Commit ff493b6b authored by tjhunt's avatar tjhunt
Browse files

roles / profile: MDL-14937 A the user's roles report from contrib to core. Finish.

parent 1bd72efa
......@@ -40,9 +40,11 @@ $userid = required_param('userid', PARAM_INT);
$courseid = required_param('courseid', PARAM_INT);
// Validate them and get the corresponding objects.
$user = $DB->get_record('user', array('id' => $userid));
if (!$user = $DB->get_record('user', array('id' => $userid))) {
print_error('invaliduserid');
}
if (!$course = $DB->get_record('course', array('id' => $courseid))) {
print_error('invalidcourse', 'error');
print_error('invalidcourse');
}
$usercontext = get_context_instance(CONTEXT_USER, $user->id);
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
......@@ -57,6 +59,59 @@ if (!$canview) {
print_error('nopermissions', 'error', '', get_string('checkpermissions', 'role'));
}
/// Now get the role assignments for this user.
$sql = "SELECT
ra.id, ra.userid, ra.contextid, ra.roleid, ra.enrol,
c.path,
r.name AS rolename,
COALESCE(rn.name, r.name) AS localname
FROM
{role_assignments} ra
JOIN {context} c ON ra.contextid = c.id
JOIN {role} r ON ra.roleid = r.id
LEFT JOIN {role_names} rn ON rn.roleid = ra.roleid AND rn.contextid = ra.contextid
WHERE
ra.userid = ?
AND ra.active = 1
ORDER BY
contextlevel DESC, contextid ASC, r.sortorder ASC";
$roleassignments = $DB->get_records_sql($sql, array($user->id));
/// In order to display a nice tree of contexts, we need to get all the
/// ancestors of all the contexts in the query we just did.
$requiredcontexts = array();
foreach ($roleassignments as $ra) {
$requiredcontexts = array_merge($requiredcontexts, explode('/', trim($ra->path, '/')));
}
$requiredcontexts = array_unique($requiredcontexts);
/// Now load those contexts.
if ($requiredcontexts) {
list($sqlcontexttest, $contextparams) = $DB->get_in_or_equal($requiredcontexts);
$contexts = $DB->get_records_select('context', 'id ' . $sqlcontexttest, $contextparams);
} else {
$contexts = array();
}
/// Prepare some empty arrays to hold the data we are about to compute.
foreach ($contexts as $conid => $con) {
$contexts[$conid]->children = array();
$contexts[$conid]->roleassignments = array();
}
/// Put the contexts into a tree structure.
foreach ($contexts as $conid => $con) {
$parentcontextid = get_parent_contextid($con);
if ($parentcontextid) {
$contexts[$parentcontextid]->children[] = $conid;
}
}
/// Put the role capabilites into the context tree.
foreach ($roleassignments as $ra) {
$contexts[$ra->contextid]->roleassignments[$ra->roleid] = $ra;
}
/// These are needed to determine which tabs tabs.php should show.
$assignableroles = get_assignable_roles($usercontext, ROLENAME_BOTH);
$overridableroles = get_overridable_roles($usercontext, ROLENAME_BOTH);
......@@ -90,125 +145,84 @@ $showroles = 1;
$currenttab = 'usersroles';
include_once($CFG->dirroot.'/user/tabs.php');
print_heading($title, '', 3);
echo 'Sorry, not complete yet, but I want to get this checked in before I go home.';
print_box_start('generalbox boxaligncenter boxwidthnormal');
// Display them.
if (!$roleassignments) {
echo '<p>', get_string('noroleassignments', 'role'), '</p>';
} else {
print_report_tree($systemcontext->id, $contexts, $systemcontext, $fullname);
}
/// End of page.
print_box_end();
print_footer($course);
die; // TODO
// Standard moodleform if statement.
if ($mform->is_cancelled()) {
// Don't think this will ever happen, but do nothing.
function print_report_tree($contextid, $contexts, $systemcontext, $fullname) {
global $CFG;
// Only compute lang strings, etc once.
static $stredit = null, $strcheckpermissions, $globalroleassigner, $assignurl, $checkurl;
if (is_null($stredit)) {
$stredit = get_string('edit');
$strcheckpermissions = get_string('checkpermissions', 'role');
$globalroleassigner = has_capability('moodle/role:assign', $systemcontext);
$assignurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/assign.php';
$checkurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/check.php';
}
} else if ($fromform = $mform->get_data()){
// Pull the current context into an array for convinience.
$context = $contexts[$contextid];
if (!(isset($fromform->username) && $user = $DB->get_record('user', array('username'=>$fromform->username)))) {
// We got data, but the username was invalid.
if (!isset($fromform->username)) {
$message = get_string('unknownuser', 'report_userroles');
// Print the context name.
print_heading(print_context_name($contexts[$contextid]), '', 4, 'contextname');
// If there are any role assignments here, print them.
foreach ($context->roleassignments as $ra) {
$value = $ra->contextid . ',' . $ra->roleid;
$inputid = 'unassign' . $value;
echo '<p>';
if ($ra->rolename == $ra->localname) {
echo strip_tags(format_string($ra->localname));
} else {
$message = get_string('unknownusername', 'report_userroles', $fromform->username);
echo strip_tags(format_string($ra->localname . ' (' . $ra->rolename . ')'));
}
print_heading($message, '', 3);
} else {
// We have a valid username, do stuff.
$fullname = $fromform->username . ' (' . fullname($user) . ')';
// Do any role unassignments that were requested.
if ($tounassign = optional_param('unassign', array(), PARAM_SEQUENCE)) {
echo '<form method="post" action="', $CFG->wwwroot, '/admin/report/userroles/index.php">', "\n";
foreach ($tounassign as $assignment) {
list($contextid, $roleid) = explode(',', $assignment);
role_unassign($roleid, $user->id, 0, $contextid);
echo '<input type="hidden" name="assign[]" value="', $assignment, '" />', "\n";
if (has_capability('moodle/role:assign', $context)) {
$raurl = $assignurl . '?contextid=' . $ra->contextid . '&amp;roleid=' .
$ra->roleid . '&amp;removeselect[]=' . $ra->userid;
$churl = $checkurl . '?contextid=' . $ra->contextid . '&reportuser=' . $ra->userid;
if ($context->contextlevel == CONTEXT_USER) {
$raurl .= '&amp;userid=' . $context->instanceid;
$churl .= '&amp;userid=' . $context->instanceid;
}
notify(get_string('rolesunassigned', 'report_userroles'), 'notifysuccess');
form_fields_to_fool_mform($user->username, $mform);
echo '<input type="submit" value="', get_string('undounassign', 'report_userroles'), '" />', "\n";
echo '</form>', "\n";
// Do any role re-assignments that were requested.
} else if ($toassign = optional_param('assign', array(), PARAM_SEQUENCE)) {
foreach ($toassign as $assignment) {
list($contextid, $roleid) = explode(',', $assignment);
role_assign($roleid, $user->id, 0, $contextid);
$a = new stdClass;
$a->fullname = $fullname;
$a->contextlevel = get_contextlevel_name($context->contextlevel);
if ($context->contextlevel == CONTEXT_SYSTEM) {
$strgoto = get_string('gotoassignsystemroles', 'role');
$strcheck = get_string('checksystempermissionsfor', 'role', $a);
} else {
$strgoto = get_string('gotoassignroles', 'role', $a);
$strcheck = get_string('checkuserspermissionshere', 'role', $a);
}
notify(get_string('rolesreassigned', 'report_userroles'), 'notifysuccess');
echo ' <a title="' . $strgoto . '" href="' . $raurl . '"><img class="iconsmall" src="' .
$CFG->pixpath . '/t/edit.gif" alt="' . $stredit . '" /></a> ';
echo ' <a title="' . $strcheck . '" href="' . $churl . '"><img class="iconsmall" src="' .
$CFG->pixpath . '/t/preview.gif" alt="' . $strcheckpermissions . '" /></a> ';
echo "</p>\n";
}
}
// Now get the role assignments for this user.
$sql = "SELECT
ra.id, ra.userid, ra.contextid, ra.roleid, ra.enrol,
c.contextlevel, c.instanceid,
r.name AS role
FROM
{role_assignments} ra,
{context} c,
{role} r
WHERE
ra.userid = :userid
AND ra.contextid = c.id
AND ra.roleid = r.id
AND ra.active = 1
ORDER BY
contextlevel DESC, contextid ASC, r.sortorder ASC";
$results = $DB->get_records_sql($sql,array('userid'=>$user->id));
// Display them.
if ($results) {
print_heading(get_string('allassignments', 'report_userroles', $fullname), '', 3);
// Start of unassign form.
echo "\n\n";
echo '<form method="post" action="', $CFG->wwwroot, '/admin/report/userroles/index.php">', "\n";
// Print all the role assingments for this user.
$stredit = get_string('edit');
$strgoto = get_string('gotoassignroles', 'report_userroles');
foreach ($results as $result) {
$result->context = print_context_name($result, true, 'ou');
$value = $result->contextid . ',' . $result->roleid;
$inputid = 'unassign' . $value;
$unassignable = in_array($result->enrol,
array('manual', 'workflowengine', 'fridayeditingcron', 'oucourserole', 'staffrequest'));
echo '<p>';
if ($unassignable) {
echo '<input type="checkbox" name="unassign[]" value="', $value, '" id="', $inputid, '" />', "\n";
echo '<label for="', $inputid, '">';
}
echo get_string('incontext', 'report_userroles', $result);
if ($unassignable) {
echo '</label>';
}
echo ' <a title="', $strgoto, '" href="', $CFG->wwwroot, '/admin/roles/assign.php?contextid=',
$result->contextid, '&amp;roleid=', $result->roleid, '"><img ',
'src="', $CFG->pixpath, '/t/edit.gif" alt="[', $stredit, ']" /></a>';
echo "</p>\n";
}
echo "\n\n";
form_fields_to_fool_mform($user->username, $mform);
echo '<input type="submit" value="', get_string('unassignasabove', 'report_userroles'), '" />', "\n";
echo '</form>', "\n";
echo '<p>', get_string('unassignexplain', 'report_userroles'), "</p>\n\n";
} else {
print_heading(get_string('noassignmentsfound', 'report_userroles', $fullname), '', 3);
// If there are any child contexts, print them recursively.
if (!empty($contexts[$contextid]->children)) {
echo '<ul>';
foreach ($contexts[$contextid]->children as $childcontextid) {
echo '<li>';
print_report_tree($childcontextid, $contexts, $systemcontext, $fullname);
echo '</li>';
}
echo '</ul>';
}
}
// Always show the form, so that the user can run another report.
echo "\n<br />\n<br />\n";
$mform->display();
admin_externalpage_print_footer();
function form_fields_to_fool_mform($username, $mform) {
echo '<input type="hidden" name="username" value="', $username, '" />', "\n";
echo '<input type="hidden" name="sesskey" value="', sesskey(), '" />', "\n";
echo '<input type="hidden" name="_qf__', $mform->get_name(), '" value="1" />', "\n";
}
?>
......@@ -14,9 +14,10 @@ $string['allowroletooverride'] = 'Allow users with role $a->fromrole to override
$string['allsiteusers'] = 'All site users';
$string['assignanotherrole'] = 'Assign another role';
$string['assignerror'] = 'Error while assigning the role $a->role to user $a->user.';
$string['assignrolenameincontext'] = 'Assign role \'$a->role\' in $a->context';
$string['assignroles'] = 'Assign roles';
$string['assignrolesin'] = 'Assign roles in $a';
$string['assignrolenameincontext'] = 'Assign role \'$a->role\' in $a->context';
$string['assignrolesrelativetothisuser'] = 'Assign roles relative to this user';
$string['assignglobalroles'] = 'Assign system roles';
$string['assignmentcontext'] = 'Assignment context';
$string['assignmentoptions'] = 'Assignment options';
......@@ -39,6 +40,8 @@ $string['category:visibility'] = 'See hidden categories';
$string['checkglobalpermissions'] = 'Check system permissions';
$string['checkpermissions'] = 'Check permissions';
$string['checkpermissionsin'] = 'Check permissions in $a';
$string['checksystempermissionsfor'] = 'Check system permissions for $a->fullname';
$string['checkuserspermissionshere'] = 'Check permissions for $a->fullname has in this $a->contextlevel';
$string['chooseroletoassign'] = 'Please choose a role to assign';
$string['context'] = 'Context';
$string['course:activityvisibility'] = 'Hide/show activities';
......@@ -97,6 +100,8 @@ $string['extusers'] = 'Existing users';
$string['extusersmatching'] = 'Existing users matching \'$a\'';
$string['globalrole'] = 'System role';
$string['globalroleswarning'] = 'WARNING! Any roles you assign from this page will apply to the assigned users throughout the entire system, including the front page and all the courses.';
$string['gotoassignroles'] = 'Go to Assign roles for this $a->contextlevel';
$string['gotoassignsystemroles'] = 'Go to Assign system roles';
$string['grade:edit'] = 'Edit grades';
$string['grade:export'] = 'Export grades';
$string['grade:hide'] = 'Hide/unhide grades or items';
......@@ -136,8 +141,11 @@ $string['my:manageblocks'] = 'Manage myMoodle page blocks';
$string['nocapabilitiesincontext'] = 'No capabilities available in this context';
$string['noneinthisx'] = 'None in this $a';
