Differences Between: [Versions 310 and 311] [Versions 311 and 400] [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403] [Versions 39 and 311]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Class used to fetch participants based on a filterset. 19 * 20 * @package core_user 21 * @copyright 2020 Michael Hawkins <michaelh@moodle.com> 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 namespace core_user\table; 26 27 use context; 28 use context_helper; 29 use core_table\local\filter\filterset; 30 use core_user; 31 use moodle_recordset; 32 use stdClass; 33 use core_user\fields; 34 35 defined('MOODLE_INTERNAL') || die; 36 37 require_once($CFG->dirroot . '/user/lib.php'); 38 39 /** 40 * Class used to fetch participants based on a filterset. 41 * 42 * @package core_user 43 * @copyright 2020 Michael Hawkins <michaelh@moodle.com> 44 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 45 */ 46 class participants_search { 47 48 /** 49 * @var filterset $filterset The filterset describing which participants to include in the search. 50 */ 51 protected $filterset; 52 53 /** 54 * @var stdClass $course The course being searched. 55 */ 56 protected $course; 57 58 /** 59 * @var context_course $context The course context being searched. 60 */ 61 protected $context; 62 63 /** 64 * @var string[] $userfields Names of any extra user fields to be shown when listing users. 65 */ 66 protected $userfields; 67 68 /** 69 * Class constructor. 70 * 71 * @param stdClass $course The course being searched. 72 * @param context $context The context of the search. 73 * @param filterset $filterset The filterset used to filter the participants in a course. 74 */ 75 public function __construct(stdClass $course, context $context, filterset $filterset) { 76 $this->course = $course; 77 $this->context = $context; 78 $this->filterset = $filterset; 79 80 $this->userfields = fields::get_identity_fields($this->context); 81 } 82 83 /** 84 * Fetch participants matching the filterset. 85 * 86 * @param string $additionalwhere Any additional SQL to add to where. 87 * @param array $additionalparams The additional params used by $additionalwhere. 88 * @param string $sort Optional SQL sort. 89 * @param int $limitfrom Return a subset of records, starting at this point (optional). 90 * @param int $limitnum Return a subset comprising this many records (optional, required if $limitfrom is set). 91 * @return moodle_recordset 92 */ 93 public function get_participants(string $additionalwhere = '', array $additionalparams = [], string $sort = '', 94 int $limitfrom = 0, int $limitnum = 0): moodle_recordset { 95 global $DB; 96 97 [ 98 'subqueryalias' => $subqueryalias, 99 'outerselect' => $outerselect, 100 'innerselect' => $innerselect, 101 'outerjoins' => $outerjoins, 102 'innerjoins' => $innerjoins, 103 'outerwhere' => $outerwhere, 104 'innerwhere' => $innerwhere, 105 'params' => $params, 106 ] = $this->get_participants_sql($additionalwhere, $additionalparams); 107 108 $sql = "{$outerselect} 109 FROM ({$innerselect} 110 FROM {$innerjoins} 111 {$innerwhere} 112 ) {$subqueryalias} 113 {$outerjoins} 114 {$outerwhere} 115 {$sort}"; 116 117 return $DB->get_recordset_sql($sql, $params, $limitfrom, $limitnum); 118 } 119 120 /** 121 * Returns the total number of participants for a given course. 122 * 123 * @param string $additionalwhere Any additional SQL to add to where. 124 * @param array $additionalparams The additional params used by $additionalwhere. 125 * @return int 126 */ 127 public function get_total_participants_count(string $additionalwhere = '', array $additionalparams = []): int { 128 global $DB; 129 130 [ 131 'subqueryalias' => $subqueryalias, 132 'innerselect' => $innerselect, 133 'outerjoins' => $outerjoins, 134 'innerjoins' => $innerjoins, 135 'outerwhere' => $outerwhere, 136 'innerwhere' => $innerwhere, 137 'params' => $params, 138 ] = $this->get_participants_sql($additionalwhere, $additionalparams); 139 140 $sql = "SELECT COUNT(u.id) 141 FROM ({$innerselect} 142 FROM {$innerjoins} 143 {$innerwhere} 144 ) {$subqueryalias} 145 {$outerjoins} 146 {$outerwhere}"; 147 148 return $DB->count_records_sql($sql, $params); 149 } 150 151 /** 152 * Generate the SQL used to fetch filtered data for the participants table. 153 * 154 * @param string $additionalwhere Any additional SQL to add to where 155 * @param array $additionalparams The additional params 156 * @return array 157 */ 158 protected function get_participants_sql(string $additionalwhere, array $additionalparams): array { 159 global $CFG; 160 161 $isfrontpage = ($this->course->id == SITEID); 162 $accesssince = 0; 163 // Whether to match on users who HAVE accessed since the given time (ie false is 'inactive for more than x'). 