot/$CFG->admin/index.php"); // Return here afterwards
@ -304,7 +316,10 @@
/// Check for valid admin user
require_login();
if (!isadmin()) {
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (!isadmin()) {
//if (!has_capability('moodle/site:config', $context->id)) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
@ -416,6 +431,12 @@
get_string('addnewuser').'</a> - <span class="explanation">'.get_string('adminhelpaddnewuser').'</span></div>';
$userdata .= '<div class="adminlink"><a href="'.$CFG->wwwroot.'/'.$CFG->admin.'/uploaduser.php?sesskey='.$USER->sesskey.'">'.
get_string('uploadusers').'</a> - <span class="explanation">'.get_string('adminhelpuploadusers').'</span></div>';
$userdata .= '<div class="adminlink"><a href="roles/manage.php">'.
get_string('manageroles').'</a> - <span class="explanation">'.get_string('adminmanageroles').
' <img src="../pix/t/user.gif" height="11" width="11" alt="" /></span></div>';
$userdata .= '<div class="adminlink"><a href="roles/assign.php?contextid='.$context->id.'">'.
get_string('assignroles').'</a> - <span class="explanation">'.get_string('adminassignroles').
' <img src="../pix/t/user.gif" height="11" width="11" alt="" /></span></div>';
$table->data[] = array('<strong><a href="users.php">'.get_string('users').'</a></strong>', $userdata);
@ -423,17 +444,25 @@
'</a> - <span class="explanation">'.get_string('adminhelpcourses').'</span></div>';
$coursedata .= '<div class="adminlink"><a href="enrol.php?sesskey='.$USER->sesskey.'">'.get_string('enrolmentplugins').
'</a> - <span class="explanation">'.get_string('adminhelpenrolments').'</span></div>';
$coursedata .= '<div class="adminlink"><a href="../course/index.php?edit=off&amp;sesskey='.$USER->sesskey.'">'.
get_string('assignstudents').'</a> - <span class="explanation">'.get_string('adminhelpassignstudents').'</span></div>';
$coursedata .= '<div class="adminlink"><a href="../course/index.php?edit=on&amp;sesskey='.$USER->sesskey.'">'.
get_string('assignteachers').'</a> - <span class="explanation">'.get_string('adminhelpassignteachers').
' <img src="../pix/t/user.gif" height="11" width="11" alt="" /></span></div>';
$coursedata .= '<div class="adminlink"><a href="creators.php?sesskey='.$USER->sesskey.'">'.get_string('assigncreators').
'</a> - <span class="explanation">'.get_string('adminhelpassigncreators').'</span></div>';
$coursedata .= '<div class="adminlink"><a href="admin.php?sesskey='.$USER->sesskey.'">'.get_string('assignadmins').
'</a> - <span class="explanation">'.get_string('adminhelpassignadmins').'</span></div>';
$table->data[] = array('<strong><a href="courses.php">'.get_string('courses').'</a></strong>', $coursedata);
$table->data[] = array('<strong><a href="../files/index.php?id='.$site->id.'">'.get_string('sitefiles').'</a></strong>',
'<div class="explanation">'.get_string('adminhelpsitefiles').'</div>');
$table->data[] = array('<strong><a href="stickyblocks.php">'.get_string('stickyblocks','admin').'</a></strong>',
'<div class="explanation">'.get_string('adminhelpstickyblocks').'</div>');
$table->data[] = array('<strong><a href="report.php">'.get_string('reports').'</a></strong>',
'<div class="explanation">'.get_string('adminhelpreports').'</div>');
$testingdata = '<div class="adminlink"><a href="environment.php">'.get_string('environment', 'admin').
'</a> - <span class="explanation">'.get_string('adminhelpenvironment').'</span></div>';
$testingdata .= '<div class="adminlink"><a href="report/simpletest/index.php">'.get_string('simpletest', 'admin').
'</a> - <span class="explanation">'.get_string('adminhelpsimpletest').'</span></div>';
$table->data[] = array('<strong><a href="tests.php">'.get_string('tests','admin').'</a></strong>',
$testingdata);
$miscdata = '<div class="adminlink"><a href="../files/index.php?id='.$site->id.'">'.get_string('sitefiles').
'</a> - <span class="explanation">'.get_string('adminhelpsitefiles').'</span></div>';

6
admin/modules.php
View file

@ -126,8 +126,10 @@
}
}
}
//rebuild_course_cache(); // Because things have changed
// Delete the capabilities that were defined by this module
capabilities_cleanup('mod/'.$module->name);
// rebuild_course_cache(); // Because things have changed
$coursesaffected = true;
$a->module = $strmodulename;

