### Eclipse Workspace Patch 1.0 #P moodle20t Index: mod/forum/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/db/access.php,v retrieving revision 1.21 diff -u -r1.21 access.php --- mod/forum/db/access.php 16 Dec 2009 22:22:39 -0000 1.21 +++ mod/forum/db/access.php 28 Mar 2010 21:42:18 -0000 @@ -54,11 +54,12 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( + 'frontpage' => CAP_ALLOW, // needed especially for news on the frontpage 'guest' => CAP_ALLOW, 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -69,7 +70,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -83,7 +84,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -97,7 +98,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -110,7 +111,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -123,7 +124,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -135,7 +136,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -146,7 +147,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -157,7 +158,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -171,7 +172,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -183,7 +184,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -194,7 +195,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -205,7 +206,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -216,7 +217,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -229,7 +230,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -240,7 +241,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -251,7 +252,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -264,7 +265,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -298,7 +299,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'mod/forum:exportpost' => array( @@ -310,7 +311,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'mod/forum:exportownpost' => array( @@ -322,7 +323,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'student' => CAP_ALLOW, ) ), Index: grade/export/txt/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/export/txt/db/access.php,v retrieving revision 1.6 diff -u -r1.6 access.php --- grade/export/txt/db/access.php 4 Nov 2009 19:24:15 -0000 1.6 +++ grade/export/txt/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -24,7 +24,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -33,7 +33,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: mod/data/tabs.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/data/tabs.php,v retrieving revision 1.34 diff -u -r1.34 tabs.php --- mod/data/tabs.php 1 Nov 2009 14:55:32 -0000 1.34 +++ mod/data/tabs.php 28 Mar 2010 21:42:09 -0000 @@ -48,7 +48,7 @@ // Add an advanced search tab. $row[] = new tabobject('asearch', $CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&mode=asearch', get_string('search', 'data')); - if (isloggedin()) { + if (isloggedin()) { // just a perf shortcut if (data_user_can_add_entry($data, $currentgroup, $groupmode)) { // took out participation list here! $addstring = empty($editentry) ? get_string('add', 'data') : get_string('editentry', 'data'); $row[] = new tabobject('add', $CFG->wwwroot.'/mod/data/edit.php?d='.$data->id, $addstring); Index: mod/data/rate.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/data/rate.php,v retrieving revision 1.22 diff -u -r1.22 rate.php --- mod/data/rate.php 16 Jan 2010 15:40:06 -0000 1.22 +++ mod/data/rate.php 28 Mar 2010 21:42:08 -0000 @@ -23,10 +23,6 @@ require_login($course, false, $cm); -if (isguestuser()) { - print_error('guestrate', 'data'); -} - $context = get_context_instance(CONTEXT_MODULE, $cm->id); require_capability('mod/data:rate', $context); Index: mod/data/edit.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/data/edit.php,v retrieving revision 1.62 diff -u -r1.62 edit.php --- mod/data/edit.php 5 Mar 2010 05:37:09 -0000 1.62 +++ mod/data/edit.php 28 Mar 2010 21:42:06 -0000 @@ -74,7 +74,7 @@ require_login($course->id, false, $cm); -if (!isloggedin() or has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { redirect('view.php?d='.$data->id); } Index: mod/data/restorelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/data/restorelib.php,v retrieving revision 1.41 diff -u -r1.41 restorelib.php --- mod/data/restorelib.php 18 Dec 2009 18:11:13 -0000 1.41 +++ mod/data/restorelib.php 28 Mar 2010 21:42:09 -0000 @@ -146,15 +146,15 @@ // backup_version to make sure. if (isset($database->participants) && isset($database->assesspublic)) { - if (!$teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) { + if (!$teacherroles = get_archetype_roles('teacher')) { notice('Default teacher role was not found. Roles and permissions '. 'for your database modules will have to be manually set.'); } - if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { + if (!$studentroles = get_archetype_roles('student')) { notice('Default student role was not found. Roles and permissions '. 'for all your database modules will have to be manually set.'); } - if (!$guestroles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) { + if (!$guestroles = get_archetype_roles('guest')) { notice('Default guest role was not found. Roles and permissions '. 'for all your database modules will have to be manually set.'); } Index: mod/data/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/data/lib.php,v retrieving revision 1.265 diff -u -r1.265 lib.php --- mod/data/lib.php 22 Mar 2010 03:04:01 -0000 1.265 +++ mod/data/lib.php 28 Mar 2010 21:42:08 -0000 @@ -723,7 +723,7 @@ function data_isowner($record) { global $USER, $DB; - if (!isloggedin()) { + if (!isloggedin()) { // perf shortcut return false; } @@ -1527,7 +1527,7 @@ $cm = get_coursemodule_from_instance('data', $data->id); $context = get_context_instance(CONTEXT_MODULE, $cm->id); - if ($data->assessed and !empty($USER->id) and (has_capability('mod/data:rate', $context) or has_capability('mod/data:viewrating', $context) or data_isowner($record->id))) { + if ($data->assessed and isloggedin() and (has_capability('mod/data:rate', $context) or has_capability('mod/data:viewrating', $context) or data_isowner($record->id))) { if ($ratingsscale = make_grades_menu($data->scale)) { $ratingsmenuused = false; @@ -1748,9 +1748,9 @@ * @param object $data a data object with the same attributes as a record * from the data database table * @param int $datamodid the id of the data module, from the modules table - * @param array $teacherroles array of roles that have moodle/legacy:teacher - * @param array $studentroles array of roles that have moodle/legacy:student - * @param array $guestroles array of roles that have moodle/legacy:guest + * @param array $teacherroles array of roles that have archetype teacher + * @param array $studentroles array of roles that have archetype student + * @param array $guestroles array of roles that have archetype guest * @param int $cmid the course_module id for this data instance * @return boolean data module was converted or not */ @@ -2505,7 +2505,7 @@ if ($rs = $DB->get_recordset_sql($recordssql, array($data->courseid))) { foreach ($rs as $record) { if (array_key_exists($record->userid, $notenrolled) or !$record->userexists or $record->userdeleted - or !has_capability('moodle/course:view', $course_context , $record->userid)) { + or !is_enrolled($course_context, $record->userid)) { $DB->delete_records('data_ratings', array('recordid'=>$record->id)); $DB->delete_records('comments', array('itemid'=>$record->id, 'commentarea'=>'database_entry')); $DB->delete_records('data_content', array('recordid'=>$record->id)); @@ -2841,7 +2841,7 @@ $numentries = data_numentries($data); /// Check the number of entries required against the number of entries already made (doesn't apply to teachers) - if ($data->requiredentries > 0 && $numentries < $data->requiredentries && !has_capability('mod/data:manageentries', $cm->context)) { + if ($data->requiredentries > 0 && $numentries < $data->requiredentries && !has_capability('mod/data:manageentries', get_context_instance(CONTEXT_MODULE, $cm->id))) { $data->entriesleft = $data->requiredentries - $numentries; $key = $navigation->add(get_string('entrieslefttoadd', 'data', $data)); $navigation->get($key)->add_class('note'); Index: mod/glossary/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/glossary/lib.php,v retrieving revision 1.287 diff -u -r1.287 lib.php --- mod/glossary/lib.php 22 Mar 2010 03:04:01 -0000 1.287 +++ mod/glossary/lib.php 28 Mar 2010 21:42:20 -0000 @@ -947,7 +947,7 @@ $return .= get_string('entryishidden','glossary'); } - if (has_capability('mod/glossary:manageentries', $context) or (!empty($USER->id) and has_capability('mod/glossary:write', $context) and $entry->userid == $USER->id)) { + if (has_capability('mod/glossary:manageentries', $context) or (isloggedin() and has_capability('mod/glossary:write', $context) and $entry->userid == $USER->id)) { // only teachers can export entries so check it out if (has_capability('mod/glossary:export', $context) and !$ismainglossary and !$importedentry) { $mainglossary = $DB->get_record('glossary', array('mainglossary'=>1,'course'=>$course->id)); @@ -1756,7 +1756,7 @@ $context = get_context_instance(CONTEXT_MODULE, $cm->id); $ratingsmenuused = false; - if (!empty($ratings) and !empty($USER->id)) { + if (!empty($ratings) and isloggedin()) { $useratings = true; if ($ratings->assesstimestart and $ratings->assesstimefinish) { if ($entry->timecreated < $ratings->assesstimestart or $entry->timecreated > $ratings->assesstimefinish) { @@ -2605,7 +2605,7 @@ if ($rs = $DB->get_recordset_sql($entriessql, $params)) { foreach ($rs as $entry) { if (array_key_exists($entry->userid, $notenrolled) or !$entry->userexists or $entry->userdeleted - or !has_capability('moodle/course:view', $course_context , $entry->userid)) { + or !is_enrolled($course_context , $entry->userid)) { $DB->delete_records('glossary_ratings', array('entryid'=>$entry->id)); $DB->delete_records('glossary_comments', array('entryid'=>$entry->id)); $DB->delete_records('glossary_entries', array('id'=>$entry->id)); Index: mod/glossary/view.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/glossary/view.php,v retrieving revision 1.163 diff -u -r1.163 view.php --- mod/glossary/view.php 15 Mar 2010 07:59:30 -0000 1.163 +++ mod/glossary/view.php 28 Mar 2010 21:42:21 -0000 @@ -297,7 +297,7 @@ $CFG->enablerssfeeds && $CFG->glossary_enablerssfeeds && $glossary->rsstype && $glossary->rssarticles) { $tooltiptext = get_string("rsssubscriberss","glossary",format_string($glossary->name,true)); - if (empty($USER->id)) { + if (!isloggedin()) { $userid = 0; } else { $userid = $USER->id; Index: mod/glossary/sql.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/glossary/sql.php,v retrieving revision 1.47 diff -u -r1.47 sql.php --- mod/glossary/sql.php 1 Nov 2009 15:04:07 -0000 1.47 +++ mod/glossary/sql.php 28 Mar 2010 21:42:21 -0000 @@ -39,7 +39,7 @@ $params = array('gid1'=>$glossary->id, 'gid2'=>$glossary->id, 'myid'=>$USER->id, 'hook'=>$hook); $userid = ''; - if ( !empty($USER->id) ) { + if ( isloggedin() ) { $userid = "OR ge.userid = :myid"; } switch ($tab) { Index: mod/glossary/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/glossary/index.php,v retrieving revision 1.42 diff -u -r1.42 index.php --- mod/glossary/index.php 20 Mar 2010 22:15:59 -0000 1.42 +++ mod/glossary/index.php 28 Mar 2010 21:42:18 -0000 @@ -103,7 +103,7 @@ if ($glossary->rsstype and $glossary->rssarticles) { //Calculate the tolltip text $tooltiptext = get_string("rsssubscriberss","glossary",format_string($glossary->name)); - if (empty($USER->id)) { + if (!isloggedin()) { $userid = 0; } else { $userid = $USER->id; Index: mod/glossary/edit.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/glossary/edit.php,v retrieving revision 1.98 diff -u -r1.98 edit.php --- mod/glossary/edit.php 16 Jan 2010 15:40:01 -0000 1.98 +++ mod/glossary/edit.php 28 Mar 2010 21:42:18 -0000 @@ -19,10 +19,6 @@ $context = get_context_instance(CONTEXT_MODULE, $cm->id); -if (isguestuser()) { - print_error('guestnoedit', 'glossary', "$CFG->wwwroot/mod/glossary/view.php?id=$cmid"); -} - if (!$glossary = $DB->get_record('glossary', array('id'=>$cm->instance))) { print_error('invalidid', 'glossary'); } @@ -34,6 +30,10 @@ $PAGE->set_url($url); if ($id) { // if entry is specified + if (isguestuser()) { + print_error('guestnoedit', 'glossary', "$CFG->wwwroot/mod/glossary/view.php?id=$cmid"); + } + if (!$entry = $DB->get_record('glossary_entries', array('id'=>$id, 'glossaryid'=>$glossary->id))) { print_error('invalidentry'); } @@ -58,6 +58,7 @@ } else { // new entry require_capability('mod/glossary:write', $context); + // note: guest user does not have any write capability $entry = new object(); $entry->id = null; } Index: mod/glossary/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/glossary/db/access.php,v retrieving revision 1.13 diff -u -r1.13 access.php --- mod/glossary/db/access.php 4 Nov 2009 19:24:15 -0000 1.13 +++ mod/glossary/db/access.php 28 Mar 2010 21:42:21 -0000 @@ -40,7 +40,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -53,7 +53,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -66,7 +66,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -80,7 +80,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -93,7 +93,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -106,7 +106,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -117,7 +117,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -130,7 +130,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -141,7 +141,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -152,7 +152,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -165,7 +165,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -176,7 +176,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'student' => CAP_ALLOW, ) ), Index: lang/en_utf8/role.php =================================================================== RCS file: /cvsroot/moodle/moodle/lang/en_utf8/role.php,v retrieving revision 1.101 diff -u -r1.101 role.php --- lang/en_utf8/role.php 7 Mar 2010 09:28:56 -0000 1.101 +++ lang/en_utf8/role.php 28 Mar 2010 21:41:22 -0000 @@ -14,6 +14,7 @@ $string['allowroletoswitch'] = 'Allow users with role $a->fromrole to switch roles to the role $a->targetrole'; $string['allowswitch'] = 'Allow role switches'; $string['allsiteusers'] = 'All site users'; +$string['archetype'] = 'Role archetype'; $string['assignanotherrole'] = 'Assign another role'; $string['assignerror'] = 'Error while assigning the role $a->role to user $a->user.'; $string['assignrolenameincontext'] = 'Assign role \'$a->role\' in $a->context'; @@ -23,6 +24,14 @@ $string['assignglobalroles'] = 'Assign system roles'; $string['assignmentcontext'] = 'Assignment context'; $string['assignmentoptions'] = 'Assignment options'; +$string['archetypecoursecreator'] = 'ARCHETYPE: Course Creator'; +$string['archetypeeditingteacher'] = 'ARCHETYPE: Teacher (editing)'; +$string['archetypefrontpage'] = 'ARCHETYPE: Authenticated user on frontpage'; +$string['archetypeguest'] = 'ARCHETYPE: Guest'; +$string['archetypemanager'] = 'ARCHETYPE: Manager'; +$string['archetypestudent'] = 'ARCHETYPE: Student'; +$string['archetypeteacher'] = 'ARCHETYPE: Teacher (non-editing)'; +$string['archetypeuser'] = 'ARCHETYPE: Authenticated user'; $string['backtoallroles'] = 'Back to the list of all roles'; $string['backup:backupcourse'] = 'Backup courses'; $string['backup:downloadfile'] = 'Download files from backup areas'; @@ -59,6 +68,8 @@ $string['comment:delete'] = 'Delete comments'; $string['comment:post'] = 'Post comments'; $string['comment:view'] = 'Read comments'; +$string['confirmaddadmin'] = 'Do you really want to add user $a as new site administrator?'; +$string['confirmdeladmin'] = 'Do you really want to remove user $a from the list of site administrators?'; $string['context'] = 'Context'; $string['course:activityvisibility'] = 'Hide/show activities'; $string['course:bulkmessaging'] = 'Send a message to many people'; @@ -110,14 +121,16 @@ $string['errorbadroleshortname'] = 'Incorrect role short name'; $string['errorexistsrolename'] = 'Role name already exists'; $string['errorexistsroleshortname'] = 'Role name already exists'; +$string['existingadmins'] = 'Current site administrators'; $string['existingusers'] = '$a existing users'; $string['explanation'] = 'Explanation'; $string['explainpermission'] = 'Explain permission'; $string['explainpermissionsinfo'] = '

To use this table:

  1. First look to see if there are any Prohibits. If there are, has_capability will return false.
  2. Otherwise, read across the rows, left-to-right, top-to-bottom, and find the first cell where the number of Prevents and Allows are different. If there are more Allows than Prevents in that cell, then has_capability will return true, otherwise it will return false.
  3. If no cell has different numbers of Prevents and Allows, then has_capability will return false.
'; -$string['explainpermissionsdoanything'] = 'Note that this user has the moodle/site:doanything capability, so even though the table above shows that has_capability will return false, this user will actually be deemed to have the capability $a in most circumstances.'; $string['extusers'] = 'Existing users'; $string['extusersmatching'] = 'Existing users matching \'$a\''; $string['filter:manage'] = 'Manage local filter settings'; +$string['frontpageuser'] = 'Authenticated user on frontpage'; +$string['frontpageuserdescription'] = 'All logged in users in the frontpage course.'; $string['globalrole'] = 'System role'; $string['globalroleswarning'] = 'WARNING! Any roles you assign from this page will apply to the assigned users throughout the entire system, including the front page and all the courses.'; $string['gotoassignroles'] = 'Go to Assign roles for this $a->contextlevel'; @@ -151,7 +164,10 @@ $string['legacytype'] = 'Legacy role type'; $string['listallroles'] = 'List all roles'; $string['localroles'] = 'Locally assigned roles'; +$string['manageadmins'] = 'Manage site administrators'; $string['manageroles'] = 'Manage roles'; +$string['manager'] = 'Manager'; +$string['managerdescription'] = 'Managers can access course and modify them, they usually do not participate in courses.'; $string['maybeassignedin'] = 'Context types where this role may be assigned'; $string['metaassignerror'] = 'Can not assign this role to user \"$a\" because Manage metacourse capability is needed.'; $string['metaunassignerror'] = 'Role of user \"$a\" was automatically reassigned, please unassign the role in child courses instead.'; @@ -199,7 +215,7 @@ $string['question:viewmine'] = 'View your own questions'; $string['resetrole'] = 'Reset to defaults'; $string['resetrolenolegacy'] = 'Clear permissions'; -$string['resetrolesure'] = 'Are you sure that you want to reset role \"$a->name ($a->shortname)\" to defaults?

The defaults are taken from the selected legacy capability ($a->legacytype).'; +$string['resetrolesure'] = 'Are you sure that you want to reset role \"$a->name ($a->shortname)\" to defaults?

The defaults are taken from the selected archetype ($a->legacytype).'; $string['resetrolesurenolegacy'] = 'Are you sure that you want to clear all permissions defined in this role \"$a->name ($a->shortname)\"?'; $string['restore:createuser'] = 'Create users on restore'; $string['restore:restorecourse'] = 'Restore courses'; @@ -226,6 +242,7 @@ $string['selectrole'] = 'Select a role'; $string['showallroles'] = 'Show all roles'; $string['showthisuserspermissions'] = 'Show this user\'s permissions'; +$string['siteadministrators'] = 'Site administrators'; $string['site:accessallgroups'] = 'Access all groups'; $string['site:approvecourse'] = 'Approve course creation'; $string['site:backup'] = 'Backup courses'; Index: lang/en_utf8/admin.php =================================================================== RCS file: /cvsroot/moodle/moodle/lang/en_utf8/admin.php,v retrieving revision 1.329 diff -u -r1.329 admin.php --- lang/en_utf8/admin.php 23 Mar 2010 08:47:05 -0000 1.329 +++ lang/en_utf8/admin.php 28 Mar 2010 21:41:22 -0000 @@ -243,6 +243,7 @@ $string['configperfdebug'] = 'If you turn this on, performance info will be printed in the footer of the standard theme'; $string['configprofilesforenrolledusersonly'] = 'To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.'; $string['configprotectusernames'] = 'By default forget_password.php does not display any hints that would allow guessing of usernames or email addresses.'; +$string['configprofileroles'] = 'List of roles that are visible on user profiles and participation page.'; $string['configproxybypass'] = 'Comma separated list of (partial) hostnames or IPs that should bypass proxy (e.g., 192.168., .mydomain.com)'; $string['configproxyhost'] = 'If this server needs to use a proxy computer (eg a firewall) to access the Internet, then provide the proxy hostname here. Otherwise leave it blank.'; $string['configproxypassword'] = 'Password needed to access internet through proxy if required, empty if none (PHP cURL extension required).'; @@ -732,6 +733,7 @@ $string['profilemenutoofewoptions'] = 'You must provide at least 2 options'; $string['profilename'] = 'Name'; $string['profilenofieldsdefined'] = 'No fields have been defined'; +$string['profileroles'] = 'Profile visible roles'; $string['profileshortname'] = 'Short name (must be unique)'; $string['profileshortnamenotunique'] = 'This short name is already in use'; $string['profilesignup'] = 'Display on signup page?'; Index: mod/choice/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/choice/lib.php,v retrieving revision 1.123 diff -u -r1.123 lib.php --- mod/choice/lib.php 22 Mar 2010 03:04:01 -0000 1.123 +++ mod/choice/lib.php 28 Mar 2010 21:42:06 -0000 @@ -289,7 +289,7 @@ echo '
'; echo "id\" />"; echo ""; - if (has_capability('mod/choice:choose', $context, $user->id, false)) { //don't show save button if the logged in user is the guest user. + if (is_enrolled($context, NULL, 'mod/choice:choose')) { //only enrolled users are allowed to make a choice if ($choicefull) { print_string('choicefull', 'choice'); echo "
"; @@ -346,7 +346,7 @@ if ($answers) { foreach ($answers as $a) { //only return enrolled users. - if (has_capability('mod/choice:choose', $context, $a->userid, false)) { + if (is_enrolled($context, $a->userid, 'mod/choice:choose')) { $countanswers++; } } @@ -865,7 +865,7 @@ /// First get all the users who have access here /// To start with we assume they are all "unanswered" then move them later - $allresponses[0] = get_users_by_capability($context, 'mod/choice:choose', 'u.id, u.picture, u.firstname, u.lastname, u.idnumber', 'u.lastname ASC,u.firstname ASC', '', '', $currentgroup, '', false, true); + $allresponses[0] = get_enrolled_users($context, 'mod/choice:choose', $currentgroup, 'u.id, u.picture, u.imagealt, u.firstname, u.lastname, u.idnumber', 'u.lastname ASC,u.firstname ASC'); /// Get all the recorded responses for this choice $rawresponses = $DB->get_records('choice_answers', array('choiceid' => $choice->id)); Index: mod/choice/view.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/choice/view.php,v retrieving revision 1.132 diff -u -r1.132 view.php --- mod/choice/view.php 16 Jan 2010 15:40:10 -0000 1.132 +++ mod/choice/view.php 28 Mar 2010 21:42:06 -0000 @@ -35,7 +35,7 @@ print_error('badcontext'); } - if ($action == 'delchoice' and confirm_sesskey() and has_capability('mod/choice:choose', $context) and $choice->allowupdate) { + if ($action == 'delchoice' and confirm_sesskey() and is_enrolled($context, NULL, 'mod/choice:choose') and $choice->allowupdate) { if ($answer = $DB->get_record('choice_answers', array('choiceid' => $choice->id, 'userid' => $USER->id))) { //print_object($answer); $DB->delete_records('choice_answers', array('id' => $answer->id)); @@ -46,7 +46,7 @@ echo $OUTPUT->header(); /// Submit any new data if there is any - if ($form = data_submitted() && has_capability('mod/choice:choose', $context) && confirm_sesskey()) { + if ($form = data_submitted() && is_enrolled($context, NULL, 'mod/choice:choose') && confirm_sesskey()) { $timenow = time(); if (has_capability('mod/choice:deleteresponses', $context)) { if ($action == 'delete') { //some responses need to be deleted @@ -90,7 +90,7 @@ $current = false; // Initialise for later //if user has already made a selection, and they are not allowed to update it, show their selected answer. - if (!empty($USER->id) && ($current = $DB->get_record('choice_answers', array('choiceid' => $choice->id, 'userid' => $USER->id))) && + if (isloggedin() && ($current = $DB->get_record('choice_answers', array('choiceid' => $choice->id, 'userid' => $USER->id))) && empty($choice->allowupdate) ) { echo $OUTPUT->box(get_string("yourselection", "choice", userdate($choice->timeopen)).": ".format_string(choice_get_option_text($choice, $current->optionid))); } @@ -109,8 +109,7 @@ } } - if ( (!$current or $choice->allowupdate) and $choiceopen and - has_capability('mod/choice:choose', $context) ) { + if ( (!$current or $choice->allowupdate) and $choiceopen and is_enrolled($context, NULL, 'mod/choice:choose')) { // They haven't made their choice yet or updates allowed and choice is open echo '
'; @@ -130,11 +129,13 @@ $sitecontext = get_context_instance(CONTEXT_SYSTEM); - if (has_capability('moodle/legacy:guest', $sitecontext, NULL, false)) { // Guest on whole site + if (isguestuser()) { + // Guest account echo $OUTPUT->confirm(get_string('noguestchoose', 'choice').'

'.get_string('liketologin'), get_login_url(), new moodle_url); - } else if (has_capability('moodle/legacy:guest', $context, NULL, false)) { // Guest in this course only + } else if (!is_enrolled($context)) { + // Only people enrolled can make a choice $SESSION->wantsurl = $FULLME; $SESSION->enrolcancel = $_SERVER['HTTP_REFERER']; Index: grade/report/outcomes/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/report/outcomes/db/access.php,v retrieving revision 1.8 diff -u -r1.8 access.php --- grade/report/outcomes/db/access.php 4 Nov 2009 19:24:15 -0000 1.8 +++ grade/report/outcomes/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -24,7 +24,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: group/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/group/lib.php,v retrieving revision 1.32 diff -u -r1.32 lib.php --- group/lib.php 16 Dec 2009 22:14:17 -0000 1.32 +++ group/lib.php 28 Mar 2010 21:41:19 -0000 @@ -40,7 +40,7 @@ } //check if the user a participant of the group course - if (!is_course_participant ($userid, $group->courseid)) { + if (!is_enrolled(get_context_instance(CONTEXT_COURSE, $group->courseid), $userid)) { return false; } @@ -488,24 +488,11 @@ */ function groups_get_possible_roles($context) { $capability = 'moodle/course:view'; - $doanything = false; // find all possible "student" roles if ($possibleroles = get_roles_with_capability($capability, CAP_ALLOW, $context)) { - if (!$doanything) { - if (!$sitecontext = get_context_instance(CONTEXT_SYSTEM)) { - return false; // Something is seriously wrong - } - $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext); - } - $validroleids = array(); foreach ($possibleroles as $possiblerole) { - if (!$doanything) { - if (isset($doanythingroles[$possiblerole->id])) { // We don't want these included - continue; - } - } if ($caps = role_context_capabilities($possiblerole->id, $context, $capability)) { // resolved list if (isset($caps[$capability]) && $caps[$capability] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; @@ -529,64 +516,30 @@ * @param string $orderby The colum to sort users by * @return array An array of the users */ -function groups_get_potential_members($courseid, $roleid = null, $orderby = 'lastname,firstname') { +function groups_get_potential_members($courseid, $roleid = null, $orderby = 'lastname ASC, firstname ASC') { global $DB; $context = get_context_instance(CONTEXT_COURSE, $courseid); - $sitecontext = get_context_instance(CONTEXT_SYSTEM); - $rolenames = array(); - $avoidroles = array(); - - if ($roles = get_roles_used_in_context($context, true)) { - - $canviewroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $context); - $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $sitecontext); - - foreach ($roles as $role) { - if (!isset($canviewroles[$role->id])) { // Avoid this role (eg course creator) - $avoidroles[] = $role->id; - unset($roles[$role->id]); - continue; - } - if (isset($doanythingroles[$role->id])) { // Avoid this role (ie admin) - $avoidroles[] = $role->id; - unset($roles[$role->id]); - continue; - } - $rolenames[$role->id] = strip_tags(role_get_name($role, $context)); // Used in menus etc later on - } - } - - if ($avoidroles) { - list($adminroles, $params) = $DB->get_in_or_equal($avoidroles, SQL_PARAMS_NAMED, 'ar0', false); - $adminroles = "AND r.roleid $adminroles"; - } else { - $adminroles = ""; - $params = array(); - } // we are looking for all users with this role assigned in this context or higher - if ($usercontexts = get_parent_contexts($context)) { - $listofcontexts = 'IN ('.implode(',', $usercontexts).')'; - } else { - $listofcontexts = '='.$sitecontext->id.')'; // must be site - } + $listofcontexts = get_related_contexts_string($context); + list($esql, $params) = get_enrolled_sql($context); + if ($roleid) { - $selectrole = "AND r.roleid = :roleid"; $params['roleid'] = $roleid; + $where = "WHERE u.id IN (SELECT userid + FROM {role_assignments} + WHERE roleid = :roleid AND contextid $listofcontexts)"; } else { - $selectrole = ""; + $where = ""; } $sql = "SELECT u.id, u.username, u.firstname, u.lastname, u.idnumber FROM {user} u - JOIN {role_assignments} r on u.id=r.userid - WHERE (r.contextid = :contextid OR r.contextid $listofcontexts) - AND u.deleted = 0 AND u.username != 'guest' - $selectrole $adminroles + JOIN ($esql) e ON e.id = u.id + $where ORDER BY $orderby"; - $params['contextid'] = $context->id; return $DB->get_records_sql($sql, $params); @@ -660,7 +613,7 @@ * @param string $fields List of fields from user table prefixed with u, default 'u.*' * @param string $sort SQL ORDER BY clause, default 'u.lastname ASC' * @param string $extrawheretest extra SQL conditions ANDed with the existing where clause. - * @param array $whereparams any parameters required by $extrawheretest. + * @param array $whereparams any parameters required by $extrawheretest (named parameters). * @return array Complex array as described above */ function groups_get_members_by_role($groupid, $courseid, $fields='u.*', @@ -681,11 +634,11 @@ JOIN {user} u ON u.id = gm.userid JOIN {role_assignments} ra ON ra.userid = u.id JOIN {role} r ON r.id = ra.roleid - WHERE gm.groupid=? + WHERE gm.groupid=:mgroupid AND ra.contextid ".get_related_contexts_string($context). $extrawheretest." ORDER BY r.sortorder, $sort"; - array_unshift($whereparams, $groupid); + $whereparams['mgroupid'] = $groupid; $rs = $DB->get_recordset_sql($sql, $whereparams); return groups_calculate_role_people($rs, $context); Index: group/autogroup.php =================================================================== RCS file: /cvsroot/moodle/moodle/group/autogroup.php,v retrieving revision 1.20 diff -u -r1.20 autogroup.php --- group/autogroup.php 20 Mar 2010 22:15:57 -0000 1.20 +++ group/autogroup.php 28 Mar 2010 21:41:18 -0000 @@ -42,17 +42,8 @@ /// Get applicable roles $rolenames = array(); -if ($roles = get_roles_used_in_context($context, true)) { - $canviewroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $context); - $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext); - +if ($roles = get_profile_roles($context)) { foreach ($roles as $role) { - if (!isset($canviewroles[$role->id])) { // Avoid this role (eg course creator) - continue; - } - if (isset($doanythingroles[$role->id])) { // Avoid this role (ie admin) - continue; - } $rolenames[$role->id] = strip_tags(role_get_name($role, $context)); // Used in menus etc later on } } Index: group/members.php =================================================================== RCS file: /cvsroot/moodle/moodle/group/members.php,v retrieving revision 1.32 diff -u -r1.32 members.php --- group/members.php 6 Feb 2010 15:26:47 -0000 1.32 +++ group/members.php 28 Mar 2010 21:41:19 -0000 @@ -14,33 +14,26 @@ require_once($CFG->dirroot . '/course/lib.php'); $groupid = required_param('group', PARAM_INT); +$cancel = optional_param('cancel', false, PARAM_BOOL); -if (!$group = $DB->get_record('groups', array('id'=>$groupid))) { - print_error('invalidgroupid'); -} - -if (!$course = $DB->get_record('course', array('id'=>$group->courseid))) { - print_error('invalidcourse'); -} -$courseid = $course->id; +$group = $DB->get_record('groups', array('id'=>$groupid), '*', MUST_EXIST); +$course = $DB->get_record('course', array('id'=>$group->courseid), '*', MUST_EXIST); $PAGE->set_url('/groups/members.php', array('id'=>$groupid)); require_login($course); -$context = get_context_instance(CONTEXT_COURSE, $courseid); +$context = get_context_instance(CONTEXT_COURSE, $course->id); require_capability('moodle/course:managegroups', $context); -$returnurl = $CFG->wwwroot.'/group/index.php?id='.$courseid.'&group='.$group->id; +$returnurl = $CFG->wwwroot.'/group/index.php?id='.$course->id.'&group='.$group->id; -if (optional_param('cancel', false, PARAM_BOOL)) { +if ($cancel) { redirect($returnurl); } -$groupmembersselector = new group_members_selector('removeselect', - array('groupid' => $groupid, 'courseid' => $course->id)); +$groupmembersselector = new group_members_selector('removeselect', array('groupid' => $groupid, 'courseid' => $course->id)); $groupmembersselector->set_extra_fields(array()); -$potentialmembersselector = new group_non_members_selector('addselect', - array('groupid' => $groupid, 'courseid' => $course->id)); +$potentialmembersselector = new group_non_members_selector('addselect', array('groupid' => $groupid, 'courseid' => $course->id)); $potentialmembersselector->set_extra_fields(array()); if (optional_param('add', false, PARAM_BOOL) && confirm_sesskey()) { @@ -79,8 +72,8 @@ $PAGE->requires->yui2_lib('connection'); $PAGE->requires->js('/group/clientlib.js'); -$PAGE->navbar->add($strparticipants, new moodle_url('/user/index.php', array('id'=>$courseid))); -$PAGE->navbar->add($strgroups, new moodle_url('/group/index.php', array('id'=>$courseid))); +$PAGE->navbar->add($strparticipants, new moodle_url('/user/index.php', array('id'=>$course->id))); +$PAGE->navbar->add($strgroups, new moodle_url('/group/index.php', array('id'=>$course->id))); $PAGE->navbar->add($stradduserstogroup); /// Print header Index: group/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/group/index.php,v retrieving revision 1.60 diff -u -r1.60 index.php --- group/index.php 21 Mar 2010 17:36:28 -0000 1.60 +++ group/index.php 28 Mar 2010 21:41:19 -0000 @@ -20,21 +20,18 @@ $action = groups_param_action(); // Support either single group= parameter, or array groups[] if ($groupid) { - $groupids=array($groupid); + $groupids = array($groupid); } else { $groupids = optional_param('groups', array(), PARAM_INT); } -$singlegroup=count($groupids) == 1; +$singlegroup = (count($groupids) == 1); $returnurl = $CFG->wwwroot.'/group/index.php?id='.$courseid; // Get the course information so we can print the header and // check the course id is valid -if (!$course = $DB->get_record('course', array('id'=>$courseid))) { - $success = false; - print_error('invalidcourse'); //'The course ID is invalid' -} +$course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST); $url = new moodle_url('/group/index.php', array('id'=>$courseid)); if ($userid) { @@ -48,19 +45,19 @@ // Make sure that the user has permissions to manage groups. require_login($course); -$context = get_context_instance(CONTEXT_COURSE, $courseid); -if (! has_capability('moodle/course:managegroups', $context)) { - redirect(); //"group.php?id=$course->id"); // Not allowed to see all groups +$context = get_context_instance(CONTEXT_COURSE, $course->id); +if (!has_capability('moodle/course:managegroups', $context)) { + redirect('/course/view.php', array('id'=>$course->id)); // Not allowed to manage all groups } // Check for multiple/no group errors -if(!$singlegroup) { +if (!$singlegroup) { switch($action) { case 'ajax_getmembersingroup': case 'showgroupsettingsform': case 'showaddmembersform': case 'updatemembers': - print_error('errorselectone','group',$returnurl); + print_error('errorselectone', 'group', $returnurl); } } @@ -70,41 +67,41 @@ case 'ajax_getmembersingroup': $roles = array(); - if ($groupmemberroles = groups_get_members_by_role($groupids[0],$courseid,'u.id,u.firstname,u.lastname')) { + if ($groupmemberroles = groups_get_members_by_role($groupids[0], $courseid, 'u.id,u.firstname,u.lastname')) { foreach($groupmemberroles as $roleid=>$roledata) { - $shortroledata=new StdClass; - $shortroledata->name=$roledata->name; - $shortroledata->users=array(); + $shortroledata = new stdClass(); + $shortroledata->name = $roledata->name; + $shortroledata->users = array(); foreach($roledata->users as $member) { - $shortmember=new StdClass; - $shortmember->id=$member->id; - $shortmember->name=fullname($member, true); - $shortroledata->users[]=$shortmember; + $shortmember = new stdClass(); + $shortmember->id = $member->id; + $shortmember->name = fullname($member, true); + $shortroledata->users[] = $shortmember; } - $roles[]=$shortroledata; + $roles[] = $shortroledata; } } echo json_encode($roles); die; // Client side JavaScript takes it from here. case 'deletegroup': - if(count($groupids)==0) { + if (count($groupids) == 0) { print_error('errorselectsome','group',$returnurl); } - $groupidlist=implode(',',$groupids); - redirect('delete.php?courseid='.$courseid.'&groups='.$groupidlist); + $groupidlist = implode(',', $groupids); + redirect(new moodle_url('/group/delete.php', array('courseid'=>$courseid, 'groups'=>$groupidlist))); break; case 'showcreateorphangroupform': - redirect('group.php?courseid='.$courseid); + redirect(new moodle_url('/group/group.php', array('courseid'=>$courseid))); break; case 'showautocreategroupsform': - redirect('autogroup.php?courseid='.$courseid); + redirect(new moodle_url('/group/autogroup.php', array('courseid'=>$courseid))); break; case 'showgroupsettingsform': - redirect('group.php?courseid='.$courseid.'&id='.$groupids[0]); + redirect(new moodle_url('/group/group.php', array('courseid'=>$courseid, 'id'=>$groupids[0]))); break; case 'updategroups': //Currently reloading. @@ -114,17 +111,15 @@ break; case 'showaddmembersform': - redirect('members.php?group='.$groupids[0]); + redirect(new moodle_url('/group/members.php', array('group'=>$groupids[0]))); break; case 'updatemembers': //Currently reloading. break; default: //ERROR. - if (debugging()) { - print_error('unknowaction', '', $returnurl); + print_error('unknowaction', '', $returnurl); break; - } } // Print the page and form Index: group/assign.php =================================================================== RCS file: /cvsroot/moodle/moodle/group/assign.php,v retrieving revision 1.32 diff -u -r1.32 assign.php --- group/assign.php 16 Jan 2010 15:40:05 -0000 1.32 +++ group/assign.php 28 Mar 2010 21:41:18 -0000 @@ -90,8 +90,7 @@ $coursemanagerroles = split(',', $managerroles); foreach ($coursemanagerroles as $roleid) { $role = $DB->get_record('role', array('id'=>$roleid)); - $canseehidden = has_capability('moodle/role:viewhiddenassigns', $context); - $managers = get_role_users($roleid, $context, true, 'u.id', 'u.id ASC', $canseehidden); + $managers = get_role_users($roleid, $context, true, 'u.id', 'u.id ASC'); } } } else { Index: group/externallib.php =================================================================== RCS file: /cvsroot/moodle/moodle/group/externallib.php,v retrieving revision 1.22 diff -u -r1.22 externallib.php --- group/externallib.php 13 Dec 2009 10:48:22 -0000 1.22 +++ group/externallib.php 28 Mar 2010 21:41:18 -0000 @@ -368,8 +368,10 @@ require_capability('moodle/course:managegroups', $context); // now make sure user is enrolled in course - this is mandatory requirement, - // unfortunately this is extermely slow - require_capability('moodle/course:view', $context, $userid, false); + // unfortunately this is slow + if (!is_enrolled($context, $userid)) { + throw new invalid_parameter_exception('Only enrolled users may be members of groups'); + } groups_add_member($group, $user); } Index: course/report/log/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/report/log/db/access.php,v retrieving revision 1.5 diff -u -r1.5 access.php --- course/report/log/db/access.php 4 Nov 2009 19:24:16 -0000 1.5 +++ course/report/log/db/access.php 28 Mar 2010 21:41:17 -0000 @@ -32,7 +32,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', @@ -45,7 +45,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', @@ -58,7 +58,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', Index: blocks/admin/block_admin.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/admin/block_admin.php,v retrieving revision 1.134 diff -u -r1.134 block_admin.php --- blocks/admin/block_admin.php 24 Feb 2010 08:58:40 -0000 1.134 +++ blocks/admin/block_admin.php 28 Mar 2010 21:41:06 -0000 @@ -20,16 +20,15 @@ $course = $this->page->course; - if (!has_capability('moodle/course:view', $this->page->context)) { // Just return - return $this->content; - } - if (empty($CFG->loginhttps)) { $securewwwroot = $CFG->wwwroot; } else { $securewwwroot = str_replace('http:','https:',$CFG->wwwroot); } + $isenrolled = is_enrolled($this->page->context); + $isinspecting = is_inspecting($this->page->context); + /// Course editing on/off if ($course->id !== SITEID and has_capability('moodle/course:update', $this->page->context)) { $this->content->icons[]=''; @@ -56,7 +55,7 @@ /// View course grades (or just your own grades, same link) /// find all accessible reports - if ($course->id !== SITEID) { + if ($course->id !== SITEID and ($isenrolled or $isinspecting)) { $reportavailable = false; if (has_capability('moodle/grade:viewall', $this->page->context)) { $reportavailable = true; @@ -194,17 +193,23 @@ /// Unenrol link if (empty($course->metacourse) && ($course->id!==SITEID)) { - if (has_capability('moodle/legacy:guest', $this->page->context, NULL, false)) { // Are a guest now + if ($isenrolled) { + if (has_capability('moodle/role:unassignself', $this->page->context, NULL, false) and get_user_roles($this->page->context, $USER->id, false)) { // Have some role + $this->content->items[]=''.get_string('unenrolme', '', format_string($course->shortname)).''; + $this->content->icons[]=''; + } + + } else if ($isinspecting) { + // inspector, manager, etc. - do not show anything + } else { + // access because otherwise they would not get into this course at all $this->content->items[]=''.get_string('enrolme', '', format_string($course->shortname)).''; $this->content->icons[]=''; - } else if (has_capability('moodle/role:unassignself', $this->page->context, NULL, false) and get_user_roles($this->page->context, $USER->id, false)) { // Have some role - $this->content->items[]=''.get_string('unenrolme', '', format_string($course->shortname)).''; - $this->content->icons[]=''; } } - /// Link to the user own profile (except guests) - if (!isguestuser() and isloggedin()) { + /// Link to the user own profile if they are enrolled + if ($isenrolled) { $this->content->items[]=''.get_string('profile').''; $this->content->icons[]=''; } Index: grade/import/csv/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/import/csv/db/access.php,v retrieving revision 1.7 diff -u -r1.7 access.php --- grade/import/csv/db/access.php 4 Nov 2009 19:24:14 -0000 1.7 +++ grade/import/csv/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -22,7 +22,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: admin/report/courseoverview/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/report/courseoverview/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- admin/report/courseoverview/db/access.php 4 Nov 2009 19:24:16 -0000 1.3 +++ admin/report/courseoverview/db/access.php 28 Mar 2010 21:40:46 -0000 @@ -32,7 +32,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', Index: lib/simpletest/testaccesslib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/simpletest/testaccesslib.php,v retrieving revision 1.13 diff -u -r1.13 testaccesslib.php --- lib/simpletest/testaccesslib.php 1 Nov 2009 13:13:22 -0000 1.13 +++ lib/simpletest/testaccesslib.php 28 Mar 2010 21:42:00 -0000 @@ -57,23 +57,20 @@ $syscontext = get_system_context(false); /// Install the roles system. - $adminrole = create_role(get_string('administrator'), 'admin', - get_string('administratordescription'), 'moodle/legacy:admin'); $coursecreatorrole = create_role(get_string('coursecreators'), 'coursecreator', - get_string('coursecreatorsdescription'), 'moodle/legacy:coursecreator'); + get_string('coursecreatorsdescription'), 'coursecreator'); $editteacherrole = create_role(get_string('defaultcourseteacher'), 'editingteacher', - get_string('defaultcourseteacherdescription'), 'moodle/legacy:editingteacher'); + get_string('defaultcourseteacherdescription'), 'editingteacher'); $noneditteacherrole = create_role(get_string('noneditingteacher'), 'teacher', - get_string('noneditingteacherdescription'), 'moodle/legacy:teacher'); + get_string('noneditingteacherdescription'), 'teacher'); $studentrole = create_role(get_string('defaultcoursestudent'), 'student', - get_string('defaultcoursestudentdescription'), 'moodle/legacy:student'); + get_string('defaultcoursestudentdescription'), 'student'); $guestrole = create_role(get_string('guest'), 'guest', - get_string('guestdescription'), 'moodle/legacy:guest'); + get_string('guestdescription'), 'guest'); $userrole = create_role(get_string('authenticateduser'), 'user', - get_string('authenticateduserdescription'), 'moodle/legacy:user'); + get_string('authenticateduserdescription'), 'user'); /// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles - assign_capability('moodle/site:doanything', CAP_ALLOW, $adminrole, $syscontext->id); update_capabilities('moodle'); update_capabilities('mod_forum'); update_capabilities('mod_quiz'); @@ -174,11 +171,6 @@ array_map(create_function('$o', 'return $o->id;'), get_users_by_capability($contexts[$conindex], array('mod/quiz:attempt', 'mod/quiz:reviewmyattempts')))); } - // System context, specifically checking doanything. - $this->assert(new ArraysHaveSameValuesExpectation( - array($users['a']->id)), - array_map(create_function('$o', 'return $o->id;'), - get_users_by_capability($contexts[0], 'moodle/site:doanything'))); // For reference: get_users_by_capability argument order: // $context, $capability, $fields='', $sort='', $limitfrom='', $limitnum='', @@ -271,7 +263,6 @@ $this->load_test_data('capabilities', array('name'), array( - array('moodle/site:doanything'), array('moodle/course:view'))); $roles = $this->load_test_data('role', @@ -283,14 +274,12 @@ $adminid = $roles['admin']->id; $r1id = $roles['r1']->id; $r2id = $roles['r2']->id; - $funnyid = $roles['funny']->id; // strange role to test that roles with 'moodle/site:doanything' and 'moodle/course:view' are not returned. + $funnyid = $roles['funny']->id; // strange role to test that roles with 'moodle/course:view' are not returned. $this->load_test_data('role_capabilities', array('roleid', 'capability', 'contextid', 'permission'), array( - array($adminid, 'moodle/site:doanything', SYSCONTEXTID, CAP_ALLOW), array( $r1id, 'moodle/course:view', SYSCONTEXTID + 1, CAP_ALLOW), array( $r2id, 'moodle/course:view', SYSCONTEXTID, CAP_ALLOW), - array($funnyid, 'moodle/site:doanything', SYSCONTEXTID, CAP_ALLOW), array($funnyid, 'moodle/course:view', SYSCONTEXTID, CAP_ALLOW))); $this->load_test_data('role_assignments', @@ -334,11 +323,8 @@ array('roleid', 'capability', 'contextid', 'permission'), array( array( 1, 'moodle/forum:replypost', SYSCONTEXTID, CAP_ALLOW), array( 2, 'moodle/course:view', SYSCONTEXTID, CAP_ALLOW), - array( 3, 'moodle/site:doanything', SYSCONTEXTID, CAP_ALLOW), - array( 4, 'moodle/site:doanything', SYSCONTEXTID, CAP_ALLOW), array( 4, 'moodle/course:view', SYSCONTEXTID, CAP_ALLOW), array( 5, 'moodle/course:view', SYSCONTEXTID, CAP_ALLOW), - array( 5, 'moodle/site:doanything', SYSCONTEXTID, CAP_PREVENT), array( 6, 'moodle/course:view', SYSCONTEXTID, CAP_PREVENT), )); Index: lib/simpletest/broken_testfilelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/simpletest/broken_testfilelib.php,v retrieving revision 1.3 diff -u -r1.3 broken_testfilelib.php --- lib/simpletest/broken_testfilelib.php 19 Feb 2010 17:50:21 -0000 1.3 +++ lib/simpletest/broken_testfilelib.php 28 Mar 2010 21:41:59 -0000 @@ -81,10 +81,8 @@ // User and capability stuff (stolen from testaccesslib.php) $syscontext = get_system_context(false); - $adminrole = create_role(get_string('administrator'), 'admin', get_string('administratordescription'), 'moodle/legacy:admin'); /// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles - assign_capability('moodle/site:doanything', CAP_ALLOW, $adminrole, $syscontext->id); update_capabilities('moodle'); update_capabilities('mod_forum'); Index: search/indexersplash.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/indexersplash.php,v retrieving revision 1.26 diff -u -r1.26 indexersplash.php --- search/indexersplash.php 16 Jan 2010 15:40:08 -0000 1.26 +++ search/indexersplash.php 28 Mar 2010 21:42:26 -0000 @@ -33,7 +33,7 @@ print_error('globalsearchdisabled', 'search'); } - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print_error('beadmin', 'search', get_login_url()); } Index: search/update.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/update.php,v retrieving revision 1.22 diff -u -r1.22 update.php --- search/update.php 11 May 2009 19:59:58 -0000 1.22 +++ search/update.php 28 Mar 2010 21:42:26 -0000 @@ -43,7 +43,7 @@ /* Obsolete with the MOODLE INTERNAL check - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print_error('beadmin', 'search', get_login_url()); } */ Index: search/query.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/query.php,v retrieving revision 1.46 diff -u -r1.46 query.php --- search/query.php 18 Mar 2010 21:23:15 -0000 1.46 +++ search/query.php 28 Mar 2010 21:42:26 -0000 @@ -299,7 +299,7 @@ print_string('documents', 'search'); print '.'; - if (!$sq->is_valid_index() and has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!$sq->is_valid_index() and has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print '

' . get_string('noindexmessage', 'search') . '' . get_string('createanindex', 'search')."

