Commit Graph

479 Commits

Author SHA1 Message Date
moodler 6c089f4a28 MDL-11323
Cleaned up the display of role aliases by extending get_assignable_roles
and get_overrideable_roles to use role_fix_names better.

The lists of assignable and overrideable are now correctly derived from the
actual context (eg activity or module) while the aliases are derived from course
that is the parent.

Some other cleanups along the way.
2008-04-18 06:18:25 +00:00
moodler fe01ad8ec0 MDL-11142 Roles upgrade was losing timestart and timeend for teachers and students (Merged from 1.7) 2008-04-18 03:31:54 +00:00
moodler b6f293036f MDL-13810 Fixed check for join 2008-03-19 07:48:45 +00:00
moodler d8f4ee51a5 MDL-13810 Fixed check for ul.timeaccess 2008-03-06 02:11:53 +00:00
moodler 15e6b71bc0 MDL-13754 Avoid joining to lastaccess unless we really wanted it
Plus some other cosmetic tidying and comments
2008-03-03 06:19:31 +00:00
moodler fd21a93e5f MDL-13676 Fixed some mistakes 2008-02-29 08:55:42 +00:00
moodler f45aff70d9 MDL-13676 Changed a field so that Oracle can cope with a COALESCE statement. :-(
I hate doing this at this late stage, but without it Oracle fails.

           On the way I also fixed the profile page so it displays role aliases if they exist
2008-02-29 08:40:39 +00:00
tjhunt 0a22085fdb MDL-13723 - Unbalanced brackets in get_users_by_capability in the groups bit. 2008-02-28 22:39:15 +00:00
skodak 20d03127ad MDL-13560 simplify deating with role name course aliases 2008-02-21 09:16:34 +00:00
skodak 490c14fe8a MDL-13459 fixed hardcoded mdl_ prefix 2008-02-16 11:35:54 +00:00
nicolasconnault ee6689b003 MDL-13459 Didn't use the patch, which puts its finger in too many pies. Instead just implemented a quick-fix, a temporary get_assignable_for_switchrole() function. It only affects the switchroles menu 2008-02-15 16:35:19 +00:00
nicolasconnault 29252268ca MDL-13459 Didn't use the patch, which puts its finger in too many pies. Instead just implemented a quick-fix, a temporary get_assignable_for_switchrole() function. It only affects the switchroles menu 2008-02-15 16:35:19 +00:00
skodak 5623276da8 MDL-13450 and MDL-13303 - sorry for changing forum API so late, but it was needed; major perf improvement for forum; fixed printing of user pictures 2008-02-13 17:01:41 +00:00
poltawski c472c4bb50 MDL-13314 count_role_users was showing different count to those returned from
get_role_users(), based on patch from Patrick Pollett
2008-02-05 17:18:10 +00:00
skodak f6ea800797 MDL-12938, MDL-12937 - unenrol fixes - can not unenrol if can not unassign all users roles in course, do not show self unenrol if enrolment comes from parent context, fixed rturn value from get_user_roles; based on patch by Eric Merrill 2008-02-05 12:58:59 +00:00
skodak 907a481674 MDL-13334 get_role_access() static cache in cron only 2008-02-05 10:39:59 +00:00
skodak a3b9814156 MDL-13317 use cached system context in get_user_access_sitewide and when rebuilding paths 2008-02-03 16:21:35 +00:00
martinlanghoff b227269e56 accesslib: Fix get_context_users_bycap() when no roles grant the cap
When no roles mention the capability, get_context_users_bycap() breaks
badly. This trivial patch does a sanity check before jumping into the
SQL shark-pool...

MDL-13160
2008-01-25 00:54:35 +00:00
skodak 91cb9645d4 tweak has_capability() debug mode to add only one query per page for cap name verification 2008-01-16 17:23:07 +00:00
mjollnir_ 33c34c5705 MDL-13000 Adding support for developers to add their own capabilities to local/db/access.php
This relies on a local/ language pack as well for the capability names.
Notes on implementation are in lib/locallib.php
2008-01-15 04:20:02 +00:00
tjhunt 0229dc83ea Put back DEBUG_DEVELOPER sanity check in has_capability, that makes sure the capabiltiy you are asking about actually exists. I know it takes an extra DB query, but it is DEBUG_DEVELOPER only, and it is worth its weight in gold, because otherwise you get really subtle bugs that take forever to diagnose. I know, I have just been banging my head against the wall for an hour. 2008-01-08 15:04:04 +00:00
martinlanghoff 9dc8c1b014 MDL-12452 accesslib: get_users_by_capability() now excludes doanything'ers properly
With some subselect-outer-join poison-pill magic, when the we don't
want doanything users, we remove the roles that would grant such
dubious status.

