Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.

Differences Between: [Versions 310 and 311] [Versions 311 and 400] [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403] [Versions 39 and 311]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Class used to fetch participants based on a filterset.
  19   *
  20   * @package    core_user
  21   * @copyright  2020 Michael Hawkins <michaelh@moodle.com>
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace core_user\table;
  26  
  27  use context;
  28  use context_helper;
  29  use core_table\local\filter\filterset;
  30  use core_user;
  31  use moodle_recordset;
  32  use stdClass;
  33  use core_user\fields;
  34  
  35  defined('MOODLE_INTERNAL') || die;
  36  
  37  require_once($CFG->dirroot . '/user/lib.php');
  38  
  39  /**
  40   * Class used to fetch participants based on a filterset.
  41   *
  42   * @package    core_user
  43   * @copyright  2020 Michael Hawkins <michaelh@moodle.com>
  44   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  45   */
  46  class participants_search {
  47  
  48      /**
  49       * @var filterset $filterset The filterset describing which participants to include in the search.
  50       */
  51      protected $filterset;
  52  
  53      /**
  54       * @var stdClass $course The course being searched.
  55       */
  56      protected $course;
  57  
  58      /**
  59       * @var context_course $context The course context being searched.
  60       */
  61      protected $context;
  62  
  63      /**
  64       * @var string[] $userfields Names of any extra user fields to be shown when listing users.
  65       */
  66      protected $userfields;
  67  
  68      /**
  69       * Class constructor.
  70       *
  71       * @param stdClass $course The course being searched.
  72       * @param context $context The context of the search.
  73       * @param filterset $filterset The filterset used to filter the participants in a course.
  74       */
  75      public function __construct(stdClass $course, context $context, filterset $filterset) {
  76          $this->course = $course;
  77          $this->context = $context;
  78          $this->filterset = $filterset;
  79  
  80          $this->userfields = fields::get_identity_fields($this->context);
  81      }
  82  
  83      /**
  84       * Fetch participants matching the filterset.
  85       *
  86       * @param string $additionalwhere Any additional SQL to add to where.
  87       * @param array $additionalparams The additional params used by $additionalwhere.
  88       * @param string $sort Optional SQL sort.
  89       * @param int $limitfrom Return a subset of records, starting at this point (optional).
  90       * @param int $limitnum Return a subset comprising this many records (optional, required if $limitfrom is set).
  91       * @return moodle_recordset
  92       */
  93      public function get_participants(string $additionalwhere = '', array $additionalparams = [], string $sort = '',
  94              int $limitfrom = 0, int $limitnum = 0): moodle_recordset {
  95          global $DB;
  96  
  97          [
  98              'subqueryalias' => $subqueryalias,
  99              'outerselect' => $outerselect,
 100              'innerselect' => $innerselect,
 101              'outerjoins' => $outerjoins,
 102              'innerjoins' => $innerjoins,
 103              'outerwhere' => $outerwhere,
 104              'innerwhere' => $innerwhere,
 105              'params' => $params,
 106          ] = $this->get_participants_sql($additionalwhere, $additionalparams);
 107  
 108          $sql = "{$outerselect}
 109                            FROM ({$innerselect}
 110                                            FROM {$innerjoins}
 111                                   {$innerwhere}
 112                                 ) {$subqueryalias}
 113                   {$outerjoins}
 114                   {$outerwhere}
 115                         {$sort}";
 116  
 117          return $DB->get_recordset_sql($sql, $params, $limitfrom, $limitnum);
 118      }
 119  
 120      /**
 121       * Returns the total number of participants for a given course.
 122       *
 123       * @param string $additionalwhere Any additional SQL to add to where.
 124       * @param array $additionalparams The additional params used by $additionalwhere.
 125       * @return int
 126       */
 127      public function get_total_participants_count(string $additionalwhere = '', array $additionalparams = []): int {
 128          global $DB;
 129  
 130          [
 131              'subqueryalias' => $subqueryalias,
 132              'innerselect' => $innerselect,
 133              'outerjoins' => $outerjoins,
 134              'innerjoins' => $innerjoins,
 135              'outerwhere' => $outerwhere,
 136              'innerwhere' => $innerwhere,
 137              'params' => $params,
 138          ] = $this->get_participants_sql($additionalwhere, $additionalparams);
 139  
 140          $sql = "SELECT COUNT(u.id)
 141                    FROM ({$innerselect}
 142                                    FROM {$innerjoins}
 143                           {$innerwhere}
 144                         ) {$subqueryalias}
 145           {$outerjoins}
 146           {$outerwhere}";
 147  
 148          return $DB->count_records_sql($sql, $params);
 149      }
 150  
 151      /**
 152       * Generate the SQL used to fetch filtered data for the participants table.
 153       *
 154       * @param string $additionalwhere Any additional SQL to add to where
 155       * @param array $additionalparams The additional params
 156       * @return array
 157       */
 158      protected function get_participants_sql(string $additionalwhere, array $additionalparams): array {
 159          global $CFG;
 160  
 161          $isfrontpage = ($this->course->id == SITEID);
 162          $accesssince = 0;
 163          // Whether to match on users who HAVE accessed since the given time (ie false is 'inactive for more than x').
 164          $matchaccesssince = false;
 165  
 166          // The alias for the subquery that fetches all distinct course users.
 167          $usersubqueryalias = 'targetusers';
 168          // The alias for {user} within the distinct user subquery.
 169          $inneruseralias = 'udistinct';
 170          // Inner query that selects distinct users in a course who are not deleted.
 171          // Note: This ensures the outer (filtering) query joins on distinct users, avoiding the need for GROUP BY.