\n"; } Index: search/delete.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/delete.php,v retrieving revision 1.21 diff -u -r1.21 delete.php --- search/delete.php 25 Mar 2009 21:28:43 -0000 1.21 +++ search/delete.php 28 Mar 2010 21:42:25 -0000 @@ -43,7 +43,7 @@ /* Obsolete with the MOODLE INTERNAL check - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print_error('beadmin', 'search', get_login_url()); } */ Index: search/stats.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/stats.php,v retrieving revision 1.32 diff -u -r1.32 stats.php --- search/stats.php 20 Mar 2010 22:16:00 -0000 1.32 +++ search/stats.php 28 Mar 2010 21:42:26 -0000 @@ -66,7 +66,7 @@ /// this table is only for admins, shows index directory size and location - if (has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { $datadirectorystr = get_string('datadirectory', 'search'); $inindexdirectorystr = get_string('filesinindexdirectory', 'search'); $totalsizestr = get_string('totalsize', 'search'); @@ -138,7 +138,7 @@ /// add extra fields if we're admin - if (has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { //don't want to confuse users if the two totals don't match (hint: they should) $table->data[] = array($documentsinindexstr, $indexinfo->indexcount); Index: search/add.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/add.php,v retrieving revision 1.21 diff -u -r1.21 add.php --- search/add.php 25 Mar 2009 21:28:43 -0000 1.21 +++ search/add.php 28 Mar 2010 21:42:25 -0000 @@ -46,7 +46,7 @@ /* Obsolete with the MOODLE INTERNAL check - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print_error('beadmin', 'search', get_login_url()); } */ Index: search/querylib.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/querylib.php,v retrieving revision 1.18 diff -u -r1.18 querylib.php --- search/querylib.php 15 Oct 2009 07:37:30 -0000 1.18 +++ search/querylib.php 28 Mar 2010 21:42:26 -0000 @@ -393,7 +393,7 @@ * course related checks */ // admins can see everything, anyway. - if (has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))){ + if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))){ return true; } Index: search/indexer.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/indexer.php,v retrieving revision 1.29 diff -u -r1.29 indexer.php --- search/indexer.php 6 May 2009 16:10:45 -0000 1.29 +++ search/indexer.php 28 Mar 2010 21:42:25 -0000 @@ -47,7 +47,7 @@ print_error('globalsearchdisabled', 'search'); } - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print_error('beadmin', 'search', get_login_url()); } Index: backup/restore_form.html =================================================================== RCS file: /cvsroot/moodle/moodle/backup/restore_form.html,v retrieving revision 1.107 diff -u -r1.107 restore_form.html --- backup/restore_form.html 22 Mar 2010 22:33:30 -0000 1.107 +++ backup/restore_form.html 28 Mar 2010 21:40:57 -0000 @@ -636,7 +636,7 @@ echo (''); // get the first teacheredit legacy - $roles = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM)); + $roles = get_archetype_roles('editingteacher'); $editteacher = reset($roles); echo html_writer::select($siterolesarray, "defaultteacheredit", $editteacher->id, array(''=>'new role')); @@ -649,7 +649,7 @@ echo (''); // get the first teacheredit legacy - $roles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM)); + $roles = get_archetype_roles('teacher'); $teacher = reset($roles); echo html_writer::select($siterolesarray, "defaultteacher", $teacher->id, array(''=>'new role')); @@ -662,7 +662,7 @@ echo (''); // get the first teacheredit legacy - $roles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM)); + $roles = get_archetype_roles('student'); $studentrole = array_shift($roles); echo html_writer::select($siterolesarray, "defaultstudent", $studentrole->id, array(''=>'new role')); Index: backup/backuplib.php =================================================================== RCS file: /cvsroot/moodle/moodle/backup/backuplib.php,v retrieving revision 1.248 diff -u -r1.248 backuplib.php --- backup/backuplib.php 5 Feb 2010 08:08:57 -0000 1.248 +++ backup/backuplib.php 28 Mar 2010 21:40:56 -0000 @@ -2911,7 +2911,6 @@ if (backup_getid($preferences->backup_unique_code, 'user', $assignment->userid)) { fwrite ($bf, start_tag("ASSIGNMENT", $startlevel+3, true)); fwrite ($bf, full_tag("USERID", $startlevel+4, false, $assignment->userid)); - fwrite ($bf, full_tag("HIDDEN", $startlevel+4, false, $assignment->hidden)); fwrite ($bf, full_tag("TIMESTART", $startlevel+4, false, $assignment->timestart)); fwrite ($bf, full_tag("TIMEEND", $startlevel+4, false, $assignment->timeend)); fwrite ($bf, full_tag("TIMEMODIFIED", $startlevel+4, false, $assignment->timemodified)); Index: backup/restorelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/backup/restorelib.php,v retrieving revision 1.416 diff -u -r1.416 restorelib.php --- backup/restorelib.php 22 Mar 2010 22:33:30 -0000 1.416 +++ backup/restorelib.php 28 Mar 2010 21:41:06 -0000 @@ -5952,9 +5952,6 @@ $this->info->tempuser = $this->getContents(); $this->info->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->userid = $this->getContents(); break; - case "HIDDEN": - $this->info->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->hidden = $this->getContents(); - break; case "TIMESTART": $this->info->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->timestart = $this->getContents(); break; @@ -6175,9 +6172,6 @@ $this->info->tempinstance->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->userid = $this->getContents(); break; - case "HIDDEN": - $this->info->tempinstance->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->hidden = $this->getContents(); - break; case "TIMESTART": $this->info->tempinstance->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->timestart = $this->getContents(); break; @@ -6428,9 +6422,6 @@ $this->info->tempsection->mods[$this->info->tempmod->id]->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->userid = $this->getContents(); break; - case "HIDDEN": - $this->info->tempsection->mods[$this->info->tempmod->id]->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->hidden = $this->getContents(); - break; case "TIMESTART": $this->info->tempsection->mods[$this->info->tempmod->id]->roleassignments[$this->info->tempid]->assignments[$this->info->tempuser]->timestart = $this->getContents(); break; @@ -7315,9 +7306,6 @@ $this->info->tempuser->roleassignments[$this->info->tempid]->assignments[$this->info->tempuserid]->userid = $this->getContents(); break; - case "HIDDEN": - $this->info->tempuser->roleassignments[$this->info->tempid]->assignments[$this->info->tempuserid]->hidden = $this->getContents(); - break; case "TIMESTART": $this->info->tempuser->roleassignments[$this->info->tempid]->assignments[$this->info->tempuserid]->timestart = $this->getContents(); break; @@ -9171,7 +9159,7 @@ if ($CFG->creatornewroleid) { role_assign($CFG->creatornewroleid, $USER->id, 0, $newcontext->id); } else { - if ($legacyteachers = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM))) { + if ($legacyteachers = get_archetype_roles('editingteacher')) { if ($legacyteacher = array_shift($legacyteachers)) { role_assign($legacyteacher->id, $USER->id, 0, $newcontext->id); } Index: mod/data/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/data/db/access.php,v retrieving revision 1.22 diff -u -r1.22 access.php --- mod/data/db/access.php 4 Nov 2009 19:24:16 -0000 1.22 +++ mod/data/db/access.php 28 Mar 2010 21:42:09 -0000 @@ -35,11 +35,12 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( + 'frontpage' => CAP_ALLOW, // needed for databases on the frontpage 'guest' => CAP_ALLOW, 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -53,7 +54,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -67,7 +68,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -78,7 +79,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -89,7 +90,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -102,7 +103,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -115,7 +116,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -128,7 +129,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -140,7 +141,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -151,7 +152,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -162,7 +163,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -173,7 +174,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, ) @@ -184,7 +185,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'student' => CAP_ALLOW, @@ -198,7 +199,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, ) Index: blocks/messages/block_messages.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/messages/block_messages.php,v retrieving revision 1.27 diff -u -r1.27 block_messages.php --- blocks/messages/block_messages.php 27 Dec 2009 19:47:23 -0000 1.27 +++ blocks/messages/block_messages.php 28 Mar 2010 21:41:07 -0000 @@ -25,7 +25,7 @@ $this->content->text = ''; $this->content->footer = ''; - if (empty($this->instance) or empty($USER->id) or isguestuser() or empty($CFG->messaging)) { + if (empty($this->instance) or !isloggedin() or isguestuser() or empty($CFG->messaging)) { return $this->content; } Index: mod/chat/chat_ajax.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/chat/chat_ajax.php,v retrieving revision 1.5 diff -u -r1.5 chat_ajax.php --- mod/chat/chat_ajax.php 16 Jan 2010 15:40:12 -0000 1.5 +++ mod/chat/chat_ajax.php 28 Mar 2010 21:42:04 -0000 @@ -38,7 +38,7 @@ if (!$cm = get_coursemodule_from_instance('chat', $chat->id, $course->id)) { chat_print_error('ERROR', get_string('invalidcoursemodule', 'error')); } -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { chat_print_error('ERROR', get_string('notlogged','chat')); } Index: mod/chat/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/chat/lib.php,v retrieving revision 1.164 diff -u -r1.164 lib.php --- mod/chat/lib.php 22 Mar 2010 03:04:02 -0000 1.164 +++ mod/chat/lib.php 28 Mar 2010 21:42:05 -0000 @@ -1233,8 +1233,8 @@ global $CFG, $USER, $PAGE, $OUTPUT; $currentgroup = groups_get_activity_group($cm, true); - - if (has_capability('mod/chat:chat',$cm->context)) { + + if (has_capability('mod/chat:chat', get_context_instance(CONTEXT_MODULE, $cm->context))) { $strenterchat = get_string('enterchat', 'chat'); $target = $CFG->wwwroot.'/mod/chat/'; Index: repository/remotemoodle/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/remotemoodle/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/remotemoodle/db/access.php 4 Nov 2009 19:24:15 -0000 1.2 +++ repository/remotemoodle/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: blog/rsslib.php =================================================================== RCS file: /cvsroot/moodle/moodle/blog/rsslib.php,v retrieving revision 1.23 diff -u -r1.23 rsslib.php --- blog/rsslib.php 16 Dec 2009 21:51:00 -0000 1.23 +++ blog/rsslib.php 28 Mar 2010 21:41:10 -0000 @@ -9,8 +9,8 @@ global $CFG, $USER, $OUTPUT; - if (empty($USER->id)) { - $userid = 1; + if (!isloggedin()) { + $userid = $CFG->siteguest; } else { $userid = $USER->id; } Index: blog/locallib.php =================================================================== RCS file: /cvsroot/moodle/moodle/blog/locallib.php,v retrieving revision 1.19 diff -u -r1.19 locallib.php --- blog/locallib.php 20 Mar 2010 22:15:56 -0000 1.19 +++ blog/locallib.php 28 Mar 2010 21:41:10 -0000 @@ -587,7 +587,7 @@ return false; // blog system disabled or user has no blog view capability } - if (!empty($USER->id) && $USER->id == $targetuserid) { + if (isloggedin() && $USER->id == $targetuserid) { return true; // can view own entries in any case } @@ -611,7 +611,7 @@ break; case BLOG_SITE_LEVEL: - if (!empty($USER->id)) { // not logged in viewers forbidden + if (isloggedin()) { // not logged in viewers forbidden return true; } return false; @@ -742,7 +742,7 @@ // don't add permission constraints } else { - if (isloggedin() && !has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM, SITEID), $userid, false)) { + if (isloggedin() and !isguestuser()) { $assocexists = $DB->record_exists('blog_association', array()); //dont check association records if there aren't any //begin permission sql clause Index: blog/edit_form.php =================================================================== RCS file: /cvsroot/moodle/moodle/blog/edit_form.php,v retrieving revision 1.26 diff -u -r1.26 edit_form.php --- blog/edit_form.php 30 Oct 2009 07:25:51 -0000 1.26 +++ blog/edit_form.php 28 Mar 2010 21:41:08 -0000 @@ -132,7 +132,7 @@ $coursecontext = $DB->get_record('context', array('id' => $data['courseassoc'], 'contextlevel' => CONTEXT_COURSE)); if ($coursecontext) { - if (!has_capability('moodle/course:view', $coursecontext, $USER->id)) { + if (!is_enrolled($coursecontext) and !is_inspecting($coursecontext)) { $errors['courseassoc'] = get_string('studentnotallowed', '', fullname($USER, true)); } } else { @@ -161,7 +161,7 @@ } // ensure the user has access to each mod's course - if (!has_capability('moodle/course:view', $coursecontext)) { + if (!is_enrolled($modcontext) and !is_inspecting($modcontext)) { $errors['modassoc'] = get_string('studentnotallowed', '', fullname($USER, true)); } } else { Index: blog/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/blog/lib.php,v retrieving revision 1.131 diff -u -r1.131 lib.php --- blog/lib.php 16 Jan 2010 15:40:10 -0000 1.131 +++ blog/lib.php 28 Mar 2010 21:41:09 -0000 @@ -67,7 +67,7 @@ return false; // blog system disabled } - if (!empty($USER->id) && $USER->id == $targetuserid) { + if (isloggdin() && $USER->id == $targetuserid) { return true; // can view own entries in any case } @@ -92,7 +92,7 @@ break; case BLOG_SITE_LEVEL: - if (!empty($USER->id)) { // not logged in viewers forbidden + if (isloggedin()) { // not logged in viewers forbidden return true; } return false; @@ -366,7 +366,6 @@ $cm = $DB->get_record('course_modules', array('id' => $modid)); $cm->modname = $DB->get_field('modules', 'name', array('id' => $cm->module)); $cm->name = $DB->get_field($cm->modname, 'name', array('id' => $cm->instance)); - $cm->context = get_context_instance(CONTEXT_MODULE, $modid); $a->type = get_string('modulename', $cm->modname); $PAGE->set_cm($cm, $course); $headers['stradd'] = get_string('blogaboutthis', 'blog', $a); Index: search/documents/physical_pdf.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_pdf.php,v retrieving revision 1.11 diff -u -r1.11 physical_pdf.php --- search/documents/physical_pdf.php 23 Mar 2009 21:35:31 -0000 1.11 +++ search/documents/physical_pdf.php 28 Mar 2010 21:42:27 -0000 @@ -23,7 +23,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // adds moodle root switch if none was defined if (!isset($CFG->block_search_usemoodleroot)){ Index: search/documents/forum_document.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/forum_document.php,v retrieving revision 1.20 diff -u -r1.20 forum_document.php --- search/documents/forum_document.php 15 Oct 2009 07:37:29 -0000 1.20 +++ search/documents/forum_document.php 28 Mar 2010 21:42:26 -0000 @@ -194,11 +194,11 @@ $systemcontext = $coursecontext; } - if (!((has_capability('moodle/site:doanything', $systemcontext) && !empty($CFG->admineditalways)) - || has_any_capability(array('moodle/legacy:teacher', 'moodle/legacy:editingteacher', 'moodle/legacy:admin'), $coursecontext, $userid, false))) { + if (true) { + // TODO: can not test teachers and admins here, use proper capability and enrolment test $now = time(); $timelimit = " AND ((d.timestart = 0 OR d.timestart <= '$now') AND (d.timeend = 0 OR d.timeend > '$now')"; - if (!empty($USER->id)) { + if (isloggedin()) { $timelimit .= " OR d.userid = '$USER->id'"; } $timelimit .= ')'; Index: search/documents/physical_ppt.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_ppt.php,v retrieving revision 1.9 diff -u -r1.9 physical_ppt.php --- search/documents/physical_ppt.php 21 Nov 2009 13:52:31 -0000 1.9 +++ search/documents/physical_ppt.php 28 Mar 2010 21:42:27 -0000 @@ -39,7 +39,7 @@ $indextext = null; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; if ($directfile == ''){ $text = implode('', file("{$CFG->dataroot}/{$resource->course}/{$resource->reference}")); Index: search/documents/physical_doc.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_doc.php,v retrieving revision 1.10 diff -u -r1.10 physical_doc.php --- search/documents/physical_doc.php 30 May 2009 22:12:28 -0000 1.10 +++ search/documents/physical_doc.php 28 Mar 2010 21:42:26 -0000 @@ -24,7 +24,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // adds moodle root switch if none was defined if (!isset($CFG->block_search_usemoodleroot)){ Index: search/documents/physical_swf.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_swf.php,v retrieving revision 1.4 diff -u -r1.4 physical_swf.php --- search/documents/physical_swf.php 23 Mar 2009 21:35:31 -0000 1.4 +++ search/documents/physical_swf.php 28 Mar 2010 21:42:27 -0000 @@ -27,7 +27,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // adds moodle root switch if none was defined if (!isset($CFG->block_search_usemoodleroot)){ Index: search/documents/physical_xml.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_xml.php,v retrieving revision 1.8 diff -u -r1.8 physical_xml.php --- search/documents/physical_xml.php 21 Nov 2009 13:52:31 -0000 1.8 +++ search/documents/physical_xml.php 28 Mar 2010 21:42:27 -0000 @@ -23,7 +23,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // just get text if ($directfile == ''){ Index: search/documents/user_document.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/user_document.php,v retrieving revision 1.6 diff -u -r1.6 user_document.php --- search/documents/user_document.php 30 May 2009 22:12:29 -0000 1.6 +++ search/documents/user_document.php 28 Mar 2010 21:42:27 -0000 @@ -353,7 +353,7 @@ $userrecord = $DB->get_record('user', array('id' => $this_id)); // we cannot see nothing from unconfirmed users - if (!$userrecord->confirmed and !has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))){ + if (!$userrecord->confirmed and !has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))){ if (!empty($CFG->search_access_debug)) echo "search reject : unconfirmed user "; return false; } Index: search/documents/physical_odt.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_odt.php,v retrieving revision 1.3 diff -u -r1.3 physical_odt.php --- search/documents/physical_odt.php 30 May 2009 22:12:28 -0000 1.3 +++ search/documents/physical_odt.php 28 Mar 2010 21:42:26 -0000 @@ -24,7 +24,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // adds moodle root switch if none was defined if (!isset($CFG->block_search_usemoodleroot)){ Index: search/documents/physical_txt.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_txt.php,v retrieving revision 1.7 diff -u -r1.7 physical_txt.php --- search/documents/physical_txt.php 21 Nov 2009 13:52:31 -0000 1.7 +++ search/documents/physical_txt.php 28 Mar 2010 21:42:27 -0000 @@ -23,7 +23,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // just try to get text empirically from ppt binary flow if ($directfile == ''){ Index: search/documents/physical_htm.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/documents/physical_htm.php,v retrieving revision 1.11 diff -u -r1.11 physical_htm.php --- search/documents/physical_htm.php 21 Nov 2009 13:52:31 -0000 1.11 +++ search/documents/physical_htm.php 28 Mar 2010 21:42:26 -0000 @@ -23,7 +23,7 @@ global $CFG; // SECURITY : do not allow non admin execute anything on system !! - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) return; + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) return; // just get text if ($directfile == ''){ Index: mod/forum/restorelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/restorelib.php,v retrieving revision 1.73 diff -u -r1.73 restorelib.php --- mod/forum/restorelib.php 10 Dec 2009 03:11:19 -0000 1.73 +++ mod/forum/restorelib.php 28 Mar 2010 21:42:18 -0000 @@ -183,15 +183,15 @@ $forummod = $DB->get_record('modules', array('name'=>'forum')); - if (!$teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) { + if (!$teacherroles = get_archetype_roles('teacher')) { notice('Default teacher role was not found. Roles and permissions '. 'for all your forums will have to be manually set.'); } - if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { + if (!$studentroles = get_archetype_roles('student')) { notice('Default student role was not found. Roles and permissions '. 'for all your forums will have to be manually set.'); } - if (!$guestroles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) { + if (!$guestroles = get_archetype_roles('guest')) { notice('Default guest role was not found. Roles and permissions '. 'for teacher forums will have to be manually set.'); } Index: mod/forum/discuss.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/discuss.php,v retrieving revision 1.153 diff -u -r1.153 discuss.php --- mod/forum/discuss.php 10 Feb 2010 10:55:51 -0000 1.153 +++ mod/forum/discuss.php 28 Mar 2010 21:42:11 -0000 @@ -192,8 +192,9 @@ /// If so, make sure the current person is allowed to see this discussion /// Also, if we know they should be able to reply, then explicitly set $canreply for performance reasons - if (isguestuser() or !isloggedin() or has_capability('moodle/legacy:guest', $modcontext, NULL, false)) { + if (isguestuser() or !isloggedin() or (!is_enrolled($modcontext) and !is_inspecting($modcontext))) { // allow guests and not-logged-in to see the link - they are prompted to log in after clicking the link + // normal users with temporary guest access see this link too, they are asked to enrol instead $canreply = ($forum->type != 'news'); // no reply in news forums } else { Index: mod/forum/rate_ajax.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/rate_ajax.php,v retrieving revision 1.6 diff -u -r1.6 rate_ajax.php --- mod/forum/rate_ajax.php 16 Jan 2010 15:40:07 -0000 1.6 +++ mod/forum/rate_ajax.php 28 Mar 2010 21:42:17 -0000 @@ -42,13 +42,6 @@ /// Here we maintain response contents $response = array('status'=> 'Error', 'message'=>'kk'); -/// Check access. -if (!isloggedin()) { - print_error('mustbeloggedin'); -} -if (isguestuser()) { - print_error('noguestrate', 'forum'); -} if (!confirm_sesskey()) { print_error('invalidsesskey'); } @@ -93,6 +86,7 @@ /// Check user can rate $context = get_context_instance(CONTEXT_MODULE, $cm->id); +require_login($course, false, $cm); require_capability('mod/forum:rate', $context); /// Check timed ratings Index: mod/forum/subscribe.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/subscribe.php,v retrieving revision 1.57 diff -u -r1.57 subscribe.php --- mod/forum/subscribe.php 16 Jan 2010 15:40:08 -0000 1.57 +++ mod/forum/subscribe.php 28 Mar 2010 21:42:18 -0000 @@ -74,7 +74,7 @@ require_login($course->id, false, $cm); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { // Guests can't subscribe +if (!is_enrolled($context)) { // Guests and visitors can't subscribe - only enrolled $PAGE->set_title($course->shortname); $PAGE->set_heading($course->fullname); echo $OUTPUT->header(); Index: mod/forum/post.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/post.php,v retrieving revision 1.207 diff -u -r1.207 post.php --- mod/forum/post.php 16 Jan 2010 15:40:07 -0000 1.207 +++ mod/forum/post.php 28 Mar 2010 21:42:17 -0000 @@ -50,7 +50,12 @@ $sitecontext = get_context_instance(CONTEXT_SYSTEM); -if (has_capability('moodle/legacy:guest', $sitecontext, NULL, false)) { +if (!isloggedin() or isguestuser()) { + + if (!isloggedin() and !get_referer()) { + // No referer+not logged in - probably coming in via email See MDL-9052 + require_login(); + } if (!empty($forum)) { // User is starting a new discussion in a forum if (! $forum = $DB->get_record('forum', array('id' => $forum))) { @@ -77,10 +82,6 @@ $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); } - if (!get_referer()) { // No referer - probably coming in via email See MDL-9052 - require_login(); - } - $PAGE->set_title($course->shortname); $PAGE->set_heading($course->fullname); @@ -106,13 +107,14 @@ $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); if (! forum_user_can_post_discussion($forum, $groupid, -1, $cm)) { - if (has_capability('moodle/legacy:guest', $coursecontext, NULL, false)) { // User is a guest here! - $SESSION->wantsurl = $FULLME; - $SESSION->enrolcancel = $_SERVER['HTTP_REFERER']; - redirect($CFG->wwwroot.'/course/enrol.php?id='.$course->id, get_string('youneedtoenrol')); - } else { - print_error('nopostforum', 'forum'); + if (!isguestuser()) { + if (!is_enrolled($coursecontext)) { + $SESSION->wantsurl = $FULLME; + $SESSION->enrolcancel = $_SERVER['HTTP_REFERER']; + redirect($CFG->wwwroot.'/course/enrol.php?id='.$course->id, get_string('youneedtoenrol')); + } } + print_error('nopostforum', 'forum'); } if (!$cm->visible and !has_capability('moodle/course:viewhiddenactivities', $coursecontext)) { @@ -172,13 +174,14 @@ $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); if (! forum_user_can_post($forum, $discussion, $USER, $cm, $course, $modcontext)) { - if (has_capability('moodle/legacy:guest', $coursecontext, NULL, false)) { // User is a guest here! - $SESSION->wantsurl = $FULLME; - $SESSION->enrolcancel = $_SERVER['HTTP_REFERER']; - redirect($CFG->wwwroot.'/course/enrol.php?id='.$course->id, get_string('youneedtoenrol')); - } else { - print_error('nopostforum', 'forum'); + if (!isguestuser) { + if (!is_enrolled($coursecontext)) { // User is a guest here! + $SESSION->wantsurl = $FULLME; + $SESSION->enrolcancel = $_SERVER['HTTP_REFERER']; + redirect($CFG->wwwroot.'/course/enrol.php?id='.$course->id, get_string('youneedtoenrol')); + } } + print_error('nopostforum', 'forum'); } // Make sure user can post here Index: mod/forum/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/lib.php,v retrieving revision 1.855 diff -u -r1.855 lib.php --- mod/forum/lib.php 22 Mar 2010 03:04:01 -0000 1.855 +++ mod/forum/lib.php 28 Mar 2010 21:42:17 -0000 @@ -511,7 +511,7 @@ // Verify user is enrollend in course - if not do not send any email if (!isset($userto->enrolledin[$course->id])) { - $userto->enrolledin[$course->id] = has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id)); + $userto->enrolledin[$course->id] = is_enrolled(get_context_instance(CONTEXT_COURSE, $course->id)); } if (!$userto->enrolledin[$course->id]) { // oops - this user should not receive anything from this course @@ -5265,7 +5265,7 @@ } // normal users with temporary guest access can not post - if (has_capability('moodle/legacy:guest', $context, $user->id, false)) { + if (!is_enrolled($context, $user->id) and !is_inspecting($context, $user->id)) { return false; } @@ -5275,7 +5275,7 @@ $capname = 'mod/forum:replypost'; } - if (!has_capability($capname, $context, $user->id, false)) { + if (!has_capability($capname, $context, $user->id)) { return false; } @@ -5539,7 +5539,7 @@ if (forum_user_can_post_discussion($forum, $currentgroup, $groupmode, $cm, $context) || ($forum->type != 'news' - and (isguestuser() or !isloggedin() or has_capability('moodle/legacy:guest', $context, NULL, false))) ) { + and (isguestuser() or !isloggedin() or (!is_enrolled($context) and !is_inspecting($context)))) ) { echo '
'; echo "wwwroot/mod/forum/post.php\">"; @@ -5681,7 +5681,7 @@ } } - if (!empty($USER->id)) { + if (isloggedin()) { $ownpost = ($discussion->userid == $USER->id); } else { $ownpost=false; @@ -5763,7 +5763,7 @@ global $USER, $CFG, $DB, $PAGE, $OUTPUT; - if (!empty($USER->id)) { + if (isloggedin()) { $ownpost = ($USER->id == $post->userid); } else { $ownpost = false; @@ -6026,7 +6026,7 @@ foreach ($posts as $post) { echo '
'; - if (empty($USER->id)) { + if (!isloggedin()) { $ownpost = false; } else { $ownpost = ($USER->id == $post->userid); @@ -6268,17 +6268,9 @@ * @return bool */ function forum_role_assign($userid, $context, $roleid) { - // check to see if this role comes with mod/forum:initialsubscriptions - $cap = role_context_capabilities($roleid, $context, 'mod/forum:initialsubscriptions'); - $cap1 = role_context_capabilities($roleid, $context, 'moodle/course:view'); - // we are checking the role because has_capability() will pull this capability out - // from other roles this user might have and resolve them, which is no good - // the role needs course view to - if (isset($cap['mod/forum:initialsubscriptions']) && $cap['mod/forum:initialsubscriptions'] == CAP_ALLOW && - isset($cap1['moodle/course:view']) && $cap1['moodle/course:view'] == CAP_ALLOW) { + if (is_enrolled($context, $userid, 'mod/forum:initialsubscriptions')) { return forum_add_user_default_subscriptions($userid, $context); } else { - // MDL-8981, do not subscribe to forum return true; } } @@ -6296,8 +6288,10 @@ return false; } - forum_remove_user_subscriptions($userid, $context); - forum_remove_user_tracking($userid, $context); + if (!is_enrolled($context, $userid)) { + forum_remove_user_subscriptions($userid, $context); + forum_remove_user_tracking($userid, $context); + } return true; } @@ -7674,9 +7668,9 @@ * @param object $forum a forum object with the same attributes as a record * from the forum database table * @param int $forummodid the id of the forum module, from the modules table - * @param array $teacherroles array of roles that have moodle/legacy:teacher - * @param array $studentroles array of roles that have moodle/legacy:student - * @param array $guestroles array of roles that have moodle/legacy:guest + * @param array $teacherroles array of roles that have archetype teacher + * @param array $studentroles array of roles that have archetype student + * @param array $guestroles array of roles that have archetype guest * @param int $cmid the course_module id for this forum instance * @return boolean forum was converted or not */ @@ -8037,7 +8031,7 @@ if (empty($PAGE->cm->context)) { $PAGE->cm->context = get_context_instance(CONTEXT_MODULE, $PAGE->cm->instance); } - if (!empty($USER->id) && !has_capability('moodle/legacy:guest', $PAGE->cm->context, NULL, false)) { + if (is_enrolled($PAGE->cm->context)) { // means enrolled users only $notekey = false; $helpbutton = false; if (forum_is_forcesubscribed($forumobject)) { @@ -8111,7 +8105,7 @@ } else { $string = get_string("rsssubscriberssposts","forum",format_string($forumobject->name)); } - if (empty($USER->id)) { + if (!isloggedin()) { $userid = 0; } else { $userid = $USER->id; @@ -8302,14 +8296,14 @@ $fields = 'SELECT ' . $this->required_fields_sql('u'); $from = ' FROM {user} u LEFT JOIN {forum_subscriptions} s ON s.userid=u.id'; - $wherecondition .= ' AND s.forum=?'; - $params[] = $this->forumid; + $wherecondition .= ' AND s.forum=:forumid'; + $params['forumid'] = $this->forumid; $order = ' ORDER BY lastname ASC, firstname ASC'; if ($this->currentgroup) { $from .= ", {groups_members} gm "; - $wherecondition .= " AND gm.groupid = ? AND u.id = gm.userid"; - $params[] = $this->currentgroup; + $wherecondition .= " AND gm.groupid = :groupid AND u.id = gm.userid"; + $params['groupid'] = $this->currentgroup; } if (!$subscribers = $DB->get_records_sql($fields.$from.' WHERE '.$wherecondition.$order, $params)) { $subscribers = array(); Index: mod/forum/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/index.php,v retrieving revision 1.139 diff -u -r1.139 index.php --- mod/forum/index.php 20 Mar 2010 22:15:58 -0000 1.139 +++ mod/forum/index.php 28 Mar 2010 21:42:11 -0000 @@ -91,7 +91,7 @@ $subscribed_forums = forum_get_subscribed_forums($course); -if ($can_subscribe = (!isguestuser() && has_capability('moodle/course:view', $coursecontext))) { +if ($can_subscribe = (!is_enrolled($coursecontext))) { $generaltable->head[] = $strsubscribed; $generaltable->align[] = 'center'; } Index: mod/forum/rate.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/rate.php,v retrieving revision 1.39 diff -u -r1.39 rate.php --- mod/forum/rate.php 16 Jan 2010 15:40:07 -0000 1.39 +++ mod/forum/rate.php 28 Mar 2010 21:42:17 -0000 @@ -48,17 +48,14 @@ require_login($course, false, $cm); -if (isguestuser()) { - print_error('noguestrate', 'forum'); -} +$context = get_context_instance(CONTEXT_MODULE, $cm->id); +require_capability('mod/forum:rate', $context); + if (!$forum->assessed) { print_error('norate', 'forum'); } -$context = get_context_instance(CONTEXT_MODULE, $cm->id); -require_capability('mod/forum:rate', $context); - if ($data = data_submitted() and confirm_sesskey()) { $discussionid = false; Index: mod/forum/markposts.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/markposts.php,v retrieving revision 1.32 diff -u -r1.32 markposts.php --- mod/forum/markposts.php 16 Jan 2010 15:40:07 -0000 1.32 +++ mod/forum/markposts.php 28 Mar 2010 21:42:17 -0000 @@ -54,7 +54,7 @@ $user = $USER; -require_course_login($course, false, $cm); +require_login($course, false, $cm); if ($returnpage == 'index.php') { $returnto = forum_go_back_to($returnpage.'?id='.$course->id); @@ -62,7 +62,7 @@ $returnto = forum_go_back_to($returnpage.'?f='.$forum->id); } -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { // Guests can't change forum +if (isguestuser()) { // Guests can't change forum $PAGE->set_title($course->shortname); $PAGE->set_heading($course->fullname); echo $OUTPUT->header(); Index: course/info.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/info.php,v retrieving revision 1.41 diff -u -r1.41 info.php --- course/info.php 16 Jan 2010 15:39:58 -0000 1.41 +++ course/info.php 28 Mar 2010 21:41:14 -0000 @@ -61,13 +61,12 @@ $course->summary = file_rewrite_pluginfile_urls($course->summary, 'pluginfile.php', $context->id, 'course_summary', $course->id); echo format_text($course->summary, $course->summaryformat, NULL, $course->id); - if ($managerroles = get_config('', 'coursemanager')) { - $coursemanagerroles = split(',', $managerroles); + if (!empty($CFG->coursemanager)) { + $coursemanagerroles = explode(',', $CFG->coursemanager); foreach ($coursemanagerroles as $roleid) { $role = $DB->get_record('role', array('id'=>$roleid)); - $canseehidden = has_capability('moodle/role:viewhiddenassigns', $context); $roleid = (int) $roleid; - if ($users = get_role_users($roleid, $context, true, '', 'u.lastname ASC', $canseehidden)) { + if ($users = get_role_users($roleid, $context, true)) { foreach ($users as $teacher) { $fullname = fullname($teacher, has_capability('moodle/site:viewfullnames', $context)); $namesarray[] = format_string(role_get_name($role, $context)).':

"; $course->summary .= "$strcategory: category\">"; @@ -253,11 +249,7 @@ foreach ($courses as $course) { - if (isset($course->context)) { - $coursecontext = $course->context; - } else { - $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); - } + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); $linkcss = $course->visible ? "" : " class=\"dimmed\" "; Index: course/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/lib.php,v retrieving revision 1.723 diff -u -r1.723 lib.php --- course/lib.php 25 Mar 2010 06:38:25 -0000 1.723 +++ course/lib.php 28 Mar 2010 21:41:16 -0000 @@ -889,7 +889,7 @@ $timestart = round(time() - COURSE_MAX_RECENT_PERIOD, -2); // better db caching for guests - 100 seconds - if (!has_capability('moodle/legacy:guest', $context, NULL, false)) { + if (!isguestuser()) { if (!empty($USER->lastcourseaccess[$course->id])) { if ($USER->lastcourseaccess[$course->id] > $timestart) { $timestart = $USER->lastcourseaccess[$course->id]; @@ -1184,7 +1184,7 @@ $display = 0; } - if (empty($USER->id) or $USER->username == 'guest') { + if (!isloggedin() or isguestuser()) { //do not store settings in db for guests } else if ($DB->record_exists("course_display", array("userid" => $USER->id, "course"=>$courseid))) { $DB->set_field("course_display", "display", $display, array("userid"=>$USER->id, "course"=>$courseid)); @@ -2036,7 +2036,7 @@ if (empty($CFG->enablecourserequests)) { return; } - if (isloggedin() && !isguestuser() && !has_capability('moodle/course:create', $systemcontext) && has_capability('moodle/course:request', $systemcontext)) { + if (!has_capability('moodle/course:create', $systemcontext) && has_capability('moodle/course:request', $systemcontext)) { /// Print a button to request a new course echo $OUTPUT->single_button('request.php', get_string('requestcourse'), 'get'); } @@ -2121,8 +2121,8 @@ if ($courses) { echo '

    '; foreach ($courses as $course) { - if ($course->visible == 1 - || has_capability('moodle/course:viewhiddencourses',$course->context)) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + if ($course->visible == 1 || has_capability('moodle/course:viewhiddencourses', $coursecontext)) { echo '
  • '; print_course($course); echo "
    • \n"; @@ -2151,11 +2151,7 @@ function print_course($course, $highlightterms = '') { global $CFG, $USER, $DB, $OUTPUT; - if (isset($course->context)) { - $context = $course->context; - } else { - $context = get_context_instance(CONTEXT_COURSE, $course->id); - } + $context = get_context_instance(CONTEXT_COURSE, $course->id); // Rewrite file URLs so that they are correct $course->summary = file_rewrite_pluginfile_urls($course->summary, 'pluginfile.php', $context->id, 'course_summary', $course->id); @@ -2172,7 +2168,6 @@ if (!empty($CFG->coursemanager)) { $managerroles = split(',', $CFG->coursemanager); - $canseehidden = has_capability('moodle/role:viewhiddenassigns', $context); $namesarray = array(); if (isset($course->managers)) { if (count($course->managers)) { @@ -2194,27 +2189,20 @@ } $usersshown[] = $ra->user->id; - if ($ra->hidden == 0 || $canseehidden) { - $fullname = fullname($ra->user, $canviewfullnames); - if ($ra->hidden == 1) { - $status = " pix_url('t/show') . "\" title=\"".get_string('userhashiddenassignments', 'role')."\" alt=\"".get_string('hiddenassign')."\" class=\"hide-show-image\"/>"; - } else { - $status = ''; - } - - if (isset($aliasnames[$ra->roleid])) { - $ra->rolename = $aliasnames[$ra->roleid]->name; - } + $fullname = fullname($ra->user, $canviewfullnames); - $namesarray[] = format_string($ra->rolename) - . ':     ' - . $fullname . '' . $status; + if (isset($aliasnames[$ra->roleid])) { + $ra->rolename = $aliasnames[$ra->roleid]->name; } + + $namesarray[] = format_string($ra->rolename) + . ': ' + . $fullname . ''; } } } else { $rusers = get_role_users($managerroles, $context, - true, '', 'r.sortorder ASC, u.lastname ASC', $canseehidden); + true, '', 'r.sortorder ASC, u.lastname ASC'); if (is_array($rusers) && count($rusers)) { $canviewfullnames = has_capability('moodle/site:viewfullnames', $context); @@ -2268,7 +2256,7 @@ function print_my_moodle() { global $USER, $CFG, $DB, $OUTPUT; - if (empty($USER->id)) { + if (!isloggedin() or isguestuser()) { print_error('nopermissions', '', '', 'See My Moodle'); } @@ -3402,43 +3390,6 @@ return false; } -/** - * Return all course participant for a given course - * @global object $DB - * @param integer $courseid - * @return array of user - */ -function get_course_participants ($courseid) { - global $DB; - $users = get_users_by_capability( - get_context_instance(CONTEXT_COURSE, $courseid), - 'moodle/course:view'); - return $users; -} - - -/** - * Return true if the user is a participant for a given course - * @global object $DB - * @param integer $userid - * @param integer $courseid - * @return boolean - */ -function is_course_participant ($userid, $courseid) { - global $DB; - $users = get_users_by_capability( - get_context_instance(CONTEXT_COURSE, $courseid), - 'moodle/course:view','u.id'); - - foreach($users as $user) { - if ($user->id == $userid) { - return true; - } - } - - return false; -} - function get_course_by_id ($id) { global $DB; return $DB->get_record('course', array('id' => $id)); @@ -3759,8 +3710,8 @@ if ($course->id) { $course = $DB->get_record('course', array('id' => $course->id)); blocks_add_default_course_blocks($course); - $course->context = get_context_instance(CONTEXT_COURSE, $course->id); - role_assign($CFG->creatornewroleid, $this->properties->requester, 0, $course->context->id); // assing teacher role + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + role_assign($CFG->creatornewroleid, $this->properties->requester, 0, $coursecontext->id); // assing teacher role if (!empty($CFG->restrictmodulesfor) && $CFG->restrictmodulesfor != 'none' && !empty($CFG->restrictbydefault)) { // if we're all or requested we're ok. $allowedmods = explode(',',$CFG->defaultallowedmodules); @@ -3823,8 +3774,9 @@ $fs = get_file_storage(); $files = $fs->get_area_files(self::summary_editor_context()->id, self::summary_editor_filearea(), $this->properties->id); foreach ($files as $file) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); if (!$file->is_directory()) { - $filerecord = array('contextid'=>$course->context->id, 'filearea'=>'course_summary', 'itemid'=>$course->id, 'filepath'=>$file->get_filepath(), 'filename'=>$file->get_filename()); + $filerecord = array('contextid'=>$coursecontext->id, 'filearea'=>'course_summary', 'itemid'=>$course->id, 'filepath'=>$file->get_filepath(), 'filename'=>$file->get_filename()); $fs->create_file_from_storedfile($filerecord, $file); } } Index: course/edit.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/edit.php,v retrieving revision 1.128 diff -u -r1.128 edit.php --- course/edit.php 28 Jan 2010 07:00:16 -0000 1.128 +++ course/edit.php 28 Mar 2010 21:41:14 -0000 @@ -105,7 +105,7 @@ $DB->update_record('course', $editordata); // assign default role to creator if not already having permission to manage course assignments - if (!has_capability('moodle/course:view', $context) or !has_capability('moodle/role:assign', $context)) { + if (!is_inspecting($context, NULL, 'moodle/role:assign') and !is_enrolled($context, NULL, 'moodle/role:assign')) { role_assign($CFG->creatornewroleid, $USER->id, 0, $context->id); } Index: course/loginas.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/loginas.php,v retrieving revision 1.60 diff -u -r1.60 loginas.php --- course/loginas.php 16 Jan 2010 15:39:58 -0000 1.60 +++ course/loginas.php 28 Mar 2010 21:41:16 -0000 @@ -49,19 +49,19 @@ require_login(); if (has_capability('moodle/user:loginas', $systemcontext)) { - if (has_capability('moodle/site:doanything', $systemcontext, $userid, false)) { + if (is_siteadmin($userid)) { print_error('nologinas'); } $context = $systemcontext; } else { require_login($course); require_capability('moodle/user:loginas', $coursecontext); - if (!has_capability('moodle/course:view', $coursecontext, $userid, false)) { - print_error('usernotincourse'); - } - if (has_capability('moodle/site:doanything', $coursecontext, $userid, false)) { + if (is_siteadmin($userid)) { print_error('nologinas'); } + if (!is_enrolled($coursecontext, $userid)) { + print_error('usernotincourse'); + } $context = $coursecontext; } Index: course/enrol.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/enrol.php,v retrieving revision 1.62 diff -u -r1.62 enrol.php --- course/enrol.php 16 Jan 2010 15:39:58 -0000 1.62 +++ course/enrol.php 28 Mar 2010 21:41:14 -0000 @@ -38,7 +38,7 @@ } $PAGE->set_url($url); -if (!isloggedin()) { +if (!isloggedin() or isguestuser()) { // do not use require_login here because we are usually comming from it redirect(get_login_url()); } @@ -66,7 +66,7 @@ /// thus got to this script by mistake. This might occur if enrolments /// changed during this session or something -if (has_capability('moodle/course:view', $context) and !has_capability('moodle/legacy:guest', $context, NULL, false)) { +if (has_capability('moodle/course:view', $context)) { if (!empty($SESSION->wantsurl)) { $destination = $SESSION->wantsurl; unset($SESSION->wantsurl); Index: course/category.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/category.php,v retrieving revision 1.177 diff -u -r1.177 category.php --- course/category.php 19 Feb 2010 17:50:19 -0000 1.177 +++ course/category.php 28 Mar 2010 21:41:13 -0000 @@ -307,11 +307,7 @@ $spacer = ' '; foreach ($courses as $acourse) { - if (isset($acourse->context)) { - $coursecontext = $acourse->context; - } else { - $coursecontext = get_context_instance(CONTEXT_COURSE, $acourse->id); - } + $coursecontext = get_context_instance(CONTEXT_COURSE, $acourse->id); $count++; $up = ($count > 1 || !$atfirstpage); Index: course/recent_form.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/recent_form.php,v retrieving revision 1.6 diff -u -r1.6 recent_form.php --- course/recent_form.php 4 Nov 2009 08:11:02 -0000 1.6 +++ course/recent_form.php 28 Mar 2010 21:41:17 -0000 @@ -52,14 +52,14 @@ if (groups_get_course_groupmode($COURSE) == SEPARATEGROUPS) { $groups = groups_get_user_groups($COURSE->id); - $groups = $groups[0]; + $group = $groups[0]; } else { - $groups = ''; + $group = ''; } - if ($courseusers = get_users_by_capability($context, 'moodle/course:view', 'u.id, u.firstname, u.lastname', 'lastname ASC, firstname DESC', '', '', $groups)) { - foreach ($courseusers as $courseuser) { - $options[$courseuser->id] = fullname($courseuser, $viewfullnames); + if ($enrolled = get_enrolled_users($context, null, $group, user_picture::fields('u'))) { + foreach ($enrolled as $euser) { + $options[$euser->id] = fullname($euser, $viewfullnames); } } $mform->addElement('select', 'user', get_string('participants'), $options); Index: grade/export/ods/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/export/ods/db/access.php,v retrieving revision 1.6 diff -u -r1.6 access.php --- grade/export/ods/db/access.php 4 Nov 2009 19:24:15 -0000 1.6 +++ grade/export/ods/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -24,7 +24,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -33,7 +33,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: lib/outputrenderers.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/outputrenderers.php,v retrieving revision 1.173 diff -u -r1.173 outputrenderers.php --- lib/outputrenderers.php 28 Mar 2010 09:05:47 -0000 1.173 +++ lib/outputrenderers.php 28 Mar 2010 21:41:46 -0000 @@ -399,7 +399,7 @@ if (empty($course->id)) { // $course->id is not defined during installation return ''; - } else if (!empty($USER->id)) { + } else if (isloggedin()) { $context = get_context_instance(CONTEXT_COURSE, $course->id); $fullname = fullname($USER, true); Index: lib/upgradelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/upgradelib.php,v retrieving revision 1.50 diff -u -r1.50 upgradelib.php --- lib/upgradelib.php 22 Mar 2010 02:59:06 -0000 1.50 +++ lib/upgradelib.php 28 Mar 2010 21:41:50 -0000 @@ -40,10 +40,10 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class upgrade_exception extends moodle_exception { - function __construct($plugin, $version) { + function __construct($plugin, $version, $debuginfo=NULL) { global $CFG; $a = (object)array('plugin'=>$plugin, 'version'=>$version); - parent::__construct('upgradeerror', 'admin', "$CFG->wwwroot/$CFG->admin/index.php", $a); + parent::__construct('upgradeerror', 'admin', "$CFG->wwwroot/$CFG->admin/index.php", $a, $debuginfo); } } Index: lib/accesslib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/accesslib.php,v retrieving revision 1.628 diff -u -r1.628 accesslib.php --- lib/accesslib.php 24 Mar 2010 13:10:10 -0000 1.628 +++ lib/accesslib.php 28 Mar 2010 21:41:26 -0000 @@ -188,13 +188,13 @@ $ACCESSLIB_PRIVATE = new stdClass; $ACCESSLIB_PRIVATE->contexts = array(); // Cache of context objects by level and instance $ACCESSLIB_PRIVATE->contextsbyid = array(); // Cache of context objects by id -$ACCESSLIB_PRIVATE->systemcontext = null; // Used in get_system_context -$ACCESSLIB_PRIVATE->dirtycontexts = null; // Dirty contexts cache +$ACCESSLIB_PRIVATE->systemcontext = NULL; // Used in get_system_context +$ACCESSLIB_PRIVATE->dirtycontexts = NULL; // Dirty contexts cache $ACCESSLIB_PRIVATE->accessdatabyuser = array(); // Holds the $accessdata structure for users other than $USER $ACCESSLIB_PRIVATE->roledefinitions = array(); // role definitions cache - helps a lot with mem usage in cron $ACCESSLIB_PRIVATE->croncache = array(); // Used in get_role_access $ACCESSLIB_PRIVATE->preloadedcourses = array(); // Used in preload_course_contexts. -$ACCESSLIB_PRIVATE->capabilitynames = null; // Used in is_valid_capability (only in developer debug mode) +$ACCESSLIB_PRIVATE->capabilities = NULL; // detailed information about the capabilities /** * Clears accesslib's private caches. ONLY BE USED BY UNIT TESTS @@ -213,13 +213,13 @@ } $ACCESSLIB_PRIVATE->contexts = array(); $ACCESSLIB_PRIVATE->contextsbyid = array(); - $ACCESSLIB_PRIVATE->systemcontext = null; - $ACCESSLIB_PRIVATE->dirtycontexts = null; + $ACCESSLIB_PRIVATE->systemcontext = NULL; + $ACCESSLIB_PRIVATE->dirtycontexts = NULL; $ACCESSLIB_PRIVATE->accessdatabyuser = array(); $ACCESSLIB_PRIVATE->roledefinitions = array(); $ACCESSLIB_PRIVATE->croncache = array(); $ACCESSLIB_PRIVATE->preloadedcourses = array(); - $ACCESSLIB_PRIVATE->capabilitynames = null; + $ACCESSLIB_PRIVATE->capabilities = NULL; unset($USER->access); } @@ -295,7 +295,7 @@ * @global object * @global object * @param int $roleid - * @param array $accessdata defaults to null + * @param array $accessdata defaults to NULL * @return array */ function get_role_access($roleid, $accessdata=NULL) { @@ -366,7 +366,7 @@ * @global object * @global object * @param int $roleid - * @param array $accessdata defaults to null + * @param array $accessdata defaults to NULL * @return array */ function get_default_frontpage_role_access($roleid, $accessdata=NULL) { @@ -414,7 +414,7 @@ global $CFG, $DB; if (empty($CFG->guestroleid)) { - if ($roles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) { + if ($roles = $DB->get_records('role', array('archetype'=>'guest'))) { $guestrole = array_shift($roles); // Pick the first one set_config('guestroleid', $guestrole->id); return $guestrole; @@ -441,16 +441,18 @@ * has_capability('mod/forum:replypost',$context) * * By default checks the capabilties of the current user, but you can pass a - * different userid. By default will return true for admin-like users who have the - * moodle/site:doanything capability, but you can override that with the fourth argument. + * different userid. By default will return true for admin users, but you can override that with the fourth argument. + * + * Guest and not-logged-in users can never get any dangerous capability - that is any write capability + * or capabilities with XSS, config or data loss risks. * * @param string $capability the name of the capability to check. For example mod/forum:view * @param object $context the context to check the capability in. You normally get this with {@link get_context_instance}. - * @param integer $userid A user id. By default (null) checks the permissions of the current user. - * @param boolean $doanything If false, ignore the special moodle/site:doanything capability that admin-like roles have. + * @param integer|object $user A user id or object. By default (NULL) checks the permissions of the current user. + * @param boolean $doanything If false, ignores effect of admin role assignment * @return boolean true if the user has this capability. Otherwise false. */ -function has_capability($capability, $context, $userid=NULL, $doanything=true) { +function has_capability($capability, $context, $user = NULL, $doanything=true) { global $USER, $CFG, $DB, $SCRIPT, $ACCESSLIB_PRIVATE; if (during_initial_install()) { @@ -462,29 +464,36 @@ } } + if (strpos($capability, 'moodle/legacy:') === 0) { + throw new coding_exception('Legacy capabilities can not be used any more!'); + } + // the original $CONTEXT here was hiding serious errors // for security reasons do not reuse previous context if (empty($context)) { debugging('Incorrect context specified'); return false; } + if (!is_bool($doanything)) { + throw new coding_exception('Capability parameter "doanything" is wierd ("'.$doanything.'"). This has to be fixed in code.'); + } -/// Some sanity checks - if (debugging('',DEBUG_DEVELOPER)) { - if (!is_valid_capability($capability)) { - debugging('Capability "'.$capability.'" was not found! This should be fixed in code.'); - } - if (!is_bool($doanything)) { - debugging('Capability parameter "doanything" is wierd ("'.$doanything.'"). This should be fixed in code.'); - } + // make sure there is a real user specified + if ($user === NULL) { + $userid = !empty($USER->id) ? $USER->id : 0; + } else { + $userid = !empty($user->id) ? $user->id : $user; } - if (empty($userid)) { // we must accept null, 0, '0', '' etc. in $userid - if (empty($USER->id)) { - // Session not set up yet. - $userid = 0; - } else { - $userid = $USER->id; + // capability must exist + if (!$capinfo = get_capability_info($capability)) { + debugging('Capability "'.$capability.'" was not found! This should be fixed in code.'); + return false; + } + // make sure the guest account and not-logged-in users never get any risky caps no matter what the actual settings are. + if (($capinfo->captype === 'write') or ((int)$capinfo->riskbitmask & (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))) { + if (isguestuser($userid) or $userid == 0) { + return false; } } @@ -546,6 +555,14 @@ } } + // Find out if user is admin - it is not possible to override the doanything in any way + // and it is not possible to switch to admin role either. + if ($doanything) { + if (is_siteadmin($userid)) { + return true; + } + } + // divulge how many times we are called //// error_log("has_capability: id:{$context->id} path:{$context->path} userid:$userid cap:$capability"); @@ -561,7 +578,7 @@ // if ($context->contextlevel <= CONTEXT_COURSE) { // Course and above are always preloaded - return has_capability_in_accessdata($capability, $context, $USER->access, $doanything); + return has_capability_in_accessdata($capability, $context, $USER->access); } // Load accessdata for below-the-course contexts if (!path_inaccessdata($context->path,$USER->access)) { @@ -570,15 +587,16 @@ // error_log("bt {$bt[0]['file']} {$bt[0]['line']}"); load_subcontext($USER->id, $context, $USER->access); } - return has_capability_in_accessdata($capability, $context, $USER->access, $doanything); + return has_capability_in_accessdata($capability, $context, $USER->access); } if (!isset($ACCESSLIB_PRIVATE->accessdatabyuser[$userid])) { load_user_accessdata($userid); } + if ($context->contextlevel <= CONTEXT_COURSE) { // Course and above are always preloaded - return has_capability_in_accessdata($capability, $context, $ACCESSLIB_PRIVATE->accessdatabyuser[$userid], $doanything); + return has_capability_in_accessdata($capability, $context, $ACCESSLIB_PRIVATE->accessdatabyuser[$userid]); } // Load accessdata for below-the-course contexts as needed if (!path_inaccessdata($context->path, $ACCESSLIB_PRIVATE->accessdatabyuser[$userid])) { @@ -587,7 +605,7 @@ // error_log("bt {$bt[0]['file']} {$bt[0]['line']}"); load_subcontext($userid, $context, $ACCESSLIB_PRIVATE->accessdatabyuser[$userid]); } - return has_capability_in_accessdata($capability, $context, $ACCESSLIB_PRIVATE->accessdatabyuser[$userid], $doanything); + return has_capability_in_accessdata($capability, $context, $ACCESSLIB_PRIVATE->accessdatabyuser[$userid]); } /** @@ -603,8 +621,8 @@ * @see has_capability() * @param array $capabilities an array of capability names. * @param object $context the context to check the capability in. You normally get this with {@link get_context_instance}. - * @param integer $userid A user id. By default (null) checks the permissions of the current user. - * @param boolean $doanything If false, ignore the special moodle/site:doanything capability that admin-like roles have. + * @param integer $userid A user id. By default (NULL) checks the permissions of the current user. + * @param boolean $doanything If false, ignore effect of admin role assignment * @return boolean true if the user has any of these capabilities. Otherwise false. */ function has_any_capability($capabilities, $context, $userid=NULL, $doanything=true) { @@ -633,8 +651,8 @@ * @see has_capability() * @param array $capabilities an array of capability names. * @param object $context the context to check the capability in. You normally get this with {@link get_context_instance}. - * @param integer $userid A user id. By default (null) checks the permissions of the current user. - * @param boolean $doanything If false, ignore the special moodle/site:doanything capability that admin-like roles have. + * @param integer $userid A user id. By default (NULL) checks the permissions of the current user. + * @param boolean $doanything If false, ignore effect of admin role assignment * @return boolean true if the user has all of these capabilities. Otherwise false. */ function has_all_capabilities($capabilities, $context, $userid=NULL, $doanything=true) { @@ -651,101 +669,58 @@ } /** - * Check if the user is an admin at the site level + * Check if the user is an admin at the site level. * - * Uses 1 DB query to answer whether a user is an admin at the sitelevel. - * It depends on DB schema >=1.7 but does not depend on the new datastructures - * in v1.9 (context.path, or $USER->access) + * Please note that use of proper capabilities is always encouraged, + * this function is supposed to be used from core or for temporary hacks. * - * Will return true if the userid has any of - * - moodle/site:config - * - moodle/legacy:admin - * - moodle/site:doanything - * - * @global object - * @global object - * @param int $userid - * @returns bool true is user can administer server settings + * @param int|object $user_or_id user id or user object + * @returns bool true if user is one of the administrators, false otherwise */ -function is_siteadmin($userid) { - global $CFG, $DB; - - $sql = "SELECT SUM(rc.permission) - FROM {role_capabilities} rc - JOIN {context} ctx - ON ctx.id=rc.contextid - JOIN {role_assignments} ra - ON ra.roleid=rc.roleid AND ra.contextid=ctx.id - WHERE ctx.contextlevel=10 - AND ra.userid=? - AND rc.capability IN (?, ?, ?) - GROUP BY rc.capability - HAVING SUM(rc.permission) > 0"; - $params = array($userid, 'moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything'); - - return $DB->record_exists_sql($sql, $params); -} +function is_siteadmin($user_or_id = NULL) { + global $CFG, $USER; -/** - * Check whether a role is an admin at the site level - * - * Will return true if the userid has any of - * - moodle/site:config - * - moodle/legacy:admin - * - moodle/site:doanything - * - * @global object - * @param integer $roleid a role id. - * @return boolean, whether this role is an admin role. - */ -function is_admin_role($roleid) { - global $DB; + if ($user_or_id === NULL) { + $user_or_id = $USER; + } - $sql = "SELECT 1 - FROM {role_capabilities} rc - JOIN {context} ctx ON ctx.id = rc.contextid - WHERE ctx.contextlevel = 10 - AND rc.roleid = ? - AND rc.capability IN (?, ?, ?) - GROUP BY rc.capability - HAVING SUM(rc.permission) > 0"; - $params = array($roleid, 'moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything'); + if (empty($user_or_id)) { + return false; + } + if (!empty($user_or_id->id)) { + // we support + $userid = $user_or_id->id; + } else { + $userid = $user_or_id; + } - return $DB->record_exists_sql($sql, $params); + $siteadmins = explode(',', $CFG->siteadmins); + return in_array($userid, $siteadmins); } /** - * Returns all the roles for which is_admin_role($role->id) is true. - * - * @global object - * @return array + * Returns true if user has at least one role assign + * of 'coursemanager' role (is potentially listed in some course descriptions). + * @param $userid + * @return unknown_type */ -function get_admin_roles() { +function has_coursemanager_role($userid) { global $DB; - $sql = "SELECT * - FROM {role} r - WHERE EXISTS ( - SELECT 1 - FROM {role_capabilities} rc - JOIN {context} ctx ON ctx.id = rc.contextid - WHERE ctx.contextlevel = 10 - AND rc.roleid = r.id - AND rc.capability IN (?, ?, ?) - GROUP BY rc.capability - HAVING SUM(rc.permission) > 0 - ) - ORDER BY r.sortorder"; - $params = array('moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything'); - - return $DB->get_records_sql($sql, $params); + if (empty($CFG->coursemanager)) { + return false; + } + $sql = "SELECT 1 + FROM {role_assignments} + WHERE userid = :userid AND roleid IN ($CFG->coursemanager)"; + return $DB->record_exists($sql, array('userid'=>$userid)); } /** * @param string $path * @return string */ -function get_course_from_path ($path) { +function get_course_from_path($path) { // assume that nothing is more than 1 course deep if (preg_match('!^(/.+)/\d+$!', $path, $matches)) { return $matches[1]; @@ -813,23 +788,12 @@ * and then verify if user has at least one role with allow * and at the same time no role with prohibit. * - * Incorrectly set Guest role as Default user role - * ----------------------------------------------- - * Admins have to make sure that the "Default user role" does - * not have 'moodle/course:view' or 'moodle/legacy:guest'! - * - * Incorrectly set Frontpage role - * ------------------------------ - * Admins have to make sure that the "Frontpage role" does - * not have 'moodle/legacy:guest'. - * * @param string $capability * @param object $context * @param array $accessdata - * @param bool $doanything * @return bool */ -function has_capability_in_accessdata($capability, $context, array $accessdata, $doanything) { +function has_capability_in_accessdata($capability, $context, array $accessdata) { global $CFG; if (empty($context->id)) { @@ -845,11 +809,6 @@ } unset($contextids); - if ($doanything and strpos($capability, 'moodle/legacy:') === 0) { - // admins do not have any legacy capabilities - $doanything = false; - } - $roles = array(); $switchedrole = false; @@ -859,7 +818,7 @@ foreach ($paths as $path) { if (isset($accessdata['rsw'][$path])) { // Found a switchrole assignment - check for that role _plus_ the default user role - $roles = array($accessdata['rsw'][$path]=>null, $CFG->defaultuserroleid=>null); + $roles = array($accessdata['rsw'][$path]=>NULL, $CFG->defaultuserroleid=>NULL); $switchedrole = true; break; } @@ -871,24 +830,9 @@ foreach ($paths as $path) { if (isset($accessdata['ra'][$path])) { foreach ($accessdata['ra'][$path] as $roleid) { - $roles[$roleid] = null; - } - } - } - - // Find out if user is admin - it is not possible to override the doanything in any way - // and it is not possible to switch to admin role either. - if ($doanything or $capability === 'moodle/site:doanything') { - $systempath = '/'.SYSCONTEXTID; - foreach ($roles as $roleid=>$ignored) { - if (isset($accessdata['rdef']["{$systempath}:$roleid"]['moodle/site:doanything']) and $accessdata['rdef']["{$systempath}:$roleid"]['moodle/site:doanything'] == CAP_ALLOW) { - return true; + $roles[$roleid] = NULL; } } - if ($capability === 'moodle/site:doanything') { - // do anything can not be overridden, prevented or prohibited - return false; - } } } @@ -958,8 +902,8 @@ * * @param string $capability the name of the capability to check. For example mod/forum:view * @param object $context the context to check the capability in. You normally get this with {@link get_context_instance}. - * @param integer $userid A user id. By default (null) checks the permissions of the current user. - * @param bool $doanything If false, ignore the special moodle/site:doanything capability that admin-like roles have. + * @param integer $userid A user id. By default (NULL) checks the permissions of the current user. + * @param bool $doanything If false, ignore effect of admin role assignment * @param string $errorstring The error string to to user. Defaults to 'nopermissions'. * @param string $stringfile The language file to load the error string from. Defaults to 'error'. * @return void terminates with an error if the user does not have the given capability. @@ -1015,13 +959,13 @@ * @global object * @param string $capability - name of the capability * @param array $accessdata - accessdata session array - * @param bool $doanything - if false, ignore do anything + * @param bool $doanything_ignored - admin roles are completely ignored here * @param string $sort - sorting fields - prefix each fieldname with "c." * @param array $fields - additional fields you are interested in... * @param int $limit - set if you want to limit the number of courses * @return array $courses - ordered array of course objects - see notes above */ -function get_user_courses_bycap($userid, $cap, $accessdata, $doanything, $sort='c.sortorder ASC', $fields=NULL, $limit=0) { +function get_user_courses_bycap($userid, $cap, $accessdata, $doanything_ignored, $sort='c.sortorder ASC', $fields=NULL, $limit=0) { global $CFG, $DB; @@ -1047,7 +991,7 @@ } $sysctx = get_context_instance(CONTEXT_SYSTEM); - if (has_capability_in_accessdata($cap, $sysctx, $accessdata, $doanything)) { + if (has_capability_in_accessdata($cap, $sysctx, $accessdata)) { // // Apparently the user has the cap sitewide, so walk *every* course // (the cap checks are moderately fast, but this moves massive bandwidth w the db) @@ -1080,7 +1024,7 @@ $catpaths = array(); foreach ($rs as $catctx) { if ($catctx->path != '' - && has_capability_in_accessdata($cap, $catctx, $accessdata, $doanything)) { + && has_capability_in_accessdata($cap, $catctx, $accessdata)) { $catpaths[] = $catctx->path; } } @@ -1096,12 +1040,6 @@ } unset($catpaths); - $capany = ''; - if ($doanything) { - $capany = " OR rc.capability=:doany"; - $params['doany'] = 'moodle/site:doanything'; - } - /// UNION 3 queries: /// - user role assignments in courses /// - user capability (override - any status) in courses @@ -1109,11 +1047,11 @@ /// Enclosing the 3-UNION into an inline_view to avoid column names conflict and making the ORDER BY cross-db /// and to allow selection of TEXT columns in the query (MSSQL and Oracle limitation). MDL-16209 $sql = " - SELECT $coursefields, ctxid, ctxpath, ctxdepth, ctxlevel, categorypath + SELECT $coursefields, ctxid, ctxpath, ctxdepth, ctxlevel, ctxinstance, categorypath FROM ( SELECT c.id, ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel, + ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel, ctx.instanceid AS ctxinstance, cc.path AS categorypath FROM {course} c JOIN {course_categories} cc @@ -1125,7 +1063,7 @@ UNION SELECT c.id, ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel, + ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel, ctx.instanceid AS ctxinstance, cc.path AS categorypath FROM {course} c JOIN {course_categories} cc @@ -1133,14 +1071,14 @@ JOIN {context} ctx ON (c.id=ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSE.") JOIN {role_capabilities} rc - ON (rc.contextid=ctx.id AND (rc.capability=:cap $capany)) "; + ON (rc.contextid=ctx.id AND (rc.capability=:cap)) "; if (!empty($catclause)) { /// If we have found the right in categories, add child courses here too $sql .= " UNION SELECT c.id, ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel, + ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel, ctx.instanceid AS ctxinstance, cc.path AS categorypath FROM {course} c JOIN {course_categories} cc @@ -1171,9 +1109,9 @@ if ($rs) { foreach ($rs as $c) { // build the context obj - $c = make_context_subobj($c); + context_instance_preload($c); - if (has_capability_in_accessdata($cap, $c->context, $accessdata, $doanything)) { + if (has_capability_in_accessdata($cap, $c->context, $accessdata)) { if ($limit > 0 && $cc >= $limit) { break; } @@ -1489,7 +1427,7 @@ * @global object * @param integer $roleid the id of the user * @param object $context needs path! - * @param array $accessdata accessdata array null by default + * @param array $accessdata accessdata array NULL by default * @return array */ function get_role_access_bycontext($roleid, $context, $accessdata=NULL) { @@ -1850,47 +1788,25 @@ } /** - * Returns array of all legacy roles. + * Returns array of all role archetypes. * * @return array */ -function get_legacy_roles() { +function get_role_archetypes() { return array( - 'admin' => 'moodle/legacy:admin', - 'coursecreator' => 'moodle/legacy:coursecreator', - 'editingteacher' => 'moodle/legacy:editingteacher', - 'teacher' => 'moodle/legacy:teacher', - 'student' => 'moodle/legacy:student', - 'guest' => 'moodle/legacy:guest', - 'user' => 'moodle/legacy:user' + 'admin' => 'admin', + 'manager' => 'manager', + 'coursecreator' => 'coursecreator', + 'editingteacher' => 'editingteacher', + 'teacher' => 'teacher', + 'student' => 'student', + 'guest' => 'guest', + 'user' => 'user', + 'frontpage' => 'frontpage' ); } /** - * @param int roleid - * @return string - */ -function get_legacy_type($roleid) { - $sitecontext = get_context_instance(CONTEXT_SYSTEM); - $legacyroles = get_legacy_roles(); - - $result = ''; - foreach($legacyroles as $ltype=>$lcap) { - $localoverride = get_local_override($roleid, $sitecontext->id, $lcap); - if (!empty($localoverride->permission) and $localoverride->permission == CAP_ALLOW) { - //choose first selected legacy capability - reset the rest - if (empty($result)) { - $result = $ltype; - } else { - unassign_capability($lcap, $roleid); - } - } - } - - return $result; -} - -/** * Assign the defaults found in this capabality definition to roles that have * the corresponding legacy capabilities assigned to them. * @@ -1901,22 +1817,26 @@ * 'teacher' => CAP_ALLOW, * 'editingteacher' => CAP_ALLOW, * 'coursecreator' => CAP_ALLOW, - * 'admin' => CAP_ALLOW + * 'manager' => CAP_ALLOW * @return boolean success or failure. */ function assign_legacy_capabilities($capability, $legacyperms) { - $legacyroles = get_legacy_roles(); + $archetypes = get_role_archetypes(); foreach ($legacyperms as $type => $perm) { $systemcontext = get_context_instance(CONTEXT_SYSTEM); + if ($type === 'admin') { + debugging('Legacy type admin in access.php was renamed to manager, please update the code.'); + $type = 'manager'; + } - if (!array_key_exists($type, $legacyroles)) { + if (!array_key_exists($type, $archetypes)) { print_error('invalidlegacy', '', '', $type); } - if ($roles = get_roles_with_capability($legacyroles[$type], CAP_ALLOW)) { + if ($roles = get_archetype_roles($type)) { foreach ($roles as $role) { // Assign a site level capability. if (!assign_capability($capability, $perm, $role->id, $systemcontext->id)) { @@ -1928,24 +1848,6 @@ return true; } - -/** - * Checks to see if a capability is one of the special capabilities - * - * Checks to see if a capability is one of the special capabilities - * (either a legacy capability, or moodle/site:doanything). - * - * @param string $capabilityname the capability name, e.g. mod/forum:view. - * @return boolean whether this is one of the special capabilities. - */ -function is_legacy($capabilityname) { - if ($capabilityname == 'moodle/site:doanything' || strpos($capabilityname, 'moodle/legacy') === 0) { - return true; - } else { - return false; - } -} - /** * @param object $capability a capbility - a row from the capabilitites table. * @return boolean whether this capability is safe - that is, wether people with the @@ -1969,9 +1871,10 @@ * @global object * @param int $contextlevel * @param int $instanceid + * @param int $strictness * @return object newly created context */ -function create_context($contextlevel, $instanceid) { +function create_context($contextlevel, $instanceid, $strictness=IGNORE_MISSING) { global $CFG, $DB; @@ -1989,7 +1892,7 @@ $basedepth = 1; $result = true; - $error_message = null; + $error_message = NULL; switch ($contextlevel) { case CONTEXT_COURSECAT: @@ -2002,7 +1905,7 @@ if ($p = $DB->get_record_sql($sql, $params)) { $basepath = $p->path; $basedepth = $p->depth; - } else if ($category = $DB->get_record('course_categories', array('id'=>$instanceid))) { + } else if ($category = $DB->get_record('course_categories', array('id'=>$instanceid), '*', $strictness)) { if (empty($category->parent)) { // ok - this is a top category } else if ($parent = get_context_instance(CONTEXT_COURSECAT, $category->parent)) { @@ -2010,7 +1913,7 @@ $basedepth = $parent->depth; } else { // wrong parent category - no big deal, this can be fixed later - $basepath = null; + $basepath = NULL; $basedepth = 0; } } else { @@ -2030,7 +1933,7 @@ if ($p = $DB->get_record_sql($sql, $params)) { $basepath = $p->path; $basedepth = $p->depth; - } else if ($course = $DB->get_record('course', array('id'=>$instanceid))) { + } else if ($course = $DB->get_record('course', array('id'=>$instanceid), '*', $strictness)) { if ($course->id == SITEID) { //ok - no parent category } else if ($parent = get_context_instance(CONTEXT_COURSECAT, $course->category)) { @@ -2038,7 +1941,7 @@ $basedepth = $parent->depth; } else { // wrong parent category of course - no big deal, this can be fixed later - $basepath = null; + $basepath = NULL; $basedepth = 0; } } else if ($instanceid == SITEID) { @@ -2061,8 +1964,8 @@ if ($p = $DB->get_record_sql($sql, $params)) { $basepath = $p->path; $basedepth = $p->depth; - } else if ($cm = $DB->get_record('course_modules', array('id'=>$instanceid))) { - if ($parent = get_context_instance(CONTEXT_COURSE, $cm->course)) { + } else if ($cm = $DB->get_record('course_modules', array('id'=>$instanceid), '*', $strictness)) { + if ($parent = get_context_instance(CONTEXT_COURSE, $cm->course, $strictness)) { $basepath = $parent->path; $basedepth = $parent->depth; } else { @@ -2083,7 +1986,7 @@ JOIN {block_instances} bi ON (bi.parentcontextid=ctx.id) WHERE bi.id = ?"; $params = array($instanceid, CONTEXT_COURSE); - if ($p = $DB->get_record_sql($sql, $params)) { + if ($p = $DB->get_record_sql($sql, $params, '*', $strictness)) { $basepath = $p->path; $basedepth = $p->depth; } else { @@ -2102,24 +2005,24 @@ $context->depth = $basedepth+1; } - if ($result and $id = $DB->insert_record('context', $context)) { - // can't set the full path till we know the id! - if ($basedepth != 0 and !empty($basepath)) { - $DB->set_field('context', 'path', $basepath.'/'. $id, array('id'=>$id)); - } - return get_context_instance_by_id($id); - - } else { + if ($result) { debugging('Error: could not insert new context level "'. s($contextlevel).'", instance "'. s($instanceid).'". ' . $error_message); return false; } + + $id = $DB->insert_record('context', $context); + // can't set the full path till we know the id! + if ($basedepth != 0 and !empty($basepath)) { + $DB->set_field('context', 'path', $basepath.'/'. $id, array('id'=>$id)); + } + return get_context_instance_by_id($id); } /** - * Returns system context or null if can not be created yet. + * Returns system context or NULL if can not be created yet. * * @todo can not use get_record() because we do not know if query failed :-( * switch to get_record() later @@ -2127,7 +2030,7 @@ * @global object * @global object * @param bool $cache use caching - * @return mixed system context or null + * @return mixed system context or NULL */ function get_system_context($cache=true) { global $DB, $ACCESSLIB_PRIVATE; @@ -2146,7 +2049,7 @@ $context = $DB->get_record('context', array('contextlevel'=>CONTEXT_SYSTEM)); } catch (dml_exception $e) { //table does not exist yet, sorry - return null; + return NULL; } if (!$context) { @@ -2160,7 +2063,7 @@ $context->id = $DB->insert_record('context', $context); } catch (dml_exception $e) { // can not create context yet, sorry - return null; + return NULL; } } @@ -2227,7 +2130,7 @@ * @param bool $buildpaths update paths and depths * @return void */ -function create_contexts($contextlevel=null, $buildpaths=true) { +function create_contexts($contextlevel=NULL, $buildpaths=true) { global $DB; //make sure system context exists @@ -2404,9 +2307,11 @@ * @param integer $level The context level, for example CONTEXT_COURSE, or CONTEXT_MODULE. * @param integer $instance The instance id. For $level = CONTEXT_COURSE, this would be $course->id, * for $level = CONTEXT_MODULE, this would be $cm->id. And so on. Defaults to 0 + * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found; + * MUST_EXIST means throw exception if no record or multiple records found * @return object The context object. */ -function get_context_instance($contextlevel, $instance=0) { +function get_context_instance($contextlevel, $instance=0, $strictness=IGNORE_MISSING) { global $DB, $ACCESSLIB_PRIVATE; static $allowed_contexts = array(CONTEXT_SYSTEM, CONTEXT_USER, CONTEXT_COURSECAT, CONTEXT_COURSE, CONTEXT_MODULE, CONTEXT_BLOCK); @@ -2439,7 +2344,7 @@ /// Get it from the database, or create it if (!$context = $DB->get_record('context', array('contextlevel'=>$contextlevel, 'instanceid'=>$instance))) { - $context = create_context($contextlevel, $instance); + $context = create_context($contextlevel, $instance, $strictness); } /// Only add to cache if context isn't empty. @@ -2544,8 +2449,8 @@ global $DB; $context = get_context_instance_by_id($contextid, MUST_EXIST); - $course = null; - $cm = null; + $course = NULL; + $cm = NULL; if ($context->contextlevel == CONTEXT_COURSE) { $course = $DB->get_record('course', array('id'=>$context->instanceid), '*', MUST_EXIST); @@ -2582,12 +2487,22 @@ * @param string $name role name * @param string $shortname role short name * @param string $description role description - * @param string $legacy optional legacy capability + * @param string $archetype * @return mixed id or dml_exception */ -function create_role($name, $shortname, $description, $legacy='') { +function create_role($name, $shortname, $description, $archetype='') { global $DB; + if (strpos($archetype, 'moodle/legacy:') !== false) { + throw new coding_exception('Use new role archetype parameter in create_role() instead of old legacy capabilities.'); + } + + // verify role archetype actually exists + $archetypes = get_role_archetypes(); + if (empty($archetypes[$archetype])) { + $archetype = ''; + } + // Get the system context. $context = get_context_instance(CONTEXT_SYSTEM); @@ -2596,6 +2511,7 @@ $role->name = $name; $role->shortname = $shortname; $role->description = $description; + $role->archetype = $archetype; //find free sortorder number $role->sortorder = $DB->get_field('role', 'MAX(sortorder) + 1', array()); @@ -2604,83 +2520,39 @@ } $id = $DB->insert_record('role', $role); - if ($legacy) { - assign_capability($legacy, CAP_ALLOW, $id, $context->id); - } - return $id; } /** * Function that deletes a role and cleanups up after it * - * @global object - * @global object * @param int $roleid id of role to delete - * @return bool + * @return bool lways true */ function delete_role($roleid) { global $CFG, $DB; - $success = true; - -// mdl 10149, check if this is the last active admin role -// if we make the admin role not deletable then this part can go - - $systemcontext = get_context_instance(CONTEXT_SYSTEM); - - if ($role = $DB->get_record('role', array('id'=>$roleid))) { - if ($DB->record_exists('role_capabilities', array('contextid'=>$systemcontext->id, 'roleid'=>$roleid, 'capability'=>'moodle/site:doanything'))) { - // deleting an admin role - $status = false; - if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext)) { - foreach ($adminroles as $adminrole) { - if ($adminrole->id != $roleid) { - // some other admin role - if ($DB->record_exists('role_assignments', array('roleid'=>$adminrole->id, 'contextid'=>$systemcontext->id))) { - // found another admin role with at least 1 user assigned - $status = true; - break; - } - } - } - } - if ($status !== true) { - print_error('cannotdeleterolenoadmin', 'access'); - } - } - } -// first unssign all users - if (!role_unassign($roleid)) { - debugging("Error while unassigning all users from role with ID $roleid!"); - $success = false; - } + // first unssign all users + role_unassign($roleid); -// cleanup all references to this role, ignore errors - if ($success) { - $DB->delete_records('role_capabilities', array('roleid'=>$roleid)); - $DB->delete_records('role_allow_assign', array('roleid'=>$roleid)); - $DB->delete_records('role_allow_assign', array('allowassign'=>$roleid)); - $DB->delete_records('role_allow_override', array('roleid'=>$roleid)); - $DB->delete_records('role_allow_override', array('allowoverride'=>$roleid)); - $DB->delete_records('role_names', array('roleid'=>$roleid)); - $DB->delete_records('role_context_levels', array('roleid'=>$roleid)); - } + // cleanup all references to this role, ignore errors + $DB->delete_records('role_capabilities', array('roleid'=>$roleid)); + $DB->delete_records('role_allow_assign', array('roleid'=>$roleid)); + $DB->delete_records('role_allow_assign', array('allowassign'=>$roleid)); + $DB->delete_records('role_allow_override', array('roleid'=>$roleid)); + $DB->delete_records('role_allow_override', array('allowoverride'=>$roleid)); + $DB->delete_records('role_names', array('roleid'=>$roleid)); + $DB->delete_records('role_context_levels', array('roleid'=>$roleid)); -// finally delete the role itself + // finally delete the role itself // get this before the name is gone for logging $rolename = $DB->get_field('role', 'name', array('id'=>$roleid)); - if ($success and !$DB->delete_records('role', array('id'=>$roleid))) { - debugging("Could not delete role record with ID $roleid!"); - $success = false; - } + $DB->delete_records('role', array('id'=>$roleid)); - if ($success) { - add_to_log(SITEID, 'role', 'delete', 'admin/roles/action=delete&roleid='.$roleid, $rolename, ''); - } + add_to_log(SITEID, 'role', 'delete', 'admin/roles/action=delete&roleid='.$roleid, $rolename, ''); - return $success; + return true; } /** @@ -2696,7 +2568,6 @@ * @return bool */ function assign_capability($capability, $permission, $roleid, $contextid, $overwrite=false) { - global $USER, $DB; if (empty($permission) || $permission == CAP_INHERIT) { // if permission is not set @@ -2720,11 +2591,12 @@ if ($existing) { $cap->id = $existing->id; - return $DB->update_record('role_capabilities', $cap); + $DB->update_record('role_capabilities', $cap); } else { $c = $DB->get_record('context', array('id'=>$contextid)); - return $DB->insert_record('role_capabilities', $cap); + $DB->insert_record('role_capabilities', $cap); } + return true; } /** @@ -2738,15 +2610,13 @@ function unassign_capability($capability, $roleid, $contextid=NULL) { global $DB; - if (isset($contextid)) { + if (!empty($contextid)) { // delete from context rel, if this is the last override in this context - $status = $DB->delete_records('role_capabilities', array('capability'=>$capability, - 'roleid'=>$roleid, 'contextid'=>$contextid)); + $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid, 'contextid'=>$contextid)); } else { - $status = $DB->delete_records('role_capabilities', array('capability'=>$capability, - 'roleid'=>$roleid)); + $DB->delete_records('role_capabilities', array('capability'=>$capability, 'roleid'=>$roleid)); } - return $status; + return true; } @@ -2759,13 +2629,12 @@ * @global object * @global object * @param string $capability - capability name (string) - * @param null $permission - optional, the permission defined for this capability + * @param string $permission - optional, the permission defined for this capability * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT. Defaults to NULL * @param object $contect * @return mixed array or role objects */ -function get_roles_with_capability($capability, $permission=NULL, $context='') { - +function get_roles_with_capability($capability, $permission=NULL, $context=NULL) { global $CFG, $DB; $params = array(); @@ -2802,21 +2671,18 @@ /** * This function makes a role-assignment (a role for a user or group in a particular context) * - * @global object - * @global object - * @global object * @param int $roleid the role of the id * @param int $userid userid * @param int $groupid group id * @param int $contextid id of the context * @param int $timestart time this assignment becomes effective defaults to 0 * @param int $timeend time this assignemnt ceases to be effective defaults to 0 - * @param int $hidden defaults to 0 + * @param int $hidden_ignored - use roels with moodle/course:inspect capability or enrolemnt instead * @param string $enrol defaults to 'manual' * @param string $timemodified defaults to '' * @return int new id of the assigment */ -function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $timeend=0, $hidden=0, $enrol='manual',$timemodified='') { +function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $timeend=0, $hidden_ignored=0, $enrol='manual',$timemodified='') { global $USER, $CFG, $DB; /// Do some data validation @@ -2867,7 +2733,6 @@ $ra->roleid = $roleid; $ra->contextid = $context->id; $ra->userid = $userid; - $ra->hidden = $hidden; $ra->enrol = $enrol; /// Always round timestart downto 100 secs to help DBs to use their own caching algorithms /// by repeating queries with the same exact parameters in a 100 secs time window @@ -2880,7 +2745,6 @@ } else { // We already have one, just update it $ra->id = $ra->id; - $ra->hidden = $hidden; $ra->enrol = $enrol; /// Always round timestart downto 100 secs to help DBs to use their own caching algorithms /// by repeating queries with the same exact parameters in a 100 secs time window @@ -2944,8 +2808,6 @@ global $USER, $CFG, $DB; require_once($CFG->dirroot.'/group/lib.php'); - $success = true; - $args = array('roleid', 'userid', 'groupid', 'contextid'); $select = array(); $params = array(); @@ -2965,16 +2827,11 @@ if ($ras = $DB->get_records_select('role_assignments', implode(' AND ', $select), $params)) { $mods = get_plugin_list('mod'); foreach($ras as $ra) { - $fireevent = false; /// infinite loop protection when deleting recursively if (!$ra = $DB->get_record('role_assignments', array('id'=>$ra->id))) { continue; } - if ($DB->delete_records('role_assignments', array('id'=>$ra->id))) { - $fireevent = true; - } else { - $success = false; - } + $DB->delete_records('role_assignments', array('id'=>$ra->id)); if (!$context = get_context_instance_by_id($ra->contextid)) { // strange error, not much to do @@ -3023,14 +2880,12 @@ } } - if ($fireevent) { - events_trigger('role_unassigned', $ra); - } + events_trigger('role_unassigned', $ra); } } } - return $success; + return true; } /** @@ -3078,6 +2933,410 @@ } /** + * Determines if a user is currently logged in + * + * @return bool + */ +function isloggedin() { + global $USER; + + return (!empty($USER->id)); +} + +/** + * Determines if a user is logged in as real guest user with username 'guest'. + * + * @param int $user mixed user object or id, $USER if not specified + * @return bool true if user is the real guest user, false if not logged in or other user + */ +function isguestuser($user = NULL) { + global $USER, $DB, $CFG; + + // make sure we have the user id cached in config table, because we are going to use it a lot + if (empty($CFG->siteguest)) { + if (!$guestid = $DB->get_field('user', 'id', array('username'=>'guest', 'mnethostid'=>$CFG->mnet_localhost_id))) { + // guest does not exist yet, weird + return false; + } + set_config('siteguest', $guestid); + } + if ($user === NULL) { + $user = $USER; + } + + if ($user === NULL) { + // happens when setting the $USER + return false; + + } else if (is_numeric($user)) { + return ($CFG->siteguest == $user); + + } else if (is_object($user)) { + if (empty($user->id)) { + return false; // not logged in means is not be guest + } else { + return ($CFG->siteguest == $user->id); + } + + } else { + throw new coding_exception('Invalid user parameter supplied for isguestuser() function!'); + } +} + +/** + * Does user have a (temporary or real) guest access to course? + * + * @param object $context + * @param object|int $user + * @return bool + */ +function isguest($context, $user = NULL) { + // first find the course context + $coursecontext = get_course_context($context); + + // make sure there is a real user specified + if ($user === NULL) { + $userid = !empty($USER->id) ? $USER->id : 0; + } else { + $userid = !empty($user->id) ? $user->id : $user; + } + + if (isguestuser($userid)) { + // can not inspect or be enrolled + return true; + } + + if (has_capability('moodle/course:inspect', $coursecontext, $user)) { + // inspecting users appear out of nowhere, they are neither guests nor participants + return false; + } + + if (has_capability('moodle/course:view', $coursecontext, $userid, false)) { + return false; + } + + return true; +} + + +/** + * Returns true if user has course:inspect capability in course, + * this is intended for admins, managers (aka small admins), inspectors, etc. + * + * @param object $context + * @param int|object $user, if NULL $USER is used + * @param string $withcapability extra capability name + * @return bool + */ +function is_inspecting($context, $user = NULL, $withcapability = '') { + global $USER; + + // first find the course context + $coursecontext = get_course_context($context); + + if (isguestuser($user)) { + // can not inspect + return true; + } + + if (!has_capability('moodle/course:inspect', $coursecontext, $user)) { + // admins are allowed to inspect courses + return false; + } + + if ($withcapability and !has_capability($withcapability, $context, $user)) { + // site admins always have the capability, but the enrolment above blocks + return false; + } + + return true; +} + +/** + * Returns true if user is enrolled (is participating) in course + * this is intended for students and teachers. + * + * @param object $context + * @param int|object $user, if NULL $USER is used, oherwise user object or id expected + * @param string $withcapability extra capability name + * @return bool + */ +function is_enrolled($context, $user = NULL, $withcapability = '') { + global $USER; + + // first find the course context + $coursecontext = get_course_context($context); + + // make sure there is a real user specified + if ($user === NULL) { + $userid = !empty($USER->id) ? $USER->id : 0; + } else { + $userid = !empty($user->id) ? $user->id : $user; + } + + if (empty($userid)) { + // not-logged-in! + return false; + } else if (isguestuser($userid)) { + // guest account can not be enrolled anywhere + return false; + } + + if ($coursecontext->instanceid != SITEID and !has_capability('moodle/course:view', $coursecontext, $userid, false)) { + // admins are not enrolled, everybody is "enrolled" in the frontpage course + return false; + } + + if ($withcapability and !has_capability($withcapability, $context, $userid)) { + return false; + } + + return true; +} + +/** + * Returns array with sql code and parameters returning all ids + * of users enrolled into course. + * @param object $context + * @param string $withcapability + * @param int $groupid 0 means ignore groups, any other value limits the result by group id + * @param string $prefix used for alias of user table, parameter names and in aliases of other used tables + * @return array list($sql, $params) + */ +function get_enrolled_sql($context, $withcapability = '', $groupid = 0, $prefix = 'eu') { + global $DB; + + if ($context->contextlevel < CONTEXT_COURSE) { + throw new coding_exception('get_enrolled_sql() expects course context and bellow!'); + } + + // first find the course context + if ($context->contextlevel == CONTEXT_COURSE) { + $coursecontext = $context; + + } else if ($context->contextlevel == CONTEXT_MODULE) { + $coursecontext = get_context_instance_by_id(get_parent_contextid($context, MUST_EXIST)); + + } else if ($context->contextlevel == CONTEXT_BLOCK) { + $parentcontext = get_context_instance_by_id(get_parent_contextid($context, MUST_EXIST)); + if ($parentcontext->contextlevel == CONTEXT_COURSE) { + $coursecontext = $parentcontext; + } else if ($parentcontext->contextlevel == CONTEXT_MODULE) { + $coursecontext = get_context_instance_by_id(get_parent_contextid($parentcontext, MUST_EXIST)); + } else { + throw new coding_exception('Invalid context supplied to get_enrolled_sql()!'); + } + + } else { + throw new coding_exception('Invalid context supplied to get_enrolled_sql()!'); + } + + list($contextids, $contextpaths) = get_context_info_list($context); + list($coursecontextids, $coursecontextpaths) = get_context_info_list($coursecontext); + + // get all relevant capability info for all roles + if ($withcapability) { + list($incontexts, $params) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'con00'); + $incaps = "IN (:capview, :withcap)"; + $params['capview'] = 'moodle/course:view'; + $params['withcap'] = $withcapability; + } else { + list($incontexts, $params) = $DB->get_in_or_equal($coursecontextids, SQL_PARAMS_NAMED, 'con00'); + $incaps = "= :capview"; + $params['capview'] = 'moodle/course:view'; + } + $defs = array(); + $sql = "SELECT rc.id, rc.roleid, rc.permission, rc.capability, ctx.path + FROM {role_capabilities} rc + JOIN {context} ctx on rc.contextid = ctx.id + WHERE rc.contextid $incontexts AND rc.capability $incaps"; + $rcs = $DB->get_records_sql($sql, $params); + foreach ($rcs as $rc) { + $defs[$rc->capability][$rc->path][$rc->roleid] = $rc->permission; + } + + $courseaccess = array(); + if (!empty($defs['moodle/course:view'])) { + foreach ($coursecontextpaths as $path) { + if (empty($defs['moodle/course:view'][$path])) { + continue; + } + + foreach($defs['moodle/course:view'][$path] as $roleid => $perm) { + if ($perm == CAP_PROHIBIT) { + $courseaccess[$roleid] = CAP_PROHIBIT; + continue; + } + if (!isset($courseaccess[$roleid])) { + $courseaccess[$roleid] = (int)$perm; + } + } + } + } + + $access = array(); + if (!empty($defs[$withcapability])) { + foreach ($contextpaths as $path) { + if (empty($defs[$withcapability][$path])) { + continue; + } + foreach($defs[$withcapability][$path] as $roleid => $perm) { + if ($perm == CAP_PROHIBIT) { + $access[$roleid] = CAP_PROHIBIT; + continue; + } + if (!isset($access[$roleid])) { + $access[$roleid] = (int)$perm; + } + } + } + } + + unset($defs); + + // make lists of roles that are needed and prohibited + $courseneeded = array(); // one of these is enough + $courseprohibited = array(); // must not have any of these + foreach ($courseaccess as $roleid => $perm) { + if ($perm == CAP_PROHIBIT) { + unset($courseneeded[$roleid]); + $courseprohibited[$roleid] = true; + } else if ($perm == CAP_ALLOW and empty($courseprohibited[$roleid])) { + $courseneeded[$roleid] = true; + } + } + $needed = array(); // one of these is enough + $prohibited = array(); // must not have any of these + if ($withcapability) { + foreach ($access as $roleid => $perm) { + if ($perm == CAP_PROHIBIT) { + unset($needed[$roleid]); + $prohibited[$roleid] = true; + } else if ($perm == CAP_ALLOW and empty($prohibited[$roleid])) { + $needed[$roleid] = true; + } + } + } + + $isfrontpage = ($coursecontext->instanceid == SITEID); + + $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : NULL; + $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : NULL; + + $nobody = false; + + if ($isfrontpage) { + // on the frontpage all users are kind of enrolled, we have to respect only the prohibits + $courseneeded = array(); + } else { + if (empty($courseneeded)) { + $nobody = true; + } + } + + if ($withcapability and !$nobody) { + if ($isfrontpage) { + if (!empty($prohibited[$defaultuserroleid]) or !empty($prohibited[$defaultfrontpageroleid])) { + $nobody = true; + } else if (!empty($neded[$defaultuserroleid]) or !empty($neded[$defaultfrontpageroleid])) { + // everybody not having prohibit has the capability + $needed = array(); + } else if (empty($needed)) { + $nobody = true; + } + } else { + if (!empty($prohibited[$defaultuserroleid])) { + $nobody = true; + } else if (!empty($neded[$defaultuserroleid])) { + // everybody not having prohibit has the capability + $needed = array(); + } else if (empty($needed)) { + $nobody = true; + } + } + } + + if ($nobody) { + // nobody can match so return some SQL that does not return any results + return array("SELECT {$prefix}.id FROM {user} {$prefix} WHERE 1=2", array()); + } + + $joins = array(); + $params = array(); + $wheres = array("{$prefix}.deleted = 0 AND {$prefix}.username <> 'guest'"); + + if ($courseneeded) { + $ctxids = implode(',', $coursecontextids); + $roleids = implode(',', array_keys($courseneeded)); + $joins[] = "JOIN {role_assignments} {$prefix}_ra1 ON ({$prefix}_ra1.userid = {$prefix}.id AND {$prefix}_ra1.roleid IN ($roleids) AND {$prefix}_ra1.contextid IN ($ctxids))"; + } + + if ($courseprohibited) { + $ctxids = implode(',', $coursecontextids); + $roleids = implode(',', array_keys($courseprohibited)); + $joins[] = "LEFT JOIN {role_assignments} {$prefix}_ra2 ON ({$prefix}_ra2.userid = {$prefix}.id AND {$prefix}_ra2.roleid IN ($roleids) AND {$prefix}_ra2.contextid IN ($ctxids))"; + $wheres[] = "{$prefix}_ra2 IS NULL"; + } + + if ($needed) { + $ctxids = implode(',', $contextids); + $roleids = implode(',', array_keys($needed)); + $joins[] = "JOIN {role_assignments} {$prefix}_ra3 ON ({$prefix}_ra3.userid = {$prefix}.id AND {$prefix}_ra3.roleid IN ($roleids) AND {$prefix}_ra3.contextid IN ($ctxids))"; + } + + if ($prohibited) { + $ctxids = implode(',', $contextids); + $roleids = implode(',', array_keys($prohibited)); + $joins[] = "LEFT JOIN {role_assignments} {$prefix}_ra4 ON ({$prefix}_ra4.userid = {$prefix}.id AND {$prefix}_ra4.roleid IN ($roleids) AND {$prefix}_ra4.contextid IN ($ctxids))"; + $wheres[] = "{$prefix}_ra4 IS NULL"; + } + + if ($groupid) { + $joins[] = "JOIN {groups_members} {$prefix}gm ON ({$prefix}gm.userid = {$prefix}.id AND {$prefix}.roleid = :{$prefix}gmid)"; + $params["{$prefix}gmid"] = $groupid; + } + + $joins = implode("\n", $joins); + $wheres = "WHERE ".implode(" AND ", $wheres); + + $sql = "SELECT DISTINCT {$prefix}.id + FROM {user} {$prefix} + $joins + $wheres"; + + return array($sql, $params); +} + +/** + * Returns list of users enrolled into course. + * @param object $context + * @param string $withcapability + * @param int $groupid 0 means ignore groups, any other value limits the result by group id + * @param string $userfields requested user record fields + * @param string $orderby + * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set). + * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set). + * @return array of user records + */ +function get_enrolled_users($context, $withcapability = '', $groupid = 0, $userfields = 'u.*', $orderby = '', $limitfrom = 0, $limitnum = 0) { + global $DB; + + list($esql, $params) = get_enrolled_sql($context, $withcapability, $groupid); + $sql = "SELECT $userfields + FROM {user} u + JOIN ($esql) je ON je.id = u.id + WHERE u.deleted = 0"; + + if ($orderby) { + $sql = "$sql ORDER BY $orderby"; + } else { + $sql = "$sql ORDER BY u.lastname ASC, u.firstname ASC"; + } + + return $DB->get_records_sql($sql, $params, $limitfrom, $limitnum); +} + +/** * Loads the capability definitions for the component (from file). * * Loads the capability definitions for the component (from file). If no @@ -3094,8 +3353,9 @@ if (file_exists($defpath)) { require($defpath); if (!empty(${$component.'_capabilities'})) { - // legacy capability array name + // BC capability array name // since 2.0 we prefer $capabilities instead - it is easier to use and matches db/* files + debugging('componentname_capabilities array is deprecated, please use capabilities array only in access.php files'); $capabilities = ${$component.'_capabilities'}; } } @@ -3115,16 +3375,22 @@ } /** - * Returns default capabilities for given legacy role type. - * @param string $legacyrole legacy role name + * Returns default capabilities for given role archetype. + * @param string $archetype role archetype * @return array */ -function get_default_capabilities($legacyrole) { +function get_default_capabilities($archetype) { global $DB; - $allcaps = $DB->get_records('capabilities'); + + if (!$archetype) { + return array(); + } + $alldefs = array(); $defaults = array(); $components = array(); + $allcaps = $DB->get_records('capabilities'); + foreach ($allcaps as $cap) { if (!in_array($cap->component, $components)) { $components[] = $cap->component; @@ -3132,46 +3398,31 @@ } } foreach($alldefs as $name=>$def) { - if (isset($def['legacy'][$legacyrole])) { - $defaults[$name] = $def['legacy'][$legacyrole]; + if (isset($def['legacy'][$archetype])) { + $defaults[$name] = $def['legacy'][$archetype]; } } - //some exceptions - $defaults['moodle/legacy:'.$legacyrole] = CAP_ALLOW; - if ($legacyrole == 'admin') { - $defaults['moodle/site:doanything'] = CAP_ALLOW; - } return $defaults; } /** - * Reset role capabilitites to default according to selected legacy capability. - * If several legacy caps selected, use the first from get_default_capabilities. - * If no legacy selected, removes all capabilities. + * Reset role capabilitites to default according to selected role archetype. + * If no archetype selected, removes all capabilities. * @param int @roleid */ function reset_role_capabilities($roleid) { global $DB; - $sitecontext = get_context_instance(CONTEXT_SYSTEM); - $legacyroles = get_legacy_roles(); + $role = $DB->get_record('role', array('id'=>$roleid), '*', MUST_EXIST); + $defaultcaps = get_default_capabilities($role->archetype); - $defaultcaps = array(); - foreach($legacyroles as $ltype=>$lcap) { - $localoverride = get_local_override($roleid, $sitecontext->id, $lcap); - if (!empty($localoverride->permission) and $localoverride->permission == CAP_ALLOW) { - //choose first selected legacy capability - $defaultcaps = get_default_capabilities($ltype); - break; - } - } + $sitecontext = get_context_instance(CONTEXT_SYSTEM); $DB->delete_records('role_capabilities', array('roleid'=>$roleid)); - if (!empty($defaultcaps)) { - foreach($defaultcaps as $cap=>$permission) { - assign_capability($cap, $permission, $roleid, $sitecontext->id); - } + + foreach($defaultcaps as $cap=>$permission) { + assign_capability($cap, $permission, $roleid, $sitecontext->id); } } @@ -3203,6 +3454,12 @@ if (!array_key_exists('riskbitmask', $filecaps[$cachedcap->name])) { $filecaps[$cachedcap->name]['riskbitmask'] = 0; // no risk if not specified } + if ($cachedcap->captype != $filecaps[$cachedcap->name]['captype']) { + $updatecap = new object(); + $updatecap->id = $cachedcap->id; + $updatecap->captype = $filecaps[$cachedcap->name]['captype']; + $DB->update_record('capabilities', $updatecap); + } if ($cachedcap->riskbitmask != $filecaps[$cachedcap->name]['riskbitmask']) { $updatecap = new object(); $updatecap->id = $cachedcap->id; @@ -3237,7 +3494,7 @@ } // Add new capabilities to the stored definition. foreach ($newcaps as $capname => $capdef) { - $capability = new object; + $capability = new object(); $capability->name = $capname; $capability->captype = $capdef['captype']; $capability->contextlevel = $capdef['contextlevel']; @@ -3256,12 +3513,9 @@ } } } - // Do we need to assign the new capabilities to roles that have the - // legacy capabilities moodle/legacy:* as well? // we ignore legacy key if we have cloned permissions - } else if (isset($capdef['legacy']) && is_array($capdef['legacy']) && - !assign_legacy_capabilities($capname, $capdef['legacy'])) { - echo $OUTPUT->notification('Could not assign legacy capabilities for '.$capname); + } else if (isset($capdef['legacy']) && is_array($capdef['legacy'])) { + assign_legacy_capabilities($capname, $capdef['legacy']); } } // Are there any capabilities that have been removed from the file @@ -3270,7 +3524,7 @@ capabilities_cleanup($component, $filecaps); // reset static caches - is_valid_capability('reset', false); + $ACCESSLIB_PRIVATE->capabilities = NULL; return true; } @@ -3324,7 +3578,7 @@ * @return string the name for this type of context. */ function get_contextlevel_name($contextlevel) { - static $strcontextlevels = null; + static $strcontextlevels = NULL; if (is_null($strcontextlevels)) { $strcontextlevels = array( CONTEXT_SYSTEM => get_string('coresystem'), @@ -3708,6 +3962,53 @@ } /** + * Constructs array with contextids as first parameter and context paths, + * in both cases bottom top including self. + * + * @param object $context + * @return array + */ +function get_context_info_list($context) { + $contextids = explode('/', ltrim($context->path, '/')); + $contextpaths = array(); + $contextids2 = $contextids; + while ($contextids2) { + $contextpaths[] = '/' . implode('/', $contextids2); + array_pop($contextids2); + } + return array($contextids, $contextpaths); +} + +/** + * Find course context + * @param object $context - course or lower context + * @return object context of the enclosing course, throws exception when related course context can not be found + */ +function get_course_context($context) { + if (empty($context->contextlevel)) { + throw coding_exception('Invalid context parameter.'); + + } if ($context->contextlevel == CONTEXT_COURSE) { + return $context; + + } else if ($context->contextlevel == CONTEXT_MODULE) { + return get_context_instance_by_id(get_parent_contextid($context, MUST_EXIST)); + + } else if ($context->contextlevel == CONTEXT_BLOCK) { + $parentcontext = get_context_instance_by_id(get_parent_contextid($context, MUST_EXIST)); + if ($parentcontext->contextlevel == CONTEXT_COURSE) { + return $parentcontext; + } else if ($parentcontext->contextlevel == CONTEXT_MODULE) { + return get_context_instance_by_id(get_parent_contextid($parentcontext, MUST_EXIST)); + } else { + throw new coding_exception('Invalid level of block context parameter.'); + } + } + + throw new coding_exception('Invalid context level of parameter.'); +} + +/** * Check if contect is the front page context or a context inside it * * Returns true if this context is the front page context, or a context inside it, @@ -3880,22 +4181,28 @@ } /** - * Verifies if given capability installed. + * Returns capability information (cached) * - * @global object * @param string $capabilityname - * @param bool $cached - * @return book true if capability exists + * @return object or NULL if capability not found */ -function is_valid_capability($capabilityname, $cached = true) { - global $ACCESSLIB_PRIVATE; // one request per page only +function get_capability_info($capabilityname) { + global $ACCESSLIB_PRIVATE, $DB; // one request per page only - if (is_null($ACCESSLIB_PRIVATE->capabilitynames) or !$cached) { - global $DB; - $ACCESSLIB_PRIVATE->capabilitynames = $DB->get_records_menu('capabilities', null, '', 'name, 1'); + // TODO: cache this in shared memory if available, use new $CFG->roledefrev for version check + + if (empty($ACCESSLIB_PRIVATE->capabilities)) { + $ACCESSLIB_PRIVATE->capabilities = array(); + $caps = $DB->get_records('capabilities', array(), 'id, name, captype, riskbitmask'); + foreach ($caps as $cap) { + $capname = $cap->name; + unset($cap->id); + unset($cap->name); + $ACCESSLIB_PRIVATE->capabilities[$capname] = $cap; + } } - return array_key_exists($capabilityname, $ACCESSLIB_PRIVATE->capabilitynames); + return isset($ACCESSLIB_PRIVATE->capabilities[$capabilityname]) ? $ACCESSLIB_PRIVATE->capabilities[$capabilityname] : NULL; } /** @@ -4065,32 +4372,49 @@ /** * Gets the list of roles assigned to this context and up (parents) + * from the list of roles that are visible on user profile page + * and participants page. * - * set $view to true when roles are pulled for display only - * this is so that we can filter roles with no visible - * assignment, for example, you might want to "hide" all - * course creators when browsing the course participants - * list. + * @param object $context + * @return array + */ +function get_profile_roles($context) { + global $CFG, $DB; + + if (empty($CFG->profileroles)) { + return array(); + } + + $allowed = explode(',', $CFG->profileroles); + list($rallowed, $params) = $DB->get_in_or_equal($allowed, SQL_PARAMS_NAMED); + + $contextlist = get_related_contexts_string($context); + + $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder + FROM {role_assignments} ra, {role} r + WHERE r.id = ra.roleid + AND ra.contextid $contextlist + AND r.id $rallowed + ORDER BY r.sortorder ASC"; + + return $DB->get_records_sql($sql, $params); +} + +/** + * Gets the list of roles assigned to this context and up (parents) * - * @global object * @param object $context - * @param bool $view * @return array */ -function get_roles_used_in_context($context, $view = false) { +function get_roles_used_in_context($context) { global $DB; - // filter for roles with all hidden assignments - // no need to return when only pulling roles for reviewing - // e.g. participants page. - $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context))? ' AND ra.hidden = 0 ':''; $contextlist = get_related_contexts_string($context); $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder FROM {role_assignments} ra, {role} r WHERE r.id = ra.roleid AND ra.contextid $contextlist - $hiddensql ORDER BY r.sortorder ASC"; return $DB->get_records_sql($sql); @@ -4098,30 +4422,46 @@ /** * This function is used to print roles column in user profile page. + * It is using the CFG->profileroles to limit the list to only interesting roles. + * (The permission tab has full details of user role assingments.) * - * @global object - * @global object - * @global object * @param int $userid - * @param object $context - * @param bool $view + * @param int $courseid * @return string */ -function get_user_roles_in_context($userid, $context, $view=true){ +function get_user_roles_in_course($userid, $courseid) { global $CFG, $DB,$USER; - $rolestring = ''; - $sql = "SELECT * - FROM {role_assignments} ra, {role} r - WHERE ra.userid = ? and ra.contextid = ? and ra.roleid = r.id"; - $params = array($userid, $context->id); - $rolenames = array(); + if (empty($CFG->profileroles)) { + return ''; + } + + if ($courseid == SITEID) { + $context = get_context_instance(CONTEXT_SYSTEM); + } else { + $context = get_context_instance(CONTEXT_COURSE, $courseid); + } + + if (empty($CFG->profileroles)) { + return array(); + } + + $allowed = explode(',', $CFG->profileroles); + list($rallowed, $params) = $DB->get_in_or_equal($allowed, SQL_PARAMS_NAMED); + + $contextlist = get_related_contexts_string($context); + + $sql = "SELECT DISTINCT r.id, r.name, r.shortname, r.sortorder + FROM {role_assignments} ra, {role} r + WHERE r.id = ra.roleid + AND ra.contextid $contextlist + AND r.id $rallowed + AND ra.userid = :userid + ORDER BY r.sortorder ASC"; + $params['userid'] = $userid; + if ($roles = $DB->get_records_sql($sql, $params)) { foreach ($roles as $userrole) { - // MDL-12544, if we are in view mode and current user has no capability to view hidden assignment, skip it - if ($userrole->hidden && $view && !has_capability('moodle/role:viewhiddenassigns', $context)) { - continue; - } $rolenames[$userrole->roleid] = $userrole->name; } @@ -4132,41 +4472,8 @@ } $rolestring = implode(',', $rolenames); } - return $rolestring; -} - - -/** - * Checks if a user can override capabilities of a particular role in this context - * - * @deprecated As of version 2.0 - * @todo not needed anymore, remove in 2.0 - * @param object $context - * @param int $targetroleid the id of the role you want to override - * @return boolean - */ -function user_can_override($context, $targetroleid) { - -// TODO: not needed anymore, remove in 2.0 - - global $DB; - // first check if user has override capability - // if not return false; - if (!has_capability('moodle/role:override', $context)) { - return false; - } - // pull out all active roles of this user from this context(or above) - if ($userroles = get_user_roles($context)) { - foreach ($userroles as $userrole) { - // if any in the role_allow_override table, then it's ok - if ($DB->get_record('role_allow_override', array('roleid'=>$userrole->roleid, 'allowoverride'=>$targetroleid))) { - return true; - } - } - } - - return false; + return $rolestring; } /** @@ -4201,36 +4508,36 @@ /** * Returns all site roles in correct sort order. * - * @global object * @return array */ function get_all_roles() { global $DB; - return $DB->get_records('role', null, 'sortorder ASC'); + return $DB->get_records('role', NULL, 'sortorder ASC'); +} + +/** + * Returns roles of a specified archetype + * @param string $archetype + * @return array of full role records + */ +function get_archetype_roles($archetype) { + global $DB; + return $DB->get_records('role', array('archetype'=>$archetype)); } /** - * gets all the user roles assigned in this context, or higher contexts + * Gets all the user roles assigned in this context, or higher contexts * this is mainly used when checking if a user can assign a role, or overriding a role * i.e. we need to know what this user holds, in order to verify against allow_assign and * allow_override tables * - * set $view to true when roles are pulled for display only - * this is so that we can filter roles with no visible - * assignment, for example, you might want to "hide" all - * course creators when browsing the course participants - * list. - * - * @global object - * @global object * @param object $context * @param int $userid * @param bool $checkparentcontexts defaults to true * @param string $order defaults to 'c.contextlevel DESC, r.sortorder ASC' - * @param bool $view * @return array */ -function get_user_roles($context, $userid=0, $checkparentcontexts=true, $order='c.contextlevel DESC, r.sortorder ASC', $view=false) { +function get_user_roles($context, $userid=0, $checkparentcontexts=true, $order='c.contextlevel DESC, r.sortorder ASC') { global $USER, $DB; if (empty($userid)) { @@ -4239,8 +4546,6 @@ } $userid = $USER->id; } - // set up hidden sql - $hiddensql = ($view && !has_capability('moodle/role:viewhiddenassigns', $context)) ? "AND ra.hidden = 0" : ""; if ($checkparentcontexts) { $contextids = get_parent_contexts($context); @@ -4259,7 +4564,6 @@ AND ra.roleid = r.id AND ra.contextid = c.id AND ra.contextid $contextids - $hiddensql ORDER BY $order"; return $DB->get_records_sql($sql ,$params); @@ -4340,53 +4644,49 @@ } } - $parents = get_parent_contexts($context); - $parents[] = $context->id; + $parents = get_parent_contexts($context, true); $contexts = implode(',' , $parents); $params = array(); $extrafields = ''; if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) { - $extrafields .= ', ro.shortname'; + $extrafields .= ', r.shortname'; } if ($withusercounts) { $extrafields = ', (SELECT count(u.id) FROM {role_assignments} cra JOIN {user} u ON cra.userid = u.id - WHERE cra.roleid = ro.id AND cra.contextid = :conid AND u.deleted = 0 + WHERE cra.roleid = r.id AND cra.contextid = :conid AND u.deleted = 0 ) AS usercount'; $params['conid'] = $context->id; } - $raafrom = ", {role_allow_assign} raa"; - $raawhere = "AND raa.roleid = ra.roleid AND r.id = raa.allowassign"; - if (has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (is_siteadmin()) { // show all roles allowed in this context to admins - $raafrom = ""; - $raawhere = ""; + $assignrestriction = ""; + } else { + $assignrestriction = "JOIN (SELECT DISTINCT raa.allowassign AS id + FROM {role_allow_assign} raa + JOIN {role_assignments} ra ON ra.roleid = raa.roleid + WHERE ra.userid = :userid AND ra.contextid IN ($contexts) + ) ar ON ar.id = r.id"; + $params['userid'] = $USER->id; } - - $params['userid'] = $USER->id; $params['contextlevel'] = $context->contextlevel; - $roles = $DB->get_records_sql(" - SELECT ro.id, ro.name$extrafields - FROM {role} ro - JOIN (SELECT DISTINCT r.id - FROM {role} r, - {role_assignments} ra $raafrom - WHERE ra.userid = :userid AND ra.contextid IN ($contexts) - $raawhere - ) inline_view ON ro.id = inline_view.id - JOIN {role_context_levels} rcl ON ro.id = rcl.roleid - WHERE rcl.contextlevel = :contextlevel - ORDER BY ro.sortorder ASC", $params); + $sql = "SELECT r.id, r.name $extrafields + FROM {role} r + $assignrestriction + JOIN {role_context_levels} rcl ON r.id = rcl.roleid + WHERE rcl.contextlevel = :contextlevel + ORDER BY r.sortorder ASC"; + $roles = $DB->get_records_sql($sql, $params); $rolenames = array(); foreach ($roles as $role) { $rolenames[$role->id] = $role->name; if ($rolenamedisplay == ROLENAME_ORIGINALANDSHORT) { $rolenames[$role->id] .= ' (' . $role->shortname . ')'; - } + } } if ($rolenamedisplay != ROLENAME_ORIGINALANDSHORT) { $rolenames = role_fix_names($rolenames, $context, $rolenamedisplay); @@ -4425,9 +4725,9 @@ $params = array(); $extrajoins = ''; $extrawhere = ''; - if (!has_capability('moodle/site:doanything', $systemcontext)) { + if (!is_siteadmin()) { // Admins are allowed to switch to any role with 'moodle/course:view' in the - // role definition, and without 'moodle/site:doanything' anywhere. + // role definition. // Others are subject to the additional constraint that the switch-to role must be allowed by // 'role_allow_switch' for some role they have assigned in this context or any parent. $parents = get_parent_contexts($context); @@ -4436,8 +4736,7 @@ $extrajoins = "JOIN {role_allow_switch} ras ON ras.allowswitch = rc.roleid JOIN {role_assignments} ra ON ra.roleid = ras.roleid"; - $extrawhere = "AND ra.userid = :userid - AND ra.contextid IN ($contexts)"; + $extrawhere = "AND ra.userid = :userid AND ra.contextid IN ($contexts)"; $params['userid'] = $USER->id; } @@ -4451,15 +4750,11 @@ AND rc.permission = " . CAP_ALLOW . " AND rc.contextid = :syscontextid $extrawhere - AND NOT EXISTS ( - SELECT 1 FROM {role_capabilities} irc WHERE irc.roleid = rc.roleid AND - irc.capability = :anythingcap AND irc.permission = " . CAP_ALLOW . ") ) idlist JOIN {role} r ON r.id = idlist.roleid ORDER BY r.sortorder"; $params['syscontextid'] = $systemcontext->id; $params['viewcap'] = 'moodle/course:view'; - $params['anythingcap'] = 'moodle/site:doanything'; $rolenames = $DB->get_records_sql_menu($query, $params); return role_fix_names($rolenames, $context, ROLENAME_ALIAS); @@ -4467,7 +4762,7 @@ /** * Get an array of role ids that might possibly be the target of a switchrole. - * Our policy is that you cannot switch to a role with moodle/site:doanything + * Our policy is that you cannot switch to admin role * and you can only switch to a role with moodle/course:view. This method returns * a list of those role ids. * @@ -4475,21 +4770,18 @@ * @return array an array whose keys are the allowed role ids. */ function get_allowed_switchable_roles() { - global $DB; + global $CFG, $DB; $systemcontext = get_context_instance(CONTEXT_SYSTEM); $query = " SELECT DISTINCT rc.roleid, 1 FROM {role_capabilities} rc + JOIN {role} r ON r.id = rc.roleid WHERE rc.capability = :viewcap AND rc.permission = " . CAP_ALLOW . " - AND rc.contextid = :syscontextid - AND NOT EXISTS ( - SELECT 1 FROM {role_capabilities} irc WHERE irc.roleid = rc.roleid AND - irc.capability = :anythingcap AND irc.permission = " . CAP_ALLOW . ")"; - $params = array('syscontextid' => $systemcontext->id, - 'viewcap' => 'moodle/course:view', 'anythingcap' => 'moodle/site:doanything'); + AND rc.contextid = :syscontextid"; + $params = array('syscontextid' => $systemcontext->id, 'viewcap' => 'moodle/course:view'); return $DB->get_records_sql_menu($query, $params); } @@ -4535,7 +4827,7 @@ $params['conid'] = $context->id; } - if (has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (is_siteadmin()) { // show all roles to admins $roles = $DB->get_records_sql(" SELECT ro.id, ro.name$extrafields @@ -4602,22 +4894,23 @@ } /** - * @param string $roleid one of the legacy role types - that is, one of the keys - * from the array returned by get_legacy_roles(); + * @param string $rolearchetype one of the role archetypes - that is, one of the keys + * from the array returned by get_role_archetypes(); * @return array list of the context levels at which this type of role may be assigned by default. */ -function get_default_contextlevels($roletype) { +function get_default_contextlevels($rolearchetype) { static $defaults = array( - 'admin' => array(CONTEXT_SYSTEM), + 'manager' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE), 'coursecreator' => array(CONTEXT_SYSTEM, CONTEXT_COURSECAT), 'editingteacher' => array(CONTEXT_COURSECAT, CONTEXT_COURSE, CONTEXT_MODULE), 'teacher' => array(CONTEXT_COURSECAT, CONTEXT_COURSE, CONTEXT_MODULE), 'student' => array(CONTEXT_COURSE, CONTEXT_MODULE), 'guest' => array(), - 'user' => array() + 'user' => array(), + 'frontpage' => array() ); - if (isset($defaults[$roletype])) { - return $defaults[$roletype]; + if (isset($defaults[$rolearchetype])) { + return $defaults[$rolearchetype]; } else { return array(); } @@ -4669,7 +4962,7 @@ } /// It's unlikely we'll get here, but just in case, try and find a student role - if ($studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { + if ($studentroles = $DB->get_records('role', array('archetype'=>'student'))) { return array_shift($studentroles); /// Take the first one } @@ -4696,12 +4989,8 @@ * @param string|array $groups - single group or array of groups - only return * users who are in one of these group(s). * @param string|array $exceptions - list of users to exclude, comma separated or array - * @param bool $doanything prohibit takes over admin roles here, in has_capability() it does not - * @param bool $view - set to true when roles are pulled for display only - * this is so that we can filter roles with no visible - * assignment, for example, you might want to "hide" all - * course creators when browsing the course participants - * list. + * @param bool $doanything_ignored not used any more, admin accounts are never returned + * @param bool $view_ignored - use get_enrolled_sql() instead * @param bool $useviewallgroups if $groups is set the return users who * have capability both $capability and moodle/site:accessallgroups * in this context, as well as users who have $capability and who are @@ -4709,15 +4998,15 @@ * @return mixed */ function get_users_by_capability($context, $capability, $fields='', $sort='', $limitfrom='', $limitnum='', - $groups='', $exceptions='', $doanything=true, $view=false, $useviewallgroups=false) { + $groups='', $exceptions='', $doanything_ignored=NULL, $view_ignored=NULL, $useviewallgroups=false) { global $CFG, $DB; if (empty($context->id)) { throw new coding_exception('Invalid context specified'); } - $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : null; - $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : null; + $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : NULL; + $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : NULL; $ctxids = trim($context->path, '/'); $ctxids = str_replace('/', ',', $ctxids); @@ -4735,20 +5024,9 @@ $isfrontpage = ($isfrontpage || is_inside_frontpage($context)); $caps = (array)$capability; - if ($doanything) { - $caps[] = 'moodle/site:doanything'; - } // contruct list of context paths bottom-->top - $contextids = explode(',', $ctxids); - $paths = array($context->path); - $contextids2 = $contextids; - while ($contextids2) { - array_pop($contextids2); - $paths[] = '/' . implode('/', $contextids2); - } - unset($contextids2); - + list($contextids, $paths) = get_context_info_list($context); // we need to find out all roles that have these capabilities either in definition or in overrides $defs = array(); @@ -4896,13 +5174,6 @@ $wherecond[] = "u.id $exsql"; } - /// Set up hidden role-assignments sql - if ($view and !has_capability('moodle/role:viewhiddenassigns', $context)) { - $condhiddenra = 'AND hidden = 0'; - } else { - $condhiddenra = ''; - } - // now add the needed and prohibited roles conditions as joins if (!empty($needed['any'])) { // simple case - there are no prohibits involved @@ -4913,7 +5184,6 @@ FROM {role_assignments} WHERE contextid IN ($ctxids) AND roleid IN (".implode(',', array_keys($needed['any'])) .") - $condhiddenra ) ra ON ra.userid = u.id"; } } else { @@ -4928,8 +5198,7 @@ $unions[] = "SELECT userid FROM {role_assignments} WHERE contextid IN ($ctxids) - AND roleid IN (".implode(',', array_keys($needed[$cap])) .") - $condhiddenra"; + AND roleid IN (".implode(',', array_keys($needed[$cap])) .")"; } } else { if (!empty($needed[$cap][$defaultuserroleid]) or ($isfrontpage and !empty($needed[$cap][$defaultfrontpageroleid]))) { @@ -4942,22 +5211,11 @@ AND roleid IN (".implode(',', array_keys($prohibited[$cap])) ."))"; } else { - if ($condhiddenra) { - $unions[] = "SELECT userid - FROM {role_assignments} - WHERE contextid IN ($ctxids) - AND roleid IN (".implode(',', array_keys($needed[$cap])) .") $condhiddenra - AND userid NOT IN (SELECT userid - FROM {role_assignments} - WHERE contextid IN ($ctxids) - AND roleid IN (".implode(',', array_keys($prohibited[$cap])) ."))"; - } else { - $unions[] = "SELECT userid - FROM {role_assignments} - WHERE contextid IN ($ctxids) - AND roleid IN (".implode(',', array_keys($needed[$cap])) .") - AND roleid NOT IN (".implode(',', array_keys($prohibited[$cap])) .")"; - } + $unions[] = "SELECT userid + FROM {role_assignments} + WHERE contextid IN ($ctxids) + AND roleid IN (".implode(',', array_keys($needed[$cap])) .") + AND roleid NOT IN (".implode(',', array_keys($prohibited[$cap])) .")"; } } } @@ -5011,7 +5269,7 @@ * a good idea to see what roles have the capabilities you want * (array_diff() them against roiles that have 'can-do-anything' * to weed out admin-ish roles. Or fetch a list of roles from - * variables like $CFG->coursemanagers . + * variables like $CFG->coursemanager . * * @global object * @param array $users Users array, keyed on userid @@ -5079,7 +5337,7 @@ * @param bool $parent if true, get list of users assigned in higher context too * @param string $fields fields from user (u.) , role assignment (ra) or role (r.) * @param string $sort sort from user (u.) , role assignment (ra) or role (r.) - * @param bool $gethidden whether to fetch hidden enrolments too + * @param bool $gethidden_ignored use enrolments instead * @param string $group defaults to '' * @param mixed $limitfrom defaults to '' * @param mixed $limitnum defaults to '' @@ -5088,7 +5346,7 @@ * @return array */ function get_role_users($roleid, $context, $parent=false, $fields='', - $sort='u.lastname, u.firstname', $gethidden=true, $group='', + $sort='u.lastname, u.firstname', $gethidden_ignored=NULL, $group='', $limitfrom='', $limitnum='', $extrawheretest='', $whereparams=array()) { global $DB; @@ -5099,9 +5357,6 @@ 'u.emailstop, u.lang, u.timezone, u.lastaccess, u.mnethostid, r.name as rolename'; } - // whether this assignment is hidden - $hiddensql = $gethidden ? '': ' AND ra.hidden = 0 '; - $parentcontexts = ''; if ($parent) { $parentcontexts = substr($context->path, 1); // kill leading slash @@ -5143,7 +5398,6 @@ WHERE (ra.contextid = ? $parentcontexts) $roleselect $groupselect - $hiddensql $extrawheretest ORDER BY $sort"; // join now so that we can just use fullname() later @@ -5198,7 +5452,7 @@ * * @global object * @param string $capability Capability in question - * @param int $userid User ID or null for current user + * @param int $userid User ID or NULL for current user * @param bool $doanything True if 'doanything' is permitted (default) * @param string $fieldsexceptid Leave blank if you only need 'id' in the course records; * otherwise use a comma-separated list of the fields you require, not including id @@ -5792,58 +6046,44 @@ mark_context_dirty($newpath); } - -/** - * Turn the ctx* fields in an objectlike record into a context subobject - * This allows us to SELECT from major tables JOINing with - * context at no cost, saving a ton of context - * lookups... - * - * @param object $rec - * @return object - */ -function make_context_subobj($rec) { - $ctx = new StdClass; - $ctx->id = $rec->ctxid; unset($rec->ctxid); - $ctx->path = $rec->ctxpath; unset($rec->ctxpath); - $ctx->depth = $rec->ctxdepth; unset($rec->ctxdepth); - $ctx->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel); - $ctx->instanceid = $rec->id; - - $rec->context = $ctx; - return $rec; -} - /** - * Do some basic, quick checks to see whether $rec->context looks like a valid context object. + * Preloads context information together with instances. + * NOTE: in future this function may return empty strings + * if we implement different caching. * - * @param object $rec a think that has a context, for example a course, - * course category, course modules, etc. - * @param int $contextlevel the type of thing $rec is, one of the CONTEXT_... constants. - * @return bool whether $rec->context looks like the correct context object - * for this thing. + * @param string $joinon for example 'u.id' + * @param string $contextlevel context level of instance in $joinon + * @param string $tablealias context table alias + * @return array with two values - select and join part */ -function is_context_subobj_valid($rec, $contextlevel) { - return isset($rec->context) && isset($rec->context->id) && - isset($rec->context->path) && isset($rec->context->depth) && - isset($rec->context->contextlevel) && isset($rec->context->instanceid) && - $rec->context->contextlevel == $contextlevel && $rec->context->instanceid == $rec->id; +function context_instance_preload_sql($joinon, $contextlevel, $tablealias) { + $select = ", $tablealias.id AS ctxid, $tablealias.path AS ctxpath, $tablealias.depth AS ctxdepth, $tablealias.contextlevel AS ctxlevel, $tablealias.instanceid AS ctxinstance"; + $join = "LEFT JOIN {context} $tablealias ON ($tablealias.instanceid = $joinon AND $tablealias.contextlevel = $contextlevel)"; + return array($select, $join); } /** - * Ensure that $rec->context is present and correct before you continue - * - * When you have a record (for example a $category, $course, $user or $cm that may, - * or may not, have come from a place that does make_context_subobj, you can use - * this method to ensure that $rec->context is present and correct before you continue. + * Preloads context information from db record and strips the cached info. + * The db request has to ontain both the $join and $select from context_instance_preload_sql() * - * @param object $rec a thing that has an associated context. - * @param integer $contextlevel the type of thing $rec is, one of the CONTEXT_... constants. + * @param object $rec + * @return void (modifies $rec) */ -function ensure_context_subobj_present(&$rec, $contextlevel) { - if (!is_context_subobj_valid($rec, $contextlevel)) { - $rec->context = get_context_instance($contextlevel, $rec->id); +function context_instance_preload(stdClass $rec) { + if (empty($rec->ctxid)) { + // $rec does not have enough data, passed here repeatedly or context does not exist yet + return; } + + // note: in PHP5 the objects are passed by reference, no need to return $rec + $context = new object(); + $context->id = $rec->ctxid; unset($rec->ctxid); + $context->path = $rec->ctxpath; unset($rec->ctxpath); + $context->depth = $rec->ctxdepth; unset($rec->ctxdepth); + $context->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel); + $context->instanceid = $rec->ctxinstance; unset($rec->ctxinstance); + + cache_context($context); } /** @@ -6072,10 +6312,6 @@ function role_change_permission($roleid, $context, $capname, $permission) { global $DB; - if ($capname === 'moodle/site:doanything' or is_legacy($capname)) { - return; - } - if ($permission == CAP_INHERIT) { unassign_capability($capname, $roleid, $context->id); mark_context_dirty($context->path); Index: lib/setuplib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/setuplib.php,v retrieving revision 1.96 diff -u -r1.96 setuplib.php --- lib/setuplib.php 28 Mar 2010 09:05:47 -0000 1.96 +++ lib/setuplib.php 28 Mar 2010 21:41:49 -0000 @@ -747,7 +747,7 @@ */ function redirect_if_major_upgrade_required() { global $CFG; - $lastmajordbchanges = 2009110400; + $lastmajordbchanges = 2010032801; if (empty($CFG->version) or (int)$CFG->version < $lastmajordbchanges or during_initial_install() or !empty($CFG->adminsetuppending)) { try { Index: lib/externallib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/externallib.php,v retrieving revision 1.25 diff -u -r1.25 externallib.php --- lib/externallib.php 22 Mar 2010 14:20:19 -0000 1.25 +++ lib/externallib.php 28 Mar 2010 21:41:36 -0000 @@ -282,6 +282,8 @@ * @return void */ protected static function validate_context($context) { + global $CFG; + if (empty($context)) { throw new invalid_parameter_exception('Context does not exist'); } @@ -304,16 +306,26 @@ } if ($context->contextlevel >= CONTEXT_COURSE) { - //TODO: temporary bloody hack, this needs to be replaced by - // proper enrolment and course visibility check - // similar to require_login() (which can not be used - // because it can be used only once and redirects) - // oh - did I say we need to rewrite enrolments in 2.0 - // to solve this bloody mess? - // - // missing: hidden courses and categories, groupmembersonly, - // conditional activities, etc. - require_capability('moodle/course:view', $context); + list($context, $course, $cm) = get_context_info_array($context->id); + // must be enrolled or inspecting + if (!is_enrolled($context) and !is_inspecting($context)) { + throw new invalid_parameter_exception('Must be enrolled in course or be allowed to inspect it.'); + } + // make sure the course is actually visible + if (!($course->visible && course_parent_visible($COURSE)) && !has_capability('moodle/course:viewhiddencourses', get_context_instance(CONTEXT_COURSE, $course->id))) { + throw new invalid_parameter_exception('Invalid course.'); + } + // make sure the activity is actually visible + if ($cm && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $cm->id))) { + throw new invalid_parameter_exception('Invalid activity.'); + } + // verify group memebers + if (!empty($CFG->enablegroupings) and $cm and $cm->groupmembersonly and !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_MODULE, $cm->id))) { + if (!groups_has_membership($cm)) { + throw new invalid_parameter_exception('Must be member of at least one group.'); + } + } + //TODO: verify course completion } } } Index: lib/datalib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/datalib.php,v retrieving revision 1.513 diff -u -r1.513 datalib.php --- lib/datalib.php 18 Mar 2010 05:48:21 -0000 1.513 +++ lib/datalib.php 28 Mar 2010 21:41:33 -0000 @@ -27,21 +27,22 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ - /** - * The maximum courses in a category - * MAX_COURSES_IN_CATEGORY * MAX_COURSE_CATEGORIES must not be more than max integer! - */ +/** + * The maximum courses in a category + * MAX_COURSES_IN_CATEGORY * MAX_COURSE_CATEGORIES must not be more than max integer! + */ define('MAX_COURSES_IN_CATEGORY', 10000); + /** * The maximum number of course categories * MAX_COURSES_IN_CATEGORY * MAX_COURSE_CATEGORIES must not be more than max integer! */ define('MAX_COURSE_CATEGORIES', 10000); - /** - * Number of seconds to wait before updating lastaccess information in DB. - */ - define('LASTACCESS_UPDATE_SECS', 60); +/** + * Number of seconds to wait before updating lastaccess information in DB. + */ +define('LASTACCESS_UPDATE_SECS', 60); /** * Returns $user object of the main admin user @@ -51,44 +52,33 @@ * @static object $myadmin * @return object An associative array representing the admin user. */ -function get_admin () { - static $myadmin; +function get_admin() { + static $mainadmin = null; - if (! isset($admin)) { + if (!isset($mainadmin)) { if (! $admins = get_admins()) { return false; } - $admin = reset($admins);//reset returns first element + //TODO: add some admin setting for specifying of THE main admin + // for now return the first assigned admin + $mainadmin = reset($admins); } - return $admin; + return $mainadmin; } /** - * Returns list of all admins, using 1 DB query. It depends on DB schema v1.7 - * but does not depend on the v1.9 datastructures (context.path, etc). + * Returns list of all admins, using 1 DB query * - * @global object * @return array */ function get_admins() { - global $DB; + global $DB, $CFG; - $sql = "SELECT ra.userid, SUM(rc.permission) AS permission, MIN(ra.id) AS adminid - FROM {role_capabilities} rc - JOIN {context} ctx ON ctx.id=rc.contextid - JOIN {role_assignments} ra ON ra.roleid=rc.roleid AND ra.contextid=ctx.id - WHERE ctx.contextlevel=10 AND rc.capability IN (?, ?, ?) - GROUP BY ra.userid - HAVING SUM(rc.permission) > 0"; - $params = array('moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything'); - - $sql = "SELECT u.*, ra.adminid + $sql = "SELECT u.* FROM {user} u - JOIN ($sql) ra - ON u.id=ra.userid - ORDER BY ra.adminid ASC"; + WHERE u.deleted = 0 AND u.id IN ($CFG->siteadmins)"; - return $DB->get_records_sql($sql, $params); + return $DB->get_records_sql($sql); } /** @@ -454,12 +444,11 @@ $visiblecourses = array(); - $sql = "SELECT $fields, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + list($ccselect, $ccjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx'); + + $sql = "SELECT $fields $ccselect FROM {course} c - JOIN {context} ctx - ON (c.id = ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSE.") + $ccjoin $categoryselect $sortstatement"; @@ -468,10 +457,10 @@ // loop throught them foreach ($courses as $course) { - $course = make_context_subobj($course); + context_instance_preload($course); if (isset($course->visible) && $course->visible <= 0) { // for hidden courses, require visibility check - if (has_capability('moodle/course:viewhiddencourses', $course->context)) { + if (has_capability('moodle/course:viewhiddencourses', get_context_instance(CONTEXT_COURSE, $course->id))) { $visiblecourses [$course->id] = $course; } } else { @@ -517,12 +506,11 @@ $categoryselect = ""; } - $sql = "SELECT $fields, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + list($ccselect, $ccjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx'); + + $sql = "SELECT $fields $ccselect FROM {course} c - JOIN {context} ctx - ON (c.id = ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSE.") + $ccjoin $categoryselect ORDER BY $sort"; @@ -539,10 +527,10 @@ // iteration will have to be done inside loop to keep track of the limitfrom and limitnum $visiblecourses = array(); foreach($rs as $course) { - $course = make_context_subobj($course); + context_instance_preload($course); if ($course->visible <= 0) { // for hidden courses, require visibility check - if (has_capability('moodle/course:viewhiddencourses', $course->context)) { + if (has_capability('moodle/course:viewhiddencourses', get_context_instance(CONTEXT_COURSE, $course->id))) { $totalcount++; if ($totalcount > $limitfrom && (!$limitnum or count($visiblecourses) < $limitnum)) { $visiblecourses [$course->id] = $course; @@ -566,7 +554,6 @@ * role assignments, etc. * * The returned array is indexed on c.id, and each course will have - * - $course->context - a context obj * - $course->managers - array containing RA objects that include a $user obj * with the minimal fields needed for fullname() * @@ -646,12 +633,10 @@ } // pull out all courses matching the cat - $sql = "SELECT $coursefields, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + list($ccselect, $ccjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx'); + $sql = "SELECT $coursefields $ccselect FROM {course} c - JOIN {context} ctx - ON (c.id=ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSE.") + $ccjoin $where $sortstatement"; @@ -662,17 +647,19 @@ // the context, and prepping data to fetch the // managers efficiently later... foreach ($courses as $k => $course) { - $courses[$k] = make_context_subobj($courses[$k]); + context_instance_preload($course); + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + $courses[$k] = $course; $courses[$k]->managers = array(); if ($allcats === false) { // single cat, so take just the first one... if ($catpath === NULL) { - $catpath = preg_replace(':/\d+$:', '',$courses[$k]->context->path); + $catpath = preg_replace(':/\d+$:', '', $coursecontext->path); } } else { // chop off the contextid of the course itself // like dirname() does... - $catpaths[] = preg_replace(':/\d+$:', '',$courses[$k]->context->path); + $catpaths[] = preg_replace(':/\d+$:', '', $coursecontext->path); } } } else { @@ -717,7 +704,6 @@ * */ $sql = "SELECT ctx.path, ctx.instanceid, ctx.contextlevel, - ra.hidden, r.id AS roleid, r.name as rolename, u.id AS userid, u.firstname, u.lastname FROM {role_assignments} ra @@ -742,7 +728,7 @@ // This loop is fairly stupid as it stands - might get better // results doing an initial pass clustering RAs by path. foreach($rs as $ra) { - $user = new StdClass; + $user = new stdClass; $user->id = $ra->userid; unset($ra->userid); $user->firstname = $ra->firstname; unset($ra->firstname); $user->lastname = $ra->lastname; unset($ra->lastname); @@ -751,7 +737,7 @@ foreach ($courses as $k => $course) { $courses[$k]->managers[] = $ra; } - } elseif ($ra->contextlevel == CONTEXT_COURSECAT) { + } else if ($ra->contextlevel == CONTEXT_COURSECAT) { if ($allcats === false) { // It always applies foreach ($courses as $k => $course) { @@ -759,15 +745,16 @@ } } else { foreach ($courses as $k => $course) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Note that strpos() returns 0 as "matched at pos 0" - if (strpos($course->context->path, $ra->path.'/')===0) { + if (strpos($coursecontext->path, $ra->path.'/') === 0) { // Only add it to subpaths $courses[$k]->managers[] = $ra; } } } } else { // course-level - if(!array_key_exists($ra->instanceid, $courses)) { + if (!array_key_exists($ra->instanceid, $courses)) { //this course is not in a list, probably a frontpage course continue; } @@ -821,9 +808,8 @@ function get_my_courses($userid, $sort='visible DESC,sortorder ASC', $fields=NULL, $doanything=false,$limit=0) { global $CFG, $USER, $DB; - // Guest's do not have any courses - $sitecontext = get_context_instance(CONTEXT_SYSTEM); - if (has_capability('moodle/legacy:guest', $sitecontext, $userid, false)) { + // Guest account does not have any courses + if (isguestuser()) { return(array()); } @@ -902,14 +888,11 @@ // the same... // (but here we don't need to check has_cap) $coursefields = 'c.' .join(',c.', $fields); - $sql = "SELECT $coursefields, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth as ctxdepth, ctx.contextlevel AS ctxlevel, - cc.path AS categorypath + list($ccselect, $ccjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx'); + $sql = "SELECT $coursefields $ccselect, cc.path AS categorypath FROM {course} c JOIN {course_categories} cc ON c.category=cc.id - JOIN {context} ctx - ON (c.id=ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSE.") + $ccjoin WHERE c.id IN ($courseids) $orderby"; $rs = $DB->get_recordset_sql($sql); @@ -917,7 +900,7 @@ $cc = 0; // keep count foreach ($rs as $c) { // build the context obj - $c = make_context_subobj($c); + context_instance_preload($c); if ($limit > 0 && $cc >= $limit) { break; @@ -947,12 +930,10 @@ // If we have to walk category visibility // to eval course visibility, get the categories if (empty($CFG->allowvisiblecoursesinhiddencategories)) { - $sql = "SELECT cc.id, cc.path, cc.visible, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth as ctxdepth, ctx.contextlevel AS ctxlevel + list($ccselect, $ccjoin) = context_instance_preload_sql('cc.id', CONTEXT_COURSECAT, 'ctx'); + $sql = "SELECT cc.id, cc.path, cc.visible $ccselect FROM {course_categories} cc - JOIN {context} ctx ON (cc.id = ctx.instanceid) - WHERE ctx.contextlevel = ".CONTEXT_COURSECAT." + $ccjoin ORDER BY cc.id"; $rs = $DB->get_recordset_sql($sql); @@ -960,7 +941,7 @@ $categories = array(); foreach($rs as $course_cat) { // build the context obj - $course_cat = make_context_subobj($course_cat); + context_instance_preload($course_cat); $categories[$course_cat->id] = $course_cat; } $rs->close(); @@ -1142,12 +1123,10 @@ $searchcond = implode(" AND ", $searchcond); - $sql = "SELECT c.*, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + list($ccselect, $ccjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx'); + $sql = "SELECT c.* $ccselect FROM {course} c - JOIN {context} ctx - ON (c.id = ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSE.") + $ccjoin WHERE $searchcond AND c.id <> ".SITEID." ORDER BY $sort"; $courses = array(); @@ -1159,8 +1138,9 @@ $limitto = $limitfrom + $recordsperpage; foreach($rs as $course) { - $course = make_context_subobj($course); - if ($course->visible || has_capability('moodle/course:viewhiddencourses', $course->context)) { + context_instance_preload($course); + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + if ($course->visible || has_capability('moodle/course:viewhiddencourses', $coursecontext)) { // Don't exit this loop till the end // we need to count all the visible courses // to update $totalcount @@ -1207,34 +1187,27 @@ $sort = "ORDER BY $sort"; } + list($ccselect, $ccjoin) = context_instance_preload_sql('cc.id', CONTEXT_COURSECAT, 'ctx'); + if ($parent === 'none') { - $sql = "SELECT cc.*, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + $sql = "SELECT cc.* $ccselect FROM {course_categories} cc - JOIN {context} ctx - ON cc.id=ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSECAT." + $ccjoin $sort"; $params = array(); } elseif ($shallow) { - $sql = "SELECT cc.*, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + $sql = "SELECT cc.* $ccselect FROM {course_categories} cc - JOIN {context} ctx - ON cc.id=ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSECAT." + $ccjoin WHERE cc.parent=? $sort"; $params = array($parent); } else { - $sql = "SELECT cc.*, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel + $sql = "SELECT cc.* $ccselect FROM {course_categories} cc - JOIN {context} ctx - ON cc.id=ctx.instanceid AND ctx.contextlevel=".CONTEXT_COURSECAT." + $ccjoin JOIN {course_categories} ccp ON (cc.path LIKE ".$DB->sql_concat('ccp.path',"'%'").") WHERE ccp.id=? @@ -1245,8 +1218,9 @@ if( $rs = $DB->get_recordset_sql($sql, $params) ){ foreach($rs as $cat) { - $cat = make_context_subobj($cat); - if ($cat->visible || has_capability('moodle/category:viewhiddencategories',$cat->context)) { + context_instance_preload($cat); + $catcontext = get_context_instance(CONTEXT_COURSECAT, $cat->id); + if ($cat->visible || has_capability('moodle/category:viewhiddencategories', $catcontext)) { $categories[$cat->id] = $cat; } } @@ -2289,7 +2263,7 @@ * * @global object * @uses CONTEXT_SYSTEM - * @param string $mode Either 'admin', 'teacher' or 'everybody' + * @param string $mode Either 'admin' or 'everybody' * @param string $username The username we are searching for * @param string $lastlogin The date from which we are searching * @return int @@ -2302,12 +2276,12 @@ $count = new object(); - if (has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { // Return information about all accounts + if (is_siteadmin()) { if ($count->attempts = $DB->count_records_select('log', $select, $params)) { $count->accounts = $DB->count_records_select('log', $select, $params, 'COUNT(DISTINCT info)'); return $count; } - } else if ($mode == 'everybody' or ($mode == 'teacher' and isteacherinanycourse())) { + } else if ($mode == 'everybody') { if ($count->attempts = $DB->count_records_select('log', "$select AND info = :username", $params)) { return $count; } Index: lib/blocklib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/blocklib.php,v retrieving revision 1.239 diff -u -r1.239 blocklib.php --- lib/blocklib.php 18 Feb 2010 09:23:14 -0000 1.239 +++ lib/blocklib.php 28 Mar 2010 21:41:31 -0000 @@ -448,13 +448,14 @@ list($pagetypepatterntest, $pagetypepatternparams) = $DB->get_in_or_equal($pagetypepatterns, SQL_PARAMS_NAMED, 'pagetypepatterntest0000'); + list($ccselect, $ccjoin) = context_instance_preload_sql('b.id', CONTEXT_BLOCK, 'ctx'); + $params = array( 'subpage1' => $this->page->subpage, 'subpage2' => $this->page->subpage, 'contextid1' => $context->id, 'contextid2' => $context->id, 'pagetype' => $this->page->pagetype, - 'contextblock' => CONTEXT_BLOCK, ); $sql = "SELECT bi.id, @@ -469,11 +470,8 @@ COALESCE(bp.visible, 1) AS visible, COALESCE(bp.region, bi.defaultregion) AS region, COALESCE(bp.weight, bi.defaultweight) AS weight, - bi.configdata, - ctx.id AS ctxid, - ctx.path AS ctxpath, - ctx.depth AS ctxdepth, - ctx.contextlevel AS ctxlevel + bi.configdata + $ccselect FROM {block_instances} bi JOIN {block} b ON bi.blockname = b.name @@ -481,8 +479,7 @@ AND bp.contextid = :contextid1 AND bp.pagetype = :pagetype AND bp.subpage = :subpage1 - JOIN {context} ctx ON ctx.contextlevel = :contextblock - AND ctx.instanceid = bi.id + $ccjoin WHERE $contexttest @@ -500,7 +497,7 @@ $this->birecordsbyregion = $this->prepare_per_region_arrays(); $unknown = array(); foreach ($blockinstances as $bi) { - $bi = make_context_subobj($bi); + context_instance_preload($bi); if ($this->is_known_region($bi->region)) { $this->birecordsbyregion[$bi->region][] = $bi; } else { Index: lib/statslib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/statslib.php,v retrieving revision 1.79 diff -u -r1.79 statslib.php --- lib/statslib.php 4 Dec 2009 03:06:03 -0000 1.79 +++ lib/statslib.php 28 Mar 2010 21:41:49 -0000 @@ -855,20 +855,17 @@ * @param bool $includedoanything include also admins * @return array ra join and where string */ -function stats_get_enrolled_sql($limit, $includedoanything) { +function stats_get_enrolled_sql($limit, $ignored) { global $CFG; static $n = 0; $params = array(); $n++; - $adm = $includedoanything ? " OR rc.capability = :sge_doanything_$n " : ""; - $params['sge_doanything_'.$n] = 'moodle/site:doanything'; - $join = "JOIN {context} ctx ON ctx.id = ra.contextid CROSS JOIN {course} c JOIN {role_capabilities} rc ON rc.roleid = ra.roleid"; - $where = "((rc.capability = :sge_courseview_$n $adm) + $where = "((rc.capability = :sge_courseview_$n) AND rc.permission = 1 AND rc.contextid = ".SYSCONTEXTID." AND (ctx.contextlevel = ".CONTEXT_SYSTEM." OR (c.id = ctx.instanceid AND ctx.contextlevel = ".CONTEXT_COURSE.")"; Index: lib/pagelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/pagelib.php,v retrieving revision 1.174 diff -u -r1.174 pagelib.php --- lib/pagelib.php 25 Mar 2010 06:38:24 -0000 1.174 +++ lib/pagelib.php 28 Mar 2010 21:41:47 -0000 @@ -703,12 +703,13 @@ * @param objcet $cm a full cm objcet obtained from get_coursemodule_from_id or get_coursemodule_from_instance. */ public function set_cm($cm, $course = null, $module = null) { - if (!isset($cm->name) || !isset($cm->modname)) { + if (!isset($cm->name) || !isset($cm->modname) || !isset($cm->id)) { throw new coding_exception('The $cm you set on $PAGE must have been obtained with get_coursemodule_from_id or get_coursemodule_from_instance. That is, the ->name and -> modname fields must be present and correct.'); } $this->_cm = $cm; + $this->_cm->context = get_context_instance(CONTEXT_MODULE, $cm->id); // hacky shortcut if (!$this->_context) { - $this->set_context(get_context_instance(CONTEXT_MODULE, $cm->id)); + $this->set_context($this->_cm->context); } if (!$this->_course || $this->_course->id != $cm->course) { if (!$course) { Index: lib/moodlelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/moodlelib.php,v retrieving revision 1.1291 diff -u -r1.1291 moodlelib.php --- lib/moodlelib.php 25 Mar 2010 01:29:02 -0000 1.1291 +++ lib/moodlelib.php 28 Mar 2010 21:41:42 -0000 @@ -733,7 +733,7 @@ } case PARAM_CAPABILITY: - if (is_valid_capability($param)) { + if (get_capability_info($param)) { return $param; } else { return ''; @@ -781,7 +781,7 @@ // regular expression, eliminate all chars EXCEPT: // alphanum, dash (-), underscore (_), at sign (@) and period (.) characters. $param = preg_replace('/[^-\.@_a-z0-9]/', '', $param); - } + } return $param; case PARAM_EMAIL: @@ -1326,7 +1326,7 @@ function get_user_preferences($name=NULL, $default=NULL, $otheruserid=NULL) { global $USER, $DB; - if (empty($otheruserid) || (!empty($USER->id) && ($USER->id == $otheruserid))){ + if (empty($otheruserid) || (isloggedin() && ($USER->id == $otheruserid))){ check_user_preferences_loaded(); if (empty($name)) { @@ -2098,7 +2098,7 @@ * in the course then the user is redirected to the course home page. * * When $cm parameter specified, this function sets page layout to 'module'. - * You need to change it manually later if some other layout needed. + * You need to change it manually later if some other layout needed. * * @global object * @global object @@ -2225,21 +2225,15 @@ } // Fetch the course context, and prefetch its child contexts - if (!isset($COURSE->context)) { - if ( ! $COURSE->context = get_context_instance(CONTEXT_COURSE, $COURSE->id) ) { - print_error('nocontext'); - } - } - if (!empty($cm) && !isset($cm->context)) { - if ( ! $cm->context = get_context_instance(CONTEXT_MODULE, $cm->id) ) { - print_error('nocontext'); - } + $coursecontext = get_context_instance(CONTEXT_COURSE, $COURSE->id, MUST_EXIST); + if ($cm) { + $cmcontext = get_context_instance(CONTEXT_MODULE, $cm->id, MUST_EXIST); } // Conditional activity access control - if(!empty($CFG->enableavailability) and $cm) { + if (!empty($CFG->enableavailability) and $cm) { // We cache conditional access in session - if(!isset($SESSION->conditionaccessok)) { + if (!isset($SESSION->conditionaccessok)) { $SESSION->conditionaccessok = array(); } // If you have been allowed into the module once then you are allowed @@ -2250,8 +2244,7 @@ $ci = new condition_info($cm, CONDITION_MISSING_EXTRATABLE); // Check condition for user (this will do a query if the availability // information depends on grade or completion information) - if ($ci->is_available($junk) || - has_capability('moodle/course:viewhiddenactivities', $cm->context)) { + if ($ci->is_available($junk) || has_capability('moodle/course:viewhiddenactivities', $cmcontext)) { $SESSION->conditionaccessok[$cm->id] = true; } else { print_error('activityiscurrentlyhidden'); @@ -2261,8 +2254,7 @@ if ($COURSE->id == SITEID) { /// Eliminate hidden site activities straight away - if (!empty($cm) && !$cm->visible - && !has_capability('moodle/course:viewhiddenactivities', $cm->context)) { + if ($cm && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cmcontext)) { redirect($CFG->wwwroot, get_string('activityiscurrentlyhidden')); } user_accesstime_log($COURSE->id); /// Access granted, update lastaccess times @@ -2271,53 +2263,53 @@ } else { /// Check if the user can be in a particular course - if (empty($USER->access['rsw'][$COURSE->context->path])) { + if (empty($USER->access['rsw'][$coursecontext->path])) { // // MDL-13900 - If the course or the parent category are hidden // and the user hasn't the 'course:viewhiddencourses' capability, prevent access // - if ( !($COURSE->visible && course_parent_visible($COURSE)) && - !has_capability('moodle/course:viewhiddencourses', $COURSE->context)) { + if ( !($COURSE->visible && course_parent_visible($COURSE)) && !has_capability('moodle/course:viewhiddencourses', $coursecontext)) { echo $OUTPUT->header(); notice(get_string('coursehidden'), $CFG->wwwroot .'/'); } } - /// Non-guests who don't currently have access, check if they can be allowed in as a guest - - if ($USER->username != 'guest' and !has_capability('moodle/course:view', $COURSE->context)) { - if ($COURSE->guest == 1) { - // Temporarily assign them guest role for this context, if it fails later user is asked to enrol - $USER->access = load_temp_role($COURSE->context, $CFG->guestroleid, $USER->access); + if (is_enrolled($coursecontext) or is_inspecting($coursecontext)) { + // Enrolled user or allowed to visit course (managers, inspectors, etc.) + if (session_is_loggedinas()) { // Make sure the REAL person can also access this course + $realuser = session_get_realuser(); + if (!is_enrolled($coursecontext, $realuser->id)) { // do not test inpsect cap here + echo $OUTPUT->header(); + notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/'); + } } - } - - /// If the user is a guest then treat them according to the course policy about guests - if (has_capability('moodle/legacy:guest', $COURSE->context, NULL, false)) { - if (has_capability('moodle/site:doanything', $sysctx)) { - // administrators must be able to access any course - even if somebody gives them guest access - user_accesstime_log($COURSE->id); /// Access granted, update lastaccess times - return; + // Make sure they can read this activity too, if specified + if ($cm && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cmcontext)) { + redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden')); } + user_accesstime_log($COURSE->id); /// Access granted, update lastaccess times + return; // User is allowed to see this course + } else { + // guest access switch ($COURSE->guest) { /// Check course policy about guest access case 1: /// Guests always allowed - if (!has_capability('moodle/course:view', $COURSE->context)) { // Prohibited by capability - echo $OUTPUT->header(); - notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), get_login_url()); - } - if (!empty($cm) and !$cm->visible) { // Not allowed to see module, send to course page + if ($cm and !$cm->visible) { // Not allowed to see module, send to course page redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden')); } + if ($USER->username != 'guest' and !empty($CFG->guestroleid)) { + // Non-guests who don't currently have access, check if they can be allowed in as a guest + // Temporarily assign them guest role for this context, if it fails later user is asked to enrol + $USER->access = load_temp_role($coursecontext, $CFG->guestroleid, $USER->access); + } + user_accesstime_log($COURSE->id); /// Access granted, update lastaccess times return; // User is allowed to see this course - break; - case 2: /// Guests allowed with key if (!empty($USER->enrolkey[$COURSE->id])) { // Set by enrol/manual/enrol.php user_accesstime_log($COURSE->id); /// Access granted, update lastaccess times @@ -2330,7 +2322,7 @@ $strloggedinasguest = get_string('loggedinasguest'); $PAGE->navbar->add($strloggedinasguest); echo $OUTPUT->header(); - if (empty($USER->access['rsw'][$COURSE->context->path])) { // Normal guest + if (empty($USER->access['rsw'][$coursecontext->path])) { // Normal guest notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), get_login_url()); } else { echo $OUTPUT->notification(get_string('guestsnotallowed', '', format_string($COURSE->fullname))); @@ -2340,30 +2332,9 @@ } break; } - - /// For non-guests, check if they have course view access - - } else if (has_capability('moodle/course:view', $COURSE->context)) { - if (session_is_loggedinas()) { // Make sure the REAL person can also access this course - $realuser = session_get_realuser(); - if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) { - echo $OUTPUT->header(); - notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/'); - } - } - - /// Make sure they can read this activity too, if specified - - if (!empty($cm) && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cm->context)) { - redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden')); - } - user_accesstime_log($COURSE->id); /// Access granted, update lastaccess times - return; // User is allowed to see this course - } - - /// Currently not enrolled in the course, so see if they want to enrol + // Currently not enrolled in the course, so see if they want to enrol $SESSION->wantsurl = $FULLME; redirect($CFG->wwwroot .'/course/enrol.php?id='. $COURSE->id); die; @@ -2957,7 +2928,7 @@ // Get assignments of a user to a role that exist in a child course, but // not in the meta coure. That is, get a list of the assignments that need to be made. if (!$assignments = $DB->get_records_sql(" - SELECT ra.id, ra.roleid, ra.userid, ra.hidden + SELECT ra.id, ra.roleid, ra.userid FROM {role_assignments} ra, {context} con, {course_meta} cm WHERE ra.contextid = con.id AND con.contextlevel = ".CONTEXT_COURSE." AND @@ -3005,7 +2976,7 @@ // Make the assignments. foreach ($assignments as $assignment) { - $success = role_assign($assignment->roleid, $assignment->userid, 0, $context->id, 0, 0, $assignment->hidden) && $success; + $success = role_assign($assignment->roleid, $assignment->userid, 0, $context->id, 0, 0) && $success; } return $success; @@ -3061,45 +3032,6 @@ return false; } - -/** - * Determines if a user is currently logged in - * - * @global object - * @return bool - */ -function isloggedin() { - global $USER; - - return (!empty($USER->id)); -} - -/** - * Determines if a user is logged in as real guest user with username 'guest'. - * This function is similar to original isguest() in 1.6 and earlier. - * Current isguest() is deprecated - do not use it anymore. - * - * @global object - * @global object - * @param int $user mixed user object or id, $USER if not specified - * @return bool true if user is the real guest user, false if not logged in or other user - */ -function isguestuser($user=NULL) { - global $USER, $DB; - - if ($user === NULL) { - $user = $USER; - } else if (is_numeric($user)) { - $user = $DB->get_record('user', array('id'=>$user), 'id, username'); - } - - if (empty($user->id)) { - return false; // not logged in, can not be guest - } - - return ($user->username == 'guest'); -} - /** * Determines if the currently logged in user is in editing mode. * Note: originally this function had $userid parameter - it was not usable anyway @@ -4310,7 +4242,7 @@ if ($users = get_role_users($roleid, $context, false, 'u.id', 'u.id ASC')) { foreach ($users as $user) { role_unassign($roleid, $user->id, 0, $context->id); - if (!has_capability('moodle/course:view', $context, $user->id)) { + if (!is_enrolled($context, $user->id)) { $data->unenrolled[$user->id] = $user->id; } } @@ -5090,7 +5022,7 @@ if (!empty($course->welcomemessage)) { $message = $course->welcomemessage; } else { - $a = new Object(); + $a = new object(); $a->coursename = $course->fullname; $a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id"; $message = get_string("welcometocoursetext", "", $a); @@ -5101,7 +5033,7 @@ $subject = get_string('welcometocourse', '', format_string($course->fullname)); $context = get_context_instance(CONTEXT_COURSE, $course->id); - // Pass $view=true to filter hidden caps if the user cannot see them + // TODO: replace with $CFG->coursemanager test, 'moodle/course:update' is very wrong!! if ($users = get_users_by_capability($context, 'moodle/course:update', 'u.*', 'u.id ASC','', '', '', '', false, true)) { $users = sort_by_roleassignment_authority($users, $context); $teacher = array_shift($users); Index: lib/adminlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/adminlib.php,v retrieving revision 1.440 diff -u -r1.440 adminlib.php --- lib/adminlib.php 25 Mar 2010 06:38:23 -0000 1.440 +++ lib/adminlib.php 28 Mar 2010 21:41:30 -0000 @@ -969,7 +969,7 @@ global $CFG; $context = empty($this->context) ? get_context_instance(CONTEXT_SYSTEM) : $this->context; foreach($this->req_capability as $cap) { - if (is_valid_capability($cap) and has_capability($cap, $context)) { + if (has_capability($cap, $context)) { return true; } } @@ -1144,7 +1144,7 @@ global $CFG; $context = empty($this->context) ? get_context_instance(CONTEXT_SYSTEM) : $this->context; foreach($this->req_capability as $cap) { - if (is_valid_capability($cap) and has_capability($cap, $context)) { + if (has_capability($cap, $context)) { return true; } } @@ -3732,9 +3732,8 @@ * @param string $name Name of config variable * @param string $visiblename Display name * @param string $description Description - * @param array $types Array of capabilities (usually moodle/legacy:something) - * which identify roles that will be enabled by default. Default is the - * student role + * @param array $types Array of archetypes which identify + * roles that will be enabled by default. */ public function __construct($name, $visiblename, $description, $types) { parent::__construct($name, $visiblename, $description, NULL, NULL); @@ -3776,8 +3775,8 @@ return null; } $result = array(); - foreach($this->types as $capability) { - if ($caproles = get_roles_with_capability($capability, CAP_ALLOW)) { + foreach($this->types as $archetype) { + if ($caproles = get_archetype_roles($archetype)) { foreach ($caproles as $caprole) { $result[$caprole->id] = 1; } @@ -4074,7 +4073,7 @@ public function __construct() { parent::__construct('gradebookroles', get_string('gradebookroles', 'admin'), get_string('configgradebookroles', 'admin'), - array('moodle/legacy:student')); + array('student')); } } @@ -4117,7 +4116,7 @@ public function __construct() { parent::__construct('coursemanager', get_string('coursemanager', 'admin'), get_string('configcoursemanager', 'admin'), - array('moodle/legacy:editingteacher')); + array('editingteacher')); } } Index: lib/navigationlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/navigationlib.php,v retrieving revision 1.85 diff -u -r1.85 navigationlib.php --- lib/navigationlib.php 22 Mar 2010 03:04:00 -0000 1.85 +++ lib/navigationlib.php 28 Mar 2010 21:41:45 -0000 @@ -1420,31 +1420,16 @@ // itself hasn't set PAGE->cm (usually set by require_login) // Chances are this is a front page module. $cm = get_coursemodule_from_id(false, $this->context->instanceid); - if ($cm) { - $cm->context = $this->context; - $PAGE->set_cm($cm, $PAGE->course); - } else { - debugging('The module has not been set against the page but we are attempting to generate module specific information for navigation', DEBUG_DEVELOPER); - return; - } + $PAGE->set_cm($cm, $PAGE->course); } $node = $this->find_child($PAGE->cm->id, self::TYPE_ACTIVITY); if ($node) { $node->make_active(); - if (!isset($PAGE->course->context)) { - // If we get here chances we are on a front page module - $this->context = $PAGE->context; - } else { - $this->context = $PAGE->course->context; - } + $this->context = $PAGE->context; $file = $CFG->dirroot.'/mod/'.$PAGE->activityname.'/lib.php'; $function = $PAGE->activityname.'_extend_navigation'; - if (empty($PAGE->cm->context)) { - $PAGE->cm->context = get_context_instance(CONTEXT_MODULE, $PAGE->cm->instance); - } - if (file_exists($file)) { require_once($file); if (function_exists($function)) { @@ -1795,15 +1780,10 @@ $systemcontext = get_context_instance(CONTEXT_SYSTEM); - // Cache capability moodle/site:config we use this in the next bit of code - if (!$this->cache->cached('hassiteconfig')) { - $this->cache->hassiteconfig = has_capability('moodle/site:config', $systemcontext); - } - // If the user is logged in (but not as a guest), doesnt have the site config capability, // and my courses havn't been disabled then we will show the user's courses in the // global navigation, otherwise we will show up to FRONTPAGECOURSELIMIT available courses - if (isloggedin() && !$this->cache->hassiteconfig && !isguestuser() && empty($CFG->disablemycourses)) { + if (isloggedin() && !is_siteadmin() && !isguestuser() && empty($CFG->disablemycourses)) { if (!$this->cache->cached('mycourses')) { $this->cache->mycourses = get_my_courses($USER->id); } @@ -2765,14 +2745,9 @@ global $CFG, $USER, $SESSION; $course = $this->page->course; - if (empty($course->context)) { - if (!$this->cache->cached('coursecontext'.$course->id)) { - $this->cache->{'coursecontext'.$course->id} = get_context_instance(CONTEXT_COURSE, $course->id); // Course context - } - $course->context = $this->cache->{'coursecontext'.$course->id}; - } + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); if (!$this->cache->cached('canviewcourse'.$course->id)) { - $this->cache->{'canviewcourse'.$course->id} = has_capability('moodle/course:view', $course->context); + $this->cache->{'canviewcourse'.$course->id} = has_capability('moodle/course:view', $coursecontext); } if ($course->id === SITEID || !$this->cache->{'canviewcourse'.$course->id}) { return false; @@ -2782,7 +2757,7 @@ $coursenode = $this->get($coursenodekey); $coursenode->forceopen = ($forceopen==true); - if (has_capability('moodle/course:update', $course->context)) { + if (has_capability('moodle/course:update', $coursecontext)) { // Add the turn on/off settings $url = new moodle_url('/course/view.php', array('id'=>$course->id, 'sesskey'=>sesskey())); if ($this->page->user_is_editing()) { @@ -2880,37 +2855,37 @@ $coursenode->add(get_string('settings'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/settings', '')); } - if (has_capability('moodle/role:assign', $course->context)) { + if (has_capability('moodle/role:assign', $coursecontext)) { // Add assign or override roles if allowed - $url = new moodle_url('/'.$CFG->admin.'/roles/assign.php', array('contextid'=>$course->context->id)); + $url = new moodle_url('/'.$CFG->admin.'/roles/assign.php', array('contextid'=>$coursecontext->id)); $coursenode->add(get_string('assignroles', 'role'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/roles', '')); // Override roles - if (has_capability('moodle/role:review', $course->context) or count(get_overridable_roles($course->context))>0) { - $url = new moodle_url('/'.$CFG->admin.'/roles/permissions.php', array('contextid'=>$course->context->id)); + if (has_capability('moodle/role:review', $coursecontext) or count(get_overridable_roles($coursecontext))>0) { + $url = new moodle_url('/'.$CFG->admin.'/roles/permissions.php', array('contextid'=>$coursecontext->id)); $coursenode->add(get_string('permissions', 'role'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/roles', '')); } // Check role permissions - if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride','moodle/role:override', 'moodle/role:assign'), $course->context)) { - $url = new moodle_url('/'.$CFG->admin.'/roles/check.php', array('contextid'=>$course->context->id)); + if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride','moodle/role:override', 'moodle/role:assign'), $coursecontext)) { + $url = new moodle_url('/'.$CFG->admin.'/roles/check.php', array('contextid'=>$coursecontext->id)); $coursenode->add(get_string('checkpermissions', 'role'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/roles', '')); } // Manage filters - if (has_capability('moodle/filter:manage', $course->context) && count(filter_get_available_in_context($course->context))>0) { - $url = new moodle_url('/filter/manage.php', array('contextid'=>$course->context->id)); + if (has_capability('moodle/filter:manage', $coursecontext) && count(filter_get_available_in_context($coursecontext))>0) { + $url = new moodle_url('/filter/manage.php', array('contextid'=>$coursecontext->id)); $coursenode->add(get_string('filters', 'admin'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/filter', '')); } } // Add view grade report is permitted $reportavailable = false; - if (has_capability('moodle/grade:viewall', $course->context)) { + if (has_capability('moodle/grade:viewall', $coursecontext)) { $reportavailable = true; } else if (!empty($course->showgrades)) { $reports = get_plugin_list('gradereport'); if (is_array($reports) && count($reports)>0) { // Get all installed reports arsort($reports); // user is last, we want to test it first foreach ($reports as $plugin => $plugindir) { - if (has_capability('gradereport/'.$plugin.':view', $course->context)) { + if (has_capability('gradereport/'.$plugin.':view', $coursecontext)) { //stop when the first visible plugin is found $reportavailable = true; break; @@ -2924,48 +2899,48 @@ } // Add outcome if permitted - if (!empty($CFG->enableoutcomes) && has_capability('moodle/course:update', $course->context)) { + if (!empty($CFG->enableoutcomes) && has_capability('moodle/course:update', $coursecontext)) { $url = new moodle_url('/grade/edit/outcome/course.php', array('id'=>$course->id)); $coursenode->add(get_string('outcomes', 'grades'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/outcomes', '')); } // Add meta course links if ($course->metacourse) { - if (has_capability('moodle/course:managemetacourse', $course->context)) { + if (has_capability('moodle/course:managemetacourse', $coursecontext)) { $url = new moodle_url('/course/importstudents.php', array('id'=>$course->id)); $coursenode->add(get_string('childcourses'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/course', '')); - } else if (has_capability('moodle/role:assign', $course->context)) { + } else if (has_capability('moodle/role:assign', $coursecontext)) { $key = $coursenode->add(get_string('childcourses'), null, self::TYPE_SETTING, null, null, new pix_icon('i/course', '')); $coursenode->get($key)->hidden = true;; } } // Manage groups in this course - if (($course->groupmode || !$course->groupmodeforce) && has_capability('moodle/course:managegroups', $course->context)) { + if (($course->groupmode || !$course->groupmodeforce) && has_capability('moodle/course:managegroups', $coursecontext)) { $url = new moodle_url('/group/index.php', array('id'=>$course->id)); $coursenode->add(get_string('groups'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/group', '')); } // Backup this course - if (has_capability('moodle/backup:backupcourse', $course->context)) { + if (has_capability('moodle/backup:backupcourse', $coursecontext)) { $url = new moodle_url('/backup/backup.php', array('id'=>$course->id)); $coursenode->add(get_string('backup'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/backup', '')); } // Restore to this course - if (has_capability('moodle/restore:restorecourse', $course->context)) { + if (has_capability('moodle/restore:restorecourse', $coursecontext)) { $url = new moodle_url('/files/index.php', array('id'=>$course->id, 'wdir'=>'/backupdata')); $coursenode->add(get_string('restore'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/restore', '')); } // Import data from other courses - if (has_capability('moodle/restore:restoretargetimport', $course->context)) { + if (has_capability('moodle/restore:restoretargetimport', $coursecontext)) { $url = new moodle_url('/course/import.php', array('id'=>$course->id)); $coursenode->add(get_string('import'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/restore', '')); } // Reset this course - if (has_capability('moodle/course:reset', $course->context)) { + if (has_capability('moodle/course:reset', $coursecontext)) { $url = new moodle_url('/course/reset.php', array('id'=>$course->id)); $coursenode->add(get_string('reset'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/return', '')); } @@ -3017,13 +2992,19 @@ } // Unenrol link - if (empty($course->metacourse)) { - if (has_capability('moodle/legacy:guest', $this->context, NULL, false)) { // Are a guest now - $url = new moodle_url('/course/enrol.php', array('id'=>$course->id)); - $coursenode->add(get_string('enrolme', '', format_string($course->shortname)), $url, self::TYPE_SETTING, null, null, new pix_icon('i/user', '')); - } else if (has_capability('moodle/role:unassignself', $this->context, NULL, false) && get_user_roles($this->context, 0, false)) { // Have some role - $url = new moodle_url('/course/unenrol.php', array('id'=>$course->id)); - $coursenode->add(get_string('unenrolme', '', format_string($course->shortname)), $url, self::TYPE_SETTING, null, null, new pix_icon('i/user', '')); + if (empty($course->metacourse) && ($course->id!==SITEID)) { + if (is_enrolled($this->context)) { + if (has_capability('moodle/role:unassignself', $this->page->context, NULL, false) and get_user_roles($this->page->context, $USER->id, false)) { // Have some role + $this->content->items[]=''.get_string('unenrolme', '', format_string($course->shortname)).''; + $this->content->icons[]=''; + } + + } else if (is_inspecting($this->context)) { + // inspector, manager, etc. - do not show anything + } else { + // access because otherwise they would not get into this course at all + $this->content->items[]=''.get_string('enrolme', '', format_string($course->shortname)).''; + $this->content->icons[]=''; } } @@ -3083,18 +3064,9 @@ if (!$this->page->cm && $this->context->contextlevel == CONTEXT_MODULE && $this->context->instanceid) { $cm = get_coursemodule_from_id(false, $this->context->instanceid, 0, false, MUST_EXIST); - $cm->context = $this->context; $this->page->set_cm($cm, $this->page->course); } - if (empty($this->page->cm->context)) { - if ($this->context->instanceid === $this->page->cm->id) { - $this->page->cm->context = $this->context; - } else { - $this->page->cm->context = get_context_instance(CONTEXT_MODULE, $this->page->cm->instance); - } - } - $modulekey = $this->add(get_string($this->page->activityname.'administration', $this->page->activityname)); $modulenode = $this->get($modulekey); $modulenode->forceopen = true; @@ -3453,16 +3425,14 @@ global $SITE, $CFG; $course = clone($SITE); - if (empty($course->context)) { - $course->context = get_context_instance(CONTEXT_COURSE, $course->id); // Course context - } + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context $frontpagekey = $this->add(get_string('frontpagesettings'), null, self::TYPE_SETTING, null, 'frontpage'); $frontpage = $this->get($frontpagekey); $frontpage->forceopen = $forceopen; $frontpage->id = 'frontpagesettings'; - if (has_capability('moodle/course:update', $course->context)) { + if (has_capability('moodle/course:update', $coursecontext)) { // Add the turn on/off settings $url = new moodle_url('/course/view.php', array('id'=>$course->id, 'sesskey'=>sesskey())); @@ -3481,41 +3451,41 @@ } //Participants - if (has_capability('moodle/site:viewparticipants', $course->context)) { - $url = new moodle_url('/user/index.php', array('contextid'=>$course->context->id)); + if (has_capability('moodle/site:viewparticipants', $coursecontext)) { + $url = new moodle_url('/user/index.php', array('contextid'=>$coursecontext->id)); $frontpage->add(get_string('participants'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/users', '')); } // Roles - if (has_capability('moodle/role:assign', $course->context)) { + if (has_capability('moodle/role:assign', $coursecontext)) { // Add assign or override roles if allowed - $url = new moodle_url('/'.$CFG->admin.'/roles/assign.php', array('contextid'=>$course->context->id)); + $url = new moodle_url('/'.$CFG->admin.'/roles/assign.php', array('contextid'=>$coursecontext->id)); $frontpage->add(get_string('assignroles', 'role'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/roles', '')); // Override roles - if (has_capability('moodle/role:review', $course->context) or count(get_overridable_roles($course->context))>0) { - $url = new moodle_url('/'.$CFG->admin.'/roles/permissions.php', array('contextid'=>$course->context->id)); + if (has_capability('moodle/role:review', $coursecontext) or count(get_overridable_roles($coursecontext))>0) { + $url = new moodle_url('/'.$CFG->admin.'/roles/permissions.php', array('contextid'=>$coursecontext->id)); $frontpage->add(get_string('permissions', 'role'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/roles', '')); } // Check role permissions - if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride','moodle/role:override', 'moodle/role:assign'), $course->context)) { - $url = new moodle_url('/'.$CFG->admin.'/roles/check.php', array('contextid'=>$course->context->id)); + if (has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride','moodle/role:override', 'moodle/role:assign'), $coursecontext)) { + $url = new moodle_url('/'.$CFG->admin.'/roles/check.php', array('contextid'=>$coursecontext->id)); $frontpage->add(get_string('checkpermissions', 'role'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/roles', '')); } // Manage filters - if (has_capability('moodle/filter:manage', $course->context) && count(filter_get_available_in_context($course->context))>0) { - $url = new moodle_url('/filter/manage.php', array('contextid'=>$course->context->id)); + if (has_capability('moodle/filter:manage', $coursecontext) && count(filter_get_available_in_context($coursecontext))>0) { + $url = new moodle_url('/filter/manage.php', array('contextid'=>$coursecontext->id)); $frontpage->add(get_string('filters', 'admin'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/filter', '')); } } // Backup this course - if (has_capability('moodle/backup:backupcourse', $course->context)) { + if (has_capability('moodle/backup:backupcourse', $coursecontext)) { $url = new moodle_url('/backup/backup.php', array('id'=>$course->id)); $frontpage->add(get_string('backup'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/backup', '')); } // Restore to this course - if (has_capability('moodle/restore:restorecourse', $course->context)) { + if (has_capability('moodle/restore:restorecourse', $coursecontext)) { $url = new moodle_url('/files/index.php', array('id'=>$course->id, 'wdir'=>'/backupdata')); $frontpage->add(get_string('restore'), $url, self::TYPE_SETTING, null, null, new pix_icon('i/restore', '')); } Index: lib/deprecatedlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/deprecatedlib.php,v retrieving revision 1.217 diff -u -r1.217 deprecatedlib.php --- lib/deprecatedlib.php 20 Mar 2010 22:15:57 -0000 1.217 +++ lib/deprecatedlib.php 28 Mar 2010 21:41:36 -0000 @@ -29,140 +29,54 @@ */ /** - * Determines if a user is a teacher (or better) - * - * @global object - * @uses CONTEXT_COURSE - * @uses CONTEXT_SYSTEM - * @param int $courseid The id of the course that is being viewed, if any - * @param int $userid The id of the user that is being tested against. Set this to 0 if you would just like to test against the currently logged in user. - * @param bool $obsolete_includeadmin Not used any more - * @return bool + * @deprecated */ -function isteacher($courseid=0, $userid=0, $obsolete_includeadmin=true) { -/// Is the user able to access this course as a teacher? - global $CFG; - - if ($courseid) { - $context = get_context_instance(CONTEXT_COURSE, $courseid); - } else { - $context = get_context_instance(CONTEXT_SYSTEM); - } - - return (has_capability('moodle/legacy:teacher', $context, $userid, false) - or has_capability('moodle/legacy:editingteacher', $context, $userid, false) - or has_capability('moodle/legacy:admin', $context, $userid, false)); +function isteacher() { + error('Function isteacher() was removed, please use capabilities instead!'); } /** - * Determines if a user is a teacher in any course, or an admin - * - * @global object - * @global object - * @global object - * @uses CAP_ALLOW - * @uses CONTEXT_SYSTEM - * @param int $userid The id of the user that is being tested against. Set this to 0 if you would just like to test against the currently logged in user. - * @param bool $includeadmin Include anyone wo is an admin as well - * @return bool + * @deprecated */ -function isteacherinanycourse($userid=0, $includeadmin=true) { - global $USER, $CFG, $DB; - - if (!$userid) { - if (empty($USER->id)) { - return false; - } - $userid = $USER->id; - } - - if (!$DB->record_exists('role_assignments', array('userid'=>$userid))) { // Has no roles anywhere - return false; - } - -/// If this user is assigned as an editing teacher anywhere then return true - if ($roles = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW)) { - foreach ($roles as $role) { - if ($DB->record_exists('role_assignments', array('roleid'=>$role->id, 'userid'=>$userid))) { - return true; - } - } - } - -/// If this user is assigned as a non-editing teacher anywhere then return true - if ($roles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) { - foreach ($roles as $role) { - if ($DB->record_exists('role_assignments', array('roleid'=>$role->id, 'userid'=>$userid))) { - return true; - } - } - } - -/// Include admins if required - if ($includeadmin) { - $context = get_context_instance(CONTEXT_SYSTEM); - if (has_capability('moodle/legacy:admin', $context, $userid, false)) { - return true; - } - } - - return false; +function isteacherinanycourse() { + error('Function isteacherinanycourse() was removed, please use capabilities instead!'); } - /** - * Determines if the specified user is logged in as guest. - * - * See {@link isguestuser()} as an alternative - * * @deprecated - * @global object - * @param int $userid The user being tested. You can set this to 0 or leave it blank to test the currently logged in user. - * @return bool */ -function isguest($userid=0) { - global $CFG; - - $context = get_context_instance(CONTEXT_SYSTEM); - - return has_capability('moodle/legacy:guest', $context, $userid, false); +function get_guest() { + error('Function get_guest() was removed, please use capabilities instead!'); } +/** + * @deprecated + */ +function get_teacher() { + error('Function get_teacher() was removed, please use capabilities instead!'); +} /** - * Get the guest user information from the database - * - * @todo Is object(user) a correct return type? Or is array the proper return type with a - * note that the contents include all details for a user. + * Return all course participant for a given course * - * @return object(user) An associative array with the details of the guest user account. + * @deprecated + * @param integer $courseid + * @return array of user */ -function get_guest() { - return get_complete_user_data('username', 'guest'); +function get_course_participants($courseid) { + return get_enrolled_users(get_context_instance(CONTEXT_COURSE, $courseid)); } /** - * Returns $user object of the main teacher for a course + * Return true if the user is a participant for a given course * - * @global object - * @uses CONTEXT_COURSE - * @param int $courseid The course in question. - * @return user|false A {@link $USER} record of the main teacher for the specified course or false if error. + * @deprecated + * @param integer $userid + * @param integer $courseid + * @return boolean */ -function get_teacher($courseid) { - - global $CFG; - - $context = get_context_instance(CONTEXT_COURSE, $courseid); - - // Pass $view=true to filter hidden caps if the user cannot see them - if ($users = get_users_by_capability($context, 'moodle/course:update', 'u.*', 'u.id ASC', - '', '', '', '', false, true)) { - $users = sort_by_roleassignment_authority($users, $context); - return array_shift($users); - } - - return false; +function is_course_participant($userid, $courseid) { + return is_enrolled(get_context_instance(CONTEXT_COURSE, $courseid), $userid); } /** @@ -195,6 +109,68 @@ return $DB->get_records_sql($sql, $params); } + +/** + * Turn the ctx* fields in an objectlike record into a context subobject + * This allows us to SELECT from major tables JOINing with + * context at no cost, saving a ton of context lookups... + * + * Use context_instance_preload() instead. + * + * @deprecated since 2.0 + * @param object $rec + * @return object + */ +function make_context_subobj($rec) { + $ctx = new StdClass; + $ctx->id = $rec->ctxid; unset($rec->ctxid); + $ctx->path = $rec->ctxpath; unset($rec->ctxpath); + $ctx->depth = $rec->ctxdepth; unset($rec->ctxdepth); + $ctx->contextlevel = $rec->ctxlevel; unset($rec->ctxlevel); + $ctx->instanceid = $rec->id; + + $rec->context = $ctx; + return $rec; +} + +/** + * Do some basic, quick checks to see whether $rec->context looks like a valid context object. + * + * Use context_instance_preload() instead. + * + * @deprecated since 2.0 + * @param object $rec a think that has a context, for example a course, + * course category, course modules, etc. + * @param int $contextlevel the type of thing $rec is, one of the CONTEXT_... constants. + * @return bool whether $rec->context looks like the correct context object + * for this thing. + */ +function is_context_subobj_valid($rec, $contextlevel) { + return isset($rec->context) && isset($rec->context->id) && + isset($rec->context->path) && isset($rec->context->depth) && + isset($rec->context->contextlevel) && isset($rec->context->instanceid) && + $rec->context->contextlevel == $contextlevel && $rec->context->instanceid == $rec->id; +} + +/** + * Ensure that $rec->context is present and correct before you continue + * + * When you have a record (for example a $category, $course, $user or $cm that may, + * or may not, have come from a place that does make_context_subobj, you can use + * this method to ensure that $rec->context is present and correct before you continue. + * + * Use context_instance_preload() instead. + * + * @deprecated since 2.0 + * @param object $rec a thing that has an associated context. + * @param integer $contextlevel the type of thing $rec is, one of the CONTEXT_... constants. + */ +function ensure_context_subobj_present(&$rec, $contextlevel) { + if (!is_context_subobj_valid($rec, $contextlevel)) { + $rec->context = get_context_instance($contextlevel, $rec->id); + } +} + ########### FROM weblib.php ########################################################################## Index: course/report/outline/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/report/outline/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- course/report/outline/db/access.php 4 Nov 2009 19:24:13 -0000 1.3 +++ course/report/outline/db/access.php 28 Mar 2010 21:41:17 -0000 @@ -32,7 +32,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', Index: message/history.php =================================================================== RCS file: /cvsroot/moodle/moodle/message/history.php,v retrieving revision 1.26 diff -u -r1.26 history.php --- message/history.php 16 Jan 2010 15:40:02 -0000 1.26 +++ message/history.php 28 Mar 2010 21:42:00 -0000 @@ -28,7 +28,7 @@ require_login(); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { redirect($CFG->wwwroot); } Index: message/user.php =================================================================== RCS file: /cvsroot/moodle/moodle/message/user.php,v retrieving revision 1.42 diff -u -r1.42 user.php --- message/user.php 16 Jan 2010 15:40:02 -0000 1.42 +++ message/user.php 28 Mar 2010 21:42:00 -0000 @@ -26,7 +26,7 @@ require_login(); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { redirect($CFG->wwwroot); } Index: message/discussion.php =================================================================== RCS file: /cvsroot/moodle/moodle/message/discussion.php,v retrieving revision 1.37 diff -u -r1.37 discussion.php --- message/discussion.php 16 Jan 2010 15:40:02 -0000 1.37 +++ message/discussion.php 28 Mar 2010 21:42:00 -0000 @@ -28,7 +28,7 @@ require_login(); - if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (isguestuser()) { redirect($CFG->wwwroot); } Index: message/refresh.php =================================================================== RCS file: /cvsroot/moodle/moodle/message/refresh.php,v retrieving revision 1.28 diff -u -r1.28 refresh.php --- message/refresh.php 6 Feb 2010 12:38:08 -0000 1.28 +++ message/refresh.php 28 Mar 2010 21:42:00 -0000 @@ -28,7 +28,7 @@ require_login(); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { redirect($CFG->wwwroot); } Index: message/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/message/index.php,v retrieving revision 1.31 diff -u -r1.31 index.php --- message/index.php 26 Jan 2010 09:44:55 -0000 1.31 +++ message/index.php 28 Mar 2010 21:42:00 -0000 @@ -28,7 +28,7 @@ require_login(0, false); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { redirect($CFG->wwwroot); } Index: mod/quiz/report/statistics/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/quiz/report/statistics/db/access.php,v retrieving revision 1.4 diff -u -r1.4 access.php --- mod/quiz/report/statistics/db/access.php 4 Nov 2009 19:24:14 -0000 1.4 +++ mod/quiz/report/statistics/db/access.php 28 Mar 2010 21:42:23 -0000 @@ -11,7 +11,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'mod/quiz:viewreports' ) Index: blocks/online_users/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/online_users/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- blocks/online_users/db/access.php 4 Nov 2009 19:24:13 -0000 1.3 +++ blocks/online_users/db/access.php 28 Mar 2010 21:41:08 -0000 @@ -35,7 +35,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: auth/mnet/auth.php =================================================================== RCS file: /cvsroot/moodle/moodle/auth/mnet/auth.php,v retrieving revision 1.77 diff -u -r1.77 auth.php --- auth/mnet/auth.php 18 Feb 2010 01:30:13 -0000 1.77 +++ auth/mnet/auth.php 28 Mar 2010 21:40:53 -0000 @@ -141,8 +141,8 @@ // check remote login permissions if (! has_capability('moodle/site:mnetlogintoremote', get_context_instance(CONTEXT_SYSTEM)) or is_mnet_remote_user($USER) - or $USER->username == 'guest' - or empty($USER->id)) { + or isguestuser() + or !isloggedin()) { print_error('notpermittedtojump', 'mnet'); } Index: mod/hotpot/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/hotpot/lib.php,v retrieving revision 1.135 diff -u -r1.135 lib.php --- mod/hotpot/lib.php 22 Mar 2010 03:04:01 -0000 1.135 +++ mod/hotpot/lib.php 28 Mar 2010 21:42:23 -0000 @@ -502,11 +502,7 @@ } // check if user can view hidden activities - if (isset($COURSE->context)) { - $coursecontext = &$COURSE->context; - } else { - $coursecontext = get_context_instance(CONTEXT_COURSE, $cm->course); - } + $coursecontext = get_context_instance(CONTEXT_COURSE, $cm->course); if (has_capability('moodle/course:viewhiddenactivities', $coursecontext)) { return true; // user can view hidden activities } Index: auth/fc/auth.php =================================================================== RCS file: /cvsroot/moodle/moodle/auth/fc/auth.php,v retrieving revision 1.6 diff -u -r1.6 auth.php --- auth/fc/auth.php 23 Nov 2009 21:50:41 -0000 1.6 +++ auth/fc/auth.php 28 Mar 2010 21:40:50 -0000 @@ -178,7 +178,7 @@ return; //nothing to sync - creators not configured } - if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + if ($roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one $systemcontext = get_context_instance(CONTEXT_SYSTEM); Index: repository/webdav/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/webdav/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/webdav/db/access.php 4 Nov 2009 19:24:14 -0000 1.2 +++ repository/webdav/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: admin/roles/define.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/roles/define.php,v retrieving revision 1.15 diff -u -r1.15 define.php --- admin/roles/define.php 7 Mar 2010 09:28:55 -0000 1.15 +++ admin/roles/define.php 28 Mar 2010 21:40:47 -0000 @@ -103,7 +103,7 @@ admin_externalpage_print_header(); $currenttab = 'manage'; - include_once('managetabs.php'); + include('managetabs.php'); if ($action == 'add') { $title = get_string('addinganewrole', 'role'); @@ -131,7 +131,7 @@ $options['action'] = 'edit'; echo $OUTPUT->single_button(new moodle_url($defineurl, $options), get_string('edit')); $options['action'] = 'reset'; - if ($definitiontable->get_legacy_type()) { + if ($definitiontable->get_archetype()) { echo $OUTPUT->single_button(new moodle_url($manageurl, $options), get_string('resetrole', 'role')); } else { echo $OUTPUT->single_button(new moodle_url($manageurl, $options), get_string('resetrolenolegacy', 'role')); Index: admin/roles/manage.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/roles/manage.php,v retrieving revision 1.86 diff -u -r1.86 manage.php --- admin/roles/manage.php 25 Mar 2010 08:47:25 -0000 1.86 +++ admin/roles/manage.php 28 Mar 2010 21:40:49 -0000 @@ -61,11 +61,6 @@ $undeletableroles[$CFG->guestroleid] = 1; $undeletableroles[$CFG->defaultuserroleid] = 1; $undeletableroles[$CFG->defaultcourseroleid] = 1; - // If there is only one admin role, add that to $undeletableroles too. - $adminroles = get_admin_roles(); - if (count($adminroles) == 1) { - $undeletableroles[reset($adminroles)->id] = 1; - } ///.Process submitted data. $confirmed = optional_param('confirm', false, PARAM_BOOL) && data_submitted() && confirm_sesskey(); @@ -160,7 +155,7 @@ $a->id = $roleid; $a->name = $roles[$roleid]->name; $a->shortname = $roles[$roleid]->shortname; - $a->legacytype = get_legacy_type($roleid); + $a->legacytype = $roles[$roleid]->archetype; if (empty($a->legacytype)) { $warning = get_string('resetrolesurenolegacy', 'role', $a); } else { @@ -168,22 +163,21 @@ } $formcontinue = new single_button(new moodle_url('manage.php', $optionsyes), get_string('yes')); $formcancel = new single_button(new moodle_url('manage.php', $optionsno), get_string('no'), 'get'); - echo $OUTPUT->confirm(get_string('confirmmessage', 'bulkusers', $usernames), $formcontinue, $formcancel); + echo $OUTPUT->confirm($warning, $formcontinue, $formcancel); echo $OUTPUT->footer(); die; } // Do the reset. - $legacytype = get_legacy_type($roleid); - if ($legacytype) { - set_role_contextlevels($roleid, get_default_contextlevels($legacytype)); + if ($roles[$roleid]->archetype) { + set_role_contextlevels($roleid, get_default_contextlevels($roles[$roleid]->archetype)); } reset_role_capabilities($roleid); // Mark context dirty, log and redirect. mark_context_dirty($systemcontext->path); add_to_log(SITEID, 'role', 'reset', 'admin/roles/manage.php?action=reset&roleid=' . $roleid, $roles[$roleid]->localname, '', $USER->id); - redirect($defineurl . '?action=view&roleid=' . $roleid); + redirect($defineurl . '?action=view&roleid=' . $roleid); break; } Index: admin/roles/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/roles/lib.php,v retrieving revision 1.42 diff -u -r1.42 lib.php --- admin/roles/lib.php 7 Mar 2010 09:28:54 -0000 1.42 +++ admin/roles/lib.php 28 Mar 2010 21:40:48 -0000 @@ -144,7 +144,7 @@ protected abstract function num_extra_columns(); /** - * For subclasses to override. Allows certain capabilties (e.g. legacy capabilities) + * For subclasses to override. Allows certain capabilties * to be left out of the table. * * @param object $capability the capability this row relates to. @@ -213,10 +213,6 @@ return 1; } - protected function skip_row($capability) { - return $capability->name != 'moodle/site:doanything' && is_legacy($capability->name); - } - protected function get_row_classes($capability) { $this->hascap = has_capability($capability->name, $this->context, $this->user->id); if ($this->hascap) { @@ -285,10 +281,6 @@ return 3; } - protected function skip_row($capability) { - return $capability->name != 'moodle/site:doanything' && is_legacy($capability->name); - } - protected function add_row_cells($capability) { global $OUTPUT, $PAGE; @@ -554,7 +546,6 @@ protected $errors; protected $contextlevels; protected $allcontextlevels; - protected $legacyroles; protected $disabled = ''; public function __construct($context, $roleid) { @@ -571,8 +562,6 @@ CONTEXT_MODULE => get_string('activitymodule'), CONTEXT_BLOCK => get_string('block') ); - - $this->legacyroles = get_legacy_roles(); } protected function load_current_permissions() { @@ -581,7 +570,6 @@ if (!$this->role = $DB->get_record('role', array('id' => $this->roleid))) { throw new moodle_exception('invalidroleid'); } - $this->role->legacytype = get_legacy_type($this->roleid); $contextlevels = get_role_contextlevels($this->roleid); // Put the contextlevels in the array keys, as well as the values. if (!empty($contextlevels)) { @@ -594,7 +582,7 @@ $this->role->name = ''; $this->role->shortname = ''; $this->role->description = ''; - $this->role->legacytype = ''; + $this->role->archetype = ''; $this->contextlevels = array(); } parent::load_current_permissions(); @@ -638,12 +626,13 @@ } // Legacy type. - $legacytype = optional_param('legacytype', null, PARAM_RAW); - if (!is_null($legacytype)) { - if (array_key_exists($legacytype, $this->legacyroles)) { - $this->role->legacytype = $legacytype; + $archetype = optional_param('archetype', null, PARAM_RAW); + if ($archetype) { + $archetypes = get_role_archetypes(); + if (isset($archetypes[$archetype])){ + $this->role->archetype = $archetype; } else { - $this->role->legacytype = ''; + $this->role->archetype = ''; } } @@ -686,16 +675,12 @@ return $this->role->id; } - public function get_legacy_type() { - return $this->role->legacytype; + public function get_archetype() { + return $this->role->archetype; } protected function load_parent_permissions() { - if ($this->role->legacytype) { - $this->parentpermissions = get_default_capabilities($this->role->legacytype); - } else { - $this->parentpermissions = array(); - } + $this->parentpermissions = get_default_capabilities($this->role->archetype); } public function save_changes() { @@ -703,25 +688,11 @@ if (!$this->roleid) { // Creating role - if (isset($this->legacyroles[$this->role->legacytype])) { - $legacycap = $this->legacyroles[$this->role->legacytype]; - } else { - $legacycap = ''; - } - $this->role->id = create_role($this->role->name, $this->role->shortname, $this->role->description, $legacycap); + $this->role->id = create_role($this->role->name, $this->role->shortname, $this->role->description, $this->role->archetype); $this->roleid = $this->role->id; // Needed to make the parent::save_changes(); call work. } else { // Updating role $DB->update_record('role', $this->role); - - // Legacy type - foreach($this->legacyroles as $type => $cap) { - if ($type == $this->role->legacytype) { - assign_capability($cap, CAP_ALLOW, $this->role->id, $this->context->id); - } else { - unassign_capability($cap, $this->role->id); - } - } } // Assignable contexts. @@ -731,10 +702,6 @@ parent::save_changes(); } - protected function skip_row($capability) { - return is_legacy($capability->name); - } - protected function get_name_field($id) { return ''; } @@ -747,14 +714,14 @@ return print_textarea(true, 10, 50, 50, 10, 'description', $this->role->description, 0, true); } - protected function get_legacy_type_field($id) { + protected function get_archetype_field($id) { global $OUTPUT; $options = array(); $options[''] = get_string('none'); - foreach($this->legacyroles as $type => $cap) { - $options[$type] = get_string('legacy:'.$type, 'role'); + foreach(get_role_archetypes() as $type) { + $options[$type] = get_string('archetype'.$type, 'role'); } - return html_writer::select($options, 'legacytype', $this->role->legacytype, false); + return html_writer::select($options, 'archetype', $this->role->archetype, false); } protected function get_assignable_levels_control() { @@ -814,7 +781,7 @@ $this->print_field('name', get_string('name'), $this->get_name_field('name')); $this->print_field('shortname', get_string('shortname'), $this->get_shortname_field('shortname')); $this->print_field('edit-description', get_string('description'), $this->get_description_field('description')); - $this->print_field('menulegacytype', get_string('legacytype', 'role'), $this->get_legacy_type_field('legacytype')); + $this->print_field('menuarchetype', get_string('archetype', 'role'), $this->get_archetype_field('archetype')); $this->print_field('', get_string('maybeassignedin', 'role'), $this->get_assignable_levels_control()); echo "
"; @@ -905,11 +872,11 @@ return format_text($this->role->description, FORMAT_HTML); } - protected function get_legacy_type_field($id) { - if (empty($this->role->legacytype)) { + protected function get_archetype_field($id) { + if (empty($this->role->archetype)) { return get_string('none'); } else { - return get_string('legacy:'.$this->role->legacytype, 'role'); + return get_string('archetype'.$this->role->archetype, 'role'); } } @@ -976,10 +943,6 @@ return $this->haslockedcapabiltites; } - protected function skip_row($capability) { - return is_legacy($capability->name); - } - protected function add_permission_cells($capability) { $disabled = ''; if ($capability->locked || $this->parentpermissions[$capability->name] == CAP_PROHIBIT) { @@ -1058,7 +1021,7 @@ * some CONTEXT_BLOCK). * * In this case we replicate part of get_users_by_capability() get the users - * with moodle/course:view (or moodle/site:doanything). We can't use + * with moodle/course:view. We can't use * get_users_by_capability() becuase * 1) get_users_by_capability() does not deal with searching by name * 2) exceptions array can be potentially large for large courses @@ -1076,15 +1039,9 @@ // Now exclude the admin roles, and check the actual permission on // 'moodle/course:view' to make sure it is allow. - $doanythingroles = get_roles_with_capability('moodle/site:doanything', - CAP_ALLOW, get_context_instance(CONTEXT_SYSTEM)); $validroleids = array(); foreach ($possibleroles as $possiblerole) { - if (isset($doanythingroles[$possiblerole->id])) { - continue; - } - if ($caps = role_context_capabilities($possiblerole->id, $this->context, 'moodle/course:view')) { // resolved list if (isset($caps['moodle/course:view']) && $caps['moodle/course:view'] > 0) { // resolved capability > 0 $validroleids[] = $possiblerole->id; @@ -1116,13 +1073,13 @@ AND u.id NOT IN ( SELECT u.id FROM {role_assignments} r, {user} u - WHERE r.contextid = ? + WHERE r.contextid = :contextid AND u.id = r.userid - AND r.roleid = ?)"; + AND r.roleid = :roleid)"; $order = ' ORDER BY lastname ASC, firstname ASC'; - $params[] = $this->context->id; - $params[] = $this->roleid; + $params['contextid'] = $this->context->id; + $params['roleid'] = $this->roleid; // Check to see if there are too many to show sensibly. if (!$this->is_validating()) { @@ -1168,13 +1125,13 @@ AND id NOT IN ( SELECT u.id FROM {role_assignments} r, {user} u - WHERE r.contextid = ? + WHERE r.contextid = :contextid AND u.id = r.userid - AND r.roleid = ?)"; + AND r.roleid = :roleid)"; $order = ' ORDER BY lastname ASC, firstname ASC'; - $params[] = $this->context->id; - $params[] = $this->roleid; + $params['contextid'] = $this->context->id; + $params['roleid'] = $this->roleid; if (!$this->is_validating()) { $potentialmemberscount = $DB->count_records_sql($countfields . $sql, $params); @@ -1204,29 +1161,27 @@ * question on the assign roles page. */ class existing_role_holders extends role_assign_user_selector_base { - protected $strhidden; public function __construct($name, $options) { parent::__construct($name, $options); - $this->strhidden = get_string('hiddenassign'); } public function find_users($search) { global $DB; list($wherecondition, $params) = $this->search_sql($search, 'u'); - list($ctxcondition, $ctxparams) = $DB->get_in_or_equal(get_parent_contexts($this->context, true)); + list($ctxcondition, $ctxparams) = $DB->get_in_or_equal(get_parent_contexts($this->context, true), SQL_PARAMS_NAMED, 'ctx00'); $params = array_merge($params, $ctxparams); - $params[] = $this->roleid; + $params['roleid'] = $this->roleid; - $sql = "SELECT ra.id as raid," . $this->required_fields_sql('u') . ",ra.hidden,ra.contextid + $sql = "SELECT ra.id as raid," . $this->required_fields_sql('u') . ",ra.contextid FROM {role_assignments} ra JOIN {user} u ON u.id = ra.userid JOIN {context} ctx ON ra.contextid = ctx.id WHERE $wherecondition AND ctx.id $ctxcondition AND - ra.roleid = ? + ra.roleid = :roleid ORDER BY ctx.depth DESC, u.lastname, u.firstname"; $contextusers = $DB->get_records_sql($sql, $params); @@ -1314,34 +1269,6 @@ return get_string('usersfrom', 'role', $contextname); } } - - // Override to add (hidden) to hidden role assignments. - public function output_user($user) { - $output = parent::output_user($user); - if ($user->hidden) { - $output .= ' (' . $this->strhidden . ')'; - } - return $output; - } -} - -/** - * A special subclass to use when unassigning admins at site level. Disables - * the option for admins to unassign themselves. - */ -class existing_role_holders_site_admin extends existing_role_holders { - public function find_users($search) { - global $USER; - $groupedusers = parent::find_users($search); - foreach ($groupedusers as $group) { - foreach ($group as &$user) { - if ($user->id == $USER->id) { - $user->disabled = true; - } - } - } - return $groupedusers; - } } /** @@ -1590,3 +1517,82 @@ return $potentialuserselector; } +class admins_potential_selector extends user_selector_base { + /** + * @param string $name control name + * @param array $options should have two elements with keys groupid and courseid. + */ + public function __construct() { + global $CFG, $USER; + $admins = explode(',', $CFG->siteadmins); + parent::__construct('addselect', array('multiselect'=>false, 'exclude'=>$admins)); + } + + public function find_users($search) { + global $DB; + list($wherecondition, $params) = $this->search_sql($search, ''); + + $fields = 'SELECT ' . $this->required_fields_sql(''); + $countfields = 'SELECT COUNT(1)'; + + $sql = " FROM {user} + WHERE $wherecondition"; + $order = ' ORDER BY lastname ASC, firstname ASC'; + + $availableusers = $DB->get_records_sql($fields . $sql . $order, $params); + + if (empty($availableusers)) { + return array(); + } + + if ($search) { + $groupname = get_string('potusersmatching', 'role', $search); + } else { + $groupname = get_string('potusers', 'role'); + } + + return array($groupname => $availableusers); + } +} + +class admins_existing_selector extends user_selector_base { + /** + * @param string $name control name + * @param array $options should have two elements with keys groupid and courseid. + */ + public function __construct() { + global $CFG, $USER; + parent::__construct('removeselect', array('multiselect'=>false)); + } + + public function find_users($search) { + global $DB, $CFG; + list($wherecondition, $params) = $this->search_sql($search, ''); + + $fields = 'SELECT ' . $this->required_fields_sql(''); + $countfields = 'SELECT COUNT(1)'; + + if ($wherecondition) { + $wherecondition = "$wherecondition AND id IN ($CFG->siteadmins)"; + } else { + $wherecondition = "id IN ($CFG->siteadmins)"; + } + $sql = " FROM {user} + WHERE $wherecondition"; + $order = ' ORDER BY lastname ASC, firstname ASC'; + + $availableusers = $DB->get_records_sql($fields . $sql . $order, $params); + + if (empty($availableusers)) { + return array(); + } + + if ($search) { + $groupname = get_string('extusersmatching', 'role', $search); + } else { + $groupname = get_string('extusers', 'role'); + } + + return array($groupname => $availableusers); + } +} Index: admin/roles/assign.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/roles/assign.php,v retrieving revision 1.125 diff -u -r1.125 assign.php --- admin/roles/assign.php 20 Mar 2010 22:15:55 -0000 1.125 +++ admin/roles/assign.php 28 Mar 2010 21:40:47 -0000 @@ -33,7 +33,6 @@ $roleid = optional_param('roleid', 0, PARAM_INT); $userid = optional_param('userid', 0, PARAM_INT); // needed for user tabs $courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs - $hidden = optional_param('hidden', 0, PARAM_BOOL); // whether this assignment is hidden $extendperiod = optional_param('extendperiod', 0, PARAM_INT); $extendbase = optional_param('extendbase', 3, PARAM_INT); @@ -148,11 +147,7 @@ $options = array('context' => $context, 'roleid' => $roleid); $potentialuserselector = roles_get_potential_user_selector($context, 'addselect', $options); - if ($context->contextlevel == CONTEXT_SYSTEM && is_admin_role($roleid)) { - $currentuserselector = new existing_role_holders_site_admin('removeselect', $options); - } else { - $currentuserselector = new existing_role_holders('removeselect', $options); - } + $currentuserselector = new existing_role_holders('removeselect', $options); /// Process incoming role assignments $errors = array(); @@ -196,7 +191,7 @@ } else { $timeend = 0; } - if (! role_assign($roleid, $adduser->id, 0, $context->id, $timestart, $timeend, $hidden)) { + if (! role_assign($roleid, $adduser->id, 0, $context->id, $timestart, $timeend)) { $a = new stdClass; $a->role = $assignableroles[$roleid]; $a->user = fullname($adduser); @@ -314,12 +309,6 @@ -