164 $matchaccesssince = false; 165 166 // The alias for the subquery that fetches all distinct course users. 167 $usersubqueryalias = 'targetusers'; 168 // The alias for {user} within the distinct user subquery. 169 $inneruseralias = 'udistinct'; 170 // Inner query that selects distinct users in a course who are not deleted. 171 // Note: This ensures the outer (filtering) query joins on distinct users, avoiding the need for GROUP BY. 172 $innerselect = "SELECT DISTINCT {$inneruseralias}.id"; 173 $innerjoins = ["{user} {$inneruseralias}"]; 174 $innerwhere = "WHERE {$inneruseralias}.deleted = 0 AND {$inneruseralias}.id <> :siteguest"; 175 $params = ['siteguest' => $CFG->siteguest]; 176 177 $outerjoins = ["JOIN {user} u ON u.id = {$usersubqueryalias}.id"]; 178 $wheres = []; 179 180 if ($this->filterset->has_filter('accesssince')) { 181 $accesssince = $this->filterset->get_filter('accesssince')->current(); 182 183 // Last access filtering only supports matching or not matching, not any/all/none. 184 $jointypenone = $this->filterset->get_filter('accesssince')::JOINTYPE_NONE; 185 if ($this->filterset->get_filter('accesssince')->get_join_type() === $jointypenone) { 186 $matchaccesssince = true; 187 } 188 } 189 190 [ 191 // SQL that forms part of the filter. 192 'sql' => $esql, 193 // SQL for enrolment filtering that must always be applied (eg due to capability restrictions). 194 'forcedsql' => $esqlforced, 195 'params' => $eparams, 196 ] = $this->get_enrolled_sql(); 197 $params = array_merge($params, $eparams); 198 199 // Get the fields for all contexts because there is a special case later where it allows 200 // matches of fields you can't access if they are on your own account. 201 $userfields = fields::for_identity(null)->with_userpic(); 202 ['selects' => $userfieldssql, 'joins' => $userfieldsjoin, 'params' => $userfieldsparams, 'mappings' => $mappings] = 203 (array)$userfields->get_sql('u', true); 204 if ($userfieldsjoin) { 205 $outerjoins[] = $userfieldsjoin; 206 $params = array_merge($params, $userfieldsparams); 207 } 208 209 // Include any compulsory enrolment SQL (eg capability related filtering that must be applied). 210 if (!empty($esqlforced)) { 211 $outerjoins[] = "JOIN ({$esqlforced}) fef ON fef.id = u.id"; 212 } 213 214 // Include any enrolment related filtering. 215 if (!empty($esql)) { 216 $outerjoins[] = "LEFT JOIN ({$esql}) ef ON ef.id = u.id"; 217 $wheres[] = 'ef.id IS NOT NULL'; 218 } 219 220 if ($isfrontpage) { 221 $outerselect = "SELECT u.lastaccess $userfieldssql"; 222 if ($accesssince) { 223 $wheres[] = user_get_user_lastaccess_sql($accesssince, 'u', $matchaccesssince); 224 } 225 } else { 226 $outerselect = "SELECT COALESCE(ul.timeaccess, 0) AS lastaccess $userfieldssql"; 227 // Not everybody has accessed the course yet. 228 $outerjoins[] = 'LEFT JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = :courseid2)'; 229 $params['courseid2'] = $this->course->id; 230 if ($accesssince) { 231 $wheres[] = user_get_course_lastaccess_sql($accesssince, 'ul', $matchaccesssince); 232 } 233 234 // Make sure we only ever fetch users in the course (regardless of enrolment filters). 235 $innerjoins[] = "JOIN {user_enrolments} ue ON ue.userid = {$inneruseralias}.id"; 236 $innerjoins[] = 'JOIN {enrol} e ON e.id = ue.enrolid 237 AND e.courseid = :courseid1'; 238 $params['courseid1'] = $this->course->id; 239 } 240 241 // Performance hacks - we preload user contexts together with accounts. 242 $ccselect = ', ' . context_helper::get_preload_record_columns_sql('ctx'); 243 $ccjoin = 'LEFT JOIN {context} ctx ON (ctx.instanceid = u.id AND ctx.contextlevel = :contextlevel)'; 244 $params['contextlevel'] = CONTEXT_USER; 245 $outerselect .= $ccselect; 246 $outerjoins[] = $ccjoin; 247 248 // Apply any role filtering. 249 if ($this->filterset->has_filter('roles')) { 250 [ 251 'where' => $roleswhere, 252 'params' => $rolesparams, 253 ] = $this->get_roles_sql(); 254 255 if (!empty($roleswhere)) { 256 $wheres[] = "({$roleswhere})"; 257 } 258 259 if (!empty($rolesparams)) { 260 $params = array_merge($params, $rolesparams); 261 } 262 } 263 264 // Apply any country filtering. 265 if ($this->filterset->has_filter('country')) { 266 [ 267 'where' => $countrywhere, 268 'params' => $countryparams, 269 ] = $this->get_country_sql(); 270 271 if (!empty($countrywhere)) { 272 $wheres[] = "($countrywhere)"; 273 } 274 275 if (!empty($countryparams)) { 276 $params = array_merge($params, $countryparams); 277 } 278 } 279 280 // Apply any keyword text searches. 