 172          $innerselect = "SELECT DISTINCT {$inneruseralias}.id";
 173          $innerjoins = ["{user} {$inneruseralias}"];
 174          $innerwhere = "WHERE {$inneruseralias}.deleted = 0 AND {$inneruseralias}.id <> :siteguest";
 175          $params = ['siteguest' => $CFG->siteguest];
 176  
 177          $outerjoins = ["JOIN {user} u ON u.id = {$usersubqueryalias}.id"];
 178          $wheres = [];
 179  
 180          if ($this->filterset->has_filter('accesssince')) {
 181              $accesssince = $this->filterset->get_filter('accesssince')->current();
 182  
 183              // Last access filtering only supports matching or not matching, not any/all/none.
 184              $jointypenone = $this->filterset->get_filter('accesssince')::JOINTYPE_NONE;
 185              if ($this->filterset->get_filter('accesssince')->get_join_type() === $jointypenone) {
 186                  $matchaccesssince = true;
 187              }
 188          }
 189  
 190          [
 191              // SQL that forms part of the filter.
 192              'sql' => $esql,
 193              // SQL for enrolment filtering that must always be applied (eg due to capability restrictions).
 194              'forcedsql' => $esqlforced,
 195              'params' => $eparams,
 196          ] = $this->get_enrolled_sql();
 197          $params = array_merge($params, $eparams);
 198  
 199          // Get the fields for all contexts because there is a special case later where it allows
 200          // matches of fields you can't access if they are on your own account.
 201          $userfields = fields::for_identity(null)->with_userpic();
 202          ['selects' => $userfieldssql, 'joins' => $userfieldsjoin, 'params' => $userfieldsparams, 'mappings' => $mappings] =
 203                  (array)$userfields->get_sql('u', true);
 204          if ($userfieldsjoin) {
 205              $outerjoins[] = $userfieldsjoin;
 206              $params = array_merge($params, $userfieldsparams);
 207          }
 208  
 209          // Include any compulsory enrolment SQL (eg capability related filtering that must be applied).
 210          if (!empty($esqlforced)) {
 211              $outerjoins[] = "JOIN ({$esqlforced}) fef ON fef.id = u.id";
 212          }
 213  
 214          // Include any enrolment related filtering.
 215          if (!empty($esql)) {
 216              $outerjoins[] = "LEFT JOIN ({$esql}) ef ON ef.id = u.id";
 217              $wheres[] = 'ef.id IS NOT NULL';
 218          }
 219  
 220          if ($isfrontpage) {
 221              $outerselect = "SELECT u.lastaccess $userfieldssql";
 222              if ($accesssince) {
 223                  $wheres[] = user_get_user_lastaccess_sql($accesssince, 'u', $matchaccesssince);
 224              }
 225          } else {
 226              $outerselect = "SELECT COALESCE(ul.timeaccess, 0) AS lastaccess $userfieldssql";
 227              // Not everybody has accessed the course yet.
 228              $outerjoins[] = 'LEFT JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = :courseid2)';
 229              $params['courseid2'] = $this->course->id;
 230              if ($accesssince) {
 231                  $wheres[] = user_get_course_lastaccess_sql($accesssince, 'ul', $matchaccesssince);
 232              }
 233  
 234              // Make sure we only ever fetch users in the course (regardless of enrolment filters).
 235              $innerjoins[] = "JOIN {user_enrolments} ue ON ue.userid = {$inneruseralias}.id";
 236              $innerjoins[] = 'JOIN {enrol} e ON e.id = ue.enrolid
 237                                        AND e.courseid = :courseid1';
 238              $params['courseid1'] = $this->course->id;
 239          }
 240  
 241          // Performance hacks - we preload user contexts together with accounts.
 242          $ccselect = ', ' . context_helper::get_preload_record_columns_sql('ctx');
 243          $ccjoin = 'LEFT JOIN {context} ctx ON (ctx.instanceid = u.id AND ctx.contextlevel = :contextlevel)';
 244          $params['contextlevel'] = CONTEXT_USER;
 245          $outerselect .= $ccselect;
 246          $outerjoins[] = $ccjoin;
 247  
 248          // Apply any role filtering.
 249          if ($this->filterset->has_filter('roles')) {
 250              [
 251                  'where' => $roleswhere,
 252                  'params' => $rolesparams,
 253              ] = $this->get_roles_sql();
 254  
 255              if (!empty($roleswhere)) {
 256                  $wheres[] = "({$roleswhere})";
 257              }
 258  
 259              if (!empty($rolesparams)) {
 260                  $params = array_merge($params, $rolesparams);
 261              }
 262          }
 263  
 264          // Apply any country filtering.
 265          if ($this->filterset->has_filter('country')) {
 266              [
 267                  'where' => $countrywhere,
 268                  'params' => $countryparams,
 269              ] = $this->get_country_sql();
 270  
 271              if (!empty($countrywhere)) {
 272                  $wheres[] = "($countrywhere)";
 273              }
 274  
 275              if (!empty($countryparams)) {
 276                  $params = array_merge($params, $countryparams);
 277              }
 278          }
 279  
 280          // Apply any keyword text searches.
 281          if ($this->filterset->has_filter('keywords')) {
 282              [
 283                  'where' => $keywordswhere,
 284                  'params' => $keywordsparams,
 285              ] = $this->get_keywords_search_sql($mappings);
 286  
 287              if (!empty($keywordswhere)) {
 288                  $wheres[] = $keywordswhere;
 289              }
 290  
 291              if (!empty($keywordsparams)) {
 292                  $params = array_merge($params, $keywordsparams);
 293              }
 294          }
 295  
 296          // Add any supplied additional forced WHERE clauses.
 297          if (!empty($additionalwhere)) {
 298              $innerwhere .= " AND ({$additionalwhere})";
 299              $params = array_merge($params, $additionalparams);
 300          }
 301  
 302          // Prepare final values.
