. /** * Profile field API library file. * * @package core_user * @copyright 2007 onwards Shane Elliot {@link http://pukunui.com} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ /** * Visible to anyone who can view the user. * Editable by the profile owner if they have the moodle/user:editownprofile capability * or any user with the moodle/user:update capability. */ define('PROFILE_VISIBLE_ALL', '2'); /** * Visible to the profile owner or anyone with the moodle/user:viewalldetails capability. * Editable by the profile owner if they have the moodle/user:editownprofile capability * or any user with moodle/user:viewalldetails and moodle/user:update capabilities. */ define('PROFILE_VISIBLE_PRIVATE', '1'); /** * Only visible to users with the moodle/user:viewalldetails capability. * Only editable by users with the moodle/user:viewalldetails and moodle/user:update capabilities. */ define('PROFILE_VISIBLE_NONE', '0'); /** * Base class for the customisable profile fields. * * @package core_user * @copyright 2007 onwards Shane Elliot {@link http://pukunui.com} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class profile_field_base { // These 2 variables are really what we're interested in. // Everything else can be extracted from them. /** @var int */ public $fieldid; /** @var int */ public $userid; /** @var stdClass */ public $field; /** @var string */ public $inputname; /** @var mixed */ public $data; /** @var string */ public $dataformat; /** @var string name of the user profile category */ protected $categoryname; /** * Constructor method. * @param int $fieldid id of the profile from the user_info_field table * @param int $userid id of the user for whom we are displaying data * @param object $fielddata optional data for the field object plus additional fields 'hasuserdata', 'data' and 'dataformat' * with user data. (If $fielddata->hasuserdata is empty, user data is not available and we should use default data). * If this parameter is passed, constructor will not call load_data() at all. */ public function __construct($fieldid=0, $userid=0, $fielddata=null) { global $CFG; if ($CFG->debugdeveloper) { // In Moodle 3.4 the new argument $fielddata was added to the constructor. Make sure that // plugin constructor properly passes this argument. $backtrace = debug_backtrace(); if (isset($backtrace[1]['class']) && $backtrace[1]['function'] === '__construct' && in_array(self::class, class_parents($backtrace[1]['class']))) { // If this constructor is called from the constructor of the plugin make sure that the third argument was passed through. if (count($backtrace[1]['args']) >= 3 && count($backtrace[0]['args']) < 3) { debugging($backtrace[1]['class'].'::__construct() must support $fielddata as the third argument ' . 'and pass it to the parent constructor', DEBUG_DEVELOPER); } } } $this->set_fieldid($fieldid); $this->set_userid($userid); if ($fielddata) { $this->set_field($fielddata); if ($userid > 0 && !empty($fielddata->hasuserdata)) { $this->set_user_data($fielddata->data, $fielddata->dataformat); } } else { $this->load_data(); } } /** * Old syntax of class constructor. Deprecated in PHP7. * * @deprecated since Moodle 3.1 */ public function profile_field_base($fieldid=0, $userid=0) { debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER); self::__construct($fieldid, $userid); } /** * Abstract method: Adds the profile field to the moodle form class * @abstract The following methods must be overwritten by child classes * @param moodleform $mform instance of the moodleform class */ public function edit_field_add($mform) { print_error('mustbeoveride', 'debug', '', 'edit_field_add'); } /** * Display the data for this field * @return string */ public function display_data() { $options = new stdClass(); $options->para = false; return format_text($this->data, FORMAT_MOODLE, $options); } /** * Print out the form field in the edit profile page * @param moodleform $mform instance of the moodleform class * @return bool */ public function edit_field($mform) { if (!$this->is_editable()) { return false; } $this->edit_field_add($mform); $this->edit_field_set_default($mform); $this->edit_field_set_required($mform); return true; } /** * Tweaks the edit form * @param moodleform $mform instance of the moodleform class * @return bool */ public function edit_after_data($mform) { if (!