99
admin/roles/assign.html Executable file
View file

@ -0,0 +1,99 @@
<form name="studentform" id="studentform" method="post" action="assign.php">
<input type="hidden" name="previoussearch" value="<?php echo $previoussearch ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="contextid" value="<?php echo $contextid ?>" />
<input type="hidden" name="roleid" value="<?php echo $roleid ?>" />
<table align="center" border="0" cellpadding="5" cellspacing="0">
<tr>
<td valign="top">
<?php
$a->count = count($contextusers);
$a->items = $strexistingusers;
print_string('counteditems', '', $a);
?>
</td>
<td></td>
<td valign="top">
<?php
$a->count = $usercount;
$a->items = $strpotentialusers;
print_string('counteditems', '', $a);
?>
</td>
</tr>
<tr>
<td valign="top">
<select name="removeselect[]" size="20" id="removeselect" multiple
onFocus="document.studentform.add.disabled=true;
document.studentform.remove.disabled=false;
document.studentform.addselect.selectedIndex=-1;" />
<?php
foreach ($contextusers as $contextuser) {
$fullname = fullname($contextuser, true);
echo "<option value=\"$contextuser->id\">".$fullname.", ".$student->email."</option>\n";
}
?>
</select></td>
<td valign="top">
<br />
<input name="add" type="submit" id="add" value="&larr;" />
<br />
<input name="remove" type="submit" id="remove" value="&rarr;" />
<br />
</td>
<td valign="top">
<select name="addselect[]" size="20" id="addselect" multiple
onFocus="document.studentform.add.disabled=false;
document.studentform.remove.disabled=true;
document.studentform.removeselect.selectedIndex=-1;">
<?php
if (!empty($searchusers)) {
echo "<optgroup label=\"$strsearchresults (" . count($searchusers) . ")\">\n";
foreach ($searchusers as $user) {
$fullname = fullname($user, true);
echo "<option value=\"$user->id\">".$fullname.", ".$user->email."</option>\n";
}
echo "</optgroup>\n";
}
else {
if ($usercount > MAX_USERS_PER_PAGE) {
echo '<optgroup label="'.get_string('toomanytoshow').'"><option></option></optgroup>'."\n"
.'<optgroup label="'.get_string('trysearching').'"><option></option></optgroup>'."\n";
}
else {
if ($usercount > 0) { //fix for bug#4455
foreach ($users as $user) {
$fullname = fullname($user, true);
echo "<option value=\"$user->id\">".$fullname.", ".$user->email."</option>\n";
}
}
}
}
?>
</select>
<br />
<input type="text" name="searchtext" size="30" value="<?php p($searchtext, true) ?>"
onFocus ="document.studentform.add.disabled=true;
document.studentform.remove.disabled=true;
document.studentform.removeselect.selectedIndex=-1;
document.studentform.addselect.selectedIndex=-1;"
onkeydown = "var keyCode = event.which ? event.which : event.keyCode;
if (keyCode == 13) {
document.studentform.previoussearch.value=1;
document.studentform.submit();
} " />
<input name="search" id="search" type="submit" value="<?php p($strsearch) ?>" />
<?php
if (!empty($searchusers)) {
echo '<input name="showall" id="showall" type="submit" value="'.$strshowall.'" />'."\n";
}
?>
</td>
</tr>
</table>
</form>

