Files
moodle/admin/roles/override.php
T
tjhunt cf0031eef4 admin tree: MDL-10047 and MDL-13104 weird things happen when you turn editing on and off.
That was becuase not enough information was being passed in for the blocks editing controls to construct the right URL to reload the page.

It is also now possible for admin external pages to add some UI next to the turn blocks editing on/off button. For example, when you are editing the list of course catgories, the turn editing off button is now in the right place.
2008-12-11 09:21:52 +00:00

242 lines
9.4 KiB
PHP
Executable File

<?php //$Id$
require_once('../../config.php');
$contextid = required_param('contextid', PARAM_INT); // context id
$roleid = optional_param('roleid', 0, PARAM_INT); // requested role id
$userid = optional_param('userid', 0, PARAM_INT); // needed for user tabs
$courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs
$cancel = optional_param('cancel', 0, PARAM_BOOL);
if (!$context = get_record('context', 'id', $contextid)) {
error('Bad context ID');
}
if (!$sitecontext = get_context_instance(CONTEXT_SYSTEM)) {
error('No site ID');
}
if ($context->id == $sitecontext->id) {
error('Can not override base role capabilities');
}
$canoverride = has_capability('moodle/role:override', $context);
if (!$canoverride and !has_capability('moodle/role:safeoverride', $context)) {
error('You do not have permission to change overrides in this context!');
}
if ($courseid) {
if (!$course = get_record('course', 'id', $courseid)) {
error('Bad course ID');
}
} else {
$course = clone($SITE);
$courseid = SITEID;
}
require_login($course);
$baseurl = 'override.php?contextid='.$context->id;
if (!empty($userid)) {
$baseurl .= '&amp;userid='.$userid;
}
if ($courseid != SITEID) {
$baseurl .= '&amp;courseid='.$courseid;
}
if ($cancel) {
redirect($baseurl);
}
/// needed for tabs.php
$overridableroles = get_overridable_roles($context, 'name', ROLENAME_BOTH);
$assignableroles = get_assignable_roles($context, 'name', ROLENAME_BOTH);
/// Get some language strings
$strroletooverride = get_string('roletooverride', 'role');
$straction = get_string('overrideroles', 'role');
$strcurrentrole = get_string('currentrole', 'role');
$strparticipants = get_string('participants');
/// Make sure this user can override that role
if ($roleid) {
if (!isset($overridableroles[$roleid])) {
error ('you can not override this role in this context');
}
}
if ($userid) {
$user = get_record('user', 'id', $userid);
$fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context));
}
/// get all cababilities
$safeoverridenotice = false;
if ($roleid) {
if ($capabilities = fetch_context_capabilities($context)) {
// find out if we need to lock some capabilities
foreach ($capabilities as $capname=>$capability) {
$capabilities[$capname]->locked = false;
if ($canoverride) {
//ok no locking at all
continue;
}
//only limited safe overrides - spam only allowed
if ((RISK_DATALOSS & (int)$capability->riskbitmask)
or (RISK_MANAGETRUST & (int)$capability->riskbitmask)
or (RISK_CONFIG & (int)$capability->riskbitmask)
or (RISK_XSS & (int)$capability->riskbitmask)
or (RISK_PERSONAL & (int)$capability->riskbitmask)) {
$capabilities[$capname]->locked = true;
$safeoverridenotice = true;
}
}
}
} else {
$capabilities = null;
}
/// Process incoming role override
if ($data = data_submitted() and $roleid and confirm_sesskey()) {
$allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
$localoverrides = get_records_select('role_capabilities', "roleid = $roleid AND contextid = $context->id",
'', 'capability, permission, id');
foreach ($capabilities as $cap) {
if ($cap->locked) {
//user not allowed to change this cap
continue;
}
if (!isset($data->{$cap->name})) {
//cap not specified in form
continue;
}
if (islegacy($data->{$cap->name})) {
continue;
}
$capname = $cap->name;
$value = clean_param($data->{$cap->name}, PARAM_INT);
if (!in_array($value, $allowed_values)) {
continue;
}
if (isset($localoverrides[$capname])) {
// Something exists, so update it