$this->is_editable()) { return false; } $this->edit_field_set_locked($mform); return true; } /** * Saves the data coming from form * @param stdClass $usernew data coming from the form * @return mixed returns data id if success of db insert/update, false on fail, 0 if not permitted */ public function edit_save_data($usernew) { global $DB; if (!isset($usernew->{$this->inputname})) { // Field not present in form, probably locked and invisible - skip it. return; } $data = new stdClass(); $usernew->{$this->inputname} = $this->edit_save_data_preprocess($usernew->{$this->inputname}, $data); if (!isset($usernew->{$this->inputname})) { // Field cannot be set to null, set the default value. $usernew->{$this->inputname} = $this->field->defaultdata; } $data->userid = $usernew->id; $data->fieldid = $this->field->id; $data->data = $usernew->{$this->inputname}; if ($dataid = $DB->get_field('user_info_data', 'id', array('userid' => $data->userid, 'fieldid' => $data->fieldid))) { $data->id = $dataid; $DB->update_record('user_info_data', $data); } else { $DB->insert_record('user_info_data', $data); } } /** * Validate the form field from profile page * * @param stdClass $usernew * @return string contains error message otherwise null */ public function edit_validate_field($usernew) { global $DB; $errors = array(); // Get input value. if (isset($usernew->{$this->inputname})) { if (is_array($usernew->{$this->inputname}) && isset($usernew->{$this->inputname}['text'])) { $value = $usernew->{$this->inputname}['text']; } else { $value = $usernew->{$this->inputname}; } } else { $value = ''; } // Check for uniqueness of data if required. if ($this->is_unique() && (($value !== '') || $this->is_required())) { $data = $DB->get_records_sql(' SELECT id, userid FROM {user_info_data} WHERE fieldid = ? AND ' . $DB->sql_compare_text('data', 255) . ' = ' . $DB->sql_compare_text('?', 255), array($this->field->id, $value)); if ($data) { $existing = false; foreach ($data as $v) { if ($v->userid == $usernew->id) { $existing = true; break; } } if (!$existing) { $errors[$this->inputname] = get_string('valuealreadyused'); } } } return $errors; } /** * Sets the default data for the field in the form object * @param moodleform $mform instance of the moodleform class */ public function edit_field_set_default($mform) { if (!empty($this->field->defaultdata)) { $mform->setDefault($this->inputname, $this->field->defaultdata); } } /** * Sets the required flag for the field in the form object * * @param moodleform $mform instance of the moodleform class */ public function edit_field_set_required($mform) { global $USER; if ($this->is_required() && ($this->userid == $USER->id || isguestuser())) { $mform->addRule($this->inputname, get_string('required'), 'required', null, 'client'); } } /** * HardFreeze the field if locked. * @param moodleform $mform instance of the moodleform class */ public function edit_field_set_locked($mform) { if (!$mform->elementExists($this->inputname)) { return; } if ($this->is_locked() and !has_capability('moodle/user:update', context_system::instance())) { $mform->hardFreeze($this->inputname); $mform->setConstant($this->inputname, $this->data); } } /** * Hook for child classess to process the data before it gets saved in database * @param stdClass $data * @param stdClass $datarecord The object that will be used to save the record * @return mixed */ public function edit_save_data_preprocess($data, $datarecord) { return $data; } /** * Loads a user object with data for this field ready for the edit profile * form * @param stdClass $user a user object */ public function edit_load_user_data($user) { if ($this->data !== null) { $user->{$this->inputname} = $this->data; } } /** * Check if the field data should be loaded into the user object * By default it is, but for field types where the data may be potentially * large, the child class should override this and return false * @return bool */ public function is_user_object_data() { return true; } /** * Accessor method: set the userid for this instance * @internal This method should not generally be overwritten by child classes. * @param integer $userid id from the user table */ public function set_userid($userid) { $this->userid = $userid; } /** * Accessor method: set the fieldid for this instance * @internal This method should not generally be overwritten by child classes. * @param integer $fieldid id from the user_info_field table */ public function set_fieldid($fieldid) { $this->fieldid = $fieldid; } /** * Sets the field object and default data and format into $this->data and $this->dataformat * * This method should be called before {@link self::set_user_data} * * @param stdClass $field * @throws coding_exception */ public function set_field($field) { global $CFG; if ($CFG->debugdeveloper) { $properties = ['id', 'shortname', 'name', 'datatype', 'description', 'descriptionformat', 'categoryid', 'sortorder', 'required', 'locked', 'visible', 'forceunique', 'signup', 'defaultdata', 'defaultdataformat', 'param1', 'param2', 'param3', 'param4', 'param5']; foreach ($properties as $property) { if (!property_exists($field, $property)) { debugging('The \'' . $property . '\' property must be set.', DEBUG_DEVELOPER); } } } if ($this->fieldid && $this->fieldid != $field->id) { throw new coding_exception('Can not set field object after a different field id was set'); } $this->fieldid = $field->id; $this->field = $field; $this->inputname = 'profile_field_' . $this->field->shortname; $this->data = $this->field->defaultdata; $this->dataformat = FORMAT_HTML; } /** * Sets user id and user data for the field * * @param mixed $data * @param int $dataformat */ public function set_user_data($data, $dataformat) { $this->data = $data; $this->dataformat = $dataformat; } /** * Set the name for the profile category where this field is * * @param string $categoryname */ public function set_category_name($categoryname) { $this->categoryname = $categoryname; } /** * Returns the name of the profile category where this field is * * @return string */ public function get_category_name() { global $DB; if ($this->categoryname === null) { $this->categoryname = $DB->get_field('user_info_category', 'name', ['id' => $this->field->categoryid]); } return $this->categoryname; } /** * Accessor method: Load the field record and user data associated with the * object's fieldid and userid * * @internal This method should not generally be overwritten by child classes. */ public function load_data() { global $DB; // Load the field object. if (($this->fieldid == 0) or (!($field = $DB->get_record('user_info_field', array('id' => $this->fieldid))))) { $this->field = null; $this->inputname = ''; } else { $this->set_field($field); } if (!empty($this->field) && $this->userid > 0) { $params = array('userid' => $this->userid, 'fieldid' => $this->fieldid); if ($data = $DB->get_record('user_info_data', $params, 'data, dataformat')) { $this->set_user_data($data->data, $data->dataformat); } } else { $this->data = null; } } /** * Check if the field data is visible to the current user * @internal This method should not generally be overwritten by child classes. * @return bool */ public function is_visible() { global $USER; $context = ($this->userid > 0) ? context_user::instance($this->userid) : context_system::instance(); switch ($this->field->visible) { case PROFILE_VISIBLE_ALL: return true; case PROFILE_VISIBLE_PRIVATE: if ($this->is_signup_field() && (empty($this->userid) || isguestuser($this->userid))) { return true; } else if ($this->userid == $USER->id) { return true; } else { return has_capability('moodle/user:viewalldetails', $context); } default: return has_capability('moodle/user:viewalldetails', $context); } } /** * Check if the field data is editable for the current user * This method should not generally be overwritten by child classes. * @return bool */ public function is_editable() { global $USER; if (!$this->is_visible()) { return false; } if ($this->is_signup_field() && (empty($this->userid) || isguestuser($this->userid))) { // Allow editing the field on the signup page. return true; } $systemcontext = context_system::instance(); if ($this->userid == $USER->id && has_capability('moodle/user:editownprofile', $systemcontext)) { return true; } if (has_capability('moodle/user:update', $systemcontext)) { return true; } return false; } /** * Check if the field data is considered empty * @internal This method should not generally be overwritten by child classes. * @return boolean */ public function is_empty() { return ( ($this->data != '0') and empty($this->data)); } /** * Check if the field is required on the edit profile page * @internal This method should not generally be overwritten by child classes. * @return bool */ public function is_required() { return (boolean)$this->field->required; } /** * Check if the field is locked on the edit profile page * @internal This method should not generally be overwritten by child classes. * @return bool */ public function is_locked() { return (boolean)$this->field->locked; } /** * Check if the field data should be unique * @internal This method should not generally be overwritten by child classes. * @return bool */ public function is_unique() { return (boolean)$this->field->forceunique; } /** * Check if the field should appear on the signup page * @internal This method should not generally be overwritten by child classes. * @return bool */ public function is_signup_field() { return (boolean)$this->field->signup; } /** * Return the field settings suitable to be exported via an external function. * By default it return all the field settings. * * @return array all the settings * @since Moodle 3.2 */ public function get_field_config_for_external() { return (array) $this->field; } /** * Return the field type and null properties. * This will be used for validating the data submitted by a user. * * @return array the param type and null property * @since Moodle 3.2 */ public function get_field_properties() { return array(PARAM_RAW, NULL_NOT_ALLOWED); } } /** * Returns an array of all custom field records with any defined data (or empty data), for the specified user id. * @param int $userid * @return profile_field_base[] */ function profile_get_user_fields_with_data($userid) { global $DB, $CFG; // Join any user info data present with each user info field for the user object. $sql = 'SELECT uif.*, uic.name AS categoryname '; if ($userid > 0) { $sql .= ', uind.id AS hasuserdata, uind.data, uind.dataformat '; } $sql .= 'FROM {user_info_field} uif '; $sql .= 'LEFT JOIN {user_info_category} uic ON uif.categoryid = uic.id '; if ($userid > 0) { $sql .= 'LEFT JOIN {user_info_data} uind ON uif.id = uind.fieldid AND uind.userid = :userid '; } $sql .= 'ORDER BY uic.sortorder ASC, uif.sortorder ASC '; $fields = $DB->get_records_sql($sql, ['userid' => $userid]); $data = []; foreach ($fields as $field) { require_once($CFG->dirroot . '/user/profile/field/' . $field->datatype . '/field.class.php'); $classname = 'profile_field_' . $field->datatype; $field->hasuserdata = !empty($field->hasuserdata); /** @var profile_field_base $fieldobject */ $fieldobject = new $classname($field->id, $userid, $field); $fieldobject->set_category_name($field->categoryname); unset($field->categoryname); $data[] = $fieldobject; } return $data; } /** * Returns an array of all custom field records with any defined data (or empty data), for the specified user id, by category. * @param int $userid * @return profile_field_base[][] */ function profile_get_user_fields_with_data_by_category($userid) { $fields = profile_get_user_fields_with_data($userid); $data = []; foreach ($fields as $field) { $data[$field->field->categoryid][] = $field; } return $data; } /** * Loads user profile field data into the user object. * @param stdClass $user */ function profile_load_data($user) { global $CFG; $fields = profile_get_user_fields_with_data($user->id); foreach ($fields as $formfield) { $formfield->edit_load_user_data($user); } } /** * Print out the customisable categories and fields for a users profile * * @param moodleform $mform instance of the moodleform class * @param int $userid id of user whose profile is being edited. */ function profile_definition($mform, $userid = 0) { $categories = profile_get_user_fields_with_data_by_category($userid); foreach ($categories as $categoryid => $fields) { // Check first if *any* fields will be displayed. $fieldstodisplay = []; foreach ($fields as $formfield) { if ($formfield->is_editable()) { $fieldstodisplay[] = $formfield; } } if (empty($fieldstodisplay)) { continue; } // Display the header and the fields. $mform->addElement('header', 'category_'.$categoryid, format_string($fields[0]->get_category_name())); foreach ($fieldstodisplay as $formfield) { $formfield->edit_field($mform); } } } /** * Adds profile fields to user edit forms. * @param moodleform $mform * @param int $userid */ function profile_definition_after_data($mform, $userid) { global $CFG; $userid = ($userid < 0) ? 0 : (int)$userid; $fields = profile_get_user_fields_with_data($userid); foreach ($fields as $formfield) { $formfield->edit_after_data($mform); } } /** * Validates profile data. * @param stdClass $usernew * @param array $files * @return array */ function profile_validation($usernew, $files) { global $CFG; $err = array(); $fields = profile_get_user_fields_with_data($usernew->id); foreach ($fields as $formfield) { $err += $formfield->edit_validate_field($usernew, $files); } return $err; } /** * Saves profile data for a user. * @param stdClass $usernew */ function profile_save_data($usernew) { global $CFG; $fields = profile_get_user_fields_with_data($usernew->id); foreach ($fields as $formfield) { $formfield->edit_save_data($usernew); } } /** * Display profile fields. * @param int $userid */ function profile_display_fields($userid) { global $CFG, $USER, $DB; $categories = profile_get_user_fields_with_data_by_category($userid); foreach ($categories as $categoryid => $fields) { foreach ($fields as $formfield) { if ($formfield->is_visible() and !$formfield->is_empty()) { echo html_writer::tag('dt', format_string($formfield->field->name)); echo html_writer::tag('dd', $formfield->display_data()); } } } } /** * Retrieves a list of profile fields that must be displayed in the sign-up form. * * @return array list of profile fields info * @since Moodle 3.2 */ function profile_get_signup_fields() { global $CFG, $DB; $profilefields = array(); // Only retrieve required custom fields (with category information) // results are sort by categories, then by fields. $sql = "SELECT uf.id as fieldid, ic.id as categoryid, ic.name as categoryname, uf.datatype FROM {user_info_field} uf JOIN {user_info_category} ic ON uf.categoryid = ic.id AND uf.signup = 1 AND uf.visible<>0 ORDER BY ic.sortorder ASC, uf.sortorder ASC"; if ($fields = $DB->get_records_sql($sql)) { foreach ($fields as $field) { require_once($CFG->dirroot.'/user/profile/field/'.$field->datatype.'/field.class.php'); $newfield = 'profile_field_'.