/> -


Index: blocks/section_links/block_section_links.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/section_links/block_section_links.php,v retrieving revision 1.39 diff -u -r1.39 block_section_links.php --- blocks/section_links/block_section_links.php 18 Jan 2010 05:33:25 -0000 1.39 +++ blocks/section_links/block_section_links.php 28 Mar 2010 21:41:08 -0000 @@ -102,7 +102,7 @@ } } - if (!empty($USER->id)) { + if (isloggedin()) { $display = $DB->get_field('course_display', 'display', array('course'=>$this->page->course->id, 'userid'=>$USER->id)); } if (!empty($display)) { Index: lib/db/install.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/db/install.php,v retrieving revision 1.20 diff -u -r1.20 install.php --- lib/db/install.php 12 Jan 2010 17:21:53 -0000 1.20 +++ lib/db/install.php 28 Mar 2010 21:41:52 -0000 @@ -6,14 +6,14 @@ function xmldb_main_install() { global $CFG, $DB, $SITE; -/// make sure system context exists + /// make sure system context exists $syscontext = get_system_context(false); if ($syscontext->id != 1) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Unexpected system context id created!'); } -// create site course + /// create site course $newsite = new object(); $newsite->fullname = ""; $newsite->shortname = ""; @@ -35,10 +35,10 @@ } -/// make sure site course context exists + /// make sure site course context exists get_context_instance(CONTEXT_COURSE, $SITE->id); -/// create default course category + /// create default course category $cat = get_course_category(); $defaults = array( @@ -66,7 +66,7 @@ } -/// bootstrap mnet + /// bootstrap mnet $mnethost = new object(); $mnethost->wwwroot = $CFG->wwwroot; $mnethost->name = ''; @@ -108,7 +108,7 @@ $DB->insert_record('mnet_application', $mnet_app); -/// insert log entries - replaces statements section in install.xml + /// insert log entries - replaces statements section in install.xml update_log_display_entry('user', 'view', 'user', 'CONCAT(firstname,\' \',lastname)'); update_log_display_entry('course', 'user report', 'user', 'CONCAT(firstname,\' \',lastname)'); update_log_display_entry('course', 'view', 'course', 'fullname'); @@ -130,7 +130,7 @@ update_log_display_entry('tag', 'update', 'tag', 'name'); -/// Create guest record + /// Create guest record - do not assign any role, guest user get's the default guest role automatically on the fly $guest = new object(); $guest->auth = 'manual'; $guest->username = 'guest'; @@ -146,7 +146,7 @@ $guest->id = $DB->insert_record('user', $guest); -/// Now create admin user + /// Now create admin user $admin = new object(); $admin->auth = 'manual'; $admin->firstname = get_string('admin'); @@ -161,54 +161,78 @@ $admin->timemodified = time(); $admin->lastip = CLI_SCRIPT ? '0.0.0.0' : getremoteaddr(); // installation hijacking prevention $admin->id = $DB->insert_record('user', $admin); - - -/// Install the roles system. - $adminrole = create_role(get_string('administrator'), 'admin', - get_string('administratordescription'), 'moodle/legacy:admin'); - $coursecreatorrole = create_role(get_string('coursecreators'), 'coursecreator', - get_string('coursecreatorsdescription'), 'moodle/legacy:coursecreator'); - $editteacherrole = create_role(get_string('defaultcourseteacher'), 'editingteacher', - get_string('defaultcourseteacherdescription'), 'moodle/legacy:editingteacher'); - $noneditteacherrole = create_role(get_string('noneditingteacher'), 'teacher', - get_string('noneditingteacherdescription'), 'moodle/legacy:teacher'); - $studentrole = create_role(get_string('defaultcoursestudent'), 'student', - get_string('defaultcoursestudentdescription'), 'moodle/legacy:student'); - $guestrole = create_role(get_string('guest'), 'guest', - get_string('guestdescription'), 'moodle/legacy:guest'); - $userrole = create_role(get_string('authenticateduser'), 'user', - get_string('authenticateduserdescription'), 'moodle/legacy:user'); - + /// Store list of admins + set_config('siteadmins', $admin->id); + + + /// Install the roles system. + $managerrole = create_role(get_string('manager', 'role'), 'manager', get_string('managerdescription', 'role'), 'manager'); + $coursecreatorrole = create_role(get_string('coursecreators'), 'coursecreator', get_string('coursecreatorsdescription'), 'coursecreator'); + $editteacherrole = create_role(get_string('defaultcourseteacher'), 'editingteacher', get_string('defaultcourseteacherdescription'), 'editingteacher'); + $noneditteacherrole = create_role(get_string('noneditingteacher'), 'teacher', get_string('noneditingteacherdescription'), 'teacher'); + $studentrole = create_role(get_string('defaultcoursestudent'), 'student', get_string('defaultcoursestudentdescription'), 'student'); + $guestrole = create_role(get_string('guest'), 'guest', get_string('guestdescription'), 'guest'); + $userrole = create_role(get_string('authenticateduser'), 'user', get_string('authenticateduserdescription'), 'user'); + $frontpagerole = create_role(get_string('frontpageuser', 'role'), 'frontpage', get_string('frontpageuserdescription', 'role'), 'frontpage'); + /// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles - assign_capability('moodle/site:doanything', CAP_ALLOW, $adminrole, $syscontext->id); update_capabilities('moodle'); external_update_descriptions('moodle'); - /// assign default roles - role_assign($guestrole, $guest->id, 0, $syscontext->id); - role_assign($adminrole, $admin->id, 0, $syscontext->id); - - /// Default allow assign/override/switch. - $defaultallows = array( - $coursecreatorrole => $noneditteacherrole, - $coursecreatorrole => $editteacherrole, - $coursecreatorrole => $studentrole, - $coursecreatorrole => $guestrole, + /// Default allow assign + $defaultallowassigns = array( + $managerrole => $managerrole, + $managerrole => $coursecreatorrole, + $managerrole => $editteacherrole, + $managerrole => $noneditteacherrole, + $managerrole => $studentrole, $editteacherrole => $noneditteacherrole, $editteacherrole => $studentrole, - $editteacherrole => $guestrole, ); - - foreach ($defaultallows as $fromroleid => $toroleid) { + foreach ($defaultallowassigns as $fromroleid => $toroleid) { allow_assign($fromroleid, $toroleid); + } + + /// Default allow override + $defaultallowoverrides = array( + $managerrole => $managerrole, + $managerrole => $coursecreatorrole, + $managerrole => $editteacherrole, + $managerrole => $noneditteacherrole, + $managerrole => $studentrole, + $managerrole => $guestrole, + $managerrole => $userrole, + $managerrole => $frontpagerole, + + $editteacherrole => $noneditteacherrole, + $editteacherrole => $studentrole, + $editteacherrole => $guestrole, + ); + foreach ($defaultallowoverrides as $fromroleid => $toroleid) { allow_override($fromroleid, $toroleid); // There is a rant about this in MDL-15841. + } + + /// Default allow switch. + $defaultallowswitch = array( + $managerrole => $editteacherrole, + $managerrole => $noneditteacherrole, + $managerrole => $studentrole, + $managerrole => $guestrole, + + $editteacherrole => $noneditteacherrole, + $editteacherrole => $studentrole, + $editteacherrole => $guestrole, + + $noneditteacherrole => $studentrole, + $noneditteacherrole => $guestrole, + ); + foreach ($defaultallowswitch as $fromroleid => $toroleid) { allow_switch($fromroleid, $toroleid); } - allow_switch($noneditteacherrole, $studentrole); /// Set up the context levels where you can assign each role. - set_role_contextlevels($adminrole, get_default_contextlevels('admin')); + set_role_contextlevels($managerrrole, get_default_contextlevels('manager')); set_role_contextlevels($coursecreatorrole, get_default_contextlevels('coursecreator')); set_role_contextlevels($editteacherrole, get_default_contextlevels('editingteacher')); set_role_contextlevels($noneditteacherrole, get_default_contextlevels('teacher')); @@ -216,6 +240,6 @@ set_role_contextlevels($guestrole, get_default_contextlevels('guest')); set_role_contextlevels($userrole, get_default_contextlevels('user')); - // init themes + // Init themes set_config('themerev', 1); } Index: lib/db/upgrade.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/db/upgrade.php,v retrieving revision 1.379 diff -u -r1.379 upgrade.php --- lib/db/upgrade.php 25 Mar 2010 06:38:29 -0000 1.379 +++ lib/db/upgrade.php 28 Mar 2010 21:41:59 -0000 @@ -106,24 +106,6 @@ upgrade_main_savepoint($result, 2008050700); } - if ($result && $oldversion < 2008051200) { - // if guest role used as default user role unset it and force admin to choose new setting - if (!empty($CFG->defaultuserroleid)) { - if ($role = $DB->get_record('role', array('id'=>$CFG->defaultuserroleid))) { - if ($guestroles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) { - if (isset($guestroles[$role->id])) { - set_config('defaultuserroleid', null); - echo $OUTPUT->notification('Guest role removed from "Default role for all users" setting, please select another role.', 'notifysuccess'); - } - } - } else { - set_config('defaultuserroleid', null); - } - } - /// Main savepoint reached - upgrade_main_savepoint($result, 2008051200); - } - if ($result && $oldversion < 2008051201) { echo $OUTPUT->notification('Increasing size of user idnumber field, this may take a while...', 'notifysuccess'); upgrade_set_timeout(60*20); // this may take a while @@ -920,9 +902,6 @@ /// Defaults, should match moodle_install_roles. $rolecontextlevels = array(); - if (isset($roleids['admin'])) { - $rolecontextlevels[$roleids['admin']] = get_default_contextlevels('admin'); - } if (isset($roleids['coursecreator'])) { $rolecontextlevels[$roleids['coursecreator']] = get_default_contextlevels('coursecreator'); } @@ -963,50 +942,6 @@ upgrade_main_savepoint($result, 2008110602); } - /// Remove any role overrides for moodle/site:doanything, or any permissions - /// for it in a role without legacy:admin. - if ($result && $oldversion < 2008110603) { - $systemcontext = get_context_instance(CONTEXT_SYSTEM); - - // Remove all overrides. - $DB->delete_records_select('role_capabilities', 'capability = ? AND contextid <> ?', array('moodle/site:doanything', $systemcontext->id)); - - // Get the ids of all the roles that are moodle/legacy:admin. - $adminroleids = $DB->get_records_menu('role_capabilities', - array('capability' => 'moodle/legacy:admin', 'permission' => 1, 'contextid' => $systemcontext->id), - '', 'id, roleid'); - - // Remove moodle/site:doanything from all other roles. - list($notroletest, $params) = $DB->get_in_or_equal($adminroleids, SQL_PARAMS_QM, '', false); - $DB->delete_records_select('role_capabilities', "roleid $notroletest AND capability = ? AND contextid = ?", - array_merge($params, array('moodle/site:doanything', $systemcontext->id))); - - // Ensure that for all admin-y roles, the permission for moodle/site:doanything is 1 - list($isroletest, $params) = $DB->get_in_or_equal($adminroleids); - $DB->set_field_select('role_capabilities', 'permission', 1, - "roleid $isroletest AND capability = ? AND contextid = ?", - array_merge($params, array('moodle/site:doanything', $systemcontext->id))); - - // And for any admin-y roles where moodle/site:doanything is not set, set it. - $doanythingroleids = $DB->get_records_menu('role_capabilities', - array('capability' => 'moodle/site:doanything', 'permission' => 1, 'contextid' => $systemcontext->id), - '', 'id, roleid'); - foreach ($adminroleids as $roleid) { - if (!in_array($roleid, $doanythingroleids)) { - $rc = new stdClass; - $rc->contextid = $systemcontext->id; - $rc->roleid = $roleid; - $rc->capability = 'moodle/site:doanything'; - $rc->permission = 1; - $rc->timemodified = time(); - $DB->insert_record('role_capabilities', $rc); - } - } - - /// Main savepoint reached - upgrade_main_savepoint($result, 2008110603); - } - /// Drop the deprecated teacher, teachers, student and students columns from the course table. if ($result && $oldversion < 2008111200) { $table = new xmldb_table('course'); @@ -3098,6 +3033,7 @@ upgrade_main_savepoint($result, 2010031900); } + if ($result && $oldversion < 2010032400) { // Upgrade all of those using the standardold theme to the use the standard // theme instead @@ -3113,6 +3049,164 @@ $DB->execute('UPDATE {user} SET theme=? WHERE theme=?', array('standard', 'standardold')); upgrade_main_savepoint($result, 2010032400); } + + + if ($result && $oldversion < 2010032800.01) { + // Define field archetype to be added to role table + $table = new xmldb_table('role'); + $field = new xmldb_field('archetype', XMLDB_TYPE_CHAR, '30', null, XMLDB_NOTNULL, null, null, 'sortorder'); + $dbman->add_field($table, $field); + upgrade_main_savepoint($result, 2010032800.01); + } + + if ($result && $oldversion < 2010032800.02) { + // Set archetype for existing roles and change admin role to manager role + $sql = "SELECT r.*, rc.capability + FROM {role} r + JOIN {role_capabilities} rc ON rc.roleid = r.id + WHERE rc.contextid = :syscontextid AND rc.capability LIKE :legacycaps + ORDER BY r.id"; + $params = array('syscontextid'=>SYSCONTEXTID, 'legacycaps'=>'moodle/legacy:%'); + $substart = strlen('moodle/legacy:'); + $roles = $DB->get_recordset_sql($sql, $params); // in theory could be multiple legacy flags in one role + foreach ($roles as $role) { + $role->archetype = substr($role->capability, $substart); + unset($role->capability); + if ($role->archetype === 'admin') { + $role->archetype = 'manager'; + if ($role->shortname === 'admin') { + $role->shortname = 'manager'; + $role->name = get_string('manager', 'role'); + $role->description = get_string('managerdescription', 'role'); + } + } + $DB->update_record('role', $role); + } + $roles->close(); + + upgrade_main_savepoint($result, 2010032800.02); + } + + if ($result && $oldversion < 2010032800.03) { + // Now pick site admins (===have manager role assigned at the system context) + // and store them in the new $CFG->siteadmins setting as comma separated list + $sql = "SELECT ra.id, ra.userid + FROM {role_assignments} ra + JOIN {role} r ON r.id = ra.roleid + JOIN {user} u ON u.id = ra.userid + WHERE ra.contextid = :syscontext AND r.archetype = 'manager' AND u.deleted = 0 + ORDER BY ra.id"; + $ras = $DB->get_records_sql($sql, array('syscontext'=>SYSCONTEXTID)); + $admins = array(); + foreach ($ras as $ra) { + $admins[$ra->userid] = $ra->userid; + set_config('siteadmins', implode(',', $admins)); // better to save it repeatedly, we do need at least one admin + $DB->delete_records('role_assignments', array('id'=>$ra->id)); + } + + upgrade_main_savepoint($result, 2010032800.03); + } + + if ($result && $oldversion < 2010032800.04) { + // clean up the manager roles + $managers = $DB->get_records('role', array('archetype'=>'manager')); + foreach ($managers as $manager) { + // now sanitize the capabilities and overrides + $DB->delete_records('role_capabilities', array('capability'=>'moodle/site:config', 'roleid'=>$manager->id)); // only site admins may configure servers + // note: doanything and legacy caps are deleted automatically, they get moodle/course:inspect later at the end of the upgrade + + // set usable contexts + $DB->delete_records('role_context_levels', array('roleid'=>$manager->id)); + $assignlevels = array(CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE); + foreach ($assignlevels as $assignlevel) { + $record = (object)array('roleid'=>$manager->id, 'contextlevel'=>$assignlevel); + $DB->insert_record('role_context_levels', $record); + } + + // remove manager role assignments bellow the course context level - admin role was never intended for activities and blocks, + // the problem is that those assignments would not be visible after upgrade and old style admins in activities make no sense anyway + $DB->delete_records_select('role_assignments', "roleid = :manager AND contextid IN (SELECT id FROM {context} WHERE contextlevel > 50)", array('manager'=>$manager->id)); + + // allow them to assign all roles except default user, guest and frontpage - users get these roles automatically on the fly when needed + $DB->delete_records('role_allow_assign', array('roleid'=>$manager->id)); + $roles = $DB->get_records_sql("SELECT * FROM {role} WHERE archetype <> 'user' AND archetype <> 'guest' AND archetype <> 'frontpage'"); + foreach ($roles as $role) { + $record = (object)array('roleid'=>$manager->id, 'allowassign'=>$role->id); + $DB->insert_record('role_allow_assign', $record); + } + + // allow them to override all roles + $DB->delete_records('role_allow_override', array('roleid'=>$manager->id)); + $roles = $DB->get_records_sql("SELECT * FROM {role}"); + foreach ($roles as $role) { + $record = (object)array('roleid'=>$manager->id, 'allowoverride'=>$role->id); + $DB->insert_record('role_allow_override', $record); + } + + // allow them to switch to all following roles + $DB->delete_records('role_allow_switch', array('roleid'=>$manager->id)); + $roles = $DB->get_records_sql("SELECT * FROM {role} WHERE archetype IN ('student', 'teacher', 'editingteacher')"); + foreach ($roles as $role) { + $record = (object)array('roleid'=>$manager->id, 'allowswitch'=>$role->id); + $DB->insert_record('role_allow_switch', $record); + } + } + + upgrade_main_savepoint($result, 2010032800.04); + } + + if ($result && $oldversion < 2010032800.05) { + // remove course:view from all roles that are not used for enrolment, it does NOT belong there because it really means user is enrolled! + $noenrolroles = $DB->get_records_select('role', "archetype IN ('guest', 'user', 'manager', 'coursecreator', 'frontpage')"); + foreach ($noenrolroles as $role) { + $DB->delete_records('role_capabilities', array('roleid'=>$role->id, 'capability'=>'moodle/course:view')); + } + upgrade_main_savepoint($result, 2010032800.05); + } + + if ($result && $oldversion < 2010032800.06) { + // make sure there is nothing weird in default user role + if (!empty($CFG->defaultuserroleid)) { + if ($role = $DB->get_record('role', array('id'=>$CFG->defaultuserroleid))) { + if ($role->archetype !== '' and $role->archetype !== 'user') { + upgrade_log(UPGRADE_LOG_NOTICE, null, 'Default authenticated user role (defaultuserroleid) value is invalid, setting cleared.'); + unset_config('defaultuserroleid'); + } + } else { + unset_config('defaultuserroleid'); + } + } + upgrade_main_savepoint($result, 2010032800.06); + } + + if ($result && $oldversion < 2010032800.07) { + if (!empty($CFG->displayloginfailures) and $CFG->displayloginfailures === 'teacher') { + upgrade_log(UPGRADE_LOG_NOTICE, null, 'Displaying of login failuters to teachers is not supported any more.'); + unset_config('displayloginfailures'); + } + upgrade_main_savepoint($result, 2010032800.07); + } + + if ($result && $oldversion < 2010032800.08) { + // make sure there are no problems in default guest role settings + if (!empty($CFG->guestroleid)) { + if ($role = $DB->get_record('role', array('id'=>$CFG->guestroleid))) { + if ($role->archetype !== '' and $role->archetype !== 'guest') { + upgrade_log(UPGRADE_LOG_NOTICE, null, 'Default guest role (guestroleid) value is invalid, setting cleared.'); + unset_config('guestroleid'); + } + } else { + upgrade_log(UPGRADE_LOG_NOTICE, null, 'Role specified in Default guest role (guestroleid) doeas not exist, setting cleared.'); + unset_config('guestroleid'); + } + } + // remove all roles of the guest account - the only way to change it is to override the guest role, sorry + // the guest account gets all the role assignemnts on the fly whcih works fine in has_capability(), + $DB->delete_records_select('role_assignments', "userid IN (SELECT id FROM {user} WHERE username = 'guest')"); + + upgrade_main_savepoint($result, 2010032800.08); + } + return $result; } Index: lib/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/db/access.php,v retrieving revision 1.124 diff -u -r1.124 access.php --- lib/db/access.php 19 Mar 2010 07:37:51 -0000 1.124 +++ lib/db/access.php 28 Mar 2010 21:41:52 -0000 @@ -29,72 +29,6 @@ $capabilities = array( - - 'moodle/site:doanything' => array( - - 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS, - - 'captype' => 'admin', - 'contextlevel' => CONTEXT_SYSTEM - ), - - 'moodle/legacy:guest' => array( - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - 'moodle/legacy:user' => array( - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - 'moodle/legacy:student' => array( - - 'riskbitmask' => RISK_SPAM, - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - - 'moodle/legacy:teacher' => array( - - 'riskbitmask' => RISK_SPAM | RISK_PERSONAL, - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - - 'moodle/legacy:editingteacher' => array( - - 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - - 'moodle/legacy:coursecreator' => array( - - 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS, - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - - 'moodle/legacy:admin' => array( - - 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS, - - 'captype' => 'legacy', - 'contextlevel' => CONTEXT_SYSTEM - ), - - 'moodle/site:config' => array( 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS, @@ -102,7 +36,6 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW ) ), @@ -113,7 +46,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW ) ), @@ -125,7 +58,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'user' => CAP_ALLOW ) ), @@ -137,7 +70,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -149,7 +82,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:backup' @@ -163,7 +96,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:backupdownload' @@ -176,7 +109,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -188,7 +121,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:restore' @@ -202,7 +135,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:import' @@ -216,7 +149,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:backupupload' @@ -229,7 +162,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -240,7 +173,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -250,7 +183,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -262,7 +195,7 @@ 'contextlevel' => CONTEXT_BLOCK, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -273,7 +206,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -284,7 +217,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -297,7 +230,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -309,7 +242,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -320,7 +253,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -331,7 +264,6 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_PREVENT ) ), @@ -342,7 +274,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -354,7 +286,7 @@ 'legacy' => array( 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, ) ), @@ -365,7 +297,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -376,7 +308,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -387,7 +319,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -400,7 +332,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -413,7 +345,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -424,7 +356,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -436,7 +368,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -449,7 +381,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -460,7 +392,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -482,7 +414,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -495,18 +427,7 @@ 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW - ) - ), - - 'moodle/role:viewhiddenassigns' => array( - - 'captype' => 'read', - 'contextlevel' => CONTEXT_COURSE, - 'legacy' => array( - 'teacher' => CAP_ALLOW, - 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -518,7 +439,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -533,7 +454,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_COURSECAT, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/category:update' ), @@ -544,7 +465,7 @@ 'contextlevel' => CONTEXT_COURSECAT, 'legacy' => array( 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/category:visibility' ), @@ -557,7 +478,7 @@ 'contextlevel' => CONTEXT_COURSECAT, 'legacy' => array( 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -577,7 +498,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -589,7 +510,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -598,13 +519,21 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'guest' => CAP_ALLOW, 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW ) ), + 'moodle/course:inspect' => array( + + 'captype' => 'read', + 'contextlevel' => CONTEXT_COURSE, + 'legacy' => array( + 'manager' => CAP_ALLOW, + ) + ), + 'moodle/course:bulkmessaging' => array( 'riskbitmask' => RISK_SPAM, @@ -614,7 +543,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -627,7 +556,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -639,7 +568,7 @@ 'coursecreator' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -648,7 +577,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -660,7 +589,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -672,7 +601,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -684,7 +613,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -694,7 +623,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -705,7 +634,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -717,7 +646,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -729,7 +658,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:update' ), @@ -742,7 +671,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:update' ), @@ -755,7 +684,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:update' ), @@ -766,7 +695,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:update' ), @@ -778,7 +707,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:update' ), @@ -789,7 +718,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -801,7 +730,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -811,7 +740,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -821,7 +750,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -833,7 +762,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -847,7 +776,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -860,7 +789,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -870,7 +799,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -882,7 +811,7 @@ 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( 'user' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -895,7 +824,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -910,7 +839,7 @@ 'user' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -923,7 +852,7 @@ 'user' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -936,7 +865,7 @@ 'user' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -948,7 +877,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'user' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -961,7 +890,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -974,7 +903,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -985,7 +914,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_USER, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -998,7 +927,7 @@ 'legacy' => array( 'guest' => CAP_PROHIBIT, 'user' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1009,7 +938,7 @@ 'legacy' => array( 'guest' => CAP_PROHIBIT, 'user' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1023,7 +952,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1035,7 +964,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1057,7 +986,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_USER, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1068,7 +997,7 @@ 'legacy' => array( 'guest' => CAP_PROHIBIT, 'user' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1078,7 +1007,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1089,7 +1018,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1099,7 +1028,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1109,7 +1038,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1118,7 +1047,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1127,7 +1056,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1136,7 +1065,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1145,7 +1074,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1154,7 +1083,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1163,7 +1092,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/question:manage' ), @@ -1175,7 +1104,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1188,7 +1117,7 @@ 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1198,7 +1127,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1208,7 +1137,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1218,7 +1147,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1228,7 +1157,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1238,7 +1167,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1247,7 +1176,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1258,7 +1187,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' ), @@ -1278,7 +1207,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:viewcoursegrades' ), @@ -1289,7 +1218,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:managegrades' ), @@ -1301,7 +1230,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:managegrades' ), @@ -1312,7 +1241,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:managegrades' ), @@ -1323,7 +1252,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:managegrades' ), @@ -1333,7 +1262,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:managegrades' ), @@ -1343,7 +1272,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/course:managegrades' ), @@ -1353,7 +1282,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1362,7 +1291,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1371,7 +1300,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1389,7 +1318,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1401,7 +1330,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1413,7 +1342,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1423,7 +1352,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'user' => CAP_ALLOW ) ), @@ -1434,7 +1363,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'user' => CAP_ALLOW ) ), @@ -1445,7 +1374,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -1494,7 +1423,7 @@ 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'moodle/comment:post' => array( @@ -1508,7 +1437,7 @@ 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'moodle/comment:delete' => array( @@ -1519,7 +1448,7 @@ 'legacy' => array( 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'moodle/webservice:createtoken' => array( @@ -1528,7 +1457,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'moodle/rating:view' => array( @@ -1538,7 +1467,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'moodle/rating:viewall' => array( @@ -1549,7 +1478,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'moodle/rating:rate' => array( @@ -1558,7 +1487,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: lib/db/install.xml =================================================================== RCS file: /cvsroot/moodle/moodle/lib/db/install.xml,v retrieving revision 1.233 diff -u -r1.233 install.xml --- lib/db/install.xml 17 Mar 2010 01:49:52 -0000 1.233 +++ lib/db/install.xml 28 Mar 2010 21:41:56 -0000 @@ -855,7 +855,8 @@ - + + Index: enrol/flatfile/enrol.php =================================================================== RCS file: /cvsroot/moodle/moodle/enrol/flatfile/enrol.php,v retrieving revision 1.16 diff -u -r1.16 enrol.php --- enrol/flatfile/enrol.php 16 Dec 2009 22:14:17 -0000 1.16 +++ enrol/flatfile/enrol.php 28 Mar 2010 21:41:17 -0000 @@ -197,12 +197,10 @@ if ($fields[1] == "student") { - if ($teachers = get_users_by_capability($context, 'moodle/course:update', 'u.*,ra.hidden', 'ra.sortorder ASC')) { + // TODO: replace this with check for $CFG->couremanager, 'moodle/course:update' is definitely wrong + if ($teachers = get_users_by_capability($context, 'moodle/course:update', 'u.*', 'ra.sortorder ASC')) { foreach ($teachers as $u) { - if (!$u->hidden || has_capability('moodle/role:viewhiddenassigns', $context)) { - $teacher = $u; - break; - } + $teacher = $u; } } @@ -233,22 +231,19 @@ if (!empty($CFG->enrol_mailteachers) && $teachers) { foreach($teachers as $teacher) { + $a->course = "$course->fullname"; + $a->user = fullname($user); - if (!$u->hidden || has_capability('moodle/role:viewhiddenassigns', $context)) { - $a->course = "$course->fullname"; - $a->user = fullname($user); - - $eventdata = new object(); - $eventdata->modulename = 'moodle'; - $eventdata->userfrom = $user; - $eventdata->userto = $teacher; - $eventdata->subject = get_string("enrolmentnew", '', $course->shortname); - $eventdata->fullmessage = get_string('enrolmentnewuser', '', $a); - $eventdata->fullmessageformat = FORMAT_PLAIN; - $eventdata->fullmessagehtml = ''; - $eventdata->smallmessage = ''; - message_send($eventdata); - } + $eventdata = new object(); + $eventdata->modulename = 'moodle'; + $eventdata->userfrom = $user; + $eventdata->userto = $teacher; + $eventdata->subject = get_string("enrolmentnew", '', $course->shortname); + $eventdata->fullmessage = get_string('enrolmentnewuser', '', $a); + $eventdata->fullmessageformat = FORMAT_PLAIN; + $eventdata->fullmessagehtml = ''; + $eventdata->smallmessage = ''; + message_send($eventdata); } } } Index: repository/merlot/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/merlot/db/access.php,v retrieving revision 1.1 diff -u -r1.1 access.php --- repository/merlot/db/access.php 13 Nov 2009 08:43:18 -0000 1.1 +++ repository/merlot/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: admin/webservice/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/webservice/lib.php,v retrieving revision 1.6 diff -u -r1.6 lib.php --- admin/webservice/lib.php 1 Nov 2009 10:58:44 -0000 1.6 +++ admin/webservice/lib.php 28 Mar 2010 21:40:50 -0000 @@ -59,7 +59,7 @@ //by default wherecondition retrieves all users except the deleted, not //confirmed and guest list($wherecondition, $params) = $this->search_sql($search, 'u'); - $params[] = $this->serviceid; + $params['serviceid'] = $this->serviceid; $fields = 'SELECT ' . $this->required_fields_sql('u'); @@ -70,13 +70,13 @@ $sql = " FROM {user} u, {external_services_users} esu WHERE $wherecondition AND esu.userid = u.id - AND esu.externalserviceid = ?"; + AND esu.externalserviceid = :serviceid"; } else { ///the following SQL retrieve all users that are not allowed to the serviceid $sql = " FROM {user} u WHERE $wherecondition AND NOT EXISTS (SELECT esu.userid FROM {external_services_users} esu - WHERE esu.externalserviceid = ? + WHERE esu.externalserviceid = :serviceid AND esu.userid = u.id)"; } Index: mod/workshop/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/workshop/db/access.php,v retrieving revision 1.16 diff -u -r1.16 access.php --- mod/workshop/db/access.php 4 Jan 2010 18:29:29 -0000 1.16 +++ mod/workshop/db/access.php 28 Mar 2010 21:42:24 -0000 @@ -37,7 +37,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -49,7 +49,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -60,7 +60,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -94,7 +94,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -105,7 +105,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -116,7 +116,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -129,7 +129,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -140,7 +140,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -152,7 +152,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -165,7 +165,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -177,7 +177,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -189,7 +189,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), Index: mod/chat/gui_sockets/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/chat/gui_sockets/index.php,v retrieving revision 1.26 diff -u -r1.26 index.php --- mod/chat/gui_sockets/index.php 15 Feb 2010 16:12:53 -0000 1.26 +++ mod/chat/gui_sockets/index.php 28 Mar 2010 21:42:05 -0000 @@ -24,9 +24,9 @@ print_error('invalidcoursemodule'); } -require_login($course->id, false, $cm); +require_login($course, false, $cm); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { print_error('noguests', 'chat'); } Index: user/editadvanced.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/editadvanced.php,v retrieving revision 1.67 diff -u -r1.67 editadvanced.php --- user/editadvanced.php 3 Feb 2010 04:25:20 -0000 1.67 +++ user/editadvanced.php 28 Mar 2010 21:42:27 -0000 @@ -113,10 +113,11 @@ } if ($user->id !== -1) { - $user->context = get_context_instance(CONTEXT_USER, $user->id); + $usercontext = get_context_instance(CONTEXT_USER, $user->id); $editoroptions = array('maxfiles'=>EDITOR_UNLIMITED_FILES, 'maxbytes'=>$CFG->maxbytes, 'trusttext'=>false, 'forcehttps'=>false); - $user = file_prepare_standard_editor($user, 'description', $editoroptions, $user->context, 'user_profile', $user->id); + $user = file_prepare_standard_editor($user, 'description', $editoroptions, $usercontext, 'user_profile', $user->id); } else { + $usercontext = null; // This is a new user, we don't want to add files here $editoroptions = array('maxfiles'=>0, 'maxbytes'=>0, 'trusttext'=>false, 'forcehttps'=>false); } @@ -151,7 +152,7 @@ $usercreated = true; } else { - $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, $user->context, 'user_profile', $usernew->id); + $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, $usercontext, 'user_profile', $usernew->id); $DB->update_record('user', $usernew); // pass a true $userold here if (! $authplugin->user_update($user, $userform->get_data())) { Index: user/managetoken.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/managetoken.php,v retrieving revision 1.9 diff -u -r1.9 managetoken.php --- user/managetoken.php 20 Mar 2010 22:16:01 -0000 1.9 +++ user/managetoken.php 28 Mar 2010 21:42:29 -0000 @@ -70,7 +70,7 @@ default: //display the list of token /// generate a token for non admin if web service are enable and the user has the capability to create a token - if (!is_siteadmin($USER->id) && has_capability('moodle/webservice:createtoken', get_context_instance(CONTEXT_SYSTEM)) && !empty($CFG->enablewebservices)) { + if (!is_siteadmin() && has_capability('moodle/webservice:createtoken', get_context_instance(CONTEXT_SYSTEM)) && !empty($CFG->enablewebservices)) { /// for every service than the user is authorised on, create a token (if it doesn't already exist) ///get all services which are set to all user (no restricted to specific users) Index: user/repository.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/repository.php,v retrieving revision 1.16 diff -u -r1.16 repository.php --- user/repository.php 20 Mar 2010 22:16:01 -0000 1.16 +++ user/repository.php 28 Mar 2010 21:42:29 -0000 @@ -35,9 +35,7 @@ } $PAGE->set_url($url); -if (! $course = $DB->get_record("course", array("id"=>$course))) { - print_error('invalidcourseid'); -} +$course = $DB->get_record("course", array("id"=>$course), '*', MUST_EXIST); $user = $USER; $baseurl = $CFG->wwwroot . '/user/repository.php'; @@ -48,6 +46,7 @@ $pluginstr = get_string('plugin', 'repository'); require_login($course, false); +$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id, MUST_EXIST); $link = new moodle_url('/user/view.php', array('id'=>$user->id)); $PAGE->navbar->add($fullname, $link); @@ -64,7 +63,7 @@ echo $OUTPUT->box_start(); $params = array(); -$params['context'] = array($COURSE->context); +$params['context'] = $coursecontext; $params['currentcontext'] = $PAGE->context; $params['userid'] = $USER->id; if (!$instances = repository::get_instances($params)) { Index: user/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/index.php,v retrieving revision 1.265 diff -u -r1.265 index.php --- user/index.php 20 Mar 2010 22:16:01 -0000 1.265 +++ user/index.php 28 Mar 2010 21:42:29 -0000 @@ -18,7 +18,7 @@ $mode = optional_param('mode', NULL); // use the MODE_ constants $accesssince = optional_param('accesssince',0,PARAM_INT); // filter by last access. -1 = never $search = optional_param('search','',PARAM_CLEAN); - $roleid = optional_param('roleid', 0, PARAM_INT); // optional roleid, -1 means all site users on frontpage + $roleid = optional_param('roleid', 0, PARAM_INT); // optional roleid, 0 menas all enrolled users (or all on the frontpage) $contextid = optional_param('contextid', 0, PARAM_INT); // one of this or $courseid = optional_param('id', 0, PARAM_INT); // this are required @@ -34,19 +34,14 @@ 'courseid' => $courseid)); if ($contextid) { - if (! $context = get_context_instance_by_id($contextid)) { + $context = get_context_instance_by_id($contextid, MUST_EXIST); + if ($context->contextlevel != CONTEXT_COURSE) { print_error('invalidcontext'); } - if (! $course = $DB->get_record('course', array('id'=>$context->instanceid))) { - print_error('invalidcourseid'); - } + $course = $DB->get_record('course', array('id'=>$context->instanceid), '*', MUST_EXIST); } else { - if (! $course = $DB->get_record('course', array('id'=>$courseid))) { - print_error('invalidcourseid'); - } - if (! $context = get_context_instance(CONTEXT_COURSE, $course->id)) { - print_error('invalidcontext'); - } + $course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST); + $context = get_context_instance(CONTEXT_COURSE, $course->id, MUST_EXIST); } // not needed anymore unset($contextid); @@ -55,62 +50,42 @@ require_login($course); $systemcontext = get_context_instance(CONTEXT_SYSTEM); + $isfrontpage = ($course->id == SITEID); + $frontpagectx = get_context_instance(CONTEXT_COURSE, SITEID); - if ($context->id != $frontpagectx->id) { - require_capability('moodle/course:viewparticipants', $context); - } else { + if ($isfrontpage) { require_capability('moodle/site:viewparticipants', $systemcontext); - // override the default on frontpage - $roleid = optional_param('roleid', -1, PARAM_INT); + } else { + require_capability('moodle/course:viewparticipants', $context); } - /// front page course is different - $rolenames = array(); - $avoidroles = array(); - $rolenamesurl = new moodle_url("$CFG->wwwroot/user/index.php?contextid=$context->id&sifirst=&silast="); - if ($roles = get_roles_used_in_context($context, true)) { - // We should ONLY allow roles with moodle/course:view because otherwise we get little niggly issues - // like MDL-8093 - // We should further exclude "admin" users (those with "doanything" at site level) because - // Otherwise they appear in every participant list - - $canviewroles = get_roles_with_capability('moodle/course:view', CAP_ALLOW, $context); - $doanythingroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext); - - if ($context->id == $frontpagectx->id) { - //we want admins listed on frontpage too - foreach ($doanythingroles as $dar) { - $canviewroles[$dar->id] = $dar; - } - $doanythingroles = array(); - } + $allroles = get_all_roles(); + $roles = get_profile_roles($context); + $allrolenames = array(); + if ($isfrontpage) { + $rolenames = array(0=>get_string('allsiteusers', 'role')); + } else { + $rolenames = array(0=>get_string('allparticipants')); + } - foreach ($roles as $role) { - if (!isset($canviewroles[$role->id])) { // Avoid this role (eg course creator) - $avoidroles[] = $role->id; - unset($roles[$role->id]); - continue; - } - if (isset($doanythingroles[$role->id])) { // Avoid this role (ie admin) - $avoidroles[] = $role->id; - unset($roles[$role->id]); - continue; - } - $rolenames[$role->id] = strip_tags(role_get_name($role, $context)); // Used in menus etc later on + foreach ($allroles as $role) { + $allrolenames[$role->id] = strip_tags(role_get_name($role, $context)); // Used in menus etc later on + if (isset($roles[$role->id])) { + $rolenames[$role->id] = $allrolenames[$role->id]; } } - if ($context->id == $frontpagectx->id and $CFG->defaultfrontpageroleid) { - // default frontpage role is assigned to all site users - unset($rolenames[$CFG->defaultfrontpageroleid]); + // make sure other roles may not be selected by any means + if (empty($rolenames[$roleid])) { + print_error('noparticipants'); } // no roles to display yet? // frontpage course is an exception, on the front page course we should display all users - if (empty($rolenames) && $context->id != $frontpagectx->id) { + if (empty($rolenames) && !$isfrontpage) { if (has_capability('moodle/role:assign', $context)) { redirect($CFG->wwwroot.'/'.$CFG->admin.'/roles/assign.php?contextid='.$context->id); } else { @@ -239,7 +214,7 @@ if (!isset($hiddenfields['lastaccess'])) { // get minimum lastaccess for this course and display a dropbox to filter by lastaccess going back this far. // we need to make it diferently for normal courses and site course - if ($context->id != $frontpagectx->id) { + if (!$isfrontpage) { $minlastaccess = $DB->get_field_sql('SELECT min(timeaccess) FROM {user_lastaccess} WHERE courseid = ? @@ -299,15 +274,14 @@ // (at or below DEFAULT_PAGE_SIZE) and $USER can enrol/unenrol // (will take 1 extra DB query - 2 on Oracle) // - if ($course->id != SITEID && $perpage <= DEFAULT_PAGE_SIZE - && has_capability('moodle/role:assign',$context)) { - $allowenroldetails=true; + if (!$isfrontpage && ($perpage <= DEFAULT_PAGE_SIZE) && has_capability('moodle/role:assign',$context)) { + $allowenroldetails = true; } else { - $allowenroldetails=false; - } - if ($mode === MODE_ENROLDETAILS && !($allowenroldetails)) { - // conditions haven't been met - reset - $mode = MODE_BRIEF; + $allowenroldetails = false; + if ($mode === MODE_ENROLDETAILS) { + // conditions haven't been met - reset + $mode = MODE_BRIEF; + } } $formatmenu = array( '0' => get_string('brief'), @@ -371,7 +345,7 @@ $tableheaders[] = get_string('lastaccess'); } - if ($course->enrolperiod) { + if ($course->enrolperiod and $roleid) { $tablecolumns[] = 'timeend'; $tableheaders[] = get_string('enrolmentend'); } @@ -423,145 +397,100 @@ )); $table->setup(); - $params = array(); // we are looking for all users with this role assigned in this context or higher - if ($usercontexts = get_parent_contexts($context)) { - $listofcontexts = '('.implode(',', $usercontexts).')'; - } else { - $listofcontexts = '('.$systemcontext->id.')'; // must be site - } - if ($roleid > 0) { - $selectrole = " AND r.roleid = :roleid "; - $params['roleid'] = $roleid; - } else { - $selectrole = " "; - } + $contextlist = get_related_contexts_string($context); - if ($context->id != $frontpagectx->id) { - $select = 'SELECT DISTINCT u.id, u.username, u.firstname, u.lastname, - u.email, u.city, u.country, u.picture, - u.lang, u.timezone, u.emailstop, u.maildisplay, u.imagealt, - COALESCE(ul.timeaccess, 0) AS lastaccess, - r.hidden, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel '; - $select .= $course->enrolperiod?', r.timeend ':''; - } else { - if ($roleid >= 0) { - $select = 'SELECT u.id, u.username, u.firstname, u.lastname, + list($esql, $params) = get_enrolled_sql($context, NULL, $currentgroup, 'eu'); + $joins = array("FROM {user} u"); + $wheres = array(); + + if ($isfrontpage) { + $select = "SELECT u.id, u.username, u.firstname, u.lastname, u.email, u.city, u.country, u.picture, u.lang, u.timezone, u.emailstop, u.maildisplay, u.imagealt, - u.lastaccess, r.hidden, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel '; - } else { - $select = 'SELECT u.id, u.username, u.firstname, u.lastname, + u.lastaccess"; + $joins[] = "JOIN ($esql) e ON e.id = u.id"; // everybody on the frontpage usually + if ($accesssince) { + $wheres[] = get_user_lastaccess_sql($accesssince); + } + + } else { + $select = "SELECT u.id, u.username, u.firstname, u.lastname, u.email, u.city, u.country, u.picture, u.lang, u.timezone, u.emailstop, u.maildisplay, u.imagealt, - u.lastaccess, - ctx.id AS ctxid, ctx.path AS ctxpath, - ctx.depth AS ctxdepth, ctx.contextlevel AS ctxlevel '; + COALESCE(ul.timeaccess, 0) AS lastaccess"; + $joins[] = "JOIN ($esql) e ON e.id = u.id"; // course enrolled users only + $joins[] = "LEFT JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = :courseid)"; // not everybody accessed course yet + $params['courseid'] = $course->id; + if ($accesssince) { + $wheres[] = get_course_lastaccess_sql($accesssince); } - } - if ($context->id != $frontpagectx->id or $roleid >= 0) { - $from = "FROM {user} u - LEFT OUTER JOIN {context} ctx - ON (u.id=ctx.instanceid AND ctx.contextlevel = ".CONTEXT_USER.") - JOIN {role_assignments} r - ON u.id=r.userid - LEFT OUTER JOIN {user_lastaccess} ul - ON (r.userid=ul.userid and ul.courseid = :courseid) "; - $params['courseid'] = $course->id; - } else { - // on frontpage and we want all registered users - $from = "FROM {user} u - LEFT OUTER JOIN {context} ctx - ON (u.id=ctx.instanceid AND ctx.contextlevel = ".CONTEXT_USER.") "; + if ($course->enrolperiod) { + // note: this is extremely tricky now, we do not know which ra assignment + // is the one causing enrolment - better show it onl when filtering by roles + + if ($roleid) { + $select .= ", (SELECT MAX(rax.timeend) FROM {role_assignments} rax WHERE rax.userid = u.id AND rax.contextid $contextlist AND rax.roleid = :raxroleid) AS timeend"; + $params['raxroleid'] = $roleid; + } + } } - $hiddensql = has_capability('moodle/role:viewhiddenassigns', $context)? '':' AND r.hidden = 0 '; - - // exclude users with roles we are avoiding - if ($avoidroles) { - $adminroles = 'AND r.roleid NOT IN ('; - $adminroles .= implode(',', $avoidroles); - $adminroles .= ')'; - } else { - $adminroles = ''; + // performance hacks - we preload user contexts together with accounts + list($ccselect, $ccjoin) = context_instance_preload_sql('u.id', CONTEXT_USER, 'ctx'); + $select .= $ccselect; + $joins[] = $ccjoin; + + + // limit list to users with some role only + if ($roleid) { + $wheres[] = "u.id IN (SELECT userid FROM {role_assignments} WHERE roleid = :roleid AND contextid $contextlist)"; + $params['roleid'] = $roleid; } - // join on 2 conditions - // otherwise we run into the problem of having records in ul table, but not relevant course - // and user record is not pulled out - - if ($context->id != $frontpagectx->id) { - $where = "WHERE (r.contextid = $context->id OR r.contextid in $listofcontexts) - AND u.deleted = 0 $selectrole - AND (ul.courseid = $course->id OR ul.courseid IS NULL) - AND u.username != 'guest' - $adminroles - $hiddensql "; - $where .= get_course_lastaccess_sql($accesssince); + $from = implode("\n", $joins); + if ($wheres) { + $where = "WHERE " . implode(" AND ", $wheres); } else { - if ($roleid >= 0) { - $where = "WHERE (r.contextid = $context->id OR r.contextid in $listofcontexts) - AND u.deleted = 0 $selectrole - AND u.username != 'guest'"; - $where .= get_user_lastaccess_sql($accesssince); - } else { - $where = "WHERE u.deleted = 0 - AND u.username != 'guest'"; - $where .= get_user_lastaccess_sql($accesssince); - } + $where = ""; } - $wheresearch = ''; + + $totalcount = $DB->count_records_sql("SELECT COUNT(u.id) $from $where", $params); if (!empty($search)) { $LIKE = $DB->sql_ilike(); $fullname = $DB->sql_fullname('u.firstname','u.lastname'); - $wheresearch .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR idnumber $LIKE :search3) "; + $wheres[] = "($fullname $LIKE :search1 OR email $LIKE :search2 OR idnumber $LIKE :search3) "; $params['search1'] = "%$search%"; $params['search2'] = "%$search%"; $params['search3'] = "%$search%"; } - if ($currentgroup) { // Displaying a group by choice - // FIX: TODO: This will not work if $currentgroup == 0, i.e. "those not in a group" - $from .= 'LEFT JOIN {groups_members} gm ON u.id = gm.userid '; - $where .= ' AND gm.groupid = :currentgroup'; - $params['currentgroup'] = $currentgroup; + if ($table->get_sql_where()) { + $wheres[] = $table->get_sql_where(); } - $totalcount = $DB->count_records_sql("SELECT COUNT(distinct u.id) $from $where", $params); // Each user could have > 1 role - - if ($table->get_sql_where()) { - $where .= ' AND '.$table->get_sql_where(); + $from = implode("\n", $joins); + if ($wheres) { + $where = "WHERE " . implode(" AND ", $wheres); + } else { + $where = ""; } - /// Always add r.hidden to sort in order to guarantee hiddens to "win" - /// in the resolution of duplicates later - MDL-13935 - /// Only exception is frontpage that doesn't have such r.hidden info - /// because it retrieves ALL users (without role checking) - MDL-14034 if ($table->get_sql_sort()) { $sort = ' ORDER BY '.$table->get_sql_sort(); - if ($context->id != $frontpagectx->id or $roleid >= 0) { - $sort .= ', r.hidden DESC'; - } } else { $sort = ''; - if ($context->id != $frontpagectx->id or $roleid >= 0) { - $sort .= ' ORDER BY r.hidden DESC'; - } } - $matchcount = $DB->count_records_sql("SELECT COUNT(distinct u.id) $from $where $wheresearch", $params); + $matchcount = $DB->count_records_sql("SELECT COUNT(u.id) $from $where", $params); $table->initialbars(true); $table->pagesize($perpage, $matchcount); - $userlist = $DB->get_recordset_sql("$select $from $where $wheresearch $sort", $params, - $table->get_page_start(), $table->get_page_size()); + // list of users at the current visible page - paging makes it relatively short + $userlist = $DB->get_recordset_sql("$select $from $where $sort", $params, $table->get_page_start(), $table->get_page_size()); // // The SELECT behind get_participants_extra() is cheaper if we pass an array @@ -569,40 +498,15 @@ // but this is much cheaper. And in any case, it is only doable with limited numbers // of rows anyway. On a large course it will explode badly... // - if ($mode===MODE_ENROLDETAILS) { - if ($context->id != $frontpagectx->id) { - $userids = $DB->get_fieldset_sql("SELECT DISTINCT u.id $from $where $wheresearch", $params, - $table->get_page_start(), $table->get_page_size()); - } else { - $userids = $DB->get_fieldset_sql("SELECT u.id $from $where $wheresearch", $params, - $table->get_page_start(), $table->get_page_size()); - } - $userlist_extra = get_participants_extra($userids, $avoidroles, $course, $context); - } - - if ($context->id == $frontpagectx->id) { - $strallsiteusers = get_string('allsiteusers', 'role'); - if ($CFG->defaultfrontpageroleid) { - if ($fprole = $DB->get_record('role', array('id'=>$CFG->defaultfrontpageroleid))) { - $fprole = role_get_name($fprole, $frontpagectx); - $strallsiteusers = "$strallsiteusers ($fprole)"; - } - } - $rolenames = array(-1 => $strallsiteusers) + $rolenames; + if ($mode === MODE_ENROLDETAILS) { + $userids = $DB->get_fieldset_sql("SELECT u.id $from $where", $params, $table->get_page_start(), $table->get_page_size()); + $userlist_extra = get_participants_extra($userids, $course, $context); } /// If there are multiple Roles in the course, then show a drop down menu for switching if (count($rolenames) > 1) { echo '
'; echo ''; - if ($context->id != $frontpagectx->id) { - $rolenames = array('0' => get_string('all')) + $rolenames; - } else { - if (!$CFG->defaultfrontpageroleid) { - // we do not want "All users with role" - we already have all users in defualt frontpage role option - $rolenames = array('0' => get_string('userswithrole', 'role')) + $rolenames; - } - } echo $OUTPUT->single_select($rolenamesurl, 'roleid', $rolenames, $roleid, null, 'rolesform'); echo '
'; @@ -616,16 +520,8 @@ } if ($roleid > 0) { - if (!$currentrole = $DB->get_record('role', array('id'=>$roleid))) { - print_error('invalidroleid'); - } $a->number = $totalcount; - // MDL-12217, use course specific rolename - if (isset($rolenames[$currentrole->id])){ - $a->role = $rolenames[$currentrole->id]; - }else{ - $a->role = $currentrole->name;//safety net - } + $a->role = $rolenames[$roleid]; $heading = format_string(get_string('xuserswiththerole', 'role', $a)); if ($currentgroup and $group) { @@ -675,7 +571,7 @@ echo '

('.get_string('unusedaccounts', '', $CFG->longtimenosee).')

'; } - if ($mode===MODE_USERDETAILS) { // Print simple listing + if ($mode === MODE_USERDETAILS) { // Print simple listing if ($totalcount < 1) { echo $OUTPUT->heading(get_string('nothingtodisplay')); } else { @@ -733,14 +629,10 @@ } $usersprinted[] = $user->id; /// Add new user to the array of users printed - $user = make_context_subobj($user); + context_instance_preload($user); $context = get_context_instance(CONTEXT_COURSE, $course->id); - if (isset($user->context->id)) { - $usercontext = $user->context; - } else { - $usercontext = get_context_instance(CONTEXT_USER, $user->id); - } + $usercontext = get_context_instance(CONTEXT_USER, $user->id); $countries = get_list_of_countries(); @@ -818,8 +710,7 @@ $links[] = html_writer::link(new moodle_url('/course/unenrol.php?id='. $course->id .'&user='. $user->id), get_string('unenrol')); } - if ($USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $context) && - ! has_capability('moodle/site:doanything', $context, $user->id, false)) { + if ($USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $context) && !is_siteadmin($user->id)) { $links[] = html_writer::link(new moodle_url('/course/loginas.php?id='. $course->id .'&user='. $user->id .'&sesskey='. sesskey()), get_string('loginas')); } @@ -861,13 +752,7 @@ } $usersprinted[] = $user->id; /// Add new user to the array of users printed - $user = make_context_subobj($user); - if ( !empty($user->hidden) ) { - // if the assignment is hidden, display icon - $hidden = " pix_url('t/show') . "\" title=\"".get_string('userhashiddenassignments', 'role')."\" alt=\"".get_string('hiddenassign')."\" class=\"hide-show-image\"/>"; - } else { - $hidden = ''; - } + context_instance_preload($user); if ($user->lastaccess) { $lastaccess = format_time(time() - $user->lastaccess, $datestring); @@ -887,11 +772,7 @@ } } - if (!isset($user->context)) { - $usercontext = get_context_instance(CONTEXT_USER, $user->id); - } else { - $usercontext = $user->context; - } + $usercontext = get_context_instance(CONTEXT_USER, $user->id); if ($piclink = ($USER->id == $user->id || has_capability('moodle/user:viewdetails', $context) || has_capability('moodle/user:viewdetails', $usercontext))) { $profilelink = ''.fullname($user).''; @@ -899,7 +780,7 @@ $profilelink = ''.fullname($user).''; } - $data = array ($OUTPUT->user_picture($user, array('courseid'=>$course->id)), $profilelink . $hidden); + $data = array ($OUTPUT->user_picture($user, array('courseid'=>$course->id)), $profilelink); if ($mode === MODE_BRIEF && !isset($hiddenfields['city'])) { $data[] = $user->city; @@ -910,7 +791,7 @@ if (!isset($hiddenfields['lastaccess'])) { $data[] = $lastaccess; } - if ($course->enrolperiod) { + if ($course->enrolperiod and $roleid) { if ($user->timeend) { $data[] = userdate($user->timeend, $timeformat); } else { @@ -922,7 +803,7 @@ $ras = $userlist_extra[$user->id]['ra']; $rastring = ''; foreach ($ras AS $key=>$ra) { - $rolename = $rolenames [ $ra['roleid'] ] ; + $rolename = $allrolenames[$ra['roleid']] ; if ($ra['ctxlevel'] == CONTEXT_COURSECAT) { $rastring .= $rolename. ' @ ' . ''.s($ra['ccname']).''; } elseif ($ra['ctxlevel'] == CONTEXT_SYSTEM) { @@ -1017,9 +898,9 @@ return ''; } if ($accesssince == -1) { // never - return ' AND ul.timeaccess = 0'; + return 'ul.timeaccess = 0'; } else { - return ' AND ul.timeaccess != 0 AND ul.timeaccess < '.$accesssince; + return 'ul.timeaccess != 0 AND ul.timeaccess < '.$accesssince; } } @@ -1028,16 +909,16 @@ return ''; } if ($accesssince == -1) { // never - return ' AND u.lastaccess = 0'; + return 'u.lastaccess = 0'; } else { - return ' AND u.lastaccess != 0 AND u.lastaccess < '.$accesssince; + return 'u.lastaccess != 0 AND u.lastaccess < '.$accesssince; } } -function get_participants_extra ($userids, $avoidroles, $course, $context) { +function get_participants_extra ($userids, $course, $context) { global $CFG, $DB; - if (count($userids) === 0 || count($avoidroles) === 0) { + if (count($userids) === 0) { return array(); } @@ -1049,13 +930,6 @@ $contextids = substr($context->path, 1); // kill leading slash $contextids = str_replace('/', ',', $contextids);; - if (count($avoidroles) > 0) { - $avoidroles = implode(',', $avoidroles); - $avoidrolescond = " AND ra.roleid NOT IN ($avoidroles) "; - } else { - $avoidrolescond = ''; - } - if (!empty($CFG->enablegroupings)) { $gpjoin = "LEFT OUTER JOIN {groupings_groups} gpg ON gpg.groupid=g.id @@ -1094,7 +968,6 @@ WHERE ra.userid IN ( $userids ) AND ra.contextid in ( $contextids ) - $avoidrolescond ORDER BY ra.userid, ctx.depth DESC"; Index: user/view.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/view.php,v retrieving revision 1.232 diff -u -r1.232 view.php --- user/view.php 25 Mar 2010 06:38:26 -0000 1.232 +++ user/view.php 28 Mar 2010 21:42:29 -0000 @@ -27,10 +27,10 @@ require_once($CFG->dirroot.'/user/profile/lib.php'); require_once($CFG->dirroot.'/tag/lib.php'); -$id = optional_param('id', 0, PARAM_INT); // user id -$course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site) -$enable = optional_param('enable', 0, PARAM_BOOL); // enable email -$disable = optional_param('disable', 0, PARAM_BOOL); // disable email +$id = optional_param('id', 0, PARAM_INT); // user id +$courseid = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site) +$enable = optional_param('enable', 0, PARAM_BOOL); // enable email +$disable = optional_param('disable', 0, PARAM_BOOL); // disable email if (empty($id)) { // See your own profile by default require_login(); @@ -38,118 +38,136 @@ } $url = new moodle_url('/user/view.php', array('id'=>$id)); -if ($course != SITEID) { - $url->param('course', $course); -} -if ($enable !== 0) { - $url->param('enable', $enable); -} -if ($disable !== 0) { - $url->param('disable', $disable); +if ($courseid != SITEID) { + $url->param('course', $courseid); } $PAGE->set_url($url); -if (! $user = $DB->get_record("user", array("id"=>$id))) { - print_error('invaliduserid'); -} +$user = $DB->get_record('user', array('id'=>$id), '*', MUST_EXIST); +$course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST); -if (! $course = $DB->get_record("course", array("id"=>$course))) { - print_error('invalidcourseid'); -} - -// special hack for cli installer - continue to site settings $systemcontext = get_context_instance(CONTEXT_SYSTEM); -if ($SITE->shortname === '' and has_capability('moodle/site:config', $systemcontext)) { - redirect($CFG->wwwroot .'/'. $CFG->admin .'/index.php'); -} +$usercontext = get_context_instance(CONTEXT_USER, $user->id, MUST_EXIST); -/// Make sure the current user is allowed to see this user - -if (empty($USER->id)) { - $currentuser = false; -} else { - $currentuser = ($user->id == $USER->id); +// Require login first +if (isguestuser($user)) { + // can not view profile of guest - thre is nothing to see there + print_error('invaliduserid'); } +$currentuser = ($user->id == $USER->id); + if ($course->id == SITEID) { - $coursecontext = $systemcontext; // SYSTEM context + $isfrontpage = true; + // do not use frontpage course context because there is no frontpage profile, instead it is the site profile + $coursecontext = $systemcontext; } else { - $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context + $isfrontpage = false; + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); } -$usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context $PAGE->set_context($usercontext); -if (!empty($CFG->forcelogin) || $course->id != SITEID) { - // do not force parents to enrol - if (!$DB->get_record('role_assignments', array('userid'=>$USER->id, 'contextid'=>$usercontext->id))) { - require_login($course->id); +$isparent = false; +if ($isfrontpage) { + if (!empty($CFG->forceloginforprofiles)) { + require_login(); + if (isguestuser()) { + redirect(get_login_url()); + } + } else if (!empty($CFG->forcelogin)) { + require_login(); } -} -if (!empty($CFG->forceloginforprofiles)) { +} else if (!$currentuser + and $DB->record_exists('role_assignments', array('userid'=>$USER->id, 'contextid'=>$usercontext->id)) + and has_capability('moodle/user:viewdetails', $usercontext)) { + // TODO: very ugly hack - do not force "parents" to enrol into course their child is enrolled in, + // this way they may access the profile where they get overview of grades and child activity in course, + // please note this is just a guess! require_login(); - if (has_capability('moodle/legacy:guest', $systemcontext, 0, false)) { - redirect(get_login_url()); - } + $isparent = true; + +} else { + // normal course + require_login($course); + // what to do with users temporary accessing this course? shoudl they see the details? } + $strpersonalprofile = get_string('personalprofile'); $strparticipants = get_string("participants"); $struser = get_string("user"); $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $coursecontext)); -$link = null; -if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) { - $link = new moodle_url("/user/index.php", array('id'=>$course->id)); -} - -/// If the user being shown is not ourselves, then make sure we are allowed to see them! -if (!$currentuser) { +/// Now test the actual capabilities and enrolment in course +if ($currentuser) { + // me + if (!is_enrolled($coursecontext) and !is_inspecting($coursecontext)) { // Need to have full access to a course to see the rest of own info + echo $OUTPUT->header(); + echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); + if (!empty($_SERVER['HTTP_REFERER'])) { + echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']); + } + echo $OUTPUT->footer(); + die; + } +} else { + // somebody else $PAGE->set_title("$strpersonalprofile: "); $PAGE->set_heading("$strpersonalprofile: "); - if ($course->id == SITEID) { // Reduce possibility of "browsing" userbase at site level - if ($CFG->forceloginforprofiles and !isteacherinanycourse() - and !isteacherinanycourse($user->id) - and !has_capability('moodle/user:viewdetails', $usercontext)) { // Teachers can browse and be browsed at site level. If not forceloginforprofiles, allow access (bug #4366) - + if ($isfrontpage) { + // Reduce possibility of "browsing" userbase at site level + if (!empty($CFG->forceloginforprofiles) and !has_capability('moodle/user:viewdetails', $usercontext) and !has_coursemanager_role($user->id)) { + // Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366) $PAGE->navbar->add($struser); echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('usernotavailable', 'error')); echo $OUTPUT->footer(); exit; } - } else { // Normal course - // check capabilities - if (!has_capability('moodle/user:viewdetails', $coursecontext) && - !has_capability('moodle/user:viewdetails', $usercontext)) { + + } else { + // check course level capabilities + if (!has_capability('moodle/user:viewdetails', $coursecontext) && // normal enrolled user or mnager + !has_capability('moodle/user:viewdetails', $usercontext)) { // usually parent print_error('cannotviewprofile'); } - if (!has_capability('moodle/course:view', $coursecontext, $user->id, false)) { + if (!is_enrolled($coursecontext, $user->id)) { + // TODO: the only potential problem is that managers and inspectors might post in forum, but the link + // to profile would not work - maybe a new capability - moodle/user:freely_acessile_profile_for_anybody + // or test for course:inspect capability if (has_capability('moodle/role:assign', $coursecontext)) { $PAGE->navbar->add($fullname); - echo $OUTPUT->heading(get_string('notenrolled', $fullname)); + echo $OUTPUT->header(); + echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); } else { + echo $OUTPUT->header(); $PAGE->navbar->add($struser); echo $OUTPUT->heading(get_string('notenrolledprofile')); } - echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']); + if (!empty($_SERVER['HTTP_REFERER'])) { + echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']); + } echo $OUTPUT->footer(); exit; } } - - // If groups are in use, make sure we can see that group - if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $coursecontext)) { - require_login(); - ///this is changed because of mygroupid - $gtrue = (bool)groups_get_all_groups($course->id, $user->id); - if (!$gtrue) { + // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group + if (groups_get_course_groupmode($course) == SEPARATEGROUPS and $course->groupmodeforce + and !has_capability('moodle/site:accessallgroups', $coursecontext) and !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) { + if (!isloggedin() or isguestuser()) { + // do not use require_login() here because we might have already used require_login($course) + redirect(get_login_url()); + } + $mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name')); + $usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name')); + if (!array_intersect($mygroups, $usergroups)) { print_error("groupnotamember", '', "../course/view.php?id=$course->id"); } } @@ -164,14 +182,6 @@ $PAGE->set_pagelayout('standard'); echo $OUTPUT->header(); -if (($course->id != SITEID) and ! has_capability('moodle/legacy:guest', $systemcontext, 0, false) ) { // Need to have access to a course to see that info - if (!has_capability('moodle/course:view', $coursecontext, $user->id)) { - echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); - echo $OUTPUT->footer(); - die; - } -} - if ($user->deleted) { echo $OUTPUT->heading(get_string('userdeleted')); if (!has_capability('moodle/user:update', $coursecontext)) { @@ -184,7 +194,7 @@ add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id"); -if ($course->id != SITEID) { +if (!$isfrontpage) { $user->lastaccess = false; if ($lastaccess = $DB->get_record('user_lastaccess', array('userid'=>$user->id, 'courseid'=>$course->id))) { $user->lastaccess = $lastaccess->timeaccess; @@ -214,7 +224,7 @@ if (is_mnet_remote_user($user)) { $sql = " SELECT DISTINCT h.id, h.name, h.wwwroot, - a.name as application, a.display_name + a.name as application, a.display_name FROM {mnet_host} h, {mnet_application} a WHERE h.id = ? AND h.applicationid = a.id ORDER BY a.display_name, h.name"; @@ -222,7 +232,7 @@ $remotehost = $DB->get_record_sql($sql, array($user->mnethostid)); echo '

'.get_string('remoteappuser', $remotehost->application)."
\n"; - if ($USER->id == $user->id) { + if ($currentuser) { if ($remotehost->application =='moodle') { echo "Remote {$remotehost->display_name}: wwwroot}/user/edit.php\">{$remotehost->name} ".get_string('editremoteprofile')."