 303          $outerjoinsstring = implode("\n", $outerjoins);
 304          $innerjoinsstring = implode("\n", $innerjoins);
 305          if ($wheres) {
 306              switch ($this->filterset->get_join_type()) {
 307                  case $this->filterset::JOINTYPE_ALL:
 308                      $wherenot = '';
 309                      $wheresjoin = ' AND ';
 310                      break;
 311                  case $this->filterset::JOINTYPE_NONE:
 312                      $wherenot = ' NOT ';
 313                      $wheresjoin = ' AND NOT ';
 314  
 315                      // Some of the $where conditions may begin with `NOT` which results in `AND NOT NOT ...`.
 316                      // To prevent this from breaking on Oracle the inner WHERE clause is wrapped in brackets, making it
 317                      // `AND NOT (NOT ...)` which is valid in all DBs.
 318                      $wheres = array_map(function($where) {
 319                          return "({$where})";
 320                      }, $wheres);
 321  
 322                      break;
 323                  default:
 324                      // Default to 'Any' jointype.
 325                      $wherenot = '';
 326                      $wheresjoin = ' OR ';
 327                      break;
 328              }
 329  
 330              $outerwhere = 'WHERE ' . $wherenot . implode($wheresjoin, $wheres);
 331          } else {
 332              $outerwhere = '';
 333          }
 334  
 335          return [
 336              'subqueryalias' => $usersubqueryalias,
 337              'outerselect' => $outerselect,
 338              'innerselect' => $innerselect,
 339              'outerjoins' => $outerjoinsstring,
 340              'innerjoins' => $innerjoinsstring,
 341              'outerwhere' => $outerwhere,
 342              'innerwhere' => $innerwhere,
 343              'params' => $params,
 344          ];
 345      }
 346  
 347      /**
 348       * Prepare SQL and associated parameters for users enrolled in the course.
 349       *
 350       * @return array SQL query data in the format ['sql' => '', 'forcedsql' => '', 'params' => []].
 351       */
 352      protected function get_enrolled_sql(): array {
 353          global $USER;
 354  
 355          $isfrontpage = ($this->context->instanceid == SITEID);
 356          $prefix = 'eu_';
 357          $filteruid = "{$prefix}u.id";
 358          $sql = '';
 359          $joins = [];
 360          $wheres = [];
 361          $params = [];
 362          // It is possible some statements must always be included (in addition to any filtering).
 363          $forcedprefix = "f{$prefix}";
 364          $forceduid = "{$forcedprefix}u.id";
 365          $forcedsql = '';
 366          $forcedjoins = [];
 367          $forcedwhere = "{$forcedprefix}u.deleted = 0";
 368  
 369          if (!$isfrontpage) {
 370              // Prepare any enrolment method filtering.
 371              [
 372                  'joins' => $methodjoins,
 373                  'where' => $wheres[],
 374                  'params' => $methodparams,
 375              ] = $this->get_enrol_method_sql($filteruid);
 376  
 377              // Prepare any status filtering.
 378              [
 379                  'joins' => $statusjoins,
 380                  'where' => $statuswhere,
 381                  'params' => $statusparams,
 382                  'forcestatus' => $forcestatus,
 383              ] = $this->get_status_sql($filteruid, $forceduid, $forcedprefix);
 384  
 385              if ($forcestatus) {
 386                  // Force filtering by active participants if user does not have capability to view suspended.
 387                  $forcedjoins = array_merge($forcedjoins, $statusjoins);
 388                  $statusjoins = [];
 389                  $forcedwhere .= " AND ({$statuswhere})";
 390              } else {
 391                  $wheres[] = $statuswhere;
 392              }
 393  
 394              $joins = array_merge($joins, $methodjoins, $statusjoins);
 395              $params = array_merge($params, $methodparams, $statusparams);
 396          }
 397  
 398          $groupids = [];
 399  
 400          if ($this->filterset->has_filter('groups')) {
 401              $groupids = $this->filterset->get_filter('groups')->get_filter_values();
 402          }
 403  
 404          // Force additional groups filtering if required due to lack of capabilities.
 405          // Note: This means results will always be limited to allowed groups, even if the user applies their own groups filtering.
 406          $canaccessallgroups = has_capability('moodle/site:accessallgroups', $this->context);
 407          $forcegroups = ($this->course->groupmode == SEPARATEGROUPS && !$canaccessallgroups);
 408  
 409          if ($forcegroups) {
 410              $allowedgroupids = array_keys(groups_get_all_groups($this->course->id, $USER->id));
 411  
 412              // Users not in any group in a course with separate groups mode should not be able to access the participants filter.
 413              if (empty($allowedgroupids)) {
 414                  // The UI does not support this, so it should not be reachable unless someone is trying to bypass the restriction.
 415                  throw new \coding_exception('User must be part of a group to filter by participants.');
 416              }
 417  
 418              $forceduid = "{$forcedprefix}u.id";
 419              $forcedjointype = $this->get_groups_jointype(\core_table\local\filter\filter::JOINTYPE_ANY);
 420              $forcedgroupjoin = groups_get_members_join($allowedgroupids, $forceduid, $this->context, $forcedjointype);
 421  
 422              $forcedjoins[] = $forcedgroupjoin->joins;
 423              $forcedwhere .= " AND ({$forcedgroupjoin->wheres})";
 424  
 425              $params = array_merge($params, $forcedgroupjoin->params);
 426  
 427              // Remove any filtered groups the user does not have access to.
 428              $groupids = array_intersect($allowedgroupids, $groupids);
 429          }
 430  
 431          // Prepare any user defined groups filtering.