$field->datatype; $fieldobject = new $newfield($field->fieldid); $profilefields[] = (object) array( 'categoryid' => $field->categoryid, 'categoryname' => $field->categoryname, 'fieldid' => $field->fieldid, 'datatype' => $field->datatype, 'object' => $fieldobject ); } } return $profilefields; } /** * Adds code snippet to a moodle form object for custom profile fields that * should appear on the signup page * @param moodleform $mform moodle form object */ function profile_signup_fields($mform) { if ($fields = profile_get_signup_fields()) { foreach ($fields as $field) { // Check if we change the categories. if (!isset($currentcat) || $currentcat != $field->categoryid) { $currentcat = $field->categoryid; $mform->addElement('header', 'category_'.$field->categoryid, format_string($field->categoryname)); }; $field->object->edit_field($mform); } } } /** * Returns an object with the custom profile fields set for the given user * @param integer $userid * @param bool $onlyinuserobject True if you only want the ones in $USER. * @return stdClass */ function profile_user_record($userid, $onlyinuserobject = true) { global $CFG; $usercustomfields = new stdClass(); $fields = profile_get_user_fields_with_data($userid); foreach ($fields as $formfield) { if (!$onlyinuserobject || $formfield->is_user_object_data()) { $usercustomfields->{$formfield->field->shortname} = $formfield->data; } } return $usercustomfields; } /** * Obtains a list of all available custom profile fields, indexed by id. * * Some profile fields are not included in the user object data (see * profile_user_record function above). Optionally, you can obtain only those * fields that are included in the user object. * * To be clear, this function returns the available fields, and does not * return the field values for a particular user. * * @param bool $onlyinuserobject True if you only want the ones in $USER * @return array Array of field objects from database (indexed by id) * @since Moodle 2.7.1 */ function profile_get_custom_fields($onlyinuserobject = false) { global $DB, $CFG; // Get all the fields. $fields = $DB->get_records('user_info_field', null, 'id ASC'); // If only doing the user object ones, unset the rest. if ($onlyinuserobject) { foreach ($fields as $id => $field) { require_once($CFG->dirroot . '/user/profile/field/' . $field->datatype . '/field.class.php'); $newfield = 'profile_field_' . $field->datatype; $formfield = new $newfield(); if (!$formfield->is_user_object_data()) { unset($fields[$id]); } } } return $fields; } /** * Load custom profile fields into user object * * @param stdClass $user user object */ function profile_load_custom_fields($user) { $user->profile = (array)profile_user_record($user->id); } /** * Save custom profile fields for a user. * * @param int $userid The user id * @param array $profilefields The fields to save */ function profile_save_custom_fields($userid, $profilefields) { global $DB; if ($fields = $DB->get_records('user_info_field')) { foreach ($fields as $field) { if (isset($profilefields[$field->shortname])) { $conditions = array('fieldid' => $field->id, 'userid' => $userid); $id = $DB->get_field('user_info_data', 'id', $conditions); $data = $profilefields[$field->shortname]; if ($id) { $DB->set_field('user_info_data', 'data', $data, array('id' => $id)); } else { $record = array('fieldid' => $field->id, 'userid' => $userid, 'data' => $data); $DB->insert_record('user_info_data', $record); } } } } } /** * Trigger a user profile viewed event. * * @param stdClass $user user object * @param stdClass $context context object (course or user) * @param stdClass $course course object * @since Moodle 2.9 */ function profile_view($user, $context, $course = null) { $eventdata = array( 'objectid' => $user->id, 'relateduserid' => $user->id, 'context' => $context ); if (!empty($course)) { $eventdata['courseid'] = $course->id; $eventdata['other'] = array( 'courseid' => $course->id, 'courseshortname' => $course->shortname, 'coursefullname' => $course->fullname ); } $event = \core\event\user_profile_viewed::create($eventdata); $event->add_record_snapshot('user', $user); $event->trigger(); } /** * Does the user have all required custom fields set? * * Internal, to be exclusively used by {@link user_not_fully_set_up()} only. * * Note that if users have no way to fill a required field via editing their * profiles (e.g. the field is not visible or it is locked), we still return true. * So this is actually checking if we should redirect the user to edit their * profile, rather than whether there is a value in the database. * * @param int $userid * @return bool */ function profile_has_required_custom_fields_set($userid) { global $DB; $sql = "SELECT f.id FROM {user_info_field} f LEFT JOIN {user_info_data} d ON (d.fieldid = f.id AND d.userid = ?) WHERE f.required = 1 AND f.visible > 0 AND f.locked = 0 AND d.id IS NULL"; if ($DB->record_exists_sql($sql, [$userid])) { return false; } return true; }