164
admin/roles/assign.php Executable file
View file

@ -0,0 +1,164 @@
<?php // $Id$
// Script to assign students to courses
require_once("../../config.php");
define("MAX_USERS_PER_PAGE", 5000);
$contextid = required_param('contextid',PARAM_INT); // context id
$roleid = optional_param('roleid', 0, PARAM_INT); // required role id
$add = optional_param('add', 0, PARAM_BOOL);
$remove = optional_param('remove', 0, PARAM_BOOL);
$showall = optional_param('showall', 0, PARAM_BOOL);
$searchtext = optional_param('searchtext', '', PARAM_RAW); // search string
$previoussearch = optional_param('previoussearch', 0, PARAM_BOOL);
$hidden = optional_param('hidden', 0, PARAM_BOOL); // whether this assignment is hidden
$previoussearch = ($searchtext != '') or ($previoussearch) ? 1:0;
$timestart = optional_param('timestart', 0, PARAM_INT);
$timeend = optional_param('timened', 0, PARAM_INT);
if (! $site = get_site()) {
redirect("$CFG->wwwroot/$CFG->admin/index.php");
}
if (! $context = get_record("context", "id", $contextid)) {
error("Context ID was incorrect (can't find it)");
}
/* permission check to see whether this user can assign people to this role
* needs to be:
* 1) has the capability to assign
* 2) not in role_deny_grant
* end of permission checking
*/
/*
if ($course->metacourse) {
redirect("$CFG->wwwroot/course/importstudents.php?id=$course->id");
}
*/
require_login($course->id);
if (!isteacheredit($course->id)) {
error("You must be an editing teacher in this course, or an admin");
}
$strassignusers = get_string('assignusers');
$strpotentialusers = get_string('potentialusers');
$strexistingusers = get_string('existingusers');
$strsearch = get_string('search');
$strshowall = get_string('showall');
/*
if ($course && $course->id != SITEID) { // course header
print_header("$course->shortname: $strassignusers",
"$site->fullname",
"<a href=\"view.php?id=$course->id\">$course->shortname</a> -> $strassignusers");
} else { // site header
print_header("$site->shortname: $strassignusers",
"$site->fullname",
"$strassignusers");
}
*/
$straction = get_string('roleassignment');
$context = get_record('context', 'id', $contextid);
$currenttab = '';
$tabsmode = 'assign';
include_once('tabs.php');
/// Don't allow restricted teachers to even see this page (because it contains
/// a lot of email addresses and access to all student on the server
check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
/// Print a help notice about the need to use this page
if (!$frm = data_submitted()) {
/// A form was submitted so process the input
} else {
if ($add and !empty($frm->addselect) and confirm_sesskey()) {
//$timestart = ????
// time end = ????
$timemodified = time();
foreach ($frm->addselect as $adduser) {
$adduser = clean_param($adduser, PARAM_INT);
if (! role_assign($roleid, $adduser, 0, $contextid, $timestart, $timeend, $hidden)) {
error("Could not add user with id $adduser to this role!");
}
}
} else if ($remove and !empty($frm->removeselect) and confirm_sesskey()) {
foreach ($frm->removeselect as $removeuser) {
$removeuser = clean_param($removeuser, PARAM_INT);
if (! role_unassign($roleid, $removeuser, 0, $contextid)) {
error("Could not remove user with id $removeuser from this role!");
}
}
} else if ($showall) {
$searchtext = '';
$previoussearch = 0;
}
}
/// Get all existing students and teachers for this course.
$existinguserarray = array();
$SQL = "select u.* from {$CFG->prefix}role_assignments r, {$CFG->prefix}user u where contextid = $contextid and roleid = $roleid and u.id = r.userid"; // join now so that we can just use fullname() later
if (!$contextusers = get_records_sql($SQL)) {
$contextusers = array();
}
foreach ($contextusers as $contextuser) {
$existinguserarray[] = $contextuser->id;
}
$existinguserlist = implode(',', $existinguserarray);
unset($existinguserarray);
/// Get search results excluding any users already in this course
if (($searchtext != '') and $previoussearch) {
$searchusers = get_users(true, $searchtext, true, $existinguserlist, 'firstname ASC, lastname ASC',
'', '', 0, 99999, 'id, firstname, lastname, email');
$usercount = get_users(false, '', true, $existinguserlist);
}
/// If no search results then get potential students for this course excluding users already in course
if (empty($searchusers)) {
$usercount = get_users(false, '', true, $existinguserlist, 'firstname ASC, lastname ASC', '', '',
0, 99999, 'id, firstname, lastname, email') ;
$users = array();
if ($usercount <= MAX_USERS_PER_PAGE) {
$users = get_users(true, '', true, $existinguserlist, 'firstname ASC, lastname ASC', '', '',
0, 99999, 'id, firstname, lastname, email');
}
}
// this needs to check capability too
$role = get_records('role');
foreach ($role as $rolex) {
$options[$rolex->id] = $rolex->name;
}
// prints a form to swap roles
print ('<form name="rolesform" action="assign.php" method="post">');
print ('<div align="center">Current Context: '.print_context_name($contextid).'<br/>');
print ('<input type="hidden" name="contextid" value="'.$contextid.'">Select a Role: ');
choose_from_menu ($options, 'roleid', $roleid, 'choose', $script='rolesform.submit()');
print ('</div></form>');
if ($roleid) {
print_simple_box_start("center");
include('assign.html');
print_simple_box_end();
}
print_footer($course);
?>