 432          if ($groupids) {
 433              $groupjoin = groups_get_members_join($groupids, $filteruid, $this->context, $this->get_groups_jointype());
 434  
 435              $joins[] = $groupjoin->joins;
 436              $params = array_merge($params, $groupjoin->params);
 437              if (!empty($groupjoin->wheres)) {
 438                  $wheres[] = $groupjoin->wheres;
 439              }
 440          }
 441  
 442          // Combine the relevant filters and prepare the query.
 443          $joins = array_filter($joins);
 444          if (!empty($joins)) {
 445              $joinsql = implode("\n", $joins);
 446  
 447              $sql = "SELECT DISTINCT {$prefix}u.id
 448                                 FROM {user} {$prefix}u
 449                                      {$joinsql}
 450                                WHERE {$prefix}u.deleted = 0";
 451          }
 452  
 453          $wheres = array_filter($wheres);
 454          if (!empty($wheres)) {
 455              if ($this->filterset->get_join_type() === $this->filterset::JOINTYPE_ALL) {
 456                  $wheresql = '(' . implode(') AND (', $wheres) . ')';
 457              } else {
 458                  $wheresql = '(' . implode(') OR (', $wheres) . ')';
 459              }
 460  
 461              $sql .= " AND ({$wheresql})";
 462          }
 463  
 464          // Prepare any SQL that must be applied.
 465          if (!empty($forcedjoins)) {
 466              $forcedjoinsql = implode("\n", $forcedjoins);
 467              $forcedsql = "SELECT DISTINCT {$forcedprefix}u.id
 468                                       FROM {user} {$forcedprefix}u
 469                                            {$forcedjoinsql}
 470                                      WHERE {$forcedwhere}";
 471          }
 472  
 473          return [
 474              'sql' => $sql,
 475              'forcedsql' => $forcedsql,
 476              'params' => $params,
 477          ];
 478      }
 479  
 480      /**
 481       * Prepare the enrolment methods filter SQL content.
 482       *
 483       * @param string $useridcolumn User ID column used in the calling query, e.g. u.id
 484       * @return array SQL query data in the format ['joins' => [], 'where' => '', 'params' => []].
 485       */
 486      protected function get_enrol_method_sql($useridcolumn): array {
 487          global $DB;
 488  
 489          $prefix = 'ejm_';
 490          $joins  = [];
 491          $where = '';
 492          $params = [];
 493          $enrolids = [];
 494  
 495          if ($this->filterset->has_filter('enrolments')) {
 496              $enrolids = $this->filterset->get_filter('enrolments')->get_filter_values();
 497          }
 498  
 499          if (!empty($enrolids)) {
 500              $jointype = $this->filterset->get_filter('enrolments')->get_join_type();
 501  
 502              // Handle 'All' join type.
 503              if ($jointype === $this->filterset->get_filter('enrolments')::JOINTYPE_ALL ||
 504                      $jointype === $this->filterset->get_filter('enrolments')::JOINTYPE_NONE) {
 505                  $allwheres = [];
 506  
 507                  foreach ($enrolids as $i => $enrolid) {
 508                      $thisprefix = "{$prefix}{$i}";
 509                      list($enrolidsql, $enrolidparam) = $DB->get_in_or_equal($enrolid, SQL_PARAMS_NAMED, $thisprefix);
 510  
 511                      $joins[] = "LEFT JOIN {enrol} {$thisprefix}e
 512                                         ON ({$thisprefix}e.id {$enrolidsql}
 513                                        AND {$thisprefix}e.courseid = :{$thisprefix}courseid)";
 514                      $joins[] = "LEFT JOIN {user_enrolments} {$thisprefix}ue
 515                                         ON {$thisprefix}ue.userid = {$useridcolumn}
 516                                        AND {$thisprefix}ue.enrolid = {$thisprefix}e.id";
 517  
 518                      if ($jointype === $this->filterset->get_filter('enrolments')::JOINTYPE_ALL) {
 519                          $allwheres[] = "{$thisprefix}ue.id IS NOT NULL";
 520                      } else {
 521                          // Ensure participants do not match any of the filtered methods when joining by 'None'.
 522                          $allwheres[] = "{$thisprefix}ue.id IS NULL";
 523                      }
 524  
 525                      $params["{$thisprefix}courseid"] = $this->course->id;
 526                      $params = array_merge($params, $enrolidparam);
 527                  }
 528  
 529                  if (!empty($allwheres)) {
 530                      $where = implode(' AND ', $allwheres);
 531                  }
 532              } else {
 533                  // Handle the 'Any'join type.
 534  
 535                  list($enrolidssql, $enrolidsparams) = $DB->get_in_or_equal($enrolids, SQL_PARAMS_NAMED, $prefix);
 536  
 537                  $joins[] = "LEFT JOIN {enrol} {$prefix}e
 538                                     ON ({$prefix}e.id {$enrolidssql}
 539                                    AND {$prefix}e.courseid = :{$prefix}courseid)";
 540                  $joins[] = "LEFT JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$useridcolumn}
 541                                                                AND {$prefix}ue.enrolid = {$prefix}e.id";
 542                  $where = "{$prefix}ue.id IS NOT NULL";
 543  
 544                  $params["{$prefix}courseid"] = $this->course->id;
 545                  $params = array_merge($params, $enrolidsparams);
 546              }
 547          }
 548  
 549          return [
 550              'joins' => $joins,
 551              'where' => $where,
 552              'params' => $params,
 553          ];
 554      }
 555  
 556      /**
 557       * Prepare the status filter SQL content.
 558       * Note: Users who cannot view suspended users will always have their results filtered to only show active participants.