281 if ($this->filterset->has_filter('keywords')) { 282 [ 283 'where' => $keywordswhere, 284 'params' => $keywordsparams, 285 ] = $this->get_keywords_search_sql($mappings); 286 287 if (!empty($keywordswhere)) { 288 $wheres[] = $keywordswhere; 289 } 290 291 if (!empty($keywordsparams)) { 292 $params = array_merge($params, $keywordsparams); 293 } 294 } 295 296 // Add any supplied additional forced WHERE clauses. 297 if (!empty($additionalwhere)) { 298 $innerwhere .= " AND ({$additionalwhere})"; 299 $params = array_merge($params, $additionalparams); 300 } 301 302 // Prepare final values. 303 $outerjoinsstring = implode("\n", $outerjoins); 304 $innerjoinsstring = implode("\n", $innerjoins); 305 if ($wheres) { 306 switch ($this->filterset->get_join_type()) { 307 case $this->filterset::JOINTYPE_ALL: 308 $wherenot = ''; 309 $wheresjoin = ' AND '; 310 break; 311 case $this->filterset::JOINTYPE_NONE: 312 $wherenot = ' NOT '; 313 $wheresjoin = ' AND NOT '; 314 315 // Some of the $where conditions may begin with `NOT` which results in `AND NOT NOT ...`. 316 // To prevent this from breaking on Oracle the inner WHERE clause is wrapped in brackets, making it 317 // `AND NOT (NOT ...)` which is valid in all DBs. 318 $wheres = array_map(function($where) { 319 return "({$where})"; 320 }, $wheres); 321 322 break; 323 default: 324 // Default to 'Any' jointype. 325 $wherenot = ''; 326 $wheresjoin = ' OR '; 327 break; 328 } 329 330 $outerwhere = 'WHERE ' . $wherenot . implode($wheresjoin, $wheres); 331 } else { 332 $outerwhere = ''; 333 } 334 335 return [ 336 'subqueryalias' => $usersubqueryalias, 337 'outerselect' => $outerselect, 338 'innerselect' => $innerselect, 339 'outerjoins' => $outerjoinsstring, 340 'innerjoins' => $innerjoinsstring, 341 'outerwhere' => $outerwhere, 342 'innerwhere' => $innerwhere, 343 'params' => $params, 344 ]; 345 } 346 347 /** 348 * Prepare SQL and associated parameters for users enrolled in the course. 349 * 350 * @return array SQL query data in the format ['sql' => '', 'forcedsql' => '', 'params' => []]. 351 */ 352 protected function get_enrolled_sql(): array { 353 global $USER; 354 355 $isfrontpage = ($this->context->instanceid == SITEID); 356 $prefix = 'eu_'; 357 $filteruid = "{$prefix}u.id"; 358 $sql = ''; 359 $joins = []; 360 $wheres = []; 361 $params = []; 362 // It is possible some statements must always be included (in addition to any filtering). 363 $forcedprefix = "f{$prefix}"; 364 $forceduid = "{$forcedprefix}u.id"; 365 $forcedsql = ''; 366 $forcedjoins = []; 367 $forcedwhere = "{$forcedprefix}u.deleted = 0"; 368 369 if (!$isfrontpage) { 370 // Prepare any enrolment method filtering. 371 [ 372 'joins' => $methodjoins, 373 'where' => $wheres[], 374 'params' => $methodparams, 375 ] = $this->get_enrol_method_sql($filteruid); 376 377 // Prepare any status filtering. 378 [ 379 'joins' => $statusjoins, 380 'where' => $statuswhere, 381 'params' => $statusparams, 382 'forcestatus' => $forcestatus, 383 ] = $this->get_status_sql($filteruid, $forceduid, $forcedprefix); 384 385 if ($forcestatus) { 386 // Force filtering by active participants if user does not have capability to view suspended. 387 $forcedjoins = array_merge($forcedjoins, $statusjoins); 388 $statusjoins = []; 389 $forcedwhere .= " AND ({$statuswhere})"; 390 } else { 391 $wheres[] = $statuswhere; 392 } 393 394 $joins = array_merge($joins, $methodjoins, $statusjoins); 395 $params = array_merge($params, $methodparams, $statusparams); 396 } 397 398 $groupids = []; 399 400 if ($this->filterset->has_filter('groups')) { 401 $groupids = $this->filterset->get_filter('groups')->get_filter_values(); 402 } 403 404 // Force additional groups filtering if required due to lack of capabilities. 405 // Note: This means results will always be limited to allowed groups, even if the user applies their own groups filtering. 406 $canaccessallgroups = has_capability('moodle/site:accessallgroups', $this->context); 407 $forcegroups = ($this->course->groupmode == SEPARATEGROUPS && !$canaccessallgroups); 408 409 if ($forcegroups) { 410 $allowedgroupids = array_keys(groups_get_all_groups($this->course->id, $USER->id)); 411 412 // Users not in any group in a course with separate groups mode should not be able to access the participants filter. 413 if (empty($allowedgroupids)) { 414 // The UI does not support this, so it should not be reachable unless someone is trying to bypass the restriction. 