$string['noneinthisxmatching'] = 'No users matching \'$a->search\' in this $a->contexttype';
$string['noroleassignments'] = 'This user does not have any role assignments anywhere in this site.';
$string['notabletoassignroleshere'] = 'You are not able to assign any roles here';
$string['notabletooverrideroleshere'] = 'You are not able to override the permissions on any roles here';
$string['notes:manage'] = 'Manage notes';
$string['notes:view'] = 'View notes';
$string['notset'] = 'Not set';
$string['overrideanotherrole'] = 'Override another role';
$string['overridecontext'] = 'Override context';
......@@ -202,6 +210,8 @@ $string['site:import'] = 'Import other courses into a course';
$string['site:langeditlocal'] = 'Customize local translation';
$string['site:langeditmaster'] = 'Edit master language packages';
$string['site:manageblocks'] = 'Manage site-level blocks';
$string['site:mnetlogintoremote'] = 'Roam to a remote Moodle';
$string['site:mnetloginfromremote'] = 'Login from a remote Moodle';
$string['site:readallmessages'] = 'Read all messages on site';
$string['site:restore'] = 'Restore courses';
$string['site:sendmessage'] = 'Send messages to any user';
......@@ -214,10 +224,13 @@ $string['tag:manage'] = 'Manage all tags';
$string['tag:create'] = 'Create new tags';
$string['tag:edit'] = 'Edit existing tags';
$string['tag:editblocks'] = 'Edit blocks in tags pages';
$string['thisusersroles'] = 'This user\'s role assignments';
$string['unassignerror'] = 'Error while unassigning the role $a->role from user $a->user.';
$string['user:changeownpassword'] = 'Change own password';
$string['user:create'] = 'Create users';
$string['user:delete'] = 'Delete users';
$string['user:editmessageprofile'] = 'Edit user messaging profile';
$string['user:editownmessageprofile'] = 'Edit own user messaging profile';
$string['user:editownprofile'] = 'Edit own user profile';
$string['user:editprofile'] = 'Edit user profile';
$string['user:loginas'] = 'Login as other users';
......@@ -239,35 +252,12 @@ $string['viewrole'] = 'View role details';
$string['viewingdefinitionofrolex'] = 'Viewing the definition of role \'$a\'';
$string['whydoesuserhavecap'] = 'Why does $a->fullname have capability $a->capability in context $a->context?';
$string['whydoesusernothavecap'] = 'Why does $a->fullname not have capability $a->capability in context $a->context?';
$string['xroleassignments'] = '$a\'s role assignments';
$string['xuserswiththerole'] = 'Users with the role \"$a->role\"';
// MNETviewingdefinitionofrolex
$string['site:mnetlogintoremote'] = 'Roam to a remote Moodle';
$string['site:mnetloginfromremote'] = 'Login from a remote Moodle';
// Notes
$string['notes:view'] = 'View notes';
$string['notes:manage'] = 'Manage notes';
//OBSOLETED in 1.9!
$string['course:viewcoursegrades'] = 'View course grades';
$string['user:viewusergrades'] = 'View user grades';
$string['course:managegrades'] = 'Manage grades';
//LUIS: new message system
$string['user:editmessageprofile'] = 'Edit user messaging profile';
$string['user:editownmessageprofile'] = 'Edit own user messaging profile';
$string['assignrolesrelativetothisuser'] = 'Assign roles relative to this user';
$string['gotoassignroles'] = 'Go to the assign roles page';
$string['incontext'] = '<b>$a->role</b> in $a->context';
$string['noassignmentsfound'] = '$a has no role assignments';
$string['rolesreassigned'] = 'Roles re-assigned';
$string['rolesunassigned'] = 'Roles unassigned';
$string['thisusersroles'] = 'This user\'s roles';
$string['unassignasabove'] = 'Delete selected role assignments';
$string['unassignexplain'] = 'The form above can only be used to unassign roles that were originally assigned manually or via the workflow. You cannot change assignments that were made though CIRCE or via metacourses.';
$string['undounassign'] = 'Help! put those role assignments back';
$string['xroleassignments'] = '$a\'s role assignments';
?>
......@@ -1128,7 +1128,12 @@ body#admin-modules table.generaltable td.c0
margin: 1em 0 0;
text-align: center;
}
#admin-roles-usersroles .contextname {
margin: 0.5em 0 0;
}
#admin-roles-usersroles p {
margin: 0;
}
table.rolecap {
margin-left: auto;
margin-right: auto;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment