Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Library code used by the roles administration interfaces.
  19   *
  20   * @package    core_role
  21   * @copyright  2009 Petr Skoda {@link http://skodak.org}
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  /**
  28   * Subclass of core_role_capability_table_base for use on the Permissions page.
  29   */
  30  class core_role_permissions_table extends core_role_capability_table_base {
  31      protected $contextname;
  32      protected $allowoverrides;
  33      protected $allowsafeoverrides;
  34      protected $overridableroles;
  35      protected $roles;
  36      protected $icons = array();
  37  
  38      /**
  39       * Constructor.
  40       * @param context $context the context this table relates to.
  41       * @param string $contextname $context->get_context_name() - to save recomputing.
  42       * @param array $allowoverrides
  43       * @param array $allowsafeoverrides
  44       * @param array $overridableroles
  45       */
  46      public function __construct($context, $contextname, $allowoverrides, $allowsafeoverrides, $overridableroles) {
  47          parent::__construct($context, 'permissions');
  48          $this->contextname = $contextname;
  49          $this->allowoverrides = $allowoverrides;
  50          $this->allowsafeoverrides = $allowsafeoverrides;
  51          $this->overridableroles = $overridableroles;
  52  
  53          $roles = get_all_roles($context);
  54          $this->roles = role_fix_names(array_reverse($roles, true), $context, ROLENAME_BOTH, true);
  55  
  56      }
  57  
  58      protected function add_header_cells() {
  59          echo '<th>' . get_string('risks', 'core_role') . '</th>';
  60          echo '<th>' . get_string('neededroles', 'core_role') . '</th>';
  61          echo '<th>' . get_string('prohibitedroles', 'core_role') . '</th>';
  62      }
  63  
  64      protected function num_extra_columns() {
  65          return 3;
  66      }
  67  
  68      protected function add_row_cells($capability) {
  69          global $OUTPUT, $PAGE;
  70          $renderer = $PAGE->get_renderer('core');
  71          $adminurl = new moodle_url("/admin/");
  72  
  73          $context = $this->context;
  74          $contextid = $this->context->id;
  75          $allowoverrides = $this->allowoverrides;
  76          $allowsafeoverrides = $this->allowsafeoverrides;
  77          $overridableroles = $this->overridableroles;
  78          $roles = $this->roles;
  79  
  80          list($needed, $forbidden) = get_roles_with_cap_in_context($context, $capability->name);
  81          $neededroles    = array();
  82          $forbiddenroles = array();
  83          $allowable      = $overridableroles;
  84          $forbitable     = $overridableroles;
  85          foreach ($neededroles as $id => $unused) {
  86              unset($allowable[$id]);
  87          }
  88          foreach ($forbidden as $id => $unused) {
  89              unset($allowable[$id]);
  90              unset($forbitable[$id]);
  91          }
  92  
  93          foreach ($roles as $id => $name) {
  94              if (isset($needed[$id])) {
  95                  $templatecontext = array("rolename" => $name, "roleid" => $id, "action" => "prevent", "spanclass" => "allowed",
  96                                    "linkclass" => "preventlink", "adminurl" => $adminurl->out(), "icon" => "", "iconalt" => "");
  97                  if (isset($overridableroles[$id]) and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
  98                      $templatecontext['icon'] = 't/delete';
  99                      $templatecontext['iconalt'] = get_string('deletexrole', 'core_role', $name);
 100                  }
 101                  $neededroles[$id] = $renderer->render_from_template('core/permissionmanager_role', $templatecontext);
 102              }
 103          }
 104          $neededroles = implode(' ', $neededroles);
 105          foreach ($roles as $id => $name) {
 106              if (isset($forbidden[$id])  and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
 107                  $templatecontext = array("rolename" => $name, "roleid" => $id, "action" => "unprohibit",
 108                                  "spanclass" => "forbidden", "linkclass" => "unprohibitlink", "adminurl" => $adminurl->out(),
 109                                  "icon" => "", "iconalt" => "");
 110                  if (isset($overridableroles[$id]) and prohibit_is_removable($id, $context, $capability->name)) {
 111                      $templatecontext['icon'] = 't/delete';
 112                      $templatecontext['iconalt'] = get_string('deletexrole', 'core_role', $name);
 113                  }
 114                  $forbiddenroles[$id] = $renderer->render_from_template('core/permissionmanager_role', $templatecontext);
 115              }
 116          }
 117          $forbiddenroles = implode(' ', $forbiddenroles);
 118  
 119          if ($allowable and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
 120              $allowurl = new moodle_url($PAGE->url, array('contextid' => $contextid,
 121                                         'capability' => $capability->name, 'allow' => 1));
 122              $allowicon = $OUTPUT->action_icon($allowurl, new pix_icon('t/add', get_string('allow', 'core_role')), null,
 123                                              array('class' => 'allowlink', 'data-action' => 'allow'));
 124              $neededroles .= html_writer::div($allowicon, 'allowmore');
 125          }
 126  
 127          if ($forbitable and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
 128              $prohibiturl = new moodle_url($PAGE->url, array('contextid' => $contextid,
 129                                            'capability' => $capability->name, 'prohibit' => 1));
 130              $prohibiticon = $OUTPUT->action_icon($prohibiturl, new pix_icon('t/add', get_string('prohibit', 'core_role')), null,
 131                                                  array('class' => 'prohibitlink', 'data-action' => 'prohibit'));
 132              $forbiddenroles .= html_writer::div($prohibiticon, 'prohibitmore');
 133          }
 134  
 135          $risks = $this->get_risks($capability);
 136  
 137          $contents = html_writer::tag('td', $risks, array('class' => 'risks text-nowrap'));
 138          $contents .= html_writer::tag('td', $neededroles, array('class' => 'allowedroles'));
 139          $contents .= html_writer::tag('td', $forbiddenroles, array('class' => 'forbiddenroles'));
 140          return $contents;
 141      }
 142  
 143      protected function get_risks($capability) {
 144          global $OUTPUT;
 145  
 146          $allrisks = get_all_risks();
 147          $risksurl = new moodle_url(get_docs_url(s(get_string('risks', 'core_role'))));
 148  
 149          $return = '';
 150  
 151          foreach ($allrisks as $type => $risk) {
 152              if ($risk & (int)$capability->riskbitmask) {
 153                  if (!isset($this->icons[$type])) {
 154                      $pixicon = new pix_icon('/i/' . str_replace('risk', 'risk_', $type), get_string($type . 'short', 'admin'));
 155                      $this->icons[$type] = $OUTPUT->action_icon($risksurl, $pixicon, new popup_action('click', $risksurl));
 156                  }
 157                  $return .= $this->icons[$type];
 158              }
 159          }
 160  
 161          return $return;
 162      }
 163  
 164      /**
 165       * Add additional attributes to row
 166       *
 167       * @param stdClass $capability capability that this table row relates to.
 168       * @return array key value pairs of attribute names and values.
 169       */
 170      protected function get_row_attributes($capability) {
 171          return array(
 172                  'data-id' => $capability->id,
 173                  'data-name' => $capability->name,
 174                  'data-humanname' => get_capability_string($capability->name),
 175          );
 176      }
 177  }