 559       *
 560       * @param string $filteruidcolumn User ID column used in the calling query, e.g. eu_u.id
 561       * @param string $forceduidcolumn User ID column used in any forced query, e.g. feu_u.id
 562       * @param string $forcedprefix The prefix to use if forced filtering is required
 563       * @return array SQL query data in the format ['joins' => [], 'where' => '', 'params' => [], 'forcestatus' => true]
 564       */
 565      protected function get_status_sql($filteruidcolumn, $forceduidcolumn, $forcedprefix): array {
 566          $prefix = $forcedprefix;
 567          $useridcolumn = $forceduidcolumn;
 568          $joins  = [];
 569          $where = '';
 570          $params = [];
 571          $forcestatus = true;
 572  
 573          // By default we filter to show users with active status only.
 574          $statusids = [ENROL_USER_ACTIVE];
 575          $statusjointype = $this->filterset::JOINTYPE_DEFAULT;
 576  
 577          // Allow optional status filtering if the user has relevant capabilities.
 578          if (has_capability('moodle/course:enrolreview', $this->context) &&
 579                  (has_capability('moodle/course:viewsuspendedusers', $this->context))) {
 580              $forcestatus = false;
 581              $prefix = 'ejs_';
 582              $useridcolumn = $filteruidcolumn;
 583  
 584              // Default to no filtering if capabilities allow for it.
 585              $statusids = [];
 586  
 587              if ($this->filterset->has_filter('status')) {
 588                  $statusjointype = $this->filterset->get_filter('status')->get_join_type();
 589                  $statusfiltervalues = $this->filterset->get_filter('status')->get_filter_values();
 590  
 591                  // If values are set for the status filter, use them.
 592                  if (!empty($statusfiltervalues)) {
 593                      $statusids = $statusfiltervalues;
 594                  }
 595              }
 596          }
 597  
 598          if (!empty($statusids)) {
 599              $enroljoin = 'JOIN {enrol} %1$se ON %1$se.id = %1$sue.enrolid
 600                                                    AND %1$se.courseid = :%1$scourseid';
 601  
 602              $whereactive = '(%1$sue.status = :%2$sactive
 603                            AND %1$se.status = :%2$senabled
 604                        AND %1$sue.timestart < :%2$snow1
 605                         AND (%1$sue.timeend = 0
 606                           OR %1$sue.timeend > :%2$snow2))';
 607  
 608              $wheresuspended = '(%1$sue.status = :%2$ssuspended
 609                               OR %1$se.status != :%2$senabled
 610                           OR %1$sue.timestart >= :%2$snow1
 611                             OR (%1$sue.timeend > 0
 612                            AND %1$sue.timeend <= :%2$snow2))';
 613  
 614              // Round 'now' time to help DB caching.
 615              $now = round(time(), -2);
 616  
 617              switch ($statusjointype) {
 618                  case $this->filterset::JOINTYPE_ALL:
 619                      $joinwheres = [];
 620  
 621                      foreach ($statusids as $i => $statusid) {
 622                          $joinprefix = "{$prefix}{$i}";
 623                          $joins[] = "JOIN {user_enrolments} {$joinprefix}ue ON {$joinprefix}ue.userid = {$useridcolumn}";
 624  
 625                          if ($statusid === ENROL_USER_ACTIVE) {
 626                              // Conditions to be met if user filtering by active.
 627                              $joinwheres[] = sprintf($whereactive, $joinprefix, $joinprefix);
 628  
 629                              $activeparams = [
 630                                  "{$joinprefix}active" => ENROL_USER_ACTIVE,
 631                                  "{$joinprefix}enabled" => ENROL_INSTANCE_ENABLED,
 632                                  "{$joinprefix}now1"   => $now,
 633                                  "{$joinprefix}now2"   => $now,
 634                                  "{$joinprefix}courseid"   => $this->course->id,
 635                              ];
 636  
 637                              $params = array_merge($params, $activeparams);
 638                          } else {
 639                              // Conditions to be met if filtering by suspended (currently the only other status).
 640                              $joinwheres[] = sprintf($wheresuspended, $joinprefix, $joinprefix);
 641  
 642                              $suspendedparams = [
 643                                  "{$joinprefix}suspended" => ENROL_USER_SUSPENDED,
 644                                  "{$joinprefix}enabled" => ENROL_INSTANCE_ENABLED,
 645                                  "{$joinprefix}now1"   => $now,
 646                                  "{$joinprefix}now2"   => $now,
 647                                  "{$joinprefix}courseid"   => $this->course->id,
 648                              ];
 649  
 650                              $params = array_merge($params, $suspendedparams);
 651                          }
 652  
 653                          $joins[] = sprintf($enroljoin, $joinprefix);
 654                      }
 655  
 656                      $where = implode(' AND ', $joinwheres);
 657                      break;
 658  
 659                  case $this->filterset::JOINTYPE_NONE:
 660                      // Should always be enrolled, just not in any of the filtered statuses.
 661                      $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$useridcolumn}";
 662                      $joins[] = sprintf($enroljoin, $prefix);
 663                      $joinwheres = [];
 664                      $params["{$prefix}courseid"] = $this->course->id;
 665  
 666                      foreach ($statusids as $i => $statusid) {
 667                          $paramprefix = "{$prefix}{$i}";
 668  
 669                          if ($statusid === ENROL_USER_ACTIVE) {
 670                              // Conditions to be met if user filtering by active.
 671                              $joinwheres[] = sprintf("NOT {$whereactive}", $prefix, $paramprefix);
 672  
 673                              $activeparams = [
 674                                  "{$paramprefix}active" => ENROL_USER_ACTIVE,
 675                                  "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED,
 676                                  "{$paramprefix}now1"   => $now,
 677                                  "{$paramprefix}now2"   => $now,
 678                              ];
 679  
 680                              $params = array_merge($params, $activeparams);
 681                          } else {
 682                              // Conditions to be met if filtering by suspended (currently the only other status).