60
admin/roles/manage.html Executable file
View file

@ -0,0 +1,60 @@
<form name="rolesform" action="manage.php" method="post">
<input type="hidden" name="roleid" value="<?php echo $roleid; ?>">
<input type="hidden" name="sesskey" value="<?php print (sesskey()); ?>">
<input type="hidden" name="action" value="<?php echo $action; ?>">
<br/>Role Name: <input type="text" name="name" value="<?php echo $role->name; ?>">
<br/>Role Description: <input type="text" name="description" value="<?php echo $role->description; ?>">
<input type="hidden" name="contextid" value="<?php echo $contextid; ?>">
<p>
<table>
<tr>
<td>Capability Name</td><td>Inherit</td><td>Allow</td><td>Prevent</td><td>Prohibit</td>
</tr>
<?php
// init these 2
$contextlevel = 0;
$component = '';
foreach ($capabilities as $capability) {
// prints a breaker if component or name or context level
if ($capability->component != $component or $capability->contextlevel != $contextlevel) {
echo ('<tr><td colspan="4"><b>'.get_component_string($capability->component, $capability->contextlevel).'</b></td></tr>');
}
// these 2 are used to see to group same mod/core capabilities together
$contextlevel = $capability->contextlevel;
$component = $capability->component;
// check the capability override for this cap, this role in this context
$SQL = "select * from {$CFG->prefix}role_capabilities where
roleid = $roleid and capability = '$capability->name' and contextid = $contextid";
$localoverride = get_record_sql($SQL);
if (isset($r_caps[$capability->name])) {
$isallow = $r_caps[$capability->name] > 0;
$isprevent = $r_caps[$capability->name] < 0 && $r_caps[$capability->name] > -500;
$isprohibit = $r_caps[$capability->name] <= -500;
} else {
$isallow = 0;
$isprevent = 0;
$isprohibit = 0;
}
?>
<tr>
<td><?php echo get_capability_string($capability->name); ?></td>
<td><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="0" <?php if (!isset($localoverride->permission) || $localoverride->permission==0){ echo 'checked="checked"'; }?>></td>
<td><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="1" <?php if (isset($localoverride->permission) && $localoverride->permission==1){ echo 'checked="checked"'; }?>></td>
<td ><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="-1" <?php if (isset($localoverride->permission) && $localoverride->permission==-1){ echo 'checked="checked"'; }?>></td>
<td ><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="-1000" <?php if (isset($localoverride->permission) && $localoverride->permission==-1000){ echo 'checked="checked"'; }?>></td>
</tr>
<?php } ?>
</table>
</p>
<br/><input type="submit" value="<?php print_string($action);?>">
</form>