415 throw new \coding_exception('User must be part of a group to filter by participants.'); 416 } 417 418 $forceduid = "{$forcedprefix}u.id"; 419 $forcedjointype = $this->get_groups_jointype(\core_table\local\filter\filter::JOINTYPE_ANY); 420 $forcedgroupjoin = groups_get_members_join($allowedgroupids, $forceduid, $this->context, $forcedjointype); 421 422 $forcedjoins[] = $forcedgroupjoin->joins; 423 $forcedwhere .= " AND ({$forcedgroupjoin->wheres})"; 424 425 $params = array_merge($params, $forcedgroupjoin->params); 426 427 // Remove any filtered groups the user does not have access to. 428 $groupids = array_intersect($allowedgroupids, $groupids); 429 } 430 431 // Prepare any user defined groups filtering. 432 if ($groupids) { 433 $groupjoin = groups_get_members_join($groupids, $filteruid, $this->context, $this->get_groups_jointype()); 434 435 $joins[] = $groupjoin->joins; 436 $params = array_merge($params, $groupjoin->params); 437 if (!empty($groupjoin->wheres)) { 438 $wheres[] = $groupjoin->wheres; 439 } 440 } 441 442 // Combine the relevant filters and prepare the query. 443 $joins = array_filter($joins); 444 if (!empty($joins)) { 445 $joinsql = implode("\n", $joins); 446 447 $sql = "SELECT DISTINCT {$prefix}u.id 448 FROM {user} {$prefix}u 449 {$joinsql} 450 WHERE {$prefix}u.deleted = 0"; 451 } 452 453 $wheres = array_filter($wheres); 454 if (!empty($wheres)) { 455 if ($this->filterset->get_join_type() === $this->filterset::JOINTYPE_ALL) { 456 $wheresql = '(' . implode(') AND (', $wheres) . ')'; 457 } else { 458 $wheresql = '(' . implode(') OR (', $wheres) . ')'; 459 } 460 461 $sql .= " AND ({$wheresql})"; 462 } 463 464 // Prepare any SQL that must be applied. 465 if (!empty($forcedjoins)) { 466 $forcedjoinsql = implode("\n", $forcedjoins); 467 $forcedsql = "SELECT DISTINCT {$forcedprefix}u.id 468 FROM {user} {$forcedprefix}u 469 {$forcedjoinsql} 470 WHERE {$forcedwhere}"; 471 } 472 473 return [ 474 'sql' => $sql, 475 'forcedsql' => $forcedsql, 476 'params' => $params, 477 ]; 478 } 479 480 /** 481 * Prepare the enrolment methods filter SQL content. 482 * 483 * @param string $useridcolumn User ID column used in the calling query, e.g. u.id 484 * @return array SQL query data in the format ['joins' => [], 'where' => '', 'params' => []]. 485 */ 486 protected function get_enrol_method_sql($useridcolumn): array { 487 global $DB; 488 489 $prefix = 'ejm_'; 490 $joins = []; 491 $where = ''; 492 $params = []; 493 $enrolids = []; 494 495 if ($this->filterset->has_filter('enrolments')) { 496 $enrolids = $this->filterset->get_filter('enrolments')->get_filter_values(); 497 } 498 499 if (!empty($enrolids)) { 500 $jointype = $this->filterset->get_filter('enrolments')->get_join_type(); 501 502 // Handle 'All' join type. 503 if ($jointype === $this->filterset->get_filter('enrolments')::JOINTYPE_ALL || 504 $jointype === $this->filterset->get_filter('enrolments')::JOINTYPE_NONE) { 505 $allwheres = []; 506 507 foreach ($enrolids as $i => $enrolid) { 508 $thisprefix = "{$prefix}{$i}"; 509 list($enrolidsql, $enrolidparam) = $DB->get_in_or_equal($enrolid, SQL_PARAMS_NAMED, $thisprefix); 510 511 $joins[] = "LEFT JOIN {enrol} {$thisprefix}e 512 ON ({$thisprefix}e.id {$enrolidsql} 513 AND {$thisprefix}e.courseid = :{$thisprefix}courseid)"; 514 $joins[] = "LEFT JOIN {user_enrolments} {$thisprefix}ue 515 ON {$thisprefix}ue.userid = {$useridcolumn} 516 AND {$thisprefix}ue.enrolid = {$thisprefix}e.id"; 517 518 if ($jointype === $this->filterset->get_filter('enrolments')::JOINTYPE_ALL) { 519 $allwheres[] = "{$thisprefix}ue.id IS NOT NULL"; 520 } else { 521 // Ensure participants do not match any of the filtered methods when joining by 'None'. 522 $allwheres[] = "{$thisprefix}ue.id IS NULL"; 523 } 524 525 $params["{$thisprefix}courseid"] = $this->course->id; 526 $params = array_merge($params, $enrolidparam); 527 } 528 529 if (!empty($allwheres)) { 530 $where = implode(' AND ', $allwheres); 531 } 532 } else { 533 // Handle the 'Any'join type. 534 535 list($enrolidssql, $enrolidsparams) = $DB->get_in_or_equal($enrolids, SQL_PARAMS_NAMED, $prefix); 536 537 $joins[] = "LEFT JOIN {enrol} {$prefix}e 538 ON ({$prefix}e.id {$enrolidssql} 539 AND {$prefix}e.courseid = :{$prefix}courseid)"; 540 $joins[] = "LEFT JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$useridcolumn} 541 AND {$prefix}ue.enrolid = {$prefix}e.id"; 542 $where = "{$prefix}ue.id IS NOT NULL"; 543 544 $params["{$prefix}courseid"] = $this->course->id; 545 $params = array_merge($params, $enrolidsparams); 546 } 547 } 548 549 return [ 550 'joins' => $joins, 551 'where' => $where, 552 'params' => $params, 553 ]; 554 } 555 556 /** 557 * Prepare the status filter SQL content. 