 683                              $joinwheres[] = sprintf("NOT {$wheresuspended}", $prefix, $paramprefix);
 684  
 685                              $suspendedparams = [
 686                                  "{$paramprefix}suspended" => ENROL_USER_SUSPENDED,
 687                                  "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED,
 688                                  "{$paramprefix}now1"   => $now,
 689                                  "{$paramprefix}now2"   => $now,
 690                              ];
 691  
 692                              $params = array_merge($params, $suspendedparams);
 693                          }
 694                      }
 695  
 696                      $where = '(' . implode(' AND ', $joinwheres) . ')';
 697                      break;
 698  
 699                  default:
 700                      // Handle the 'Any' join type.
 701  
 702                      $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$useridcolumn}";
 703                      $joins[] = sprintf($enroljoin, $prefix);
 704                      $joinwheres = [];
 705                      $params["{$prefix}courseid"] = $this->course->id;
 706  
 707                      foreach ($statusids as $i => $statusid) {
 708                          $paramprefix = "{$prefix}{$i}";
 709  
 710                          if ($statusid === ENROL_USER_ACTIVE) {
 711                              // Conditions to be met if user filtering by active.
 712                              $joinwheres[] = sprintf($whereactive, $prefix, $paramprefix);
 713  
 714                              $activeparams = [
 715                                  "{$paramprefix}active" => ENROL_USER_ACTIVE,
 716                                  "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED,
 717                                  "{$paramprefix}now1"   => $now,
 718                                  "{$paramprefix}now2"   => $now,
 719                              ];
 720  
 721                              $params = array_merge($params, $activeparams);
 722                          } else {
 723                              // Conditions to be met if filtering by suspended (currently the only other status).
 724                              $joinwheres[] = sprintf($wheresuspended, $prefix, $paramprefix);
 725  
 726                              $suspendedparams = [
 727                                  "{$paramprefix}suspended" => ENROL_USER_SUSPENDED,
 728                                  "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED,
 729                                  "{$paramprefix}now1"   => $now,
 730                                  "{$paramprefix}now2"   => $now,
 731                              ];
 732  
 733                              $params = array_merge($params, $suspendedparams);
 734                          }
 735                      }
 736  
 737                      $where = '(' . implode(' OR ', $joinwheres) . ')';
 738                      break;
 739              }
 740          }
 741  
 742          return [
 743              'joins' => $joins,
 744              'where' => $where,
 745              'params' => $params,
 746              'forcestatus' => $forcestatus,
 747          ];
 748      }
 749  
 750      /**
 751       * Fetch the groups filter's grouplib jointype, based on its filterset jointype.
 752       * This mapping is to ensure compatibility between the two, should their values ever differ.
 753       *
 754       * @param int|null $forcedjointype If set, specifies the join type to fetch mapping for (used when applying forced filtering).
 755       *                            If null, then user defined filter join type is used.
 756       * @return int
 757       */
 758      protected function get_groups_jointype(?int $forcedjointype = null): int {
 759  
 760          // If applying forced groups filter and no manual groups filtering is applied, add an empty filter so we can map the join.
 761          if (!is_null($forcedjointype) && !$this->filterset->has_filter('groups')) {
 762              $this->filterset->add_filter(new \core_table\local\filter\integer_filter('groups'));
 763          }
 764  
 765          $groupsfilter = $this->filterset->get_filter('groups');
 766  
 767          if (is_null($forcedjointype)) {
 768              // Fetch join type mapping for a user supplied groups filtering.
 769              $filterjointype = $groupsfilter->get_join_type();
 770          } else {
 771              // Fetch join type mapping for forced groups filtering.
 772              $filterjointype = $forcedjointype;
 773          }
 774  
 775          switch ($filterjointype) {
 776              case $groupsfilter::JOINTYPE_NONE:
 777                  $groupsjoin = GROUPS_JOIN_NONE;
 778                  break;
 779              case $groupsfilter::JOINTYPE_ALL:
 780                  $groupsjoin = GROUPS_JOIN_ALL;
 781                  break;
 782              default:
 783                  // Default to ANY jointype.
 784                  $groupsjoin = GROUPS_JOIN_ANY;
 785                  break;
 786          }
 787  
 788          return $groupsjoin;
 789      }
 790  
 791      /**
 792       * Prepare SQL where clause and associated parameters for any roles filtering being performed.
 793       *
 794       * @return array SQL query data in the format ['where' => '', 'params' => []].
 795       */
 796      protected function get_roles_sql(): array {
 797          global $DB;
 798  
 799          $where = '';
 800          $params = [];
 801  
 802          // Limit list to users with some role only.
 803          if ($this->filterset->has_filter('roles')) {
 804              $rolesfilter = $this->filterset->get_filter('roles');
 805  
 806              $roleids = $rolesfilter->get_filter_values();
 807              $jointype = $rolesfilter->get_join_type();
 808  
 809              // Determine how to match values in the query.
 810              $matchinsql = 'IN';
 811              switch ($jointype) {
 812                  case $rolesfilter::JOINTYPE_ALL:
 813                      $wherejoin = ' AND ';
 814                      break;
 815                  case $rolesfilter::JOINTYPE_NONE:
 816                      $wherejoin = ' AND NOT ';
 817                      $matchinsql = 'NOT IN';
 818                      break;
 819                  default:
 820                      // Default to 'Any' jointype.
 821                      $wherejoin = ' OR ';
 822                      break;
 823              }
 824  
 825              // We want to query both the current context and parent contexts.
 826              $rolecontextids = $this->context->get_parent_context_ids(true);
 827  
 828              // Get users without any role, if needed.
 829              if (($withoutkey = array_search(-1, $roleids)) !== false) {
 830                  list($relatedctxsql1, $norolectxparams) = $DB->get_in_or_equal($rolecontextids, SQL_PARAMS_NAMED, 'relatedctx');
 831  
 832                  if ($jointype === $rolesfilter::JOINTYPE_NONE) {
 833                      $where .= "(u.id IN (SELECT userid FROM {role_assignments} WHERE contextid {$relatedctxsql1}))";
 834                  } else {
 835                      $where .= "(u.id NOT IN (SELECT userid FROM {role_assignments} WHERE contextid {$relatedctxsql1}))";
 836                  }
 837  
 838                  $params = array_merge($params, $norolectxparams);
 839  
 840                  if ($withoutkey !== false) {
 841                      unset($roleids[$withoutkey]);
 842                  }
 843  
 844                  // Join if any roles will be included.
 845                  if (!empty($roleids)) {
 846                      // The NOT case is replaced with AND to prevent a double negative.
 847                      $where .= $jointype === $rolesfilter::JOINTYPE_NONE ? ' AND ' : $wherejoin;
 848                  }
 849              }
 850  
 851              // Get users with specified roles, if needed.
 852              if (!empty($roleids)) {
 853                  // All case - need one WHERE per filtered role.
 854                  if ($rolesfilter::JOINTYPE_ALL === $jointype) {
 855                      $numroles = count($roleids);
 856                      $rolecount = 1;
 857  
 858                      foreach ($roleids as $roleid) {
 859                          list($relatedctxsql, $relctxparams) = $DB->get_in_or_equal($rolecontextids, SQL_PARAMS_NAMED, 'relatedctx');
 860                          list($roleidssql, $roleidparams) = $DB->get_in_or_equal($roleid, SQL_PARAMS_NAMED, 'roleids');
 861  
 862                          $where .= "(u.id IN (
 863                                       SELECT userid
 864                                         FROM {role_assignments}
 865                                        WHERE roleid {$roleidssql}
 866                                          AND contextid {$relatedctxsql})
 867                                     )";
 868  
 869                          if ($rolecount < $numroles) {
 870                              $where .= $wherejoin;
 871                              $rolecount++;
 872                          }
 873  
 874                          $params = array_merge($params, $roleidparams, $relctxparams);
 875                      }
 876  
 877                  } else {
 878                      // Any / None cases - need one WHERE to cover all filtered roles.
 879                      list($relatedctxsql, $relctxparams) = $DB->get_in_or_equal($rolecontextids, SQL_PARAMS_NAMED, 'relatedctx');
 880                      list($roleidssql, $roleidsparams) = $DB->get_in_or_equal($roleids, SQL_PARAMS_NAMED, 'roleids');
 881  
 882                      $where .= "(u.id {$matchinsql} (
 883                                   SELECT userid
 884                                     FROM {role_assignments}
 885                                    WHERE roleid {$roleidssql}
 886                                      AND contextid {$relatedctxsql})
 887                                 )";
 888  
 889                      $params = array_merge($params, $roleidsparams, $relctxparams);
 890                  }
 891              }
 892          }
 893  
 894          return [
 895              'where' => $where,
 896              'params' => $params,
 897          ];
 898      }
 899  
 900      /**
 901       * Prepare SQL where clause and associated parameters for country filtering
 902       *
 903       * @return array SQL query data in the format ['where' => '', 'params' => []].
 904       */
 905      protected function get_country_sql(): array {
 906          global $DB;
 907  
 908          $where = '';
 909          $params = [];
 910  
 911          $countryfilter = $this->filterset->get_filter('country');
 912          if ($countrycodes = $countryfilter->get_filter_values()) {
 913              // If filter type is "None", then we negate the comparison.
 914              [$countrywhere, $params] = $DB->get_in_or_equal($countrycodes, SQL_PARAMS_NAMED, 'country',
 915                  $countryfilter->get_join_type() !== $countryfilter::JOINTYPE_NONE);
 916  
 917              $where = "(u.country {$countrywhere})";
 918          }
 919  
 920          return [
 921              'where' => $where,
 922              'params' => $params,
 923          ];
 924      }
 925  
 926      /**
 927       * Prepare SQL where clause and associated parameters for any keyword searches being performed.
 928       *
 929       * @param array $mappings Array of field mappings (fieldname => SQL code for the value)
 930       * @return array SQL query data in the format ['where' => '', 'params' => []].
 931       */
 932      protected function get_keywords_search_sql(array $mappings): array {
 933          global $CFG, $DB, $USER;
 934  
 935          $keywords = [];
 936          $where = '';
 937          $params = [];
 938          $keywordsfilter = $this->filterset->get_filter('keywords');
 939          $jointype = $keywordsfilter->get_join_type();
 940          // None join types in both filter row and filterset require additional 'not null' handling for accurate keywords matches.
 941          $notjoin = false;
 942  
 943          // Determine how to match values in the query.
 944          switch ($jointype) {
 945              case $keywordsfilter::JOINTYPE_ALL:
 946                  $wherejoin = ' AND ';
 947                  break;
 948              case $keywordsfilter::JOINTYPE_NONE:
 949                  $wherejoin = ' AND NOT ';
 950                  $notjoin = true;
 951                  break;
 952              default:
 953                  // Default to 'Any' jointype.
 954                  $wherejoin = ' OR ';
 955                  break;
 956          }
 957  
 958          // Handle filterset None join type.
 959          if ($this->filterset->get_join_type() === $this->filterset::JOINTYPE_NONE) {
 960              $notjoin = true;
 961          }
 962  
 963          if ($this->filterset->has_filter('keywords')) {
 964              $keywords = $keywordsfilter->get_filter_values();
 965          }
 966  
 967          foreach ($keywords as $index => $keyword) {
 968              $searchkey1 = 'search' . $index . '1';
 969              $searchkey2 = 'search' . $index . '2';
 970              $searchkey3 = 'search' . $index . '3';
 971              $searchkey4 = 'search' . $index . '4';
 972              $searchkey5 = 'search' . $index . '5';
 973              $searchkey6 = 'search' . $index . '6';
 974              $searchkey7 = 'search' . $index . '7';
 975  
 976              $conditions = [];
 977              // Search by fullname.
