moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

accesslib: default, guest and notloggedin roles work properly now

Browse source 
Changes around load_user_capability() and has_capability() to make
the default role fallbacks and guest/nonloggedin roles work.

This commit also introduces the concept of having a magic
context next to the root context in $USER->access[ra], as

 $USER->access[ra][/1] = 1 (admin roleid)
 $USER->access[ra][/1:def] = 7 (loggedinuser roleid)

and has_cap_fromsess() now checks for that magic context
as well.
This commit is contained in:
martinlanghoff 2007-09-19 07:02:57 +00:00
parent 74ac5b66cb
commit e0376a6241
1 changed files with 79 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

119
lib/accesslib.php
View file

@ -141,56 +141,71 @@ function merge_role_caps($caps, $mergecaps) {
} }
/** /**
* Loads the capabilities for the default guest role to the current user in a * Gets the access for the default guest role to the current user in a
* specific context. * specific context.
* @return object * @return array
*/ */
function load_guest_role($return=false) { function get_role_access($roleid, $acc=NULL) {
global $USER;
static $guestrole = false; global $CFG;
if ($guestrole === false) { /* Get it in 1 cheap DB query...
if (!$guestrole = get_guest_role()) { * - relevant role caps at the root and down
return false; * to the course level - but not below
*/
if (is_null($acc)) {
$acc = array(); // named list
$acc['ra'] = array();
$acc['rdef'] = array();
$acc['loaded'] = array();
}
$base = '/' . SYSCONTEXTID;
//
// Overrides for the role IN ANY CONTEXTS
// down to COURSE - not below -
//
$sql = "SELECT ctx.path,
rc.capability, rc.permission
FROM {$CFG->prefix}context ctx
JOIN {$CFG->prefix}role_capabilities rc
ON rc.contextid=ctx.id
WHERE rc.roleid = {$roleid}
AND ctx.contextlevel <= ".CONTEXT_COURSE."
ORDER BY ctx.depth, ctx.path";
$rs = get_recordset_sql($sql);
if ($rs->RecordCount()) {
while ($rd = rs_fetch_next_record($rs)) {
$k = "{$rd->path}:{$roleid}";
$acc['rdef'][$k][$rd->capability] = $rd->permission;
} }
unset($rd);
} }
rs_close($rs);
if ($return) { return $acc;
return get_role_caps($guestrole->id);
} else {
has_capability('clearcache');
$USER->capabilities = get_role_caps($guestrole->id);
return true;
}
} }
/** /**
* Load default not logged in role capabilities when user is not logged in * Get the id for the not-logged-in role - or set it up if needed
* @return bool * @return bool
*/ */
function load_notloggedin_role($return=false) { function get_notloggedin_roleid($return=false) {
global $CFG, $USER; global $CFG, $USER;
if (!$sitecontext = get_context_instance(CONTEXT_SYSTEM)) {
return false;
}
if (empty($CFG->notloggedinroleid)) { // Let's set the default to the guest role if (empty($CFG->notloggedinroleid)) { // Let's set the default to the guest role
if ($role = get_guest_role()) { if ($role = get_guest_role()) {
set_config('notloggedinroleid', $role->id); set_config('notloggedinroleid', $role->id);
return $role->id;
} else { } else {
return false; return false;
} }
} else {
return $CFG->notloggedinroleid;
} }
if ($return) { return (get_record('role','id', $CFG->notloggedinas));
return get_role_caps($CFG->notloggedinroleid);
} else {
has_capability('clearcache');
$USER->capabilities = get_role_caps($CFG->notloggedinroleid);
return true;
}
} }
/** /**
@ -380,6 +395,10 @@ function has_capability($capability, $context=NULL, $userid=NULL, $doanything=tr
array_shift($contexts); array_shift($contexts);
} }
if ($USER->id === 0 && !isset($USER->access)) {
load_all_capabilities();
}
if ($USER->id === $userid) { if ($USER->id === $userid) {
// //
// For the logged in user, we have $USER->access // For the logged in user, we have $USER->access
@ -460,6 +479,9 @@ function has_cap_fromsess($capability, $context, $sess, $doanything) {
$path = $matches[1]; $path = $matches[1];
array_unshift($contexts, $path); array_unshift($contexts, $path);
} }
// Add a "default" context for the "default role"
array_unshift($contexts,"$path:def");
$cc = count($contexts); $cc = count($contexts);
$can = false; $can = false;
@ -1633,25 +1655,39 @@ function get_user_access_bycontext($userid, $context, $acc=NULL) {
* for the current user. This is what gets called from login, for example. * for the current user. This is what gets called from login, for example.
*/ */
function load_all_capabilities() { function load_all_capabilities() {
global $USER; global $USER,$CFG;
//caching - helps user switching in cron
static $defcaps = false;
unset($USER->mycourses); // Reset a cache used by get_my_courses unset($USER->mycourses); // Reset a cache used by get_my_courses
static $defcaps;
$base = '/'.SYSCONTEXTID;
if (isguestuser()) { if (isguestuser()) {
load_guest_role(); // All non-guest users get this by default $guest = get_guest_role();
// Load the rdefs
$USER->access = get_role_access($guest->id);
// Put the ghost enrolment in place...
$USER->access['ra'][$base] = $guest->id;
} else if (isloggedin()) { } else if (isloggedin()) {
if ($defcaps === false) {
$defcaps = load_defaultuser_role(true); $USER->access = get_user_access_sitewide($USER->id);
$USER->access = get_role_access($CFG->defaultuserroleid, $USER->access);
// define a "default" enrolment
$USER->access['ra']["$base:def"] = $CFG->defaultuserroleid;
if ($CFG->defaultuserroleid === $CFG->guestroleid ) {
if (isset($USER->access['rdef']["$base:{$CFG->guestroleid}"]['moodle/legacy:guest'])) {
unset($USER->access['rdef']["$base:{$CFG->guestroleid}"]['moodle/legacy:guest']);
}
if (isset($USER->access['rdef']["$base:{$CFG->guestroleid}"]['moodle/course:view'])) {
unset($USER->access['rdef']["$base:{$CFG->guestroleid}"]['moodle/course:view']);
}
} }
//load_user_capability(); // when in "course login as" - load only course capabilitites (it may not always work as expected)
$USER->access=get_user_access_sitewide($USER->id);
// when in "course login as" - load only course caqpabilitites (it may not always work as expected)
if (!empty($USER->realuser) and $USER->loginascontext->contextlevel != CONTEXT_SYSTEM) { if (!empty($USER->realuser) and $USER->loginascontext->contextlevel != CONTEXT_SYSTEM) {
$children = array_keys(get_child_contexts($USER->loginascontext)); $children = array_keys(get_child_contexts($USER->loginascontext));
$children[] = $USER->loginascontext->id; $children[] = $USER->loginascontext->id;
@ -1687,7 +1723,10 @@ function load_all_capabilities() {
} }
} else { } else {
load_notloggedin_role(); if ($roleid = get_notloggedin_roleid()) {
$USER->access = get_role_access(get_notloggedin_roleid());
$USER->access['ra']["$base:def"] = $roleid;
}
} }
} }