558 * Note: Users who cannot view suspended users will always have their results filtered to only show active participants. 559 * 560 * @param string $filteruidcolumn User ID column used in the calling query, e.g. eu_u.id 561 * @param string $forceduidcolumn User ID column used in any forced query, e.g. feu_u.id 562 * @param string $forcedprefix The prefix to use if forced filtering is required 563 * @return array SQL query data in the format ['joins' => [], 'where' => '', 'params' => [], 'forcestatus' => true] 564 */ 565 protected function get_status_sql($filteruidcolumn, $forceduidcolumn, $forcedprefix): array { 566 $prefix = $forcedprefix; 567 $useridcolumn = $forceduidcolumn; 568 $joins = []; 569 $where = ''; 570 $params = []; 571 $forcestatus = true; 572 573 // By default we filter to show users with active status only. 574 $statusids = [ENROL_USER_ACTIVE]; 575 $statusjointype = $this->filterset::JOINTYPE_DEFAULT; 576 577 // Allow optional status filtering if the user has relevant capabilities. 578 if (has_capability('moodle/course:enrolreview', $this->context) && 579 (has_capability('moodle/course:viewsuspendedusers', $this->context))) { 580 $forcestatus = false; 581 $prefix = 'ejs_'; 582 $useridcolumn = $filteruidcolumn; 583 584 // Default to no filtering if capabilities allow for it. 585 $statusids = []; 586 587 if ($this->filterset->has_filter('status')) { 588 $statusjointype = $this->filterset->get_filter('status')->get_join_type(); 589 $statusfiltervalues = $this->filterset->get_filter('status')->get_filter_values(); 590 591 // If values are set for the status filter, use them. 592 if (!empty($statusfiltervalues)) { 593 $statusids = $statusfiltervalues; 594 } 595 } 596 } 597 598 if (!empty($statusids)) { 599 $enroljoin = 'JOIN {enrol} %1$se ON %1$se.id = %1$sue.enrolid 600 AND %1$se.courseid = :%1$scourseid'; 601 602 $whereactive = '(%1$sue.status = :%2$sactive 603 AND %1$se.status = :%2$senabled 604 AND %1$sue.timestart < :%2$snow1 605 AND (%1$sue.timeend = 0 606 OR %1$sue.timeend > :%2$snow2))'; 607 608 $wheresuspended = '(%1$sue.status = :%2$ssuspended 609 OR %1$se.status != :%2$senabled 610 OR %1$sue.timestart >= :%2$snow1 611 OR (%1$sue.timeend > 0 612 AND %1$sue.timeend <= :%2$snow2))'; 613 614 // Round 'now' time to help DB caching. 615 $now = round(time(), -2); 616 617 switch ($statusjointype) { 618 case $this->filterset::JOINTYPE_ALL: 619 $joinwheres = []; 620 621 foreach ($statusids as $i => $statusid) { 622 $joinprefix = "{$prefix}{$i}"; 623 $joins[] = "JOIN {user_enrolments} {$joinprefix}ue ON {$joinprefix}ue.userid = {$useridcolumn}"; 624 625 if ($statusid === ENROL_USER_ACTIVE) { 626 // Conditions to be met if user filtering by active. 627 $joinwheres[] = sprintf($whereactive, $joinprefix, $joinprefix); 628 629 $activeparams = [ 630 "{$joinprefix}active" => ENROL_USER_ACTIVE, 631 "{$joinprefix}enabled" => ENROL_INSTANCE_ENABLED, 632 "{$joinprefix}now1" => $now, 633 "{$joinprefix}now2" => $now, 634 "{$joinprefix}courseid" => $this->course->id, 635 ]; 636 637 $params = array_merge($params, $activeparams); 638 } else { 639 // Conditions to be met if filtering by suspended (currently the only other status). 640 $joinwheres[] = sprintf($wheresuspended, $joinprefix, $joinprefix); 641 642 $suspendedparams = [ 643 "{$joinprefix}suspended" => ENROL_USER_SUSPENDED, 644 "{$joinprefix}enabled" => ENROL_INSTANCE_ENABLED, 645 "{$joinprefix}now1" => $now, 646 "{$joinprefix}now2" => $now, 647 "{$joinprefix}courseid" => $this->course->id, 648 ]; 649 650 $params = array_merge($params, $suspendedparams); 651 } 652 653 $joins[] = sprintf($enroljoin, $joinprefix); 654 } 655 656 $where = implode(' AND ', $joinwheres); 657 break; 658 659 case $this->filterset::JOINTYPE_NONE: 660 // Should always be enrolled, just not in any of the filtered statuses. 661 $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$useridcolumn}"; 662 $joins[] = sprintf($enroljoin, $prefix); 663 $joinwheres = []; 664 $params["{$prefix}courseid"] = $this->course->id; 665 666 foreach ($statusids as $i => $statusid) { 667 $paramprefix = "{$prefix}{$i}"; 668 669 if ($statusid === ENROL_USER_ACTIVE) { 670 // Conditions to be met if user filtering by active. 671 $joinwheres[] = sprintf("NOT {$whereactive}", $prefix, $paramprefix); 672 673 $activeparams = [ 674 "{$paramprefix}active" => ENROL_USER_ACTIVE, 675 "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED, 676 "{$paramprefix}now1" => $now, 677 "{$paramprefix}now2" => $now, 678 ]; 679 680 $params = array_merge($params, $activeparams); 681 } else { 682 // Conditions to be met if filtering by suspended (currently the only other status). 