 978              $fullname = $DB->sql_fullname('u.firstname', 'u.lastname');
 979              $conditions[] = $DB->sql_like($fullname, ':' . $searchkey1, false, false);
 980  
 981              // Search by email.
 982              $email = $DB->sql_like('email', ':' . $searchkey2, false, false);
 983  
 984              if ($notjoin) {
 985                  $email = "(email IS NOT NULL AND {$email})";
 986              }
 987  
 988              if (!in_array('email', $this->userfields)) {
 989                  $maildisplay = 'maildisplay' . $index;
 990                  $userid1 = 'userid' . $index . '1';
 991                  // Prevent users who hide their email address from being found by others
 992                  // who aren't allowed to see hidden email addresses.
 993                  $email = "(". $email ." AND (" .
 994                          "u.maildisplay <> :$maildisplay " .
 995                          "OR u.id = :$userid1". // Users can always find themselves.
 996                          "))";
 997                  $params[$maildisplay] = core_user::MAILDISPLAY_HIDE;
 998                  $params[$userid1] = $USER->id;
 999              }
1000  
1001              $conditions[] = $email;
1002  
1003              // Search by idnumber.
1004              $idnumber = $DB->sql_like('idnumber', ':' . $searchkey3, false, false);
1005  
1006              if ($notjoin) {
1007                  $idnumber = "(idnumber IS NOT NULL AND  {$idnumber})";
1008              }
1009  
1010              if (!in_array('idnumber', $this->userfields)) {
1011                  $userid2 = 'userid' . $index . '2';
1012                  // Users who aren't allowed to see idnumbers should at most find themselves
1013                  // when searching for an idnumber.
1014                  $idnumber = "(". $idnumber . " AND u.id = :$userid2)";
1015                  $params[$userid2] = $USER->id;
1016              }
1017  
1018              $conditions[] = $idnumber;
1019  
1020              // Search all user identify fields.
1021              $extrasearchfields = fields::get_identity_fields(null);
1022              foreach ($extrasearchfields as $fieldindex => $extrasearchfield) {
1023                  if (in_array($extrasearchfield, ['email', 'idnumber', 'country'])) {
1024                      // Already covered above.
1025                      continue;
1026                  }
1027                  // The param must be short (max 32 characters) so don't include field name.
1028                  $param = $searchkey3 . '_ident' . $fieldindex;
1029                  $fieldsql = $mappings[$extrasearchfield];
1030                  $condition = $DB->sql_like($fieldsql, ':' . $param, false, false);
1031                  $params[$param] = "%$keyword%";
1032  
1033                  if ($notjoin) {
1034                      $condition = "($fieldsql IS NOT NULL AND {$condition})";
1035                  }
1036  
1037                  if (!in_array($extrasearchfield, $this->userfields)) {
1038                      // User cannot see this field, but allow match if their own account.
1039                      $userid3 = 'userid' . $index . '3_ident' . $fieldindex;
1040                      $condition = "(". $condition . " AND u.id = :$userid3)";
1041                      $params[$userid3] = $USER->id;
1042                  }
1043                  $conditions[] = $condition;
1044              }
1045  
1046              // Search by middlename.
1047              $middlename = $DB->sql_like('middlename', ':' . $searchkey4, false, false);
1048  
1049              if ($notjoin) {
1050                  $middlename = "(middlename IS NOT NULL AND {$middlename})";
1051              }
1052  
1053              $conditions[] = $middlename;
1054  
1055              // Search by alternatename.
1056              $alternatename = $DB->sql_like('alternatename', ':' . $searchkey5, false, false);
1057  
1058              if ($notjoin) {
1059                  $alternatename = "(alternatename IS NOT NULL AND {$alternatename})";
1060              }
1061  
1062              $conditions[] = $alternatename;
1063  
1064              // Search by firstnamephonetic.
1065              $firstnamephonetic = $DB->sql_like('firstnamephonetic', ':' . $searchkey6, false, false);
1066  
1067              if ($notjoin) {
1068                  $firstnamephonetic = "(firstnamephonetic IS NOT NULL AND {$firstnamephonetic})";
1069              }
1070  
1071              $conditions[] = $firstnamephonetic;
1072  
1073              // Search by lastnamephonetic.
1074              $lastnamephonetic = $DB->sql_like('lastnamephonetic', ':' . $searchkey7, false, false);
1075  
1076              if ($notjoin) {
1077                  $lastnamephonetic = "(lastnamephonetic IS NOT NULL AND {$lastnamephonetic})";
1078              }
1079  
1080              $conditions[] = $lastnamephonetic;
1081  
1082              if (!empty($where)) {
1083                  $where .= $wherejoin;
1084              } else if ($jointype === $keywordsfilter::JOINTYPE_NONE) {
1085                  // Join type 'None' requires the WHERE to begin with NOT.
1086                  $where .= ' NOT ';
1087              }
1088  
1089              $where .= "(". implode(" OR ", $conditions) .") ";
1090              $params[$searchkey1] = "%$keyword%";
1091              $params[$searchkey2] = "%$keyword%";
1092              $params[$searchkey3] = "%$keyword%";
1093              $params[$searchkey4] = "%$keyword%";
1094              $params[$searchkey5] = "%$keyword%";
1095              $params[$searchkey6] = "%$keyword%";
1096              $params[$searchkey7] = "%$keyword%";
1097          }
1098  
1099          return [
1100              'where' => $where,
1101              'params' => $params,
1102          ];
1103      }
1104  }