Just a flick of the SQL muscle, actually.
2008-01-06 23:20:00 +00:00
martinlanghoff 264d665380 MDL-12523 accesslib: get_users_by_capability() fix subselect with ra.hidden
MDL-12452
2008-01-06 23:19:04 +00:00
martinlanghoff 4ebe85b6a5 MDL-12523 accesslib: Introducing sort_by_roleassignment_authority()
This will help us bridge the gap from olden-style order-by
user_teachers.id. From the phpdoc...

 Will re-sort a $users results array (from get_users_by_capability(), usually)
 based on a sorting policy. This is to support the odd practice of
 sorting teachers by 'authority', where authority was "lowest id of the role
 assignment".

 Will execute 1 database query. Only suitable for small numbers of users, as it
 uses an u.id IN() clause.

 Notes about the sorting criteria.

 As a default, we cannot rely on role.sortorder because then
 admins/coursecreators will always win. That is why the sane
 rule "is locality matters most", with sortorder as 2nd
 consideration.

 If you want role.sortorder, use the 'sortorder' policy, and
 name explicitly what roles you want to cover. It's probably
 a good idea to see what roles have the capabilities you want
 (array_diff() them against roiles that have 'can-do-anything'
 to weed out admin-ish roles. Or fetch a list of roles from
 variables like $CFG->coursemanagers .

MDL-12452
2008-01-06 23:18:37 +00:00
martinlanghoff b5ea0a4a52 MDL-12523 accesslib: get_user_by_capability() - Fix pagination
Ooops! Off-by-one error

MDL-12452
2008-01-06 23:17:53 +00:00
martinlanghoff 22edc02cf9 MDL-12523 accesslib: get_user_by_capability() - Fix last_access handling
We were missing $courseid, which is actually $context->instanceid.

MDL-12452
2008-01-06 23:17:24 +00:00
martinlanghoff 3f1e6d3c73 MDL-12523 accesslib: get_user_by_capability() - Move capcheck to has_capability_from_rarc()
This fixes the handling of default roles as "tie breakers" for lower
RAs in conflict, and simplifies the code a lot.

The main loop in get_user_by_capability() runs a simpler state machine
that just collects role assignments (roleid and depth), and handles
pagination.

The complex part of the state machine has moved to
has_capability_from_rarc() which will walk the data structures
collected by get_user_by_capability() for each user.

Having all the complex state handling of $hascap there makes things a
lot easier for pagination and general sanity of
get_user_by_capability().

MDL-12452
2008-01-06 23:17:11 +00:00
martinlanghoff 53d3f7fd89 MDL-12523 accesslib: get_user_by_capability() - Move hidden RA checks to subselect
we don't deal with RAs in the main SELECT -- we deal with _capabilities_
which is an entirely different matter ;-) -- so push the ra.hidden check
into the subselect.

Also, remove ra.hidden from the default list of fields. Hopefully no
callers are using ra.hidden -- if they are, they should be calling
something else, as this function deals with capabilities. So we might
need an audit of callers, to check that noone is expecting ra.hidden
to be there.

MDL-12452
2008-01-06 23:16:54 +00:00
martinlanghoff ba702c6731 MDL-12523 accesslib: get_user_by_capability() - Handle the complex case
With this commit, we can handle the complex cases with

 - correct pagination, but not very efficient over large datasets

 - mostly-correct application of the override rules

The structure of the code is fairly complex in that we want to do
it without holding all the recs in memory, so we use a small state
machine. We have to handle the complex override rules over 1 or 2
permissions (when $doanything is set) so it all ends up quite complex.

There is one known issue with this code, in cases where the default
role ends up as the decider between 2 conflicting RAs, we fail to
apply it. This will need a bit of reorg of how the loop works.

MDL-12452
2008-01-06 23:16:33 +00:00
martinlanghoff b8dc2b75a4 MDL-12523 accesslib: get_user_by_capability() - Simple cases now handle multiple RAs
The "simple" case SQL did not handle multiple enrolments for the same
user correctly -- it would generate multiple rows for those users,
incorrectly.

With this patch we move the join to RA to a subselect where DISTINCT
takes care of things.

MDL-12452
2008-01-06 23:16:20 +00:00
martinlanghoff 6d5d43bab3 MDL-12523 accesslib: get_user_by_capability() - Handle complex rolecap resolution
With this patch, get_user_by_capability() can handle the cases where
users have multiple role assignments to the same course, and PREVENTs
and PROHIBITs affect the rolecaps of this course.

Without stored procedures we cannot resolve this entirely on the
server side - so in the complex cases we do as much as we can on SQL,
and post-process the data on the PHP side, including SQL-style
pagination.

MDL-12452
2008-01-06 23:16:07 +00:00
martinlanghoff 285b024ebf MDL-12523 accesslib: get_user_by_capability() - First, handle simple cases
This patch reorganises the conditions and field handling so
we can spot if this is a call we can resolve in a single SQL
query that we just pass back the results.