683 $joinwheres[] = sprintf("NOT {$wheresuspended}", $prefix, $paramprefix); 684 685 $suspendedparams = [ 686 "{$paramprefix}suspended" => ENROL_USER_SUSPENDED, 687 "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED, 688 "{$paramprefix}now1" => $now, 689 "{$paramprefix}now2" => $now, 690 ]; 691 692 $params = array_merge($params, $suspendedparams); 693 } 694 } 695 696 $where = '(' . implode(' AND ', $joinwheres) . ')'; 697 break; 698 699 default: 700 // Handle the 'Any' join type. 701 702 $joins[] = "JOIN {user_enrolments} {$prefix}ue ON {$prefix}ue.userid = {$useridcolumn}"; 703 $joins[] = sprintf($enroljoin, $prefix); 704 $joinwheres = []; 705 $params["{$prefix}courseid"] = $this->course->id; 706 707 foreach ($statusids as $i => $statusid) { 708 $paramprefix = "{$prefix}{$i}"; 709 710 if ($statusid === ENROL_USER_ACTIVE) { 711 // Conditions to be met if user filtering by active. 712 $joinwheres[] = sprintf($whereactive, $prefix, $paramprefix); 713 714 $activeparams = [ 715 "{$paramprefix}active" => ENROL_USER_ACTIVE, 716 "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED, 717 "{$paramprefix}now1" => $now, 718 "{$paramprefix}now2" => $now, 719 ]; 720 721 $params = array_merge($params, $activeparams); 722 } else { 723 // Conditions to be met if filtering by suspended (currently the only other status). 724 $joinwheres[] = sprintf($wheresuspended, $prefix, $paramprefix); 725 726 $suspendedparams = [ 727 "{$paramprefix}suspended" => ENROL_USER_SUSPENDED, 728 "{$paramprefix}enabled" => ENROL_INSTANCE_ENABLED, 729 "{$paramprefix}now1" => $now, 730 "{$paramprefix}now2" => $now, 731 ]; 732 733 $params = array_merge($params, $suspendedparams); 734 } 735 } 736 737 $where = '(' . implode(' OR ', $joinwheres) . ')'; 738 break; 739 } 740 } 741 742 return [ 743 'joins' => $joins, 744 'where' => $where, 745 'params' => $params, 746 'forcestatus' => $forcestatus, 747 ]; 748 } 749 750 /** 751 * Fetch the groups filter's grouplib jointype, based on its filterset jointype. 752 * This mapping is to ensure compatibility between the two, should their values ever differ. 753 * 754 * @param int|null $forcedjointype If set, specifies the join type to fetch mapping for (used when applying forced filtering). 755 * If null, then user defined filter join type is used. 756 * @return int 757 */ 758 protected function get_groups_jointype(?int $forcedjointype = null): int { 759 760 // If applying forced groups filter and no manual groups filtering is applied, add an empty filter so we can map the join. 761 if (!is_null($forcedjointype) && !$this->filterset->has_filter('groups')) { 762 $this->filterset->add_filter(new \core_table\local\filter\integer_filter('groups')); 763 } 764 765 $groupsfilter = $this->filterset->get_filter('groups'); 766 767 if (is_null($forcedjointype)) { 768 // Fetch join type mapping for a user supplied groups filtering. 769 $filterjointype = $groupsfilter->get_join_type(); 770 } else { 771 // Fetch join type mapping for forced groups filtering. 772 $filterjointype = $forcedjointype; 773 } 774 775 switch ($filterjointype) { 776 case $groupsfilter::JOINTYPE_NONE: 777 $groupsjoin = GROUPS_JOIN_NONE; 778 break; 779 case $groupsfilter::JOINTYPE_ALL: 780 $groupsjoin = GROUPS_JOIN_ALL; 781 break; 782 default: 783 // Default to ANY jointype. 784 $groupsjoin = GROUPS_JOIN_ANY; 785 break; 786 } 787 788 return $groupsjoin; 789 } 790 791 /** 792 * Prepare SQL where clause and associated parameters for any roles filtering being performed. 793 * 794 * @return array SQL query data in the format ['where' => '', 'params' => []]. 795 */ 796 protected function get_roles_sql(): array { 797 global $DB; 798 799 $where = ''; 800 $params = []; 801 802 // Limit list to users with some role only. 803 if ($this->filterset->has_filter('roles')) { 804 $rolesfilter = $this->filterset->get_filter('roles'); 805 806 $roleids = $rolesfilter->get_filter_values(); 807 $jointype = $rolesfilter->get_join_type(); 808 809 // Determine how to match values in the query. 810 $matchinsql = 'IN'; 811 switch ($jointype) { 812 case $rolesfilter::JOINTYPE_ALL: 813 $wherejoin = ' AND '; 814 break; 815 case $rolesfilter::JOINTYPE_NONE: 816 $wherejoin = ' AND NOT '; 817 $matchinsql = 'NOT IN'; 818 break; 819 default: 820 // Default to 'Any' jointype. 821 $wherejoin = ' OR '; 822 break; 823 } 824 825 // We want to query both the current context and parent contexts. 826 $rolecontextids = $this->context->get_parent_context_ids(true); 827 828 // Get users without any role, if needed. 