You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
213 lines
8.2 KiB
213 lines
8.2 KiB
2 years ago
|
<?php
|
||
|
// This file is part of Moodle - http://moodle.org/
|
||
|
//
|
||
|
// Moodle is free software: you can redistribute it and/or modify
|
||
|
// it under the terms of the GNU General Public License as published by
|
||
|
// the Free Software Foundation, either version 3 of the License, or
|
||
|
// (at your option) any later version.
|
||
|
//
|
||
|
// Moodle is distributed in the hope that it will be useful,
|
||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
// GNU General Public License for more details.
|
||
|
//
|
||
|
// You should have received a copy of the GNU General Public License
|
||
|
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
||
|
|
||
|
/**
|
||
|
* User roles report list all the users who have been assigned a particular
|
||
|
* role in all contexts.
|
||
|
*
|
||
|
* @package core_role
|
||
|
* @copyright © 2007 The Open University and others
|
||
|
* @author t.j.hunt@open.ac.uk and others
|
||
|
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||
|
*/
|
||
|
|
||
|
require_once(__DIR__ . '/../../config.php');
|
||
|
|
||
|
// Get params.
|
||
|
$userid = required_param('userid', PARAM_INT);
|
||
|
$courseid = required_param('courseid', PARAM_INT);
|
||
|
|
||
|
// Validate them and get the corresponding objects.
|
||
|
$user = $DB->get_record('user', array('id' => $userid), '*', MUST_EXIST);
|
||
|
$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
|
||
|
|
||
|
$usercontext = context_user::instance($user->id);
|
||
|
$coursecontext = context_course::instance($course->id);
|
||
|
$systemcontext = context_system::instance();
|
||
|
|
||
|
$baseurl = new moodle_url('/admin/roles/usersroles.php', array('userid'=>$userid, 'courseid'=>$courseid));
|
||
|
|
||
|
$PAGE->set_url($baseurl);
|
||
|
$PAGE->set_pagelayout('admin');
|
||
|
|
||
|
// Check login and permissions.
|
||
|
if ($course->id == SITEID) {
|
||
|
require_login();
|
||
|
$PAGE->set_context($usercontext);
|
||
|
} else {
|
||
|
require_login($course);
|
||
|
$PAGE->set_context($coursecontext);
|
||
|
}
|
||
|
|
||
|
$canview = has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride',
|
||
|
'moodle/role:override', 'moodle/role:manage'), $usercontext);
|
||
|
if (!$canview) {
|
||
|
print_error('nopermissions', 'error', '', get_string('checkpermissions', 'core_role'));
|
||
|
}
|
||
|
|
||
|
if ($userid != $USER->id) {
|
||
|
// If its not the current user we need to extend the navigation for that user to ensure
|
||
|
// their navigation is loaded and this page found upon it.
|
||
|
$PAGE->navigation->extend_for_user($user);
|
||
|
}
|
||
|
if ($course->id != $SITE->id || $userid != $USER->id) {
|
||
|
// If we're within a course OR if we're viewing another user then we need to include the
|
||
|
// settings base on the navigation to ensure that the navbar will contain the users name.
|
||
|
$PAGE->navbar->includesettingsbase = true;
|
||
|
}
|
||
|
|
||
|
// Now get the role assignments for this user.
|
||
|
$sql = "SELECT ra.id, ra.userid, ra.contextid, ra.roleid, ra.component, ra.itemid, c.path
|
||
|
FROM {role_assignments} ra
|
||
|
JOIN {context} c ON ra.contextid = c.id
|
||
|
JOIN {role} r ON ra.roleid = r.id
|
||
|
WHERE ra.userid = ?
|
||
|
ORDER BY contextlevel DESC, contextid ASC, r.sortorder ASC";
|
||
|
$roleassignments = $DB->get_records_sql($sql, array($user->id));
|
||
|
|
||
|
$allroles = role_fix_names(get_all_roles());
|
||
|
|
||
|
// In order to display a nice tree of contexts, we need to get all the
|
||
|
// ancestors of all the contexts in the query we just did.
|
||
|
$requiredcontexts = array();
|
||
|
foreach ($roleassignments as $ra) {
|
||
|
$requiredcontexts = array_merge($requiredcontexts, explode('/', trim($ra->path, '/')));
|
||
|
}
|
||
|
$requiredcontexts = array_unique($requiredcontexts);
|
||
|
|
||
|
// Now load those contexts.
|
||
|
if ($requiredcontexts) {
|
||
|
list($sqlcontexttest, $contextparams) = $DB->get_in_or_equal($requiredcontexts);
|
||
|
$contexts = get_sorted_contexts('ctx.id ' . $sqlcontexttest, $contextparams);
|
||
|
} else {
|
||
|
$contexts = array();
|
||
|
}
|
||
|
|
||
|
// Prepare some empty arrays to hold the data we are about to compute.
|
||
|
foreach ($contexts as $conid => $con) {
|
||
|
$contexts[$conid]->children = array();
|
||
|
$contexts[$conid]->roleassignments = array();
|
||
|
}
|
||
|
|
||
|
// Put the contexts into a tree structure.
|
||
|
foreach ($contexts as $conid => $con) {
|
||
|
$context = context::instance_by_id($conid);
|
||
|
$parentcontext = $context->get_parent_context();
|
||
|
if ($parentcontext) {
|
||
|
$contexts[$parentcontext->id]->children[] = $conid;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Put the role capabilities into the context tree.
|
||
|
foreach ($roleassignments as $ra) {
|
||
|
$contexts[$ra->contextid]->roleassignments[$ra->roleid] = $ra;
|
||
|
}
|
||
|
|
||
|
$assignableroles = get_assignable_roles($usercontext, ROLENAME_BOTH);
|
||
|
$overridableroles = get_overridable_roles($usercontext, ROLENAME_BOTH);
|
||
|
|
||
|
// Print the header.
|
||
|
$fullname = fullname($user, has_capability('moodle/site:viewfullnames', $coursecontext));
|
||
|
$straction = get_string('thisusersroles', 'core_role');
|
||
|
$title = get_string('xroleassignments', 'core_role', $fullname);
|
||
|
|
||
|
// Course header.
|
||
|
$PAGE->set_title($title);
|
||
|
if ($courseid == SITEID) {
|
||
|
$PAGE->set_heading($fullname);
|
||
|
} else {
|
||
|
$PAGE->set_heading($course->fullname.': '.$fullname);
|
||
|
}
|
||
|
echo $OUTPUT->header();
|
||
|
echo $OUTPUT->heading($title);
|
||
|
echo $OUTPUT->box_start('generalbox boxaligncenter boxwidthnormal');
|
||
|
|
||
|
// Display them.
|
||
|
if (!$roleassignments) {
|
||
|
echo '<p>', get_string('noroleassignments', 'core_role'), '</p>';
|
||
|
} else {
|
||
|
print_report_tree($systemcontext->id, $contexts, $systemcontext, $fullname, $allroles);
|
||
|
}
|
||
|
|
||
|
// End of page.
|
||
|
echo $OUTPUT->box_end();
|
||
|
echo $OUTPUT->footer();
|
||
|
|
||
|
function print_report_tree($contextid, $contexts, $systemcontext, $fullname, $allroles) {
|
||
|
global $CFG, $OUTPUT;
|
||
|
|
||
|
// Only compute lang strings, etc once.
|
||
|
static $stredit = null, $strcheckpermissions, $globalroleassigner, $assignurl, $checkurl;
|
||
|
if (is_null($stredit)) {
|
||
|
$stredit = get_string('edit');
|
||
|
$strcheckpermissions = get_string('checkpermissions', 'core_role');
|
||
|
$globalroleassigner = has_capability('moodle/role:assign', $systemcontext);
|
||
|
$assignurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/assign.php';
|
||
|
$checkurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/check.php';
|
||
|
}
|
||
|
|
||
|
// Pull the current context into an array for convenience.
|
||
|
$context = context::instance_by_id($contextid);
|
||
|
|
||
|
// Print the context name.
|
||
|
echo $OUTPUT->heading(html_writer::link($context->get_url(), $context->get_context_name()),
|
||
|
4, 'contextname');
|
||
|
|
||
|
// If there are any role assignments here, print them.
|
||
|
foreach ($contexts[$contextid]->roleassignments as $ra) {
|
||
|
$role = $allroles[$ra->roleid];
|
||
|
|
||
|
$value = $ra->contextid . ',' . $ra->roleid;
|
||
|
$inputid = 'unassign' . $value;
|
||
|
|
||
|
echo '<p>';
|
||
|
echo $role->localname;
|
||
|
if (has_capability('moodle/role:assign', $context)) {
|
||
|
$raurl = $assignurl . '?contextid=' . $ra->contextid . '&roleid=' .
|
||
|
$ra->roleid . '&removeselect[]=' . $ra->userid;
|
||
|
$churl = $checkurl . '?contextid=' . $ra->contextid . '&reportuser=' . $ra->userid;
|
||
|
if ($context->contextlevel == CONTEXT_USER) {
|
||
|
$raurl .= '&userid=' . $context->instanceid;
|
||
|
$churl .= '&userid=' . $context->instanceid;
|
||
|
}
|
||
|
$a = new stdClass;
|
||
|
$a->fullname = $fullname;
|
||
|
$a->contextlevel = $context->get_level_name();
|
||
|
if ($context->contextlevel == CONTEXT_SYSTEM) {
|
||
|
$strgoto = get_string('gotoassignsystemroles', 'core_role');
|
||
|
$strcheck = get_string('checksystempermissionsfor', 'core_role', $a);
|
||
|
} else {
|
||
|
$strgoto = get_string('gotoassignroles', 'core_role', $a);
|
||
|
$strcheck = get_string('checkuserspermissionshere', 'core_role', $a);
|
||
|
}
|
||
|
echo ' <a title="' . $strgoto . '" href="' . $raurl . '">' . $OUTPUT->pix_icon('t/edit', $stredit) . '</a> ';
|
||
|
echo ' <a title="' . $strcheck . '" href="' . $churl . '">' . $OUTPUT->pix_icon('t/preview', $strcheckpermissions) . '</a> ';
|
||
|
echo "</p>\n";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// If there are any child contexts, print them recursively.
|
||
|
if (!empty($contexts[$contextid]->children)) {
|
||
|
echo '<ul>';
|
||
|
foreach ($contexts[$contextid]->children as $childcontextid) {
|
||
|
echo '<li>';
|
||
|
print_report_tree($childcontextid, $contexts, $systemcontext, $fullname, $allroles);
|
||
|
echo '</li>';
|
||
|
}
|
||
|
echo '</ul>';
|
||
|
}
|
||
|
}
|