187
admin/roles/manage.php Executable file
View file

@ -0,0 +1,187 @@
<?php //$Id$
///dummy field names are used to help adding and dropping indexes. There's only 1 case now, in scorm_scoes_track
//testing
require_once('../../config.php');
require_login();
$roleid = optional_param('roleid', 0, PARAM_INT); // if set, we are editting a role
$action = optional_param('action', '', PARAM_ALPHA);
$name = optional_param('name', '', PARAM_ALPHA); // new role name
$description = optional_param('description', '', PARAM_NOTAGS); // new role desc
$confirm = optional_param('confirm', 0, PARAM_BOOL);
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
$contextid = $sitecontext->id;
if (!isadmin()) {
error('Only admins can access this page');
}
if (!$site = get_site()) {
redirect('index.php');
}
$stradministration = get_string('administration');
$strmanageroles = get_string('manageroles');
print_header("$site->shortname: $strmanageroles",
"$site->fullname",
"<a href=\"../index.php\">$stradministration</a> -> $strmanageroles");
// form processing, editting a role, adding a role or deleting a role
if ($action && confirm_sesskey()) {
switch ($action) {
case 'add':
$newrole = create_role($name, $description);
$ignore = array('roleid', 'sesskey', 'action', 'name', 'description', 'contextid');
$data = data_submitted();
foreach ($data as $capname => $value) {
if (in_array($capname, $ignore)) {
continue;
}
assign_capability($capname, $value, $newrole, $contextid);
}
break;
case 'edit':
$ignore = array('roleid', 'sesskey', 'action', 'name', 'description', 'contextid');
$data = data_submitted();
foreach ($data as $capname => $value) {
if (in_array($capname, $ignore)) {
continue;
}
// edit default caps
$SQL = "select * from {$CFG->prefix}role_capabilities where
roleid = $roleid and capability = '$capname' and contextid = $contextid";
$localoverride = get_record_sql($SQL);
if ($localoverride) { // update current overrides
if ($value == 0) { // inherit = delete
unassign_capability($capname, $roleid, $contextid);
} else {
$localoverride->permission = $value;
$localoverride->timemodified = time();
$localoverride->modifierid = $USER->id;
update_record('role_capabilities', $localoverride);
}
} else { // insert a record
assign_capability($capname, $value, $roleid, $contextid);
}
}
// update normal role settings
$role->id = $roleid;
$role->name = $name;
$role->description = $description;
update_record('role', $role);
break;
case 'delete':
if ($confirm) { // deletes a role
echo ('deleting...');
// check for depedencies
// delete all associated role-assignments?
delete_records('role', 'id', $roleid);
} else {
echo ('<form action="manage.php" method="POST">');
echo ('<input type="hidden" name="action" value="delete">');
echo ('<input type="hidden" name="roleid" value="'.$roleid.'">');
echo ('<input type="hidden" name="sesskey" value="'.sesskey().'">');
echo ('<input type="hidden" name="confirm" value="1">');
echo ('are you sure?');
echo ('<input type="submit" value="yes">');
print_footer($course);
exit;
// prints confirmation form
}
break;
/// add possible positioning switch here
default:
break;
}
}
if ($roleid) { // load the role if id is present
$role = get_record('role', 'id', $roleid);
$action = 'edit';
} else {
$role->name='';
$role->description='';
$action = 'add';
}
$roles = get_records('role');
foreach ($roles as $rolex) {
$options[$rolex->id] = $rolex->name;
}
// prints a form to swap roles
print ('<form name="rolesform1" action="manage.php" method="post">');
print ('<div align="center">Select a Role: ');
choose_from_menu ($options, 'roleid', $roleid, 'choose', $script='rolesform1.submit()');
print ('</div></form>');
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
$contextid = $sitecontext->id;
// this is the array holding capabilities of this role sorted till this context
$r_caps = role_context_capabilities($roleid, $sitecontext->id);
// this is the available capabilities assignable in this context
$capabilities = fetch_context_capabilities($sitecontext->id);
if (!$roleid) {
$action='add';
} else {
$action='edit';
}
print_simple_box_start();
include_once('manage.html');
print_simple_box_end();
/*************************************************
* List all roles and link them to override page *
*************************************************/
foreach ($roles as $role) {
echo ('<br><a href="roleoverride.php?contextid=1&roleid='.$role->id.'">'.$role->name.'</a>&nbsp;<a href="manage.php?action=delete&roleid='.$role->id.'&sesskey='.sesskey().'">delete</a>');
}
print_footer($course);
?>

54
admin/roles/override.html Executable file
View file

@ -0,0 +1,54 @@
<form action="override.php" method="post">
<input type="hidden" name="contextid" value="<?php echo $contextid; ?>">
<input type="hidden" name="roleid" value="<?php echo $roleid; ?>">
<table>
<tr>
<td>Capability Name</td><td>Inherit</td><td>Allow</td><td>Prevent</td><td>Prohibit</td>
</tr>
<?php
// init these 2
$contextlevel = 0;
$component = '';
foreach ($capabilities as $capability) {
// prints a breaker if component or name or context level
if ($capability->component != $component or $capability->contextlevel != $contextlevel) {
echo ('<tr><td colspan="4"><b>'.get_component_string($capability->component, $capability->contextlevel).'</b></td></tr>');
}
// these 2 are used to see to group same mod/core capabilities together
$contextlevel = $capability->contextlevel;
$component = $capability->component;
// check the capability override for this cap, this role in this context
$SQL = "select * from {$CFG->prefix}role_capabilities where
roleid = $roleid and capability = '$capability->name' and contextid = $contextid";
$localoverride = get_record_sql($SQL);
if (isset($r_caps[$capability->name])) {
$isallow = $r_caps[$capability->name] > 0;
$isprevent = $r_caps[$capability->name] < 0 && $r_caps[$capability->name] > -500;
$isprohibit = $r_caps[$capability->name] <= -500;
} else {
$isallow = 0;
$isprevent = 0;
$isprohibit = 0;
}
?>
<tr>
<td><?php echo get_capability_string($capability->name); ?></td>
<td><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="0" <?php if (!isset($localoverride->permission) || $localoverride->permission==0){ echo 'checked="checked"';} if ($isprohibit || islegacy($capability->name)) {echo 'disabled="disabled"'; }?>></td>
<td <?php if ($isallow) {echo "bgcolor=#ffffff";} ?>><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="1" <?php if (isset($localoverride->permission) && $localoverride->permission==1){ echo 'checked="checked"'; } if ($isprohibit || islegacy($capability->name)) {echo 'disabled="disabled"'; }?>></td>
<td <?php if ($isprevent) {echo "bgcolor=#ffffff";} ?>><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="-1" <?php if (isset($localoverride->permission) && $localoverride->permission==-1){ echo 'checked="checked"'; } if ($isprohibit || islegacy($capability->name)) {echo 'disabled="disabled"'; }?>></td>
<td <?php if ($isprohibit) {echo "bgcolor=#ffffff";} ?>><INPUT TYPE=radio NAME="<?php echo $capability->name; ?>" VALUE="-1000" <?php if (isset($localoverride->permission) && $localoverride->permission==-1000){ echo 'checked="checked"'; } if ($isprohibit || islegacy($capability->name)) {echo 'disabled="disabled"'; }?>></td>
</tr>
<?php } ?>
</table>
<input type="submit" value="modify">
</form>