829 if (($withoutkey = array_search(-1, $roleids)) !== false) { 830 list($relatedctxsql1, $norolectxparams) = $DB->get_in_or_equal($rolecontextids, SQL_PARAMS_NAMED, 'relatedctx'); 831 832 if ($jointype === $rolesfilter::JOINTYPE_NONE) { 833 $where .= "(u.id IN (SELECT userid FROM {role_assignments} WHERE contextid {$relatedctxsql1}))"; 834 } else { 835 $where .= "(u.id NOT IN (SELECT userid FROM {role_assignments} WHERE contextid {$relatedctxsql1}))"; 836 } 837 838 $params = array_merge($params, $norolectxparams); 839 840 if ($withoutkey !== false) { 841 unset($roleids[$withoutkey]); 842 } 843 844 // Join if any roles will be included. 845 if (!empty($roleids)) { 846 // The NOT case is replaced with AND to prevent a double negative. 847 $where .= $jointype === $rolesfilter::JOINTYPE_NONE ? ' AND ' : $wherejoin; 848 } 849 } 850 851 // Get users with specified roles, if needed. 852 if (!empty($roleids)) { 853 // All case - need one WHERE per filtered role. 854 if ($rolesfilter::JOINTYPE_ALL === $jointype) { 855 $numroles = count($roleids); 856 $rolecount = 1; 857 858 foreach ($roleids as $roleid) { 859 list($relatedctxsql, $relctxparams) = $DB->get_in_or_equal($rolecontextids, SQL_PARAMS_NAMED, 'relatedctx'); 860 list($roleidssql, $roleidparams) = $DB->get_in_or_equal($roleid, SQL_PARAMS_NAMED, 'roleids'); 861 862 $where .= "(u.id IN ( 863 SELECT userid 864 FROM {role_assignments} 865 WHERE roleid {$roleidssql} 866 AND contextid {$relatedctxsql}) 867 )"; 868 869 if ($rolecount < $numroles) { 870 $where .= $wherejoin; 871 $rolecount++; 872 } 873 874 $params = array_merge($params, $roleidparams, $relctxparams); 875 } 876 877 } else { 878 // Any / None cases - need one WHERE to cover all filtered roles. 879 list($relatedctxsql, $relctxparams) = $DB->get_in_or_equal($rolecontextids, SQL_PARAMS_NAMED, 'relatedctx'); 880 list($roleidssql, $roleidsparams) = $DB->get_in_or_equal($roleids, SQL_PARAMS_NAMED, 'roleids'); 881 882 $where .= "(u.id {$matchinsql} ( 883 SELECT userid 884 FROM {role_assignments} 885 WHERE roleid {$roleidssql} 886 AND contextid {$relatedctxsql}) 887 )"; 888 889 $params = array_merge($params, $roleidsparams, $relctxparams); 890 } 891 } 892 } 893 894 return [ 895 'where' => $where, 896 'params' => $params, 897 ]; 898 } 899 900 /** 901 * Prepare SQL where clause and associated parameters for country filtering 902 * 903 * @return array SQL query data in the format ['where' => '', 'params' => []]. 904 */ 905 protected function get_country_sql(): array { 906 global $DB; 907 908 $where = ''; 909 $params = []; 910 911 $countryfilter = $this->filterset->get_filter('country'); 912 if ($countrycodes = $countryfilter->get_filter_values()) { 913 // If filter type is "None", then we negate the comparison. 914 [$countrywhere, $params] = $DB->get_in_or_equal($countrycodes, SQL_PARAMS_NAMED, 'country', 915 $countryfilter->get_join_type() !== $countryfilter::JOINTYPE_NONE); 916 917 $where = "(u.country {$countrywhere})"; 918 } 919 920 return [ 921 'where' => $where, 922 'params' => $params, 923 ]; 924 } 925 926 /** 927 * Prepare SQL where clause and associated parameters for any keyword searches being performed. 928 * 929 * @param array $mappings Array of field mappings (fieldname => SQL code for the value) 930 * @return array SQL query data in the format ['where' => '', 'params' => []]. 931 */ 932 protected function get_keywords_search_sql(array $mappings): array { 933 global $CFG, $DB, $USER; 934 935 $keywords = []; 936 $where = ''; 937 $params = []; 938 $keywordsfilter = $this->filterset->get_filter('keywords'); 939 $jointype = $keywordsfilter->get_join_type(); 940 // None join types in both filter row and filterset require additional 'not null' handling for accurate keywords matches. 941 $notjoin = false; 942 943 // Determine how to match values in the query. 944 switch ($jointype) { 945 case $keywordsfilter::JOINTYPE_ALL: 946 $wherejoin = ' AND '; 947 break; 948 case $keywordsfilter::JOINTYPE_NONE: 949 $wherejoin = ' AND NOT '; 950 $notjoin = true; 951 break; 952 default: 953 // Default to 'Any' jointype. 954 $wherejoin = ' OR '; 955 break; 956 } 957 958 // Handle filterset None join type. 959 if ($this->filterset->get_join_type() === $this->filterset::JOINTYPE_NONE) { 960 $notjoin = true; 961 } 962 963 if ($this->filterset->has_filter('keywords')) { 964 $keywords = $keywordsfilter->get_filter_values(); 965 } 966 967 foreach ($keywords as $index => $keyword) { 968 $searchkey1 = 'search' . $index . '1'; 969 $searchkey2 = 'search' . $index . '2'; 970 $searchkey3 = 'search' . $index . '3'; 971 $searchkey4 = 'search' . $index . '4'; 972 $searchkey5 = 'search' . $index . '5'; 973 $searchkey6 = 'search' . $index . '6'; 974 $searchkey7 = 'search' . $index . '7'; 975 976 $conditions = []; 977 // Search by fullname. 