\n"; } else { @@ -242,11 +252,9 @@ // Print the description if ($user->description && !isset($hiddenfields['description'])) { - $has_courseid = ($course->id != SITEID); - if (!$has_courseid && !empty($CFG->profilesforenrolledusersonly) && !$DB->record_exists('role_assignments', array('userid'=>$id))) { + if (!$isfrontpage && !empty($CFG->profilesforenrolledusersonly) && !$DB->record_exists('role_assignments', array('userid'=>$id))) { echo get_string('profilenotshown', 'moodle').'
'; } else { - $user->description = file_rewrite_pluginfile_urls($user->description, 'pluginfile.php', $usercontext->id, 'user_profile', $id); echo format_text($user->description, $user->descriptionformat)."
"; } @@ -277,13 +285,13 @@ } } -if ($user->maildisplay == 1 or - ($user->maildisplay == 2 and ($course->id != SITEID) and !isguestuser()) or - has_capability('moodle/course:useremail', $coursecontext)) { +if ($user->maildisplay == 1 + or ($user->maildisplay == 2 and !$isfrontpage and !isguestuser()) + or has_capability('moodle/course:useremail', $coursecontext)) { $emailswitch = ''; - if (has_capability('moodle/course:useremail', $coursecontext) or $currentuser) { /// Can use the enable/disable email stuff + if ($currentuser or has_capability('moodle/course:useremail', $coursecontext)) { /// Can use the enable/disable email stuff if (!empty($enable) and confirm_sesskey()) { /// Recieved a parameter to enable the email address $DB->set_field('user', 'emailstop', 0, array('id'=>$user->id)); $user->emailstop = 0; @@ -329,11 +337,11 @@ if (strpos($user->url, '://') === false) { $url = 'http://'. $url; } - print_row(get_string("webpage") .":", "$user->url"); + print_row(get_string("webpage") .":", ''.s($user->url).''); } if ($user->icq && !isset($hiddenfields['icqnumber'])) { - print_row(get_string('icqnumber').':',"icq\">$user->icq icq&img=5\" alt=\"\" />"); + print_row(get_string('icqnumber').':',"icq)."\">".s($user->icq)." icq)."&img=5\" alt=\"\" />"); } if ($user->skype && !isset($hiddenfields['skypeid'])) { @@ -345,7 +353,7 @@ print_row(get_string('yahooid').':', ''.s($user->yahoo)." yahoo)."&m=g&t=0\" alt=\"\">"); } if ($user->aim && !isset($hiddenfields['aimid'])) { - print_row(get_string('aimid').':', ''.s($user->aim).''); + print_row(get_string('aimid').':', ''.s($user->aim).''); } if ($user->msn && !isset($hiddenfields['msnid'])) { print_row(get_string('msnid').':', s($user->msn)); @@ -403,15 +411,14 @@ } /// printing roles -if ($rolestring = get_user_roles_in_context($id, $coursecontext)) { - print_row(get_string('roles').':', format_string($rolestring, false)); +if ($rolestring = get_user_roles_in_course($id, $course->id)) { + print_row(get_string('roles').':', $rolestring); } /// Printing groups if (!isset($hiddenfields['groups'])) { - $isseparategroups = ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $coursecontext)); - if (!$isseparategroups){ - if ($usergroups = groups_get_all_groups($course->id, $user->id)){ + if ($course->groupmode != SEPARATEGROUPS or has_capability('moodle/site:accessallgroups', $coursecontext)) { + if ($usergroups = groups_get_all_groups($course->id, $user->id)) { $groupstr = ''; foreach ($usergroups as $group){ $groupstr .= ' '.format_string($group->name).','; @@ -481,40 +488,26 @@ echo ""; } -if ($course->id != SITEID && empty($course->metacourse)) { // Mostly only useful at course level - - $canunenrol = false; +if (!$isfrontpage && empty($course->metacourse)) { // Mostly only useful at course level - if ($user->id == $USER->id) { // Myself - $canunenrol = has_capability('moodle/course:view', $coursecontext, NULL) && // Course participant - has_capability('moodle/role:unassignself', $coursecontext, NULL, false) && // Can unassign myself - get_user_roles($coursecontext, $user->id, false); // Must have role in course - - } else if (has_capability('moodle/role:assign', $coursecontext, NULL)) { // I can assign roles - if ($roles = get_user_roles($coursecontext, $user->id, false)) { - $canunenrol = true; - foreach($roles as $role) { - if (!user_can_assign($coursecontext, $role->roleid)) { - $canunenrol = false; // I can not unassign all roles in this course :-( - break; - } - } + if ($currentuser) { + if (is_enrolled($coursecontext, NULL, 'moodle/role:unassignself')) { + echo '
'; + echo '
'; + echo ''; + echo ''; + echo ''; + echo '
'; + echo '
'; + } + } else { + if (is_enrolled($coursecontext, $user->id, 'moodle/role:assign')) { // I can unassign roles + // add some button to unenroll user } - } - - if ($canunenrol) { - echo '
'; - echo '
'; - echo ''; - echo ''; - echo ''; - echo '
'; - echo '
'; } } -if (!$user->deleted and $USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) && - ! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) { +if (!$user->deleted and $current && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) && !is_siteadmin($user->id)) { echo '
'; echo '
'; echo ''; @@ -526,7 +519,7 @@ } if (!$user->deleted and !empty($CFG->messaging) and !isguestuser() and has_capability('moodle/site:sendmessage', $systemcontext)) { - if (!empty($USER->id) and ($USER->id == $user->id)) { + if (isloggedin() and $currentuser) { if ($countmessages = $DB->count_records('message', array('useridto'=>$user->id))) { $messagebuttonname = get_string("messages", "message")."($countmessages)"; } else { @@ -546,7 +539,9 @@ echo ""; } } + // Authorize.net: User Payments +// TODO: replace this hack with proper callback into all plugins if ($course->enrol == 'authorize' || (empty($course->enrol) && $CFG->enrol == 'authorize')) { echo "
"; echo "
"; @@ -558,7 +553,7 @@ } echo "
\n"; -if ($CFG->debugdisplay && debugging('', DEBUG_DEVELOPER) && $USER->id == $user->id) { // Show user object +if ($CFG->debugdisplay && debugging('', DEBUG_DEVELOPER) && $currentuser) { // Show user object echo '
'; echo $OUTPUT->heading('DEBUG MODE: User session variables'); print_object($USER); Index: repository/mahara/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/mahara/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/mahara/db/access.php 4 Nov 2009 19:24:14 -0000 1.2 +++ repository/mahara/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: mod/survey/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/survey/db/access.php,v retrieving revision 1.7 diff -u -r1.7 access.php --- mod/survey/db/access.php 4 Nov 2009 19:24:16 -0000 1.7 +++ mod/survey/db/access.php 28 Mar 2010 21:42:23 -0000 @@ -38,7 +38,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -49,7 +49,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -60,7 +60,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: admin/report/unittest/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/report/unittest/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- admin/report/unittest/db/access.php 4 Nov 2009 19:24:15 -0000 1.3 +++ admin/report/unittest/db/access.php 28 Mar 2010 21:40:47 -0000 @@ -30,7 +30,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:config', Index: grade/report/user/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/report/user/db/access.php,v retrieving revision 1.8 diff -u -r1.8 access.php --- grade/report/user/db/access.php 4 Nov 2009 19:24:13 -0000 1.8 +++ grade/report/user/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -25,7 +25,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), ); Index: admin/uploaduser.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/uploaduser.php,v retrieving revision 1.109 diff -u -r1.109 uploaduser.php --- admin/uploaduser.php 20 Mar 2010 22:15:54 -0000 1.109 +++ admin/uploaduser.php 28 Mar 2010 21:40:46 -0000 @@ -322,7 +322,7 @@ continue; } if ($existinguser) { - if (has_capability('moodle/site:doanything', $systemcontext, $existinguser->id)) { + if (is_siteadmin($existinguser->id)) { $upt->track('status', $strusernotdeletedadmin, 'error'); $deleteerrors++; continue; @@ -360,7 +360,7 @@ if ($olduser = $DB->get_record('user', array('username'=>$oldusername, 'mnethostid'=>$user->mnethostid))) { $upt->track('id', $olduser->id, 'normal', false); - if (has_capability('moodle/site:doanything', $systemcontext, $olduser->id)) { + if (is_siteadmin($olduser->id)) { $upt->track('status', $strusernotrenamedadmin, 'error'); $renameerrors++; continue; @@ -423,7 +423,7 @@ if ($existinguser) { $user->id = $existinguser->id; - if (has_capability('moodle/site:doanything', $systemcontext, $user->id)) { + if (is_siteadmin($user->id)) { $upt->track('status', $strusernotupdatedadmin, 'error'); $userserrors++; continue; @@ -668,7 +668,7 @@ // find group to add to if (!empty($user->{'group'.$i})) { // make sure user is enrolled into course before adding into groups - if (!has_capability('moodle/course:view', $coursecontext, $user->id, false)) { + if (!is_enrolled($coursecontext, $user->id)) { $upt->track('enrolments', get_string('addedtogroupnotenrolled', '', $gname), 'error'); continue; } @@ -1175,12 +1175,6 @@ $choices[$role->id] = format_string($role->name); } } - // get rid of all admin roles - if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW)) { - foreach($adminroles as $adminrole) { - unset($choices[$adminrole->id]); - } - } return $choices; } Index: admin/generator.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/generator.php,v retrieving revision 1.33 diff -u -r1.33 generator.php --- admin/generator.php 16 Jan 2010 15:40:12 -0000 1.33 +++ admin/generator.php 28 Mar 2010 21:40:45 -0000 @@ -1187,7 +1187,8 @@ } complete_user_login($user); $systemcontext = get_context_instance(CONTEXT_SYSTEM); - if (!has_capability('moodle/site:doanything', $systemcontext)) { + + if (!is_siteadmin($user->id)) {//TODO: add some proper access control check here!! echo "You do not have administration privileges on this Moodle site. " ."These are required for running the generation script.{$this->eolchar}"; die(); Index: admin/cron.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/cron.php,v retrieving revision 1.172 diff -u -r1.172 cron.php --- admin/cron.php 20 Mar 2010 11:49:48 -0000 1.172 +++ admin/cron.php 28 Mar 2010 21:40:44 -0000 @@ -287,7 +287,7 @@ AND timeaccess < ?", array($cuttime)); foreach ($rs as $assign) { if ($context = get_context_instance(CONTEXT_COURSE, $assign->courseid)) { - if (!has_capability('moodle/course:view', $context, $assign->userid)) { + if (!is_enrolled($context, $assign->userid) and !is_inspecting($context, $assign->userid)) { $DB->delete_records('user_lastaccess', array('userid'=>$assign->userid, 'courseid'=>$assign->courseid)); mtrace("Deleted orphan user_lastaccess for user $assign->userid from course $assign->courseid"); } Index: admin/uploaduser_form.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/uploaduser_form.php,v retrieving revision 1.17 diff -u -r1.17 uploaduser_form.php --- admin/uploaduser_form.php 5 Feb 2010 07:30:53 -0000 1.17 +++ admin/uploaduser_form.php 28 Mar 2010 21:40:46 -0000 @@ -121,7 +121,7 @@ unset($choices[0]); $mform->addElement('select', 'uulegacy2', get_string('uulegacy2role', 'admin'), $choices); - if ($editteacherroles = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW)) { + if ($editteacherroles = get_archetype_roles('editingteacher')) { $editteacherrole = array_shift($editteacherroles); /// Take the first one $mform->setDefault('uulegacy2', $editteacherrole->id); unset($editteacherroles); @@ -130,7 +130,7 @@ } $mform->addElement('select', 'uulegacy3', get_string('uulegacy3role', 'admin'), $choices); - if ($teacherroles = get_roles_with_capability('moodle/legacy:teacher', CAP_ALLOW)) { + if ($teacherroles = get_archetype_roles('teacher')) { $teacherrole = array_shift($teacherroles); /// Take the first one $mform->setDefault('uulegacy3', $teacherrole->id); unset($teacherroles); Index: admin/register.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/register.php,v retrieving revision 1.43 diff -u -r1.43 register.php --- admin/register.php 16 Jan 2010 18:29:52 -0000 1.43 +++ admin/register.php 28 Mar 2010 21:40:45 -0000 @@ -122,11 +122,11 @@ FROM {role_capabilities} rc, {role_assignments} ra, {user} u - WHERE (rc.capability = ? or rc.capability = ?) + WHERE (rc.capability = ?) AND rc.roleid = ra.roleid AND u.id = ra.userid"; - $count = $DB->count_records_sql($sql, array('moodle/course:update', 'moodle/site:doanything')); + $count = $DB->count_records_sql($sql, array('moodle/course:update')); echo get_string("teachers").": ".$count; echo "\n"; echo '
'; Index: admin/settings/appearance.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/settings/appearance.php,v retrieving revision 1.54 diff -u -r1.54 appearance.php --- admin/settings/appearance.php 14 Jan 2010 06:56:12 -0000 1.54 +++ admin/settings/appearance.php 28 Mar 2010 21:40:49 -0000 @@ -128,7 +128,7 @@ $temp->add(new admin_setting_configtext('mycoursesperpage', get_string('mycoursesperpage', 'admin'), get_string('configmycoursesperpage', 'admin'), 21, PARAM_INT)); $ADMIN->add('appearance', $temp); - // new CFG variable for coursemanager (what roles to display) + // coursemanager is the person responsible for course - usually manages enrolments, receives notification, etc. $temp = new admin_settingpage('coursemanager', get_string('coursemanager', 'admin')); $temp->add(new admin_setting_special_coursemanager()); $ADMIN->add('appearance', $temp); Index: admin/settings/security.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/settings/security.php,v retrieving revision 1.45 diff -u -r1.45 security.php --- admin/settings/security.php 28 Jan 2010 02:12:30 -0000 1.45 +++ admin/settings/security.php 28 Mar 2010 21:40:49 -0000 @@ -17,7 +17,11 @@ $temp->add(new admin_setting_configcheckbox('forcelogin', get_string('forcelogin', 'admin'), get_string('configforcelogin', 'admin'), 0)); $temp->add(new admin_setting_configcheckbox('forceloginforprofiles', get_string('forceloginforprofiles', 'admin'), get_string('configforceloginforprofiles', 'admin'), 1)); $temp->add(new admin_setting_configcheckbox('opentogoogle', get_string('opentogoogle', 'admin'), get_string('configopentogoogle', 'admin'), 0)); - + $temp->add(new admin_setting_pickroles('profileroles', + get_string('profileroles','admin'), + get_string('configprofileroles', 'admin'), + array('student', 'teacher', 'editingteacher'))); + $max_upload_choices = get_max_upload_sizes(); // maxbytes set to 0 will allow the maxium server lmit for uploads $max_upload_choices[0] = get_string('serverlimit', 'admin'); Index: admin/settings/users.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/settings/users.php,v retrieving revision 1.52 diff -u -r1.52 users.php --- admin/settings/users.php 1 Nov 2009 10:32:03 -0000 1.52 +++ admin/settings/users.php 28 Mar 2010 21:40:50 -0000 @@ -84,65 +84,78 @@ if ($ADMIN->fulltree) { if (!during_initial_install()) { $context = get_context_instance(CONTEXT_SYSTEM); - if (!$guestrole = get_guest_role()) { - $guestrole->id = 0; - } - if ($studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { - $studentrole = array_shift($studentroles); /// Take the first one - } else { - $studentrole->id = 0; - } - if ($userroles = get_roles_with_capability('moodle/legacy:user', CAP_ALLOW)) { - $userrole = array_shift($userroles); /// Take the first one - } else { - $userrole->id = 0; - } - if (empty($CFG->creatornewroleid)) { - if ($teacherroles = get_roles_with_capability('moodle/legacy:editingteacher', CAP_ALLOW, $context)) { - $teachereditrole = array_shift($teacherroles); - set_config('creatornewroleid', $teachereditrole->id); - } else { - set_config('creatornewroleid', 0); + $allroles = array(); + $generalroles = array(); + $guestroles = array(); + $userroles = array(); + $studentroles = array(); + $teacherroles = array(); + $creatornewroles = array(); + + foreach (get_all_roles() as $role) { + $rolename = strip_tags(format_string($role->name)) . ' ('. $role->shortname . ')'; + $allroles[$role->id] = $rolename; + switch ($role->archetype) { + case 'manager': + $creatornewroles[$role->id] = $rolename; + break; + case 'coursecreator': + break; + case 'editingteacher': + $teacherroles[$role->id] = $rolename; + $creatornewroles[$role->id] = $rolename; + break; + case 'teacher': + $creatornewroles[$role->id] = $rolename; + break; + case 'student': + $studentroles[$role->id] = $rolename; + break; + case 'guest': + $guestroles[$role->id] = $rolename; + break; + case 'user': + $userroles[$role->id] = $rolename; + break; + case 'frontpage': + break; + default: + $creatornewroles[$role->id] = $rolename; + $generalroles[$role->id] = $rolename; + break; } } - if (!$guestroles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) { - $guestroles = array(); - $defaultguestid = null; - } else { - $defaultguestid = reset($guestroles); - $defaultguestid = $defaultguestid->id; - } - // we must not use assignable roles here: - // 1/ unsetting roles as assignable for admin might bork the settings! - // 2/ default user role should not be assignable anyway - $allroles = array(); - $nonguestroles = array(); - if ($roles = get_all_roles()) { - foreach ($roles as $role) { - $rolename = strip_tags(format_string($role->name, true)); - $allroles[$role->id] = $rolename; - if (!isset($guestroles[$role->id])) { - $nonguestroles[$role->id] = $rolename; - } - } + reset($guestroles); + $defaultguestid = key($guestroles); + reset($studentroles); + $defaultstudentid = key($studentroles); + reset($teacherroles); + $defaultteacherid = key($teacherroles); + + if ($userroles) { + reset($userroles); + $defaultuserid = key($userroles); + } else { + $userroles = array('0'=>get_string('none')); + $defaultuserid = 0; } $temp->add(new admin_setting_configselect('notloggedinroleid', get_string('notloggedinroleid', 'admin'), - get_string('confignotloggedinroleid', 'admin'), $defaultguestid, $allroles )); + get_string('confignotloggedinroleid', 'admin'), $defaultguestid, array_merge($guestroles, $generalroles))); $temp->add(new admin_setting_configselect('guestroleid', get_string('guestroleid', 'admin'), - get_string('configguestroleid', 'admin'), $defaultguestid, $allroles)); + get_string('configguestroleid', 'admin'), $defaultguestid, array_merge($guestroles, $generalroles))); $temp->add(new admin_setting_configselect('defaultuserroleid', get_string('defaultuserroleid', 'admin'), - get_string('configdefaultuserroleid', 'admin'), $userrole->id, $nonguestroles)); // guest role here breaks a lot of stuff + get_string('configdefaultuserroleid', 'admin'), $defaultuserid, array_merge($userroles, $generalroles))); } $temp->add(new admin_setting_configcheckbox('nodefaultuserrolelists', get_string('nodefaultuserrolelists', 'admin'), get_string('confignodefaultuserrolelists', 'admin'), 0)); if (!during_initial_install()) { $temp->add(new admin_setting_configselect('defaultcourseroleid', get_string('defaultcourseroleid', 'admin'), - get_string('configdefaultcourseroleid', 'admin'), $studentrole->id, $allroles)); + get_string('configdefaultcourseroleid', 'admin'), $defaultstudentid, array_merge($guestroles, $generalroles))); $temp->add(new admin_setting_configselect('creatornewroleid', get_string('creatornewroleid', 'admin'), - get_string('configcreatornewroleid', 'admin'), $CFG->creatornewroleid, $allroles)); + get_string('configcreatornewroleid', 'admin'), $defaultteacherid, $creatornewroles)); } $temp->add(new admin_setting_configcheckbox('autologinguests', get_string('autologinguests', 'admin'), get_string('configautologinguests', 'admin'), 0)); @@ -174,6 +187,9 @@ } $ADMIN->add('roles', $temp); + if (is_siteadmin()) { + $ADMIN->add('roles', new admin_externalpage('admins', get_string('siteadministrators', 'role'), "$CFG->wwwroot/$CFG->admin/roles/admins.php")); + } $ADMIN->add('roles', new admin_externalpage('defineroles', get_string('defineroles', 'role'), "$CFG->wwwroot/$CFG->admin/roles/manage.php", 'moodle/role:manage')); $ADMIN->add('roles', new admin_externalpage('assignroles', get_string('assignglobalroles', 'role'), "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=".$systemcontext->id, 'moodle/role:assign')); $ADMIN->add('roles', new admin_externalpage('checkpermissions', get_string('checkglobalpermissions', 'role'), "$CFG->wwwroot/$CFG->admin/roles/check.php?contextid=".$systemcontext->id, array('moodle/role:assign', 'moodle/role:safeoverride', 'moodle/role:override', 'moodle/role:manage'))); Index: admin/settings/subsystems.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/settings/subsystems.php,v retrieving revision 1.6 diff -u -r1.6 subsystems.php --- admin/settings/subsystems.php 1 Nov 2009 10:32:03 -0000 1.6 +++ admin/settings/subsystems.php 28 Mar 2010 21:40:49 -0000 @@ -37,7 +37,7 @@ $optionalsubsystems->add(new admin_setting_pickroles('progresstrackedroles', get_string('progresstrackedroles','completion'), get_string('configprogresstrackedroles', 'completion'), - array('moodle/legacy:student'))); + array('student'))); $optionalsubsystems->add(new admin_setting_configcheckbox('enableavailability', get_string('enableavailability','condition'), get_string('configenableavailability','condition'), 0)); Index: mod/feedback/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/db/access.php,v retrieving revision 1.7 diff -u -r1.7 access.php --- mod/feedback/db/access.php 28 Mar 2010 09:42:42 -0000 1.7 +++ mod/feedback/db/access.php 28 Mar 2010 21:42:11 -0000 @@ -40,7 +40,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -66,7 +66,7 @@ 'user' => CAP_ALLOW, 'student' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -76,7 +76,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -85,7 +85,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -97,7 +97,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -109,7 +109,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -121,7 +121,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -131,7 +131,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -144,7 +144,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), Index: version.php =================================================================== RCS file: /cvsroot/moodle/moodle/version.php,v retrieving revision 1.1492 diff -u -r1.1492 version.php --- version.php 28 Mar 2010 00:42:17 -0000 1.1492 +++ version.php 28 Mar 2010 21:40:43 -0000 @@ -6,7 +6,7 @@ // This is compared against the values stored in the database to determine // whether upgrades should be performed (see lib/db/*.php) - $version = 2010032400; // YYYYMMDD = date of the last version bump + $version = 2010032801; // YYYYMMDD = date of the last version bump // XX = daily increments $release = '2.0 dev (Build: 20100328)'; // Human-friendly version name Index: index.php =================================================================== RCS file: /cvsroot/moodle/moodle/index.php,v retrieving revision 1.251 diff -u -r1.251 index.php --- index.php 16 Jan 2010 15:40:18 -0000 1.251 +++ index.php 28 Mar 2010 21:40:43 -0000 @@ -62,7 +62,7 @@ set_moodle_cookie('nobody'); // To help search for cookies on login page } - if (!empty($USER->id)) { + if (isloggedin()) { add_to_log(SITEID, 'course', 'view', 'view.php?id='.SITEID, SITEID); } @@ -142,7 +142,7 @@ print_error('cannotfindorcreateforum', 'forum'); } - if (!empty($USER->id)) { + if (isloggedin()) { $SESSION->fromdiscussion = $CFG->wwwroot; $subtext = ''; if (forum_is_subscribed($USER->id, $newsforum)) { Index: pluginfile.php =================================================================== RCS file: /cvsroot/moodle/moodle/pluginfile.php,v retrieving revision 1.24 diff -u -r1.24 pluginfile.php --- pluginfile.php 19 Feb 2010 18:33:26 -0000 1.24 +++ pluginfile.php 28 Mar 2010 21:40:43 -0000 @@ -220,7 +220,7 @@ if ($USER->id !== $userid) { $usercontext = get_context_instance(CONTEXT_USER, $userid); // The browsing user is not the current user - if (!isteacherinanycourse() && !isteacherinanycourse($userid) && !has_capability('moodle/user:viewdetails', $usercontext)) { + if (!has_coursemanager_role($userid) && !has_capability('moodle/user:viewdetails', $usercontext)) { send_file_not_found(); } @@ -349,7 +349,7 @@ } // Must be able to at least view the course - if (!has_capability('moodle/course:view', $context)) { + if (!is_enrolled($context) and !is_inspecting($context)) { send_file_not_found(); } @@ -412,6 +412,10 @@ } else if ($filearea === 'user_profile') { $userid = (int)array_shift($args); $usercontext = get_context_instance(CONTEXT_USER, $userid); + + if ($CFG->forcelogin) { + require_login(); + } if (!empty($CFG->forceloginforprofiles)) { require_login(); @@ -419,16 +423,14 @@ print_error('noguest'); } - if (!isteacherinanycourse() - and !isteacherinanycourse($userid) - and !has_capability('moodle/user:viewdetails', $usercontext)) { + if (!has_coursemanager_role($userid) and !has_capability('moodle/user:viewdetails', $usercontext)) { print_error('usernotavailable'); } if (!has_capability('moodle/user:viewdetails', $context) && !has_capability('moodle/user:viewdetails', $usercontext)) { print_error('cannotviewprofile'); } - if (!has_capability('moodle/course:view', $context, $userid, false)) { + if (!is_enrolled($context, $userid)) { print_error('notenrolledprofile'); } if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { Index: mod/url/locallib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/url/locallib.php,v retrieving revision 1.11 diff -u -r1.11 locallib.php --- mod/url/locallib.php 6 Feb 2010 18:47:45 -0000 1.11 +++ mod/url/locallib.php 28 Mar 2010 21:42:24 -0000 @@ -417,7 +417,7 @@ 'urlidnumber' => $cm->idnumber, ); - if (!empty($USER->id)) { + if (isloggedin()) { $values['userid'] = $USER->id; $values['userusername'] = $USER->username; $values['useridnumber'] = $USER->idnumber; Index: mod/choice/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/choice/db/access.php,v retrieving revision 1.8 diff -u -r1.8 access.php --- mod/choice/db/access.php 4 Nov 2009 19:24:14 -0000 1.8 +++ mod/choice/db/access.php 28 Mar 2010 21:42:06 -0000 @@ -37,8 +37,7 @@ 'legacy' => array( 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, - 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'editingteacher' => CAP_ALLOW ) ), @@ -49,7 +48,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -60,7 +59,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -71,7 +70,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: tag/locallib.php =================================================================== RCS file: /cvsroot/moodle/moodle/tag/locallib.php,v retrieving revision 1.27 diff -u -r1.27 locallib.php --- tag/locallib.php 17 Feb 2010 16:59:43 -0000 1.27 +++ tag/locallib.php 28 Mar 2010 21:42:27 -0000 @@ -322,7 +322,7 @@ $usercontext = get_context_instance(CONTEXT_USER, $user->id); $profilelink = ''; - if ( has_capability('moodle/user:viewdetails', $usercontext) || isteacherinanycourse($user->id) ) { + if ( has_capability('moodle/user:viewdetails', $usercontext) || has_coursemanager_role($user->id) ) { $profilelink = $CFG->wwwroot .'/user/view.php?id='. $user->id; } Index: tag/coursetags_more.php =================================================================== RCS file: /cvsroot/moodle/moodle/tag/coursetags_more.php,v retrieving revision 1.11 diff -u -r1.11 coursetags_more.php --- tag/coursetags_more.php 16 Jan 2010 15:40:08 -0000 1.11 +++ tag/coursetags_more.php 28 Mar 2010 21:42:27 -0000 @@ -35,9 +35,7 @@ } // Permissions -$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); -$isguest = has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false); -$loggedin = isloggedin() && !$isguest; +$loggedin = isloggedin() && !isguestuser(); // Course check if ($courseid) { Index: mod/chat/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/chat/db/access.php,v retrieving revision 1.12 diff -u -r1.12 access.php --- mod/chat/db/access.php 4 Nov 2009 19:24:15 -0000 1.12 +++ mod/chat/db/access.php 28 Mar 2010 21:42:05 -0000 @@ -40,7 +40,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -52,7 +52,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -63,7 +63,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -76,7 +76,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, // not student - nervous about allowing this by default ), @@ -91,7 +91,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, ), ), Index: auth/ldap/auth.php =================================================================== RCS file: /cvsroot/moodle/moodle/auth/ldap/auth.php,v retrieving revision 1.84 diff -u -r1.84 auth.php --- auth/ldap/auth.php 14 Jan 2010 18:54:13 -0000 1.84 +++ auth/ldap/auth.php 28 Mar 2010 21:40:52 -0000 @@ -724,7 +724,7 @@ $sitecontext = get_context_instance(CONTEXT_SYSTEM); if (!empty($this->config->creators) and !empty($this->config->memberattribute) - and $roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + and $roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one } else { $creatorrole = false; @@ -774,7 +774,7 @@ $sitecontext = get_context_instance(CONTEXT_SYSTEM); if (!empty($this->config->creators) and !empty($this->config->memberattribute) - and $roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + and $roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one } else { $creatorrole = false; @@ -1945,7 +1945,7 @@ return; //nothing to sync - creators not configured } - if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + if ($roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one $systemcontext = get_context_instance(CONTEXT_SYSTEM); Index: blocks/admin_tree/block_admin_tree.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/admin_tree/block_admin_tree.php,v retrieving revision 1.50 diff -u -r1.50 block_admin_tree.php --- blocks/admin_tree/block_admin_tree.php 18 Jan 2010 20:57:38 -0000 1.50 +++ blocks/admin_tree/block_admin_tree.php 28 Mar 2010 21:41:07 -0000 @@ -108,7 +108,7 @@ } if (isguestuser() or !isloggedin()) { - // these users can not change any settings + // shortcut - these users can not change any settings $this->content = ''; return ''; } Index: grade/report/overview/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/report/overview/db/access.php,v retrieving revision 1.8 diff -u -r1.8 access.php --- grade/report/overview/db/access.php 4 Nov 2009 19:24:15 -0000 1.8 +++ grade/report/overview/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -23,7 +23,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'student' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: blocks/moodleblock.class.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/moodleblock.class.php,v retrieving revision 1.148 diff -u -r1.148 moodleblock.class.php --- blocks/moodleblock.class.php 24 Feb 2010 08:12:17 -0000 1.148 +++ blocks/moodleblock.class.php 28 Mar 2010 21:41:06 -0000 @@ -555,11 +555,7 @@ $this->config = unserialize(base64_decode($instance->configdata)); } $this->instance = $instance; - if (isset($instance->context)) { - $this->context = $instance->context; - } else { - $this->context = get_context_instance(CONTEXT_BLOCK, $instance->id); - } + $this->context = get_context_instance(CONTEXT_BLOCK, $instance->id); $this->page = $page; $this->specialization(); $this->get_required_javascript(); Index: grade/import/xml/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/import/xml/db/access.php,v retrieving revision 1.7 diff -u -r1.7 access.php --- grade/import/xml/db/access.php 4 Nov 2009 19:24:14 -0000 1.7 +++ grade/import/xml/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -22,7 +22,7 @@ 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -30,7 +30,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: mod/assignment/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/assignment/lib.php,v retrieving revision 1.436 diff -u -r1.436 lib.php --- mod/assignment/lib.php 22 Mar 2010 03:04:01 -0000 1.436 +++ mod/assignment/lib.php 28 Mar 2010 21:42:03 -0000 @@ -363,7 +363,7 @@ get_string('noattempts', 'assignment').''; } } else { - if (!empty($USER->id)) { + if (isloggedin()) { if ($submission = $this->get_submission($USER->id)) { if ($submission->timemodified) { if ($submission->timemodified <= $this->assignment->timedue || empty($this->assignment->timedue)) { @@ -2283,7 +2283,7 @@ /// mail is customised for the receiver. cron_setup_user($user, $course); - if (!has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $submission->course), $user->id)) { + if (!is_enrolled(get_context_instance(CONTEXT_COURSE, $submission->course), $user->id)) { echo fullname($user)." not an active participant in " . format_string($course->shortname) . "\n"; continue; } @@ -3361,28 +3361,25 @@ $assignmentclass = 'assignment_'.$assignmentrow->assignmenttype; $assignmentinstance = new $assignmentclass($PAGE->cm->id, $assignmentrow, $PAGE->cm, $PAGE->course); - if (!empty($USER->id) && !has_capability('moodle/legacy:guest', $PAGE->cm->context, NULL, false)) { + $allgroups = false; - $allgroups = false; - - // Add assignment submission information - if (has_capability('mod/assignment:grade', $PAGE->cm->context)) { - if ($allgroups && has_capability('moodle/site:accessallgroups', $PAGE->cm->context)) { - $group = 0; - } else { - $group = groups_get_activity_group($PAGE->cm); - } - $link = new moodle_url('/mod/assignment/submissions.php', array('id'=>$PAGE->cm->id)); - if ($count = $assignmentinstance->count_real_submissions($group)) { - $string = get_string('viewsubmissions', 'assignment', $count); - } else { - $string = get_string('noattempts', 'assignment'); - } - $assignmentnode->add($string, $link, navigation_node::TYPE_SETTING); - } - - if (is_object($assignmentinstance) && method_exists($assignmentinstance, 'extend_settings_navigation')) { - $assignmentinstance->extend_settings_navigation($assignmentnode); - } + // Add assignment submission information + if (has_capability('mod/assignment:grade', $PAGE->cm->context)) { + if ($allgroups && has_capability('moodle/site:accessallgroups', $PAGE->cm->context)) { + $group = 0; + } else { + $group = groups_get_activity_group($PAGE->cm); } + $link = new moodle_url('/mod/assignment/submissions.php', array('id'=>$PAGE->cm->id)); + if ($count = $assignmentinstance->count_real_submissions($group)) { + $string = get_string('viewsubmissions', 'assignment', $count); + } else { + $string = get_string('noattempts', 'assignment'); } + $assignmentnode->add($string, $link, navigation_node::TYPE_SETTING); + } + + if (is_object($assignmentinstance) && method_exists($assignmentinstance, 'extend_settings_navigation')) { + $assignmentinstance->extend_settings_navigation($assignmentnode); + } +} Index: repository/flickr_public/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/flickr_public/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- repository/flickr_public/db/access.php 4 Nov 2009 19:24:16 -0000 1.3 +++ repository/flickr_public/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: grade/report/grader/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/report/grader/db/access.php,v retrieving revision 1.7 diff -u -r1.7 access.php --- grade/report/grader/db/access.php 4 Nov 2009 19:24:13 -0000 1.7 +++ grade/report/grader/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -24,7 +24,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: mod/scorm/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/scorm/db/access.php,v retrieving revision 1.13 diff -u -r1.13 access.php --- mod/scorm/db/access.php 4 Nov 2009 19:24:14 -0000 1.13 +++ mod/scorm/db/access.php 28 Mar 2010 21:42:23 -0000 @@ -37,7 +37,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -58,7 +58,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -70,7 +70,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), 'mod/scorm:deleteresponses' => array( @@ -80,7 +80,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: filter/censor/filter.php =================================================================== RCS file: /cvsroot/moodle/moodle/filter/censor/filter.php,v retrieving revision 1.16 diff -u -r1.16 filter.php --- filter/censor/filter.php 1 Nov 2009 13:01:58 -0000 1.16 +++ filter/censor/filter.php 28 Mar 2010 21:41:18 -0000 @@ -13,17 +13,11 @@ /// options to be filtered (In HTML form). class censor_filter extends moodle_text_filter { private function _canseecensor() { - $cansee = false; - $context = get_context_instance(CONTEXT_SYSTEM, SITEID); - if (has_capability('moodle/site:doanything', $context)) { - $cansee = true; - } - return $cansee; + return is_siteadmin(); //TODO: add proper access control } function hash(){ $cap = "mod/filter:censor"; - $context = get_context_instance(CONTEXT_SYSTEM, SITEID); - if (has_capability('moodle/site:doanything', $context)) { + if (is_siteadmin()) { //TODO: add proper access control $cap = "mod/filter:seecensor"; } return $cap; Index: mod/quiz/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/quiz/db/access.php,v retrieving revision 1.16 diff -u -r1.16 access.php --- mod/quiz/db/access.php 8 Mar 2010 16:01:40 -0000 1.16 +++ mod/quiz/db/access.php 28 Mar 2010 21:42:23 -0000 @@ -16,7 +16,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -48,7 +48,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -58,7 +58,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -69,7 +69,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -81,7 +81,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -93,7 +93,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'mod/quiz:grade' ), @@ -106,7 +106,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -117,7 +117,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), Index: mod/hotpot/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/hotpot/db/access.php,v retrieving revision 1.8 diff -u -r1.8 access.php --- mod/hotpot/db/access.php 4 Nov 2009 19:24:13 -0000 1.8 +++ mod/hotpot/db/access.php 28 Mar 2010 21:42:23 -0000 @@ -38,7 +38,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -49,7 +49,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -60,7 +60,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -70,7 +70,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: repository/wikimedia/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/wikimedia/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/wikimedia/db/access.php 4 Nov 2009 19:24:15 -0000 1.2 +++ repository/wikimedia/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: repository/alfresco/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/alfresco/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/alfresco/db/access.php 4 Nov 2009 19:24:16 -0000 1.2 +++ repository/alfresco/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: admin/report/questioninstances/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/report/questioninstances/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- admin/report/questioninstances/db/access.php 4 Nov 2009 19:24:16 -0000 1.3 +++ admin/report/questioninstances/db/access.php 28 Mar 2010 21:40:46 -0000 @@ -29,7 +29,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:config', Index: comment/comment_ajax.php =================================================================== RCS file: /cvsroot/moodle/moodle/comment/comment_ajax.php,v retrieving revision 1.9 diff -u -r1.9 comment_ajax.php --- comment/comment_ajax.php 28 Mar 2010 09:52:50 -0000 1.9 +++ comment/comment_ajax.php 28 Mar 2010 21:41:13 -0000 @@ -29,12 +29,6 @@ require_login($course, true, $cm); require_sesskey(); -if (isguestuser()) { - $err = new stdclass; - $err->error = get_string('loggedinnot'); - die(json_encode($err)); -} - $action = optional_param('action', '', PARAM_ALPHA); $area = optional_param('area', '', PARAM_ALPHAEXT); $client_id = optional_param('client_id', '', PARAM_RAW); Index: comment/comment_post.php =================================================================== RCS file: /cvsroot/moodle/moodle/comment/comment_post.php,v retrieving revision 1.9 diff -u -r1.9 comment_post.php --- comment/comment_post.php 28 Mar 2010 10:08:18 -0000 1.9 +++ comment/comment_post.php 28 Mar 2010 21:41:13 -0000 @@ -27,10 +27,6 @@ require_login($course, true, $cm); require_sesskey(); -if (isguestuser()) { - print_error('loggedinnot'); -} - $action = optional_param('action', '', PARAM_ALPHA); $area = optional_param('area', '', PARAM_ALPHAEXT); $commentid = optional_param('commentid', -1, PARAM_INT); Index: course/report/participation/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/report/participation/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- course/report/participation/db/access.php 4 Nov 2009 19:24:15 -0000 1.3 +++ course/report/participation/db/access.php 28 Mar 2010 21:41:17 -0000 @@ -32,7 +32,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', Index: blocks/tags/block_tags.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/tags/block_tags.php,v retrieving revision 1.24 diff -u -r1.24 block_tags.php --- blocks/tags/block_tags.php 30 Dec 2009 15:20:00 -0000 1.24 +++ blocks/tags/block_tags.php 28 Mar 2010 21:41:08 -0000 @@ -79,8 +79,7 @@ // Permissions and page awareness $systemcontext = get_context_instance(CONTEXT_SYSTEM); - $isguest = has_capability('moodle/legacy:guest', $systemcontext, $USER->id, false); - $loggedin = isloggedin() && !$isguest; + $loggedin = isloggedin() && !isguestuser(); $coursepage = $canedit = false; $coursepage = (isset($this->page->course->id) && $this->page->course->id != SITEID); $mymoodlepage = ($SCRIPT == '/my/index.php') ? true : false; Index: admin/report/security/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/report/security/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- admin/report/security/db/access.php 4 Nov 2009 19:24:13 -0000 1.3 +++ admin/report/security/db/access.php 28 Mar 2010 21:40:47 -0000 @@ -30,7 +30,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), ) ); Index: blocks/online_users/block_online_users.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/online_users/block_online_users.php,v retrieving revision 1.72 diff -u -r1.72 block_online_users.php --- blocks/online_users/block_online_users.php 27 Dec 2009 19:47:21 -0000 1.72 +++ blocks/online_users/block_online_users.php 28 Mar 2010 21:41:08 -0000 @@ -55,12 +55,14 @@ $params['currentgroup'] = $currentgroup; } + $userfields = user_picture::fields('u').', username'; + if ($this->page->course->id == SITEID) { // Site-level - $sql = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, MAX(u.lastaccess) AS lastaccess + $sql = "SELECT $userfields, MAX(u.lastaccess) AS lastaccess FROM {user} u $groupmembers WHERE u.lastaccess > $timefrom $groupselect - GROUP BY u.id, u.username, u.firstname, u.lastname, u.picture + GROUP BY $userfields ORDER BY lastaccess DESC "; $csql = "SELECT COUNT(u.id), u.id @@ -69,24 +71,26 @@ $groupselect GROUP BY u.id"; - } else { // Course-level - if (!has_capability('moodle/role:viewhiddenassigns', $this->page->context)) { - $pcontext = get_related_contexts_string($this->page->context); - $rafrom = ", {role_assignments} ra"; - $rawhere = " AND ra.userid = u.id AND ra.contextid $pcontext AND ra.hidden = 0"; - } + } else { + // Course level - show only enrolled users for now + // TODO: add a new capability for viewing of all users (guests+enrolled+inspecting) + + list($esqljoin, $eparams) = get_enrolled_sql($this->page->context); + $params = array_merge($params, $eparams); - $sql = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, MAX(ul.timeaccess) AS lastaccess + $sql = "SELECT $userfields, MAX(ul.timeaccess) AS lastaccess FROM {user_lastaccess} ul, {user} u $groupmembers $rafrom + JOIN ($esqljoin) euj ON euj.id = u.id WHERE ul.timeaccess > $timefrom AND u.id = ul.userid AND ul.courseid = :courseid $groupselect $rawhere - GROUP BY u.id, u.username, u.firstname, u.lastname, u.picture + GROUP BY $userfields ORDER BY lastaccess DESC"; $csql = "SELECT u.id FROM {user_lastaccess} ul, {user} u $groupmembers $rafrom + JOIN ($esqljoin) euj ON euj.id = u.id WHERE ul.timeaccess > $timefrom AND u.id = ul.userid AND ul.courseid = :courseid @@ -131,7 +135,7 @@ //Accessibility: Don't want 'Alt' text for the user picture; DO want it for the envelope/message link (existing lang string). //Accessibility: Converted
to
    , inherit existing classes & styles. $this->content->text .= "
      \n"; - if (!empty($USER->id) && has_capability('moodle/site:sendmessage', $this->page->context) + if (isloggedin() && has_capability('moodle/site:sendmessage', $this->page->context) && !empty($CFG->messaging) && !isguestuser()) { $canshowicon = true; } else { Index: mod/assignment/type/uploadsingle/assignment.class.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/assignment/type/uploadsingle/assignment.class.php,v retrieving revision 1.54 diff -u -r1.54 assignment.class.php --- mod/assignment/type/uploadsingle/assignment.class.php 19 Mar 2010 06:20:12 -0000 1.54 +++ mod/assignment/type/uploadsingle/assignment.class.php 28 Mar 2010 21:42:04 -0000 @@ -192,7 +192,7 @@ // get users submission if there is one $submission = $this->get_submission(); - if (has_capability('mod/assignment:submit', $this->cm->context)) { + if (has_capability('mod/assignment:submit', get_context_instance(CONTEXT_MODULE, $this->cm->id))) { $editable = $this->isopen() && (!$submission || $this->assignment->resubmit || !$submission->timemarked); } else { $editable = false; Index: blocks/quiz_results/block_quiz_results.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/quiz_results/block_quiz_results.php,v retrieving revision 1.40 diff -u -r1.40 block_quiz_results.php --- blocks/quiz_results/block_quiz_results.php 24 Feb 2010 08:52:06 -0000 1.40 +++ blocks/quiz_results/block_quiz_results.php 28 Mar 2010 21:41:08 -0000 @@ -286,7 +286,7 @@ case SEPARATEGROUPS: // This is going to be just like no-groups mode, only we 'll filter // out the grades from people not in our group. - if(empty($USER) || empty($USER->id)) { + if (!isloggedin()) { // Not logged in, so show nothing return $this->content; } Index: repository/upload/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/upload/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/upload/db/access.php 4 Nov 2009 19:24:14 -0000 1.2 +++ repository/upload/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: auth/cas/auth.php =================================================================== RCS file: /cvsroot/moodle/moodle/auth/cas/auth.php,v retrieving revision 1.43 diff -u -r1.43 auth.php --- auth/cas/auth.php 14 Jan 2010 18:54:12 -0000 1.43 +++ auth/cas/auth.php 28 Mar 2010 21:40:50 -0000 @@ -797,7 +797,7 @@ $sitecontext = get_context_instance(CONTEXT_SYSTEM); if (!empty($this->config->creators) and !empty($this->config->memberattribute) - and $roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + and $roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one } else { $creatorrole = false; @@ -846,7 +846,7 @@ $sitecontext = get_context_instance(CONTEXT_SYSTEM); if (!empty($this->config->creators) and !empty($this->config->memberattribute) - and $roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + and $roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one } else { $creatorrole = false; @@ -1118,7 +1118,7 @@ if ($iscreator === null) { return; //nothing to sync - creators not configured } - if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + if ($roles = get_archetype_roles('coursecreator')) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one $systemcontext = get_context_instance(CONTEXT_SYSTEM); if ($iscreator) { // Following calls will not create duplicates Index: calendar/export.php =================================================================== RCS file: /cvsroot/moodle/moodle/calendar/export.php,v retrieving revision 1.23 diff -u -r1.23 export.php --- calendar/export.php 25 Mar 2010 06:38:25 -0000 1.23 +++ calendar/export.php 28 Mar 2010 21:41:10 -0000 @@ -105,19 +105,9 @@ } $time = make_timestamp($yr, $mon, $day); -$isguest = has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false); - -if (empty($USER->id) or $isguest) { - $defaultcourses = calendar_get_default_courses(); - calendar_set_filters($courses, $groups, $users, $defaultcourses, $defaultcourses); -} else { - calendar_set_filters($courses, $groups, $users); -} - -if (empty($USER->id) or $isguest) { +if (!isloggedin() or isguestuser()) { $defaultcourses = calendar_get_default_courses(); calendar_set_filters($courses, $groups, $users, $defaultcourses, $defaultcourses); - } else { calendar_set_filters($courses, $groups, $users); } Index: calendar/view.php =================================================================== RCS file: /cvsroot/moodle/moodle/calendar/view.php,v retrieving revision 1.133 diff -u -r1.133 view.php --- calendar/view.php 25 Mar 2010 06:38:25 -0000 1.133 +++ calendar/view.php 28 Mar 2010 21:41:13 -0000 @@ -128,7 +128,7 @@ $course = null; } -if (empty($USER->id) or has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (!isloggedin() or isguestuser()) { $defaultcourses = calendar_get_default_courses(); calendar_set_filters($courses, $groups, $users, $defaultcourses, $defaultcourses); @@ -182,7 +182,7 @@ if (!empty($CFG->enablecalendarexport)) { echo $OUTPUT->single_button(new moodle_url('export.php', array('course'=>$courseid)), get_string('exportcalendar', 'calendar')); - if (!empty($USER->id)) { + if (isloggedin()) { $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt); $usernameencoded = urlencode($USER->username); @@ -257,7 +257,7 @@ $events = calendar_get_upcoming($courses, $groups, $users, 1, 100, $starttime); $text = ''; - if (!has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false) && !empty($USER->id) && calendar_user_can_add_event()) { + if (!isguestuser() && isloggedin() && calendar_user_can_add_event()) { $text.= '
      '; $text.= ''; $text.= '
      '; @@ -403,7 +403,7 @@ calendar_events_by_day($events, $m, $y, $eventsbyday, $durationbyday, $typesbyday, $courses); $text = ''; - if(!has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false) && !empty($USER->id) && calendar_user_can_add_event()) { + if(!isguestuser() && isloggedin() && calendar_user_can_add_event()) { $text.= '
      '; $text.= '
      '; $text.= ''; @@ -562,7 +562,7 @@ echo "\n"; - if(!empty($USER->id) && !has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if(isloggedin() && !isguestuser()) { echo ''; // Group events if($SESSION->cal_show_groups) { @@ -593,7 +593,7 @@ $text = ''; - if(!has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false) && !empty($USER->id) && calendar_user_can_add_event()) { + if(!isguestuser() && isloggedin() && calendar_user_can_add_event()) { $text.= '
      '; $text.= ''; $text.= '
      '; @@ -629,7 +629,7 @@ function calendar_course_filter_selector($getvars = '') { global $USER, $SESSION, $OUTPUT; - if (empty($USER->id) or has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (!isloggedin() or isguestuser()) { return ''; } Index: calendar/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/calendar/lib.php,v retrieving revision 1.257 diff -u -r1.257 lib.php --- calendar/lib.php 25 Mar 2010 06:38:25 -0000 1.257 +++ calendar/lib.php 28 Mar 2010 21:41:12 -0000 @@ -858,7 +858,7 @@ } - if(!empty($USER->id) && !has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (isloggedin() && !isguestuser()) { $content .= "\n"; if($groupevents) { @@ -1191,8 +1191,8 @@ // The empty() instead of !isset() here makes a whole world of difference, // as it will automatically change to the user's id when the user first logs // in. With !isset(), it would never do that. - $SESSION->cal_users_shown = !empty($USER->id) ? $USER->id : false; - } else if(is_numeric($SESSION->cal_users_shown) && !empty($USER->id) && $SESSION->cal_users_shown != $USER->id) { + $SESSION->cal_users_shown = isloggedin() ? $USER->id : false; + } else if(is_numeric($SESSION->cal_users_shown) && isloggedin() && $SESSION->cal_users_shown != $USER->id) { // Follow the white rabbit, for example if a teacher logs in as a student $SESSION->cal_users_shown = $USER->id; } @@ -1312,7 +1312,7 @@ } // If the user is an editing teacher in there, - if (!empty($USER->id) && isset($courseeventsfrom[$courseid]->context) && has_capability('moodle/calendar:manageentries', $courseeventsfrom[$courseid]->context)) { + if (isloggedin() && isset($courseeventsfrom[$courseid]->context) && has_capability('moodle/calendar:manageentries', $courseeventsfrom[$courseid]->context)) { // If this course has groups, show events from all of them if(is_int($groupeventsfrom)) { if (is_object($courseeventsfrom[$courseid])) { // SHOULD be set MDL-11221 @@ -1412,7 +1412,7 @@ return array($SESSION->cal_course_referer => 1); } - if(empty($USER->id)) { + if (!isloggedin()) { return array(); } @@ -1438,7 +1438,7 @@ global $CFG, $USER; // Guests have no preferences - if (empty($USER->id) || has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (!isloggedin() || isguestuser()) { return ''; } @@ -1559,7 +1559,7 @@ function calendar_set_filters_status($packed_bitfield) { global $SESSION, $USER; - if(!isset($USER) || empty($USER->id)) { + if (!isloggedin()) { return false; } @@ -1617,7 +1617,7 @@ global $USER, $DB; // can not be using guest account - if (empty($USER->id) or $USER->username == 'guest') { + if (!isloggedin() or isguestuser()) { return false; } Index: mod/assignment/type/upload/assignment.class.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/assignment/type/upload/assignment.class.php,v retrieving revision 1.95 diff -u -r1.95 assignment.class.php --- mod/assignment/type/upload/assignment.class.php 25 Mar 2010 00:23:22 -0000 1.95 +++ mod/assignment/type/upload/assignment.class.php 28 Mar 2010 21:42:04 -0000 @@ -1072,7 +1072,7 @@ // get users submission if there is one $submission = $this->get_submission(); - if (has_capability('mod/assignment:submit', $this->cm->context)) { + if (has_capability('mod/assignment:submit', get_context_instance(COURSE_MODULE, $this->cm->id))) { $editable = $this->isopen() && (!$submission || $this->assignment->resubmit || !$submission->timemarked); } else { $editable = false; Index: grade/export/xml/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/export/xml/db/access.php,v retrieving revision 1.6 diff -u -r1.6 access.php --- grade/export/xml/db/access.php 4 Nov 2009 19:24:14 -0000 1.6 +++ grade/export/xml/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -24,7 +24,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -33,7 +33,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: login/change_password.php =================================================================== RCS file: /cvsroot/moodle/moodle/login/change_password.php,v retrieving revision 1.79 diff -u -r1.79 change_password.php --- login/change_password.php 16 Jan 2010 15:40:07 -0000 1.79 +++ login/change_password.php 28 Mar 2010 21:42:00 -0000 @@ -46,7 +46,7 @@ } // require proper login; guest user can not change password -if (empty($USER->id) or isguestuser()) { +if (!isloggedin() or isguestuser()) { if (empty($SESSION->wantsurl)) { $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php'; } Index: login/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/login/index.php,v retrieving revision 1.175 diff -u -r1.175 index.php --- login/index.php 18 Feb 2010 01:30:13 -0000 1.175 +++ login/index.php 28 Mar 2010 21:42:00 -0000 @@ -100,7 +100,7 @@ $errormsg = get_string("cookiesnotenabled"); $errorcode = 1; -} else if ($frm) { // Login WITH cookies +} else if ($frm and isset($frm->username)) { // Login WITH cookies $frm->username = trim(moodle_strtolower($frm->username)); @@ -188,7 +188,7 @@ } /// Go to my-moodle page instead of homepage if mymoodleredirect enabled - if (!has_capability('moodle/site:config', $context) and !empty($CFG->mymoodleredirect) and !has_capability('moodle/legacy:guest',$context, 0, false)) { + if (!empty($CFG->mymoodleredirect) and !is_siteadmin() and !isguestuser()) { if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') { $urltogo = $CFG->wwwroot.'/my/'; } Index: mod/survey/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/survey/index.php,v retrieving revision 1.40 diff -u -r1.40 index.php --- mod/survey/index.php 20 Mar 2010 22:16:00 -0000 1.40 +++ mod/survey/index.php 28 Mar 2010 21:42:23 -0000 @@ -48,7 +48,7 @@ $currentsection = ''; foreach ($surveys as $survey) { - if (!empty($USER->id) and survey_already_done($survey->id, $USER->id)) { + if (isloggedin() and survey_already_done($survey->id, $USER->id)) { $ss = $strdone; } else { $ss = $strnotdone; Index: mod/survey/view.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/survey/view.php,v retrieving revision 1.79 diff -u -r1.79 view.php --- mod/survey/view.php 20 Mar 2010 22:16:00 -0000 1.79 +++ mod/survey/view.php 28 Mar 2010 21:42:23 -0000 @@ -81,7 +81,7 @@ notice(get_string("activityiscurrentlyhidden")); } - if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (!is_enrolled($context)) { echo $OUTPUT->notification(get_string("guestsnotallowed", "survey")); } @@ -175,7 +175,7 @@ } } - if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (!is_enrolled($context)) { echo '
      '; echo ""; echo $OUTPUT->footer(); Index: mod/assignment/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/assignment/db/access.php,v retrieving revision 1.11 diff -u -r1.11 access.php --- mod/assignment/db/access.php 4 Nov 2009 19:24:16 -0000 1.11 +++ mod/assignment/db/access.php 28 Mar 2010 21:42:03 -0000 @@ -39,7 +39,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -60,7 +60,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -71,7 +71,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW, + 'manager' => CAP_ALLOW, 'student' => CAP_ALLOW, ) ), Index: search/tests/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/search/tests/index.php,v retrieving revision 1.17 diff -u -r1.17 index.php --- search/tests/index.php 25 Mar 2009 21:29:00 -0000 1.17 +++ search/tests/index.php 28 Mar 2010 21:42:27 -0000 @@ -34,7 +34,7 @@ print_error('globalsearchdisabled', 'search'); } - if (!has_capability('moodle/site:doanything', get_context_instance(CONTEXT_SYSTEM))) { + if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM))) { print_error('onlyadmins', 'error', get_login_url()); } Index: question/type/randomsamatch/questiontype.php =================================================================== RCS file: /cvsroot/moodle/moodle/question/type/randomsamatch/questiontype.php,v retrieving revision 1.15 diff -u -r1.15 questiontype.php --- question/type/randomsamatch/questiontype.php 4 Nov 2009 11:57:57 -0000 1.15 +++ question/type/randomsamatch/questiontype.php 28 Mar 2010 21:42:25 -0000 @@ -97,7 +97,7 @@ $count = count($saquestions); $wanted = $question->options->choose; $errorstr = ''; - if ($count < $wanted && isteacherinanycourse()) { + if ($count < $wanted && has_coursemanager_role()) { //TODO: this teacher test is far from optimal if ($count >= 2) { $errorstr = "Error: could not get enough Short-Answer questions! Got $count Short-Answer questions, but wanted $wanted. Index: repository/boxnet/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/boxnet/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/boxnet/db/access.php 4 Nov 2009 19:24:14 -0000 1.2 +++ repository/boxnet/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: admin/report/security/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/report/security/lib.php,v retrieving revision 1.26 diff -u -r1.26 lib.php --- admin/report/security/lib.php 21 Jan 2010 22:29:28 -0000 1.26 +++ admin/report/security/lib.php 28 Mar 2010 21:40:47 -0000 @@ -576,16 +576,6 @@ return $result; } - // first test if do anything enabled - that would be really crazy! - $params = array('doanything'=>'moodle/site:doanything', 'capallow'=>CAP_ALLOW, 'roleid'=>$default_role->id); - $sql = "SELECT COUNT(DISTINCT rc.contextid) - FROM {role_capabilities} rc - WHERE rc.capability = :doanything - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - - $anythingcount = $DB->count_records_sql($sql, $params); - // risky caps - usually very dangerous $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$default_role->id); $sql = "SELECT COUNT(DISTINCT rc.contextid) @@ -600,22 +590,14 @@ // default role can not have view cap in all courses - this would break moodle badly $viewcap = $DB->record_exists('role_capabilities', array('roleid'=>$default_role->id, 'permission'=>CAP_ALLOW, 'capability'=>'moodle/course:view')); - // it may have either no or 'user' legacy type - nothing else, or else it would break during upgrades badly - $legacyok = false; - $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$default_role->id, 'legacy'=>'moodle/legacy:%'); - $sql = "SELECT rc.capability, 1 - FROM {role_capabilities} rc - WHERE rc.capability LIKE :legacy - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - $legacycaps = $DB->get_records_sql($sql, $params); - if (!$legacycaps) { - $legacyok = true; - } else if (count($legacycaps) == 1 and isset($legacycaps['moodle/legacy:user'])) { + // it may have either none or 'user' archetype - nothing else, or else it would break during upgrades badly + if ($default_role->archetype === '' or $default_role->archetype === 'user') { $legacyok = true; + } else { + $legacyok = false; } - if ($anythingcount or $riskycount or $viewcap or !$legacyok) { + if ($riskycount or $viewcap or !$legacyok) { $result->status = REPORT_SECURITY_CRITICAL; $result->info = get_string('check_defaultuserrole_error', 'report_security', format_string($default_role->name)); @@ -655,16 +637,6 @@ return $result; } - // first test if do anything enabled - that would be really crazy! - $params = array('doanything'=>'moodle/site:doanything', 'capallow'=>CAP_ALLOW, 'roleid'=>$guest_role->id); - $sql = "SELECT COUNT(DISTINCT rc.contextid) - FROM {role_capabilities} rc - WHERE rc.capability = :doanything - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - - $anythingcount = $DB->count_records_sql($sql, $params); - // risky caps - usually very dangerous $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$guest_role->id); $sql = "SELECT COUNT(DISTINCT rc.contextid) @@ -676,22 +648,14 @@ $riskycount = $DB->count_records_sql($sql, $params); - // it may have either no or 'guest' legacy type - nothing else, or else it would break during upgrades badly - $legacyok = false; - $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$guest_role->id, 'legacy'=>'moodle/legacy:%'); - $sql = "SELECT rc.capability, 1 - FROM {role_capabilities} rc - WHERE rc.capability LIKE :legacy - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - $legacycaps = $DB->get_records_sql($sql, $params); - if (!$legacycaps) { - $legacyok = true; - } else if (count($legacycaps) == 1 and isset($legacycaps['moodle/legacy:guest'])) { + // it may have either no or 'guest' archetype - nothing else, or else it would break during upgrades badly + if ($guest_role->archetype === '' or $guest_role->archetype === 'guest') { $legacyok = true; + } else { + $legacyok = false; } - if ($anythingcount or $riskycount or !$legacyok) { + if ($riskycount or !$legacyok) { $result->status = REPORT_SECURITY_CRITICAL; $result->info = get_string('check_guestrole_error', 'report_security', format_string($guest_role->name)); @@ -731,16 +695,6 @@ return $result; } - // first test if do anything enabled - that would be really crazy! - $params = array('doanything'=>'moodle/site:doanything', 'capallow'=>CAP_ALLOW, 'roleid'=>$frontpage_role->id); - $sql = "SELECT COUNT(DISTINCT rc.contextid) - FROM {role_capabilities} rc - WHERE rc.capability = :doanything - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - - $anythingcount = $DB->count_records_sql($sql, $params); - // risky caps - usually very dangerous $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$frontpage_role->id); $sql = "SELECT COUNT(DISTINCT rc.contextid) @@ -753,19 +707,14 @@ $riskycount = $DB->count_records_sql($sql, $params); // there is no legacy role type for frontpage yet - anyway we can not allow teachers or admins there! - $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$frontpage_role->id, 'legacy'=>'moodle/legacy:%'); - $sql = "SELECT rc.capability, 1 - FROM {role_capabilities} rc - WHERE rc.capability LIKE :legacy - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - $legacycaps = $DB->get_records_sql($sql, $params); - $legacyok = (!isset($legacycaps['moodle/legacy:teacher']) - and !isset($legacycaps['moodle/legacy:editingteacher']) - and !isset($legacycaps['moodle/legacy:coursecreator']) - and !isset($legacycaps['moodle/legacy:admin'])); + if ($frontpage_role->archetype === 'teacher' or $frontpage_role->archetype === 'editingteacher' + or $frontpage_role->archetype === 'coursecreator' or $frontpage_role->archetype === 'manager') { + $legacyok = false; + } else { + $legacyok = true; + } - if ($anythingcount or $riskycount or !$legacyok) { + if ($riskycount or !$legacyok) { $result->status = REPORT_SECURITY_CRITICAL; $result->info = get_string('check_frontpagerole_error', 'report_security', format_string($frontpage_role->name)); @@ -811,25 +760,6 @@ return $result; } - // first test if do anything enabled - that would be really crazy! - $params = array('doanything'=>'moodle/site:doanything', 'capallow'=>CAP_ALLOW, 'roleid'=>$student_role->id); - $sql = "SELECT DISTINCT rc.contextid - FROM {role_capabilities} rc - WHERE rc.capability = :doanything - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - - if ($anything_contexts = $DB->get_records_sql($sql, $params)) { - foreach($anything_contexts as $contextid) { - if ($contextid == SYSCONTEXTID) { - $a = "$CFG->wwwroot/$CFG->admin/roles/define.php?action=view&roleid=$CFG->defaultcourseroleid"; - } else { - $a = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$contextid&roleid=$CFG->defaultcourseroleid"; - } - $problems[] = get_string('check_defaultcourserole_anything', 'report_security', $a); - } - } - // risky caps - usually very dangerous $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$student_role->id); $sql = "SELECT DISTINCT rc.contextid @@ -851,14 +781,7 @@ } // course creator or administrator does not make any sense here - $params = array('capallow'=>CAP_ALLOW, 'roleid'=>$student_role->id, 'legacy'=>'moodle/legacy:%'); - $sql = "SELECT rc.capability, 1 - FROM {role_capabilities} rc - WHERE rc.capability LIKE :legacy - AND rc.permission = :capallow - AND rc.roleid = :roleid"; - $legacycaps = $DB->get_records_sql($sql, $params); - if (isset($legacycaps['moodle/legacy:coursecreator']) or isset($legacycaps['moodle/legacy:admin'])) { + if ($student_role->archetype === 'coursecreator' or $student_role->archetype === 'manager') { $problems[] = get_string('check_defaultcourserole_legacy', 'report_security'); } @@ -922,43 +845,16 @@ $sql = "SELECT DISTINCT rc.roleid FROM {role_capabilities} rc - WHERE (rc.capability = :coursecreator OR rc.capability = :admin OR rc.capability = :teacher OR rc.capability = :editingteacher) - AND rc.permission = ".CAP_ALLOW.""; - $params = array('coursecreator' => 'moodle/legacy:coursecreator', - 'admin' => 'moodle/legacy:admin', - 'teacher' => 'moodle/legacy:teacher', - 'editingteacher' => 'moodle/legacy:editingteacher'); + JOIN {role} r ON r.id = rc.roleid + WHERE (r.archetype = :coursecreator OR r.archetype = :teacher OR r.archetype = :editingteacher OR r.archetype = :manager)"; + $params = array('coursecreator' => 'coursecreator', + 'teacher' => 'teacher', + 'editingteacher' => 'editingteacher', + 'manager' => 'manager'); $riskyroleids = $DB->get_records_sql($sql, $params); $riskyroleids = array_keys($riskyroleids); - - // first test if do anything enabled - that would be really crazy!!!!!! - list($inroles, $params) = $DB->get_in_or_equal($roleids, SQL_PARAMS_NAMED, 'r0', true); - $params = array_merge($params, array('doanything'=>'moodle/site:doanything', 'capallow'=>CAP_ALLOW)); - $params['doanything'] = 'moodle/site:doanything'; - $params['capallow'] = CAP_ALLOW; - $sql = "SELECT rc.roleid, rc.contextid - FROM {role_capabilities} rc - WHERE rc.capability = :doanything - AND rc.permission = :capallow - AND rc.roleid $inroles - GROUP BY rc.roleid, rc.contextid - ORDER BY rc.roleid, rc.contextid"; - - $rs = $DB->get_recordset_sql($sql, $params); - foreach($rs as $res) { - $roleid = $res->roleid; - $contextid = $res->contextid; - if ($contextid == SYSCONTEXTID) { - $a = "$CFG->wwwroot/$CFG->admin/roles/define.php?action=view&roleid=$roleid"; - } else { - $a = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$contextid&roleid=$roleid"; - } - $problems[] = get_string('check_courserole_anything', 'report_security', $a); - } - $rs->close(); - // any XSS legacy cap does not make any sense here! list($inroles, $params) = $DB->get_in_or_equal($roleids, SQL_PARAMS_NAMED, 'r0', true); $sql = "SELECT DISTINCT c.id, c.shortname @@ -1034,37 +930,13 @@ $result->status = null; $result->link = null; - $params = array('doanything'=>'moodle/site:doanything', 'syscontextid'=>SYSCONTEXTID, 'capallow'=>CAP_ALLOW); + $sql = "SELECT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email + FROM {user} u + WHERE u.id IN ($CFG->siteadmins)"; - $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email - FROM {role_capabilities} rc - JOIN {role_assignments} ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid) - JOIN {user} u ON u.id = ra.userid - WHERE rc.capability = :doanything - AND rc.permission = :capallow - AND u.deleted = 0 - AND rc.contextid = :syscontextid"; - - $admins = $DB->get_records_sql($sql, $params); + $admins = $DB->get_records_sql($sql); $admincount = count($admins); - $sqlunsup = "SELECT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid - FROM (SELECT rcx.* - FROM {role_capabilities} rcx - WHERE rcx.capability = :doanything AND rcx.permission = :capallow) rc, - {context} c, - {context} sc, - {role_assignments} ra, - {user} u - WHERE c.id = rc.contextid - AND (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").") - AND u.id = ra.userid AND u.deleted = 0 - AND ra.contextid = sc.id AND ra.roleid = rc.roleid AND ra.contextid <> :syscontextid - GROUP BY u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid - ORDER BY u.lastname, u.firstname"; - - $unsupcount = $DB->count_records_sql("SELECT COUNT('x') FROM ($sqlunsup) unsup", $params); - if ($detailed) { foreach ($admins as $uid=>$user) { $url = "$CFG->wwwroot/user/view.php?id=$user->id"; @@ -1073,32 +945,11 @@ $admins = '
        '.implode($admins).'
      '; } - if (!$unsupcount) { - $result->status = REPORT_SECURITY_OK; - $result->info = get_string('check_riskadmin_ok', 'report_security', $admincount); - - if ($detailed) { - $result->details = get_string('check_riskadmin_detailsok', 'report_security', $admins); - } - - } else { - $result->status = REPORT_SECURITY_WARNING; - $a = (object)array('admincount'=>$admincount, 'unsupcount'=>$unsupcount); - $result->info = get_string('check_riskadmin_warning', 'report_security', $a); + $result->status = REPORT_SECURITY_OK; + $result->info = get_string('check_riskadmin_ok', 'report_security', $admincount); - if ($detailed) { - $rs = $DB->get_recordset_sql($sqlunsup, $params); - $users = array(); - foreach ($rs as $user) { - $url = "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=$user->contextid&roleid=$user->roleid"; - $a = (object)array('fullname'=>fullname($user), 'url'=>$url, 'email'=>$user->email); - $users[] = '
    • '.get_string('check_riskadmin_unassign', 'report_security', $a).'
      • '; - } - $rs->close(); - $users = '
        '.implode($users).'
      '; - $a = (object)array('admins'=>$admins, 'unsupported'=>$users); - $result->details = get_string('check_riskadmin_detailswarning', 'report_security', $a); - } + if ($detailed) { + $result->details = get_string('check_riskadmin_detailsok', 'report_security', $admins); } return $result; Index: blocks/comments/block_comments.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/comments/block_comments.php,v retrieving revision 1.4 diff -u -r1.4 block_comments.php --- blocks/comments/block_comments.php 15 Mar 2010 08:39:51 -0000 1.4 +++ blocks/comments/block_comments.php 28 Mar 2010 21:41:07 -0000 @@ -38,9 +38,10 @@ } $this->content->footer = ''; $this->content->text = ''; + //TODO: guest and not-logged-in shoudl be able to read comments, right? if (isloggedin() && !isguestuser()) { // Show the block $cmt = new stdclass; - $cmt->context = $this->instance->context; + $cmt->context = $this->context; $cmt->area = 'block_comments'; $cmt->itemid = $this->instance->id; $cmt->course = $this->page->course; Index: repository/youtube/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/youtube/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/youtube/db/access.php 4 Nov 2009 19:24:12 -0000 1.2 +++ repository/youtube/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: mod/wiki/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/wiki/db/access.php,v retrieving revision 1.11 diff -u -r1.11 access.php --- mod/wiki/db/access.php 4 Nov 2009 19:53:03 -0000 1.11 +++ mod/wiki/db/access.php 28 Mar 2010 21:42:24 -0000 @@ -16,7 +16,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -29,7 +29,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -42,7 +42,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: repository/local/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/local/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/local/db/access.php 4 Nov 2009 19:24:16 -0000 1.2 +++ repository/local/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: enrol/authorize/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/enrol/authorize/db/access.php,v retrieving revision 2.4 diff -u -r2.4 access.php --- enrol/authorize/db/access.php 4 Nov 2009 19:24:14 -0000 2.4 +++ enrol/authorize/db/access.php 28 Mar 2010 21:41:17 -0000 @@ -7,7 +7,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -16,7 +16,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_SYSTEM, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: blocks/mnet_hosts/block_mnet_hosts.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/mnet_hosts/block_mnet_hosts.php,v retrieving revision 1.20 diff -u -r1.20 block_mnet_hosts.php --- blocks/mnet_hosts/block_mnet_hosts.php 1 Feb 2010 03:37:38 -0000 1.20 +++ blocks/mnet_hosts/block_mnet_hosts.php 28 Mar 2010 21:41:07 -0000 @@ -21,7 +21,7 @@ function get_content() { global $CFG, $USER, $DB, $OUTPUT; - // only for logged in users! + // shortcut - only for logged in users! if (!isloggedin() || isguestuser()) { return false; } Index: blocks/rss_client/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/rss_client/db/access.php,v retrieving revision 1.11 diff -u -r1.11 access.php --- blocks/rss_client/db/access.php 4 Nov 2009 19:24:13 -0000 1.11 +++ blocks/rss_client/db/access.php 28 Mar 2010 21:41:08 -0000 @@ -37,7 +37,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -48,7 +48,7 @@ 'captype' => 'write', 'contextlevel' => CONTEXT_BLOCK, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: blocks/news_items/block_news_items.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/news_items/block_news_items.php,v retrieving revision 1.29 diff -u -r1.29 block_news_items.php --- blocks/news_items/block_news_items.php 1 Nov 2009 12:00:47 -0000 1.29 +++ blocks/news_items/block_news_items.php 28 Mar 2010 21:41:07 -0000 @@ -102,7 +102,7 @@ } else { $tooltiptext = get_string('rsssubscriberssposts','forum',format_string($forum->name)); } - if (empty($USER->id)) { + if (!isloggedin()) { $userid = 0; } else { $userid = $USER->id; Index: mod/lesson/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/lesson/db/access.php,v retrieving revision 1.11 diff -u -r1.11 access.php --- mod/lesson/db/access.php 16 Dec 2009 22:22:38 -0000 1.11 +++ mod/lesson/db/access.php 28 Mar 2010 21:42:23 -0000 @@ -35,7 +35,7 @@ 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -46,7 +46,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: repository/filesystem/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/filesystem/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/filesystem/db/access.php 4 Nov 2009 19:24:16 -0000 1.2 +++ repository/filesystem/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: repository/url/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/url/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/url/db/access.php 4 Nov 2009 19:24:15 -0000 1.2 +++ repository/url/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: grade/export/xls/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/grade/export/xls/db/access.php,v retrieving revision 1.6 diff -u -r1.6 access.php --- grade/export/xls/db/access.php 4 Nov 2009 19:24:14 -0000 1.6 +++ grade/export/xls/db/access.php 28 Mar 2010 21:41:18 -0000 @@ -24,7 +24,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ), @@ -33,7 +33,7 @@ 'captype' => 'read', 'contextlevel' => CONTEXT_COURSE, 'legacy' => array( - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) Index: mod/chat/gui_header_js/insert.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/chat/gui_header_js/insert.php,v retrieving revision 1.25 diff -u -r1.25 insert.php --- mod/chat/gui_header_js/insert.php 15 Feb 2010 19:23:17 -0000 1.25 +++ mod/chat/gui_header_js/insert.php 28 Mar 2010 21:42:05 -0000 @@ -24,9 +24,9 @@ print_error('invalidcoursemodule'); } -require_login($course->id, false, $cm); +require_login($course, false, $cm); -if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { +if (isguestuser()) { print_error('noguests'); } Index: repository/picasa/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/picasa/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/picasa/db/access.php 4 Nov 2009 19:24:15 -0000 1.2 +++ repository/picasa/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: enrol/authorize/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/enrol/authorize/index.php,v retrieving revision 2.13 diff -u -r2.13 index.php --- enrol/authorize/index.php 28 Jan 2010 14:05:28 -0000 2.13 +++ enrol/authorize/index.php 28 Mar 2010 21:41:17 -0000 @@ -31,7 +31,7 @@ /// Only SITE users can access to this page require_login(); // Don't use $courseid! User may want to see old orders. - if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), $USER->id, false)) { + if (isguestuser()) { print_error('noguest'); } Index: repository/s3/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/s3/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/s3/db/access.php 4 Nov 2009 19:24:14 -0000 1.2 +++ repository/s3/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: repository/flickr/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/flickr/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/flickr/db/access.php 4 Nov 2009 19:24:16 -0000 1.2 +++ repository/flickr/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: blocks/course_list/block_course_list.php =================================================================== RCS file: /cvsroot/moodle/moodle/blocks/course_list/block_course_list.php,v retrieving revision 1.61 diff -u -r1.61 block_course_list.php --- blocks/course_list/block_course_list.php 16 Dec 2009 21:50:53 -0000 1.61 +++ blocks/course_list/block_course_list.php 28 Mar 2010 21:41:07 -0000 @@ -34,10 +34,8 @@ } } - if (empty($CFG->disablemycourses) and - !empty($USER->id) and - !(has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM)) and $adminseesall) and - !isguestuser()) { // Just print My Courses + if (empty($CFG->disablemycourses) and isloggedin() and !isguestuser() and + !(has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM)) and $adminseesall)) { // Just print My Courses if ($courses = get_my_courses($USER->id, 'visible DESC, fullname ASC')) { foreach ($courses as $course) { if ($course->id == SITEID) { @@ -118,7 +116,7 @@ $icon = ''.get_string('course').''; - // only for logged in users! + // shortcut - the rest is only for logged in users! if (!isloggedin() || isguestuser()) { return false; } Index: course/report/progress/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/report/progress/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- course/report/progress/db/access.php 4 Nov 2009 19:24:14 -0000 1.3 +++ course/report/progress/db/access.php 28 Mar 2010 21:41:17 -0000 @@ -32,7 +32,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', Index: enrol/manual/enrol.php =================================================================== RCS file: /cvsroot/moodle/moodle/enrol/manual/enrol.php,v retrieving revision 1.55 diff -u -r1.55 enrol.php --- enrol/manual/enrol.php 13 Jan 2010 22:16:01 -0000 1.55 +++ enrol/manual/enrol.php 28 Mar 2010 21:41:18 -0000 @@ -62,7 +62,7 @@ if ($course->password == '') { // no password, so enrol - if (has_capability('moodle/legacy:guest', $context, $USER->id, false)) { + if (isguestuser()) { add_to_log($course->id, 'course', 'guest', 'view.php?id='.$course->id, getremoteaddr()); } else if (empty($_GET['confirm']) && empty($_GET['cancel'])) { @@ -404,19 +404,16 @@ * A bit clunky because I didn't want to change the standard strings */ function print_enrolmentkeyfrom($course) { - global $CFG; - global $USER; + global $CFG, $USER; $context = get_context_instance(CONTEXT_SYSTEM); - $guest = has_capability('moodle/legacy:guest', $context, $USER->id, false); // if a keyholder role is defined we list teachers in that role (if any exist) $contactslisted = false; - $canseehidden = has_capability('moodle/role:viewhiddenassigns', $context); if (!empty($CFG->enrol_manual_keyholderrole)) { - if ($contacts = get_role_users($CFG->enrol_manual_keyholderrole, get_context_instance(CONTEXT_COURSE, $course->id),true,'','u.lastname ASC',$canseehidden )) { + if ($contacts = get_role_users($CFG->enrol_manual_keyholderrole, get_context_instance(CONTEXT_COURSE, $course->id),true,'','u.lastname ASC')) { // guest user has a slightly different message - if ($guest) { + if (isguestuser()) { print_string('enrolmentkeyfromguest', '', ':
      ' ); } else { @@ -444,7 +441,7 @@ } // guest user has a slightly different message - if ($guest) { + if (isguestuser()) { print_string('enrolmentkeyfromguest', '', $teachername ); } else { Index: repository/googledocs/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/repository/googledocs/db/access.php,v retrieving revision 1.2 diff -u -r1.2 access.php --- repository/googledocs/db/access.php 4 Nov 2009 19:24:15 -0000 1.2 +++ repository/googledocs/db/access.php 28 Mar 2010 21:42:25 -0000 @@ -9,7 +9,7 @@ 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ) ) ); Index: mod/workshop/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/workshop/lib.php,v retrieving revision 1.142 diff -u -r1.142 lib.php --- mod/workshop/lib.php 22 Mar 2010 03:04:01 -0000 1.142 +++ mod/workshop/lib.php 28 Mar 2010 21:42:24 -0000 @@ -679,7 +679,7 @@ function workshop_extend_navigation(navigation_node $navref, stdclass $course, stdclass $module, stdclass $cm) { global $CFG; - if (has_capability('mod/workshop:submit', $cm->context)) { + if (has_capability('mod/workshop:submit', get_context_instance(CONTEXT_MODULE, $cm->id))) { $url = new moodle_url('/mod/workshop/submission.php', array('cmid' => $cm->id)); $mysubmissionkey = $navref->add(get_string('mysubmission', 'workshop'), $url); $navref->get($mysubmissionkey)->mainnavonly = true; Index: course/report/participation/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/report/participation/index.php,v retrieving revision 1.50 diff -u -r1.50 index.php --- course/report/participation/index.php 3 Feb 2010 16:53:41 -0000 1.50 +++ course/report/participation/index.php 28 Mar 2010 21:41:17 -0000 @@ -101,6 +101,7 @@ } $roleoptions = array(); + // TODO: we need a new list of roles that are visible here if ($roles = get_roles_used_in_context($context)) { foreach ($roles as $r) { $roleoptions[$r->id] = $r->name; Index: user/selector/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/selector/lib.php,v retrieving revision 1.30 diff -u -r1.30 lib.php --- user/selector/lib.php 23 Mar 2010 07:38:32 -0000 1.30 +++ user/selector/lib.php 28 Mar 2010 21:42:30 -0000 @@ -429,15 +429,17 @@ foreach ($this->extrafields as $field) { $conditions[] = $u . $field; } - $ilike = ' ' . $DB->sql_ilike() . ' ?'; + $ilike = ' ' . $DB->sql_ilike(); if ($this->searchanywhere) { $searchparam = '%' . $search . '%'; } else { $searchparam = $search . '%'; } + $i = 0; foreach ($conditions as &$condition) { - $condition .= $ilike; - $params[] = $searchparam; + $condition .= "$ilike :con{$i}00"; + $params["con{$i}00"] = $searchparam; + $i++; } $tests[] = '(' . implode(' OR ', $conditions) . ')'; } @@ -449,14 +451,14 @@ // If we are being asked to exclude any users, do that. if (!empty($this->exclude)) { - list($usertest, $userparams) = $DB->get_in_or_equal($this->exclude, SQL_PARAMS_QM, '', false); + list($usertest, $userparams) = $DB->get_in_or_equal($this->exclude, SQL_PARAMS_NAMED, 'ex000', false); $tests[] = $u . 'id ' . $usertest; $params = array_merge($params, $userparams); } // If we are validating a set list of userids, add an id IN (...) test. if (!empty($this->validatinguserids)) { - list($usertest, $userparams) = $DB->get_in_or_equal($this->validatinguserids); + list($usertest, $userparams) = $DB->get_in_or_equal($this->validatinguserids, SQL_PARAMS_NAMED, 'val000'); $tests[] = $u . 'id ' . $usertest; $params = array_merge($params, $userparams); } @@ -793,17 +795,21 @@ if (!$validroleids = groups_get_possible_roles($context)) { return array(); } - list($roleids, $roleparams) = $DB->get_in_or_equal($validroleids); + list($roleids, $roleparams) = $DB->get_in_or_equal($validroleids, SQL_PARAMS_NAMED, 'r00'); // Get the search condition. list($searchcondition, $searchparams) = $this->search_sql($search, 'u'); // Build the SQL - $fields = "SELECT r.id AS roleid, r.shortname AS roleshortname, r.name AS rolename, u.id AS userid, " . - $this->required_fields_sql('u') . - ', (SELECT count(igm.groupid) FROM {groups_members} igm JOIN {groups} ig ON - igm.groupid = ig.id WHERE igm.userid = u.id AND ig.courseid = ?) AS numgroups '; + list($enrolsql, $enrolparams) = get_enrolled_sql($context); + $fields = "SELECT r.id AS roleid, r.shortname AS roleshortname, r.name AS rolename, u.id AS userid, + " . $this->required_fields_sql('u') . ", + (SELECT count(igm.groupid) + FROM {groups_members} igm + JOIN {groups} ig ON igm.groupid = ig.id + WHERE igm.userid = u.id AND ig.courseid = :courseid) AS numgroups"; $sql = " FROM {user} u + JOIN ($enrolsql) e ON e.id = u.id JOIN {role_assignments} ra ON ra.userid = u.id JOIN {role} r ON r.id = ra.roleid WHERE ra.contextid " . get_related_contexts_string($context) . " @@ -811,21 +817,21 @@ AND ra.roleid $roleids AND u.id NOT IN (SELECT userid FROM {groups_members} - WHERE groupid = ?) + WHERE groupid = :groupid) AND $searchcondition"; - $orderby = " ORDER BY u.lastname, u.firstname"; + $orderby = "ORDER BY u.lastname, u.firstname"; - $params = array_merge($roleparams, array($this->groupid), $searchparams); + $params = array_merge($searchparams, $roleparams, array('groupid'=>$this->groupid), $searchparams); + $params['courseid'] = $this->courseid; if (!$this->is_validating()) { - $potentialmemberscount = $DB->count_records_sql('SELECT count(DISTINCT u.id) ' . $sql, $params); + $potentialmemberscount = $DB->count_records_sql("SELECT COUNT(DISTINCT u.id) $sql", $params); if ($potentialmemberscount > group_non_members_selector::MAX_USERS_PER_PAGE) { return $this->too_many_results($search, $potentialmemberscount); } } - array_unshift($params, $this->courseid); - $rs = $DB->get_recordset_sql($fields . $sql . $orderby, $params); + $rs = $DB->get_recordset_sql("$fields $sql $orderby", $params); $roles = groups_calculate_role_people($rs, $context); //don't hold onto user IDs if we're doing validation Index: course/report/stats/db/access.php =================================================================== RCS file: /cvsroot/moodle/moodle/course/report/stats/db/access.php,v retrieving revision 1.3 diff -u -r1.3 access.php --- course/report/stats/db/access.php 4 Nov 2009 19:24:16 -0000 1.3 +++ course/report/stats/db/access.php 28 Mar 2010 21:41:17 -0000 @@ -32,7 +32,7 @@ 'legacy' => array( 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, - 'admin' => CAP_ALLOW + 'manager' => CAP_ALLOW ), 'clonepermissionsfrom' => 'moodle/site:viewreports', Index: mod/feedback/lib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/lib.php,v retrieving revision 1.63 diff -u -r1.63 lib.php --- mod/feedback/lib.php 28 Mar 2010 15:29:49 -0000 1.63 +++ mod/feedback/lib.php 28 Mar 2010 21:42:11 -0000 @@ -639,8 +639,6 @@ $cb->createpublictemplate = has_capability('mod/feedback:createpublictemplate', $context, NULL, false); $cb->deletetemplate = has_capability('mod/feedback:deletetemplate', $context, NULL, false); - $cb->siteadmin = has_capability('moodle/site:doanything', $context); - $cb->viewhiddenactivities = has_capability('moodle/course:viewhiddenactivities', $context, NULL, false); return $cb; @@ -675,8 +673,6 @@ $ccb->createpublictemplate = has_capability('mod/feedback:createpublictemplate', $context, NULL, false); $ccb->deletetemplate = has_capability('mod/feedback:deletetemplate', $context, NULL, false); - $ccb->siteadmin = has_capability('moodle/site:doanything', $context); - $ccb->viewhiddenactivities = has_capability('moodle/course:viewhiddenactivities', $context, NULL, false); return $ccb; Index: my/index.php =================================================================== RCS file: /cvsroot/moodle/moodle/my/index.php,v retrieving revision 1.45 diff -u -r1.45 index.php --- my/index.php 16 Jan 2010 15:40:18 -0000 1.45 +++ my/index.php 28 Mar 2010 21:42:24 -0000 @@ -9,7 +9,7 @@ $strmymoodle = get_string('mymoodle','my'); - if (has_capability('moodle/legacy:guest', get_context_instance(CONTEXT_SYSTEM), 0, false)) { + if (isguestuser()) { $PAGE->set_title($strmymoodle); echo $OUTPUT->header(); echo $OUTPUT->confirm(get_string('noguest', 'my') . '

      ' . get_string('liketologin'), get_login_url(), $CFG->wwwroot); Index: admin/roles/admins.php =================================================================== RCS file: admin/roles/admins.php diff -N admin/roles/admins.php --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ admin/roles/admins.php 1 Jan 1970 00:00:00 -0000 @@ -0,0 +1,137 @@ +. + +/** + * Lets you site administrators + * + * @package moodlecore + * @subpackage role + * @copyright 2010 Petr Skoda (skodak) http://skodak.org + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +require_once(dirname(__FILE__) . '/../../config.php'); +require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php'); + +$confirmadd = optional_param('confirmadd', 0, PARAM_INT); +$confirmdel = optional_param('confirmdel', 0, PARAM_INT); + +$PAGE->set_url('/admin/roles/admins.php'); + +admin_externalpage_setup('admins'); +if (!is_siteadmin()) { + die; +} + +$admisselector = new admins_existing_selector(); +$admisselector->set_extra_fields(array('username', 'email')); + +$potentialadmisselector = new admins_potential_selector(); +$potentialadmisselector->set_extra_fields(array('username', 'email')); + +if (optional_param('add', false, PARAM_BOOL) and confirm_sesskey()) { + if ($userstoadd = $potentialadmisselector->get_selected_users()) { + $user = reset($userstoadd); + $username = fullname($user) . " ($user->username, $user->email)"; + echo $OUTPUT->header(); + echo $OUTPUT->confirm(get_string('confirmaddadmin', 'role', $username), new moodle_url('/admin/roles/admins.php', array('confirmadd'=>$user->id, 'sesskey'=>sesskey())), $PAGE->url); + echo $OUTPUT->footer(); + die; + } + +} else if (optional_param('remove', false, PARAM_BOOL) and confirm_sesskey()) { + if ($userstoremove = $admisselector->get_selected_users()) { + $user = reset($userstoremove); + if ($USER->id == $user->id) { + //can not remove self + } else { + $username = fullname($user) . " ($user->username, $user->email)"; + echo $OUTPUT->header(); + echo $OUTPUT->confirm(get_string('confirmdeladmin', 'role', $username), new moodle_url('/admin/roles/admins.php', array('confirmdel'=>$user->id, 'sesskey'=>sesskey())), $PAGE->url); + echo $OUTPUT->footer(); + die; + } + } + +} else if ($confirmadd and confirm_sesskey()) { + $admins = array(); + foreach(explode(',', $CFG->siteadmins) as $admin) { + $admin = (int)$admin; + if ($admin) { + $admins[$admin] = $admin; + } + } + $admins[$confirmadd] = $confirmadd; + set_config('siteadmins', implode(',', $admins)); + redirect($PAGE->url); + +} else if ($confirmdel and confirm_sesskey() and $confirmdel != $USER->id) { + $admins = array(); + foreach(explode(',', $CFG->siteadmins) as $admin) { + $admin = (int)$admin; + if ($admin) { + $admins[$admin] = $admin; + } + } + unset($admins[$confirmdel]); + set_config('siteadmins', implode(',', $admins)); + redirect($PAGE->url); +} + +/// Print header +echo $OUTPUT->header(); +?> + +
      +

      + +
      +
      + + + + + + + + +
      +

      + +

      + display(); ?> +       		+

      +
      + +

      +       		+

      + +

      + display(); ?> +
      +
      +
      +
      + +requires->js_function_call('init_add_remove_admis_page'); + +echo $OUTPUT->footer();