assign_capability($capname, $value, $roleid, $context->id, true);
} else { // insert a record
if ($value != CAP_INHERIT) { // Ignore inherits
assign_capability($capname, $value, $roleid, $context->id);
}
}
}
// force accessinfo refresh for users visiting this context...
mark_context_dirty($context->path);
$rolename = get_field('role', 'name', 'id', $roleid);
add_to_log($course->id, 'role', 'override', 'admin/roles/override.php?contextid='.$context->id.'&roleid='.$roleid, $rolename, '', $USER->id);
redirect($baseurl);
}
/// Print the header and tabs
if ($context->contextlevel == CONTEXT_USER) {
$navlinks = array();
/// course header
if ($course->id != SITEID) {
if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) {
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
}
$navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&amp;course=$courseid", 'type' => 'misc');
$navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc');
$navigation = build_navigation($navlinks);
print_header("$fullname", "$fullname", $navigation, "", "", true, "&nbsp;", navmenu($course));
/// site header
} else {
$navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&amp;course=$courseid", 'type' => 'misc');
$navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc');
$navigation = build_navigation($navlinks);
print_header("$course->fullname: $fullname", $course->fullname, $navigation, "", "", true, "&nbsp;", navmenu($course));
}
$showroles = 1;
$currenttab = 'override';
include_once($CFG->dirroot.'/user/tabs.php');
} else if ($context->contextlevel==CONTEXT_COURSE and $context->instanceid == SITEID) {
require_once($CFG->libdir.'/adminlib.php');
admin_externalpage_setup('frontpageroles', '', array('contextid' => $contextid, 'roleid' => $roleid), $CFG->wwwroot . '/' . $CFG->admin . '/roles/override.php');
admin_externalpage_print_header();
$currenttab = 'override';
include_once('tabs.php');
} else {
$currenttab = 'override';
include_once('tabs.php');
}
print_heading_with_help(get_string('overridepermissionsin', 'role', print_context_name($context)), 'overrides');
if ($roleid) {
/// prints a form to swap roles
echo '<div class="selector">';
$overridableroles = array('0'=>get_string('listallroles', 'role').'...') + $overridableroles;
popup_form("$CFG->wwwroot/$CFG->admin/roles/override.php?userid=$userid&amp;courseid=$courseid&amp;contextid=$contextid&amp;roleid=",
$overridableroles, 'switchrole', $roleid, '', '', '', false, 'self', $strroletooverride);
echo '</div>';
$parentcontexts = get_parent_contexts($context);
if (!empty($parentcontexts)) {
$parentcontext = array_shift($parentcontexts);
$parentcontext = get_context_instance_by_id($parentcontext);
} else {
$parentcontext = $context; // site level in override??
}
$r_caps = role_context_capabilities($roleid, $parentcontext);
$localoverrides = get_records_select('role_capabilities', "roleid = $roleid AND contextid = $context->id",
'', 'capability, permission, id');
$lang = str_replace('_utf8', '', current_language());
if (!empty($capabilities)) {
// Print the capabilities overrideable in this context
print_simple_box_start('center');
include('override.html');
print_simple_box_end();
} else {
notice(get_string('nocapabilitiesincontext', 'role'),
$CFG->wwwroot.'/'.$CFG->admin.'/roles/'.$baseurl);
}
} else { // Print overview table
$table->tablealign = 'center';
$table->cellpadding = 5;
$table->cellspacing = 0;
$table->width = '60%';
$table->head = array(get_string('roles', 'role'), get_string('description'), get_string('overrides', 'role'));
$table->wrap = array('nowrap', '', 'nowrap');
$table->align = array('right', 'left', 'center');
foreach ($overridableroles as $roleid => $rolename) {
$countusers = 0;
$overridecount = count_records_select('role_capabilities', "roleid = $roleid AND contextid = $context->id");
$description = format_string(get_field('role', 'description', 'id', $roleid));
$table->data[] = array('<a href="'.$baseurl.'&amp;roleid='.$roleid.'">'.$rolename.'</a>', $description, $overridecount);
}
print_table($table);
}
print_footer($course);
?>