119
admin/roles/override.php Executable file
View file

@ -0,0 +1,119 @@
<?
/* interface page for writing role overrides */
require_once("../../config.php");
$contextid = required_param('contextid',PARAM_INT); // context id
$roleid = optional_param('roleid', 0, PARAM_INT); // required role id
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
if ($contextid == $sitecontext->id) {
error ('can not override base role capabilities');
}
if (! $site = get_site()) {
redirect("$CFG->wwwroot/$CFG->admin/index.php");
}
$stroverrides = get_string('roleoverries');
/*
if ($course && $course->id != SITEID) { // course header
print_header("$course->shortname: $stroverrides",
"$site->fullname",
"<a href=\"view.php?id=$course->id\">$course->shortname</a> -> $stroverrides");
} else { // site header
print_header("$site->shortname: $stroverrides",
"$site->fullname",
"$stroverrides");
}
*/
$context = get_record('context', 'id', $contextid);
$straction = get_string('editoverride');
$currenttab = '';
$tabsmode = 'override';
include_once('tabs.php');
/*************************
* form processing here *
*************************/
if ($data = data_submitted()) {
// add or update
foreach ($data as $capname => $value) {
// ignore contextid and roleid
if ($capname == "contextid" || $capname == "roleid") {
continue;
}
$SQL = "select * from {$CFG->prefix}role_capabilities where
roleid = $roleid and capability = '$capname' and contextid = $contextid";
$localoverride = get_record_sql($SQL);
if ($localoverride) { // update current overrides
if ($value == 0) { // inherit = delete
delete_records('role_capabilities', 'roleid', $roleid, 'contextid', $contextid, 'capability', $capname);
} else {
$localoverride->permission = $value;
$localoverride->timemodified = time();
$localoverride->modifierid = $USER->id;
update_record('role_capabilities', $localoverride);
}
} else { // insert a record
$override->capability = $capname;
$override->contextid = $contextid;
$override->roleid = $roleid;
$override->permission = $value;
$override->timemodified = time();
$override->modifierid = $USER->id;
insert_record('role_capabilities', $override);
}
}
}
/*****************************************
* drop down for swapping between roles *
*****************************************/
// this needs to check capability too
$role = get_records('role');
foreach ($role as $rolex) {
$options[$rolex->id] = $rolex->name;
}
print ('<form name="rolesform" action="override.php" method="post">');
print ('<div align="center">Current Context: '.print_context_name($contextid).'<br/>');
print ('<input type="hidden" name="contextid" value="'.$contextid.'">Select a Role: ');
choose_from_menu ($options, 'roleid', $roleid, 'choose', $script='rolesform.submit()');
print ('</div></form>');
/**************************************
* print html for editting overrides *
**************************************/
if ($roleid) {
// this is the array holding capabilities of this role sorted till this context
$r_caps = role_context_capabilities($roleid, $contextid);
// this is the available capabilities assignable in this context
$capabilities = fetch_context_capabilities($contextid);
print_simple_box_start("center");
include_once('override.html');
print_simple_box_end();
}
print_footer($course);
?>

