Commit 51263346 authored by dani's avatar dani Committed by Andrew Nicols
Browse files

MDL-51861 enrol: Don't get all parts in get_enrolled_users with groups

parent 61ecc0d5
......@@ -363,7 +363,10 @@ class core_enrol_external extends external_api {
), 'Option names:
* withcapability (string) return only users with this capability. This option requires \'moodle/role:review\' on the course context.
* groupid (integer) return only users in this group id. This option requires \'moodle/site:accessallgroups\' on the course context.
* groupid (integer) return only users in this group id. If the course has groups enabled and this param
isn\'t defined, returns all the viewable users.
This option requires \'moodle/site:accessallgroups\' on the course context if the
user doesn\'t belong to the group.
* onlyactive (integer) return only users with active enrolments and matching time restrictions. This option requires \'moodle/course:enrolreview\' on the course context.
* userfields (\'string, string, ...\') return only the values of these user fields.
* limitfrom (integer) sql limit from.
......@@ -451,7 +454,7 @@ class core_enrol_external extends external_api {
require_capability('moodle/role:review', $coursecontext);
// need accessallgroups capability if you want to overwrite this option
if (!empty($groupid) && groups_is_member($groupid)) {
if (!empty($groupid) && !groups_is_member($groupid)) {
require_capability('moodle/site:accessallgroups', $coursecontext);
// to overwrite this option, you need course:enrolereview permission
......@@ -463,10 +466,29 @@ class core_enrol_external extends external_api {
$ctxselect = ', ' . context_helper::get_preload_record_columns_sql('ctx');
$ctxjoin = "LEFT JOIN {context} ctx ON (ctx.instanceid = AND ctx.contextlevel = :contextlevel)";
$enrolledparams['contextlevel'] = CONTEXT_USER;
$sql = "SELECT u.* $ctxselect
FROM {user} u $ctxjoin
WHERE IN ($enrolledsql)
$groupjoin = '';
if (empty($groupid) && groups_get_course_groupmode($course) == SEPARATEGROUPS &&
!has_capability('moodle/site:accessallgroups', $coursecontext)) {
// Filter by groups the user can view.
$usergroups = groups_get_user_groups($course->id);
if (!empty($usergroups['0'])) {
list($groupsql, $groupparams) = $DB->get_in_or_equal($usergroups['0'], SQL_PARAMS_NAMED);
$groupjoin = "JOIN {groups_members} gm ON ( = gm.userid AND gm.groupid $groupsql)";
$enrolledparams = array_merge($enrolledparams, $groupparams);
} else {
// User doesn't belong to any group, so he can't see any user. Return an empty array.
return array();
$sql = "SELECT us.*
FROM {user} us
FROM {user} u $ctxjoin $groupjoin
WHERE IN ($enrolledsql)
) q ON =
$enrolledusers = $DB->get_recordset_sql($sql, $enrolledparams, $limitfrom, $limitnumber);
$users = array();
foreach ($enrolledusers as $user) {
This files describes API changes in /enrol/* - plugins,
information provided here is intended especially for developers.
=== 2.8.9 ===
* External function core_enrol_external::get_enrolled_users now returns only the viewable participants if the course has groups enabled and no groupid is passed.
=== 2.8 ===
* enrol_plugin::instance_deleteable() is deprecated and has been replaced by enrol_plugin::can_delete_instance()
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment