From 52ee8febc6943ef70c6db1b1f8dfac154fbbf9dc Mon Sep 17 00:00:00 2001
From: Matt Clarkson <mattc@catalyst.net.nz>
Date: Wed, 8 Aug 2012 12:25:50 +1200
Subject: [PATCH] lib/accesslib: get_enrolled_sql, support for multiple
 capabilities

---
 lib/accesslib.php | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/lib/accesslib.php b/lib/accesslib.php
index 4a70cf8..9ea479a 100644
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -2135,7 +2135,7 @@ function can_access_course(stdClass $course, $user = null, $withcapability = '',
  * @category  access
  *
  * @param context $context
- * @param string $withcapability
+ * @param mixed $withcapability, can optinally be a array of capabilities
  * @param int $groupid 0 means ignore groups, any other value limits the result by group id
  * @param bool $onlyactive consider only active enrolments in enabled plugins and time restrictions
  * @return array list($sql, $params)
@@ -2162,16 +2162,22 @@ function get_enrolled_sql(context $context, $withcapability = '', $groupid = 0,
     // get all relevant capability info for all roles
     if ($withcapability) {
         list($incontexts, $cparams) = $DB->get_in_or_equal($contextids, SQL_PARAMS_NAMED, 'ctx');
-        $cparams['cap'] = $withcapability;
+
+        $withcapability = (array)$withcapability;
+
+        list($incaps, $capparams) = $DB->get_in_or_equal($withcapability, SQL_PARAMS_NAMED, 'rc');
+
+        $cparams += $capparams;
 
         $defs = array();
-        $sql = "SELECT rc.id, rc.roleid, rc.permission, ctx.path
+        $sql = "SELECT rc.id, rc.capability, rc.roleid, rc.permission, ctx.path
                   FROM {role_capabilities} rc
                   JOIN {context} ctx on rc.contextid = ctx.id
-                 WHERE rc.contextid $incontexts AND rc.capability = :cap";
+                 WHERE rc.contextid $incontexts AND rc.capability $incaps";
+
         $rcs = $DB->get_records_sql($sql, $cparams);
         foreach ($rcs as $rc) {
-            $defs[$rc->path][$rc->roleid] = $rc->permission;
+            $defs[$rc->path][$rc->roleid][$rc->capability] = $rc->permission;
         }
 
         $access = array();
@@ -2180,13 +2186,13 @@ function get_enrolled_sql(context $context, $withcapability = '', $groupid = 0,
                 if (empty($defs[$path])) {
                     continue;
                 }
-                foreach($defs[$path] as $roleid => $perm) {
-                    if ($perm == CAP_PROHIBIT) {
-                        $access[$roleid] = CAP_PROHIBIT;
-                        continue;
-                    }
-                    if (!isset($access[$roleid])) {
-                        $access[$roleid] = (int)$perm;
+                foreach($defs[$path] as $roleid => $caps) {
+                    foreach($caps as $cap => $perm) {
+                        if ($perm == CAP_PROHIBIT) {
+                            $access[$roleid] = CAP_PROHIBIT;
+                        } else if (!isset($access[$roleid]) && $perm == CAP_ALLOW) {
+                            $access[$roleid] = (int)$perm;
+                        }
                     }
                 }
             }
-- 
1.7.11.3