116
admin/roles/tabs.php Executable file
View file

@ -0,0 +1,116 @@
<?php
// this deals with tabs, as well as print_headers for navigation
if ($currenttab != 'update') {
switch ($context->level) {
case CONTEXT_SYSTEM:
print_header($site->fullname, "$site->fullname","$straction");
break;
case CONTEXT_PERSONAL:
break;
case CONTEXT_USERID:
break;
case CONTEXT_COURSECAT:
$category = get_record('course_categories', 'id', $context->instanceid);
$strcategories = get_string("categories");
$strcategory = get_string("category");
$strcourses = get_string("courses");
print_header("$site->shortname: $category->name", "$site->fullname: $strcourses",
"<a href=\"$CFG->wwwroot/course/index.php\">$strcategories</a> -> <a href=\"$CFG->wwwroot/course/category.php?id=$category->id\">$category->name</a> -> $straction", "", "", true);
break;
case CONTEXT_COURSE:
$streditcoursesettings = get_string("editcoursesettings");
$course = get_record('course', 'id', $context->instanceid);
print_header($streditcoursesettings, "$course->fullname",
"<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
-> <a href=\"$CFG->wwwroot/course/edit.php?id=$course->id\">$streditcoursesettings</a> -> $straction");
break;
case CONTEXT_GROUP:
break;
case CONTEXT_MODULE:
// get module type?
$cm = get_record('course_modules','id',$context->instanceid);
$module = get_record('modules','id',$cm->module); //$module->name;
$course = get_record('course','id',$cm->course);
if (! $form = get_record($module->name, "id", $cm->instance)) {
error("The required instance of this module doesn't exist");
}
$strnav = "<a href=\"$CFG->wwwroot/mod/$module->name/view.php?id=$cm->id\">$form->name</a> ->";
$fullmodulename = get_string("modulename", $module->name);
$streditinga = get_string("editinga", "moodle", $fullmodulename);
$strmodulenameplural = get_string("modulenameplural", $module->name);
if ($module->name == "label") {
$focuscursor = "";
} else {
$focuscursor = "form.name";
}
print_header_simple($streditinga, '',
"<a href=\"$CFG->wwwroot/mod/$module->name/index.php?id=$course->id\">$strmodulenameplural</a> ->
$strnav <a href=\"$CFG->wwwroot/course/mod.php?update=$cm->id&sesskey=".sesskey()."\">$streditinga</a> -> $straction", $focuscursor, "", false);
break;
case CONTEXT_BLOCK:
print_header();
break;
default:
error ('This is an unknown context!');
return false;
}
}
// Printing the tabs
if ($context->level == CONTEXT_MODULE) { // only show update button if module?
$toprow[] = new tabobject('update', $CFG->wwwroot.'/course/mod.php?update='.$context->instanceid.'&amp;return=true&amp;sesskey='.sesskey(), get_string('update'));
}
$toprow[] = new tabobject('roles', $CFG->wwwroot.'/admin/roles/assign.php?contextid='.$context->id, get_string('roles'));
if (isset($tabsmode)) {
$inactive[] = 'roles';
$secondrow[] = new tabobject('assign', $CFG->wwwroot.'/admin/roles/assign.php?contextid='.$context->id, get_string('roleassignments'));
if ($context->level == CONTEXT_SYSTEM) {
$secondrow[] = new tabobject('override', '', get_string('roleoverrides'));
} else {
$secondrow[] = new tabobject('override', $CFG->wwwroot.'/admin/roles/override.php?contextid='.$context->id, get_string('roleoverrides'));
}
if ($tabsmode == 'override') {
$currenttab = 'override';
} elseif ($tabsmode == 'assign') {
$currenttab = 'assign';
}
} else {
$inactive[] = '';
}
if (!empty($secondrow)) {
$tabs = array($toprow, $secondrow);
} else {
$tabs = array($toprow);
}
print_tabs($tabs, $currenttab, $inactive);
?>