If there are any PREVENTs or PROHIBITs, we need to delve into
more involved stuff...

MDL-12452
2008-01-06 23:15:33 +00:00
martinlanghoff 26de0996d9 MDL-12523 accesslib: revert changes to get_users_by_capability() - MDL-12452 MDL-12451
The changes made by Yu and Tim are superceded by the patches that
follow -- and would not apply cleanly without this revert.
2008-01-06 23:14:25 +00:00
skodak 9ddbe2cfb8 MDL-12720 removing confusing/not implemented CONTEXT_PERSONAL 2007-12-23 19:47:59 +00:00
mjollnir_ 363d415464 fixing lying phpdoc comments in role_cap_duplicate function that I moved to accesslib yesterday 2007-12-19 23:32:15 +00:00
mjollnir_ 4f5ffe5a7e moving two functions from admin/roles/manage.php (switch_roles and role_cap_duplicate) to accesslib & added phpdoc. Fixes MDL-12621 2007-12-18 20:50:39 +00:00
toyomoyo 82b7f28a61 MDL-12544, hide hidden roles in profile when user has no capability 2007-12-12 07:12:38 +00:00
tjhunt eabc30d78b Take out debugging output in role_assign. It only tells you that something has worked, and everywhere else we use debugging output to warn people they have called an API wrongly. Therefore, this is just confusing now that we trust this bit of roles code. 2007-12-11 10:37:56 +00:00
martinlanghoff 25977a0eaf MDL-12523 accesslib:cleanup_contexts() - Fix invalid SQL syntax and reserved keywords
cleanup_contexts() was not working on Oracle - mostly due to 2 SQL
syntax problems. So probably marginally working elsewhere.

 - We should not use AS when naming table/subselect aliases - only
   when referring to column aliases in the resultset

 - level is a reserved word - oops! - so back to contextlevel
2007-12-10 21:34:05 +00:00
toyomoyo a08b933a00 MDL-12451, in get_users_by_capability(), defaultroleid bit fixes 2007-12-06 03:55:19 +00:00
tjhunt ccc64d9cf0 MDL-12452 - not a fix I fear, just clarifying the comments about how this method is broken. 2007-12-05 17:25:18 +00:00
toyomoyo c635d2acc8 MDL-12437, sorting by names adds teacher to gradebook list 2007-12-05 01:12:02 +00:00
martinlanghoff eaad116912 accesslib: build_context_path() remove $temptable for Oracle too
The removal of $temptable was incomplete - and so build_context_path()
was broken on Oracle. MDL-11347
2007-12-04 06:23:06 +00:00
toyomoyo 76cf7cce29 MDL-12366, removing useless print_capabilities function 2007-11-28 01:19:38 +00:00
toyomoyo 81e19d3595 MDL-12309, gradebook can not sort by names while in group mode 2007-11-22 05:15:47 +00:00
martinlanghoff 27bb711fe9 accesslib: has_capability_in_accessdata() respects rdef locality a bit more
With this patch, we respect rdef locality when two roles
assignments in the same context have conflicting rdefs.
In that case, the most local rdef wins.

So RA locality still matters most. If you are a teacher
sitewide and a student in course X, student role trumps
teacher.

For a use case, see the discussion here
http://moodle.org/mod/forum/discuss.php?d=84472

Notes:

- If we wanted to have locality of RDEF trump everything
  we can. A comment in this patch shows how.

- I don't know how to reproduce this in pure SQL.

And Also:

This patch also fixes a bug where if CAP_PROHIBIT was set
_and_ another role added to it in the same context, we would
add or substract 1 to CAP_PROHIBIT, and it would lose its magic.

And while at it, tighten the code to avoid casts. All the
ints are unambiguously ints.
2007-11-20 00:19:07 +00:00
scyrma d9b9b40a71 Fix to a bug preventing rss feeds from loading correctly. 2007-11-16 03:32:26 +00:00
toyomoyo edc62676a2 MDL-12180, blocks capabilities not appearing when overriding block roles 2007-11-15 07:44:52 +00:00
martinlanghoff 8f5c5184aa MDL-9399 accesslib: Move check_enrolment_plugins() to complete_user_login()
... where it belongs ;-)

load_all_capabiloties() gets called at several points where we don't
want to be re-querying the enrolment backends. It needs to  be called
before load_all_capabilities() and only by callers that are setting up
a logon session.

Those callers need to be calling complete_user_login() anyway, as they
need to set the Moodle cookie, log the logon action, etc. In fact,
those callers duplicate a lot of that code already.

The callers that don't duplicate code for the login are actually the
cases where the backend enrolment plugins should not be queried.

To be followed by callers cleanup...
2007-11-14 23:34:46 +00:00
nfreear 8ca956147b Fixes MDL-12125, Call to a member function FetchRow on a non-object in get_user_access_sitewide. Merged. 2007-11-12 16:56:38 +00:00