Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
/user/ -> action_redir.php (source)
Differences Between: [Versions 310 and 311] [Versions 311 and 400] [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403] [Versions 39 and 311]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Wrapper script redirecting user operations to correct destination. 19 * 20 * @copyright 1999 Martin Dougiamas http://dougiamas.com 21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 22 * @package core_user 23 */ 24 25 require_once("../config.php"); 26 require_once($CFG->dirroot . '/course/lib.php'); 27 28 $formaction = required_param('formaction', PARAM_LOCALURL); 29 $id = required_param('id', PARAM_INT); 30 31 $PAGE->set_url('/user/action_redir.php', array('formaction' => $formaction, 'id' => $id)); 32 list($formaction) = explode('?', $formaction, 2); 33 34 // This page now only handles the bulk enrolment change actions, other actions are done with ajax. 35 $actions = array('bulkchange.php'); 36 37 if (array_search($formaction, $actions) === false) { 38 print_error('unknownuseraction'); 39 } 40 41 if (!confirm_sesskey()) { 42 print_error('confirmsesskeybad'); 43 } 44 45 if ($formaction == 'bulkchange.php') { 46 // Backwards compatibility for enrolment plugins bulk change functionality. 47 // This awful code is adapting from the participant page with it's param names and values 48 // to the values expected by the bulk enrolment changes forms. 49 $formaction = required_param('formaction', PARAM_URL); 50 require_once($CFG->dirroot . '/enrol/locallib.php'); 51 52 $url = new moodle_url($formaction); 53 // Get the enrolment plugin type and bulk action from the url. 54 $plugin = $url->param('plugin'); 55 $operationname = $url->param('operation'); 56 $dataformat = $url->param('dataformat'); 57 58 $course = $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); 59 $context = context_course::instance($id); 60 $PAGE->set_context($context); 61 62 $userids = optional_param_array('userid', array(), PARAM_INT); 63 $default = new moodle_url('/user/index.php', ['id' => $course->id]); 64 $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_LOCALURL)); 65 66 if (empty($userids)) { 67 $userids = optional_param_array('bulkuser', array(), PARAM_INT); 68 } 69 if (empty($userids)) { 70 // The first time list hack. 71 if (empty($userids) and $post = data_submitted()) { 72 foreach ($post as $k => $v) { 73 if (preg_match('/^user(\d+)$/', $k, $m)) { 74 $userids[] = $m[1]; 75 } 76 } 77 } 78 } 79 80 if (empty($plugin) AND $operationname == 'download_participants') { 81 // Check permissions. 82 $pagecontext = ($course->id == SITEID) ? context_system::instance() : $context; 83 if (course_can_view_participants($pagecontext)) { 84 $plugins = core_plugin_manager::instance()->get_plugins_of_type('dataformat'); 85 if (isset($plugins[$dataformat])) { 86 if ($plugins[$dataformat]->is_enabled()) { 87 if (empty($userids)) { 88 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 89 } 90 91 $columnnames = array( 92 'firstname' => get_string('firstname'), 93 'lastname' => get_string('lastname'), 94 ); 95 96 // TODO Does not support custom user profile fields (MDL-70456). 97 $identityfields = \core_user\fields::get_identity_fields($context, false); 98 $identityfieldsselect = ''; 99 100 foreach ($identityfields as $field) { 101 $columnnames[$field] = get_string($field); 102 $identityfieldsselect .= ', u.' . $field . ' '; 103 } 104 105 // Ensure users are enrolled in this course context, further limiting them by selected userids. 106 [$enrolledsql, $enrolledparams] = get_enrolled_sql($context); 107 [$useridsql, $useridparams] = $DB->get_in_or_equal($userids, SQL_PARAMS_NAMED, 'userid'); 108 109 $params = array_merge($enrolledparams, $useridparams); 110 111 // If user can only view their own groups then they can only export users from those groups too. 112 $groupmode = groups_get_course_groupmode($course); 113 if ($groupmode == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $context)) { 114 $groups = groups_get_all_groups($course->id, $USER->id, 0, 'g.id'); 115 $groupids = array_column($groups, 'id'); 116 117 [$groupmembersql, $groupmemberparams] = groups_get_members_ids_sql($groupids, $context); 118 $params = array_merge($params, $groupmemberparams); 119 120 $groupmemberjoin = "JOIN ({$groupmembersql}) jg ON jg.id = u.id"; 121 } else { 122 $groupmemberjoin = ''; 123 } 124 125 $sql = "SELECT u.firstname, u.lastname" . $identityfieldsselect . " 126 FROM {user} u 127 JOIN ({$enrolledsql}) je ON je.id = u.id 128 {$groupmemberjoin} 129 WHERE u.id {$useridsql}"; 130 131 $rs = $DB->get_recordset_sql($sql, $params); 132 133 // Provide callback to pre-process all records ensuring user identity fields are escaped if HTML supported. 134 \core\dataformat::download_data( 135 'courseid_' . $course->id . '_participants', 136 $dataformat, 137 $columnnames, 138 $rs, 139 function(stdClass $record, bool $supportshtml) use ($identityfields): stdClass { 140 if ($supportshtml) { 141 foreach ($identityfields as $identityfield) { 142 $record->{$identityfield} = s($record->{$identityfield}); 143 } 144 } 145 146 return $record; 147 } 148 ); 149 $rs->close(); 150 } 151 } 152 } 153 } else { 154 $instances = enrol_get_instances($course->id, false); 155 $instance = false; 156 foreach ($instances as $oneinstance) { 157 if ($oneinstance->enrol == $plugin) { 158 $instance = $oneinstance; 159 break; 160 } 161 } 162 if (!$instance) { 163 print_error('errorwithbulkoperation', 'enrol'); 164 } 165 166 $manager = new course_enrolment_manager($PAGE, $course, $instance->id); 167 $plugins = $manager->get_enrolment_plugins(); 168 169 if (!isset($plugins[$plugin])) { 170 print_error('errorwithbulkoperation', 'enrol'); 171 } 172 173 $plugin = $plugins[$plugin]; 174 175 $operations = $plugin->get_bulk_operations($manager); 176 177 if (!isset($operations[$operationname])) { 178 print_error('errorwithbulkoperation', 'enrol'); 179 } 180 $operation = $operations[$operationname]; 181 182 if (empty($userids)) { 183 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 184 } 185 186 $users = $manager->get_users_enrolments($userids); 187 188 $removed = array_diff($userids, array_keys($users)); 189 if (!empty($removed)) { 190 // This manager does not filter by enrolment method - so we can get the removed users details. 191 $removedmanager = new course_enrolment_manager($PAGE, $course); 192 $removedusers = $removedmanager->get_users_enrolments($removed); 193 194 foreach ($removedusers as $removeduser) { 195 $msg = get_string('userremovedfromselectiona', 'enrol', fullname($removeduser)); 196 \core\notification::warning($msg); 197 } 198 } 199 200 // We may have users from any kind of enrolment, we need to filter for the enrolment plugin matching the bulk action. 201 $matchesplugin = function($user) use ($plugin) { 202 foreach ($user->enrolments as $enrolment) { 203 if ($enrolment->enrolmentplugin->get_name() == $plugin->get_name()) { 204 return true; 205 } 206 } 207 return false; 208 }; 209 $filteredusers = array_filter($users, $matchesplugin); 210 211 if (empty($filteredusers)) { 212 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 213 } 214 215 $users = $filteredusers; 216 217 // Get the form for the bulk operation. 218 $mform = $operation->get_form($PAGE->url, array('users' => $users)); 219 // If the mform is false then attempt an immediate process. This may be an immediate action that 220 // doesn't require user input OR confirmation.... who know what but maybe one day. 221 if ($mform === false) { 222 if ($operation->process($manager, $users, new stdClass)) { 223 redirect($returnurl); 224 } else { 225 print_error('errorwithbulkoperation', 'enrol'); 226 } 227 } 228 // Check if the bulk operation has been cancelled. 229 if ($mform->is_cancelled()) { 230 redirect($returnurl); 231 } 232 if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) { 233 if ($operation->process($manager, $users, $mform->get_data())) { 234 redirect($returnurl); 235 } 236 } 237 238 $pagetitle = get_string('bulkuseroperation', 'enrol'); 239 240 $PAGE->set_title($pagetitle); 241 $PAGE->set_heading($pagetitle); 242 echo $OUTPUT->header(); 243 echo $OUTPUT->heading($operation->get_title()); 244 $mform->display(); 245 echo $OUTPUT->footer(); 246 exit(); 247 } 248 } else { 249 throw new coding_exception('invalidaction'); 250 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