34
admin/user.php
View file

@ -20,6 +20,8 @@
$admin = new object();
$teacher = new object();
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
if (! record_exists("user_admins")) { // No admin user yet
$user->firstname = get_string("admin");
@ -138,7 +140,7 @@
notify(get_string("usernotconfirmed", "", fullname($user, true)));
}
} else if ($delete and confirm_sesskey()) { // Delete a selected user, after confirmation
} else if ($delete and confirm_sesskey() and has_capability('moodle/user:delete', $context->id)) { // Delete a selected user, after confirmation
if (!$user = get_record("user", "id", "$delete")) {
error("No such user!");
}
@ -307,7 +309,10 @@
if ($user->id == $USER->id or $user->username == "changeme") {
$deletebutton = "";
} else {
$deletebutton = "<a href=\"user.php?delete=$user->id&amp;sesskey=$USER->sesskey\">$strdelete</a>";
if (has_capability('moodle/user:delete', $context->id)) {
$deletebutton = "<a href=\"user.php?delete=$user->id&amp;sesskey=$USER->sesskey\">$strdelete</a>"; } else {
$deletebutton ="";
}
}
if ($user->lastaccess) {
$strlastaccess = format_time(time() - $user->lastaccess);
@ -320,7 +325,10 @@
$confirmbutton = "";
}
$fullname = fullname($user, true);
$table->data[] = array ("<a href=\"../user/view.php?id=$user->id&amp;course=$site->id\">$fullname</a>",
if (has_capability('moodle/user:edit', $context->id)) {
$table->data[] = array ("<a href=\"../user/view.php?id=$user->id&amp;course=$site->id\">$fullname</a>",
"$user->email",
"$user->city",
"$user->country",
@ -328,6 +336,16 @@
"<a href=\"../user/edit.php?id=$user->id&amp;course=$site->id\">$stredit</a>",
$deletebutton,
$confirmbutton);
} else {
$table->data[] = array ("<a href=\"../user/view.php?id=$user->id&amp;course=$site->id\">$fullname</a>",
"$user->email",
"$user->city",
"$user->country",
$strlastaccess,
$deletebutton,
$confirmbutton);
}
}
}
@ -340,14 +358,18 @@
}
echo "</form>";
echo "</td></tr></table>";
print_heading("<a href=\"user.php?newuser=true&amp;sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
if (has_capability('moodle/user:create', $context->id)) {
print_heading("<a href=\"user.php?newuser=true&amp;sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
}
if (!empty($table)) {
print_table($table);
print_paging_bar($usercount, $page, $perpage,
"user.php?sort=$sort&amp;dir=$dir&amp;perpage=$perpage".
"&amp;firstinitial=$firstinitial&amp;lastinitial=$lastinitial&amp;search=".urlencode(stripslashes($search))."&amp;");
print_heading("<a href=\"user.php?newuser=true&amp;sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
if (has_capability('moodle/user:create', $context->id)) {
print_heading("<a href=\"user.php?newuser=true&amp;sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
}
}

29
admin/users.php
View file

@ -11,7 +11,7 @@
if (!$site = get_site()) {
redirect("index.php");
}
$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
$stradministration = get_string("administration");
$strusers = get_string("users");
@ -24,12 +24,33 @@
$table->data[] = array("<b><a href=\"auth.php?sesskey=$USER->sesskey\">".get_string("authentication")."</a></b>",
get_string("adminhelpauthentication"));
$table->data[] = array("<b><a href=\"user.php\">".get_string("edituser")."</a></b>",
if (has_capability('moodle/user:update', $context->id)) {
$table->data[] = array("<b><a href=\"user.php\">".get_string("edituser")."</a></b>",
get_string("adminhelpedituser"));
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true&amp;sesskey=$USER->sesskey\">".get_string("addnewuser")."</a></b>",
}
if (has_capability('moodle/user:create', $context->id)) {
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true&amp;sesskey=$USER->sesskey\">".get_string("addnewuser")."</a></b>",
get_string("adminhelpaddnewuser"));
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."</a></b>",
}
if (has_capability('moodle/user:create', $context->id)) {
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."</a></b>",
get_string("adminhelpuploadusers"));
}
$table->data[] = array('', '<hr />');
$table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolmentplugins")."</a></b>",
get_string("adminhelpenrolments"));
$table->data[] = array("<b><a href=\"../course/index.php?edit=off&amp;sesskey=$USER->sesskey\">".get_string("assignstudents")."</a></b>",
get_string("adminhelpassignstudents"));
$table->data[] = array("<b><a href=\"../course/index.php?edit=on&amp;sesskey=$USER->sesskey\">".get_string("assignteachers")."</a></b>",
get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=\"11\" width=\"11\" alt=\"\" />");
$table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
get_string("adminhelpassigncreators"));
$table->data[] = array("<b><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a></b>",
get_string("adminhelpassignadmins"));
print_table($table);

2
admin/utfdbmigrate.php
View file

@ -1,7 +1,7 @@
<?php //$Id$
///dummy field names are used to help adding and dropping indexes. There's only 1 case now, in scorm_scoes_track
//testing
require_once('../config.php');
require_once($CFG->libdir.'/adminlib.php');
require_once($CFG->libdir.'/environmentlib.php');