978 $fullname = $DB->sql_fullname('u.firstname', 'u.lastname'); 979 $conditions[] = $DB->sql_like($fullname, ':' . $searchkey1, false, false); 980 981 // Search by email. 982 $email = $DB->sql_like('email', ':' . $searchkey2, false, false); 983 984 if ($notjoin) { 985 $email = "(email IS NOT NULL AND {$email})"; 986 } 987 988 if (!in_array('email', $this->userfields)) { 989 $maildisplay = 'maildisplay' . $index; 990 $userid1 = 'userid' . $index . '1'; 991 // Prevent users who hide their email address from being found by others 992 // who aren't allowed to see hidden email addresses. 993 $email = "(". $email ." AND (" . 994 "u.maildisplay <> :$maildisplay " . 995 "OR u.id = :$userid1". // Users can always find themselves. 996 "))"; 997 $params[$maildisplay] = core_user::MAILDISPLAY_HIDE; 998 $params[$userid1] = $USER->id; 999 } 1000 1001 $conditions[] = $email; 1002 1003 // Search by idnumber. 1004 $idnumber = $DB->sql_like('idnumber', ':' . $searchkey3, false, false); 1005 1006 if ($notjoin) { 1007 $idnumber = "(idnumber IS NOT NULL AND {$idnumber})"; 1008 } 1009 1010 if (!in_array('idnumber', $this->userfields)) { 1011 $userid2 = 'userid' . $index . '2'; 1012 // Users who aren't allowed to see idnumbers should at most find themselves 1013 // when searching for an idnumber. 1014 $idnumber = "(". $idnumber . " AND u.id = :$userid2)"; 1015 $params[$userid2] = $USER->id; 1016 } 1017 1018 $conditions[] = $idnumber; 1019 1020 // Search all user identify fields. 1021 $extrasearchfields = fields::get_identity_fields(null); 1022 foreach ($extrasearchfields as $fieldindex => $extrasearchfield) { 1023 if (in_array($extrasearchfield, ['email', 'idnumber', 'country'])) { 1024 // Already covered above. 1025 continue; 1026 } 1027 // The param must be short (max 32 characters) so don't include field name. 1028 $param = $searchkey3 . '_ident' . $fieldindex; 1029 $fieldsql = $mappings[$extrasearchfield]; 1030 $condition = $DB->sql_like($fieldsql, ':' . $param, false, false); 1031 $params[$param] = "%$keyword%"; 1032 1033 if ($notjoin) { 1034 $condition = "($fieldsql IS NOT NULL AND {$condition})"; 1035 } 1036 1037 if (!in_array($extrasearchfield, $this->userfields)) { 1038 // User cannot see this field, but allow match if their own account. 1039 $userid3 = 'userid' . $index . '3_ident' . $fieldindex; 1040 $condition = "(". $condition . " AND u.id = :$userid3)"; 1041 $params[$userid3] = $USER->id; 1042 } 1043 $conditions[] = $condition; 1044 } 1045 1046 // Search by middlename. 1047 $middlename = $DB->sql_like('middlename', ':' . $searchkey4, false, false); 1048 1049 if ($notjoin) { 1050 $middlename = "(middlename IS NOT NULL AND {$middlename})"; 1051 } 1052 1053 $conditions[] = $middlename; 1054 1055 // Search by alternatename. 1056 $alternatename = $DB->sql_like('alternatename', ':' . $searchkey5, false, false); 1057 1058 if ($notjoin) { 1059 $alternatename = "(alternatename IS NOT NULL AND {$alternatename})"; 1060 } 1061 1062 $conditions[] = $alternatename; 1063 1064 // Search by firstnamephonetic. 1065 $firstnamephonetic = $DB->sql_like('firstnamephonetic', ':' . $searchkey6, false, false); 1066 1067 if ($notjoin) { 1068 $firstnamephonetic = "(firstnamephonetic IS NOT NULL AND {$firstnamephonetic})"; 1069 } 1070 1071 $conditions[] = $firstnamephonetic; 1072 1073 // Search by lastnamephonetic. 1074 $lastnamephonetic = $DB->sql_like('lastnamephonetic', ':' . $searchkey7, false, false); 1075 1076 if ($notjoin) { 1077 $lastnamephonetic = "(lastnamephonetic IS NOT NULL AND {$lastnamephonetic})"; 1078 } 1079 1080 $conditions[] = $lastnamephonetic; 1081 1082 if (!empty($where)) { 1083 $where .= $wherejoin; 1084 } else if ($jointype === $keywordsfilter::JOINTYPE_NONE) { 1085 // Join type 'None' requires the WHERE to begin with NOT. 1086 $where .= ' NOT '; 1087 } 1088 1089 $where .= "(". implode(" OR ", $conditions) .") "; 1090 $params[$searchkey1] = "%$keyword%"; 1091 $params[$searchkey2] = "%$keyword%"; 1092 $params[$searchkey3] = "%$keyword%"; 1093 $params[$searchkey4] = "%$keyword%"; 1094 $params[$searchkey5] = "%$keyword%"; 1095 $params[$searchkey6] = "%$keyword%"; 1096 $params[$searchkey7] = "%$keyword%"; 1097 } 1098 1099 return [ 1100 'where' => $where, 1101 'params' => $params, 1102 ]; 1103 } 1104 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body