Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Change permissions.
  19   *
  20   * @package    core_role
  21   * @copyright  2009 Petr Skoda {@link http://skodak.org}
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  require('../../config.php');
  26  
  27  $contextid  = required_param('contextid', PARAM_INT);
  28  
  29  $roleid     = optional_param('roleid', 0, PARAM_INT);
  30  $capability = optional_param('capability', false, PARAM_CAPABILITY);
  31  $confirm    = optional_param('confirm', 0, PARAM_BOOL);
  32  $prevent    = optional_param('prevent', 0, PARAM_BOOL);
  33  $allow      = optional_param('allow', 0, PARAM_BOOL);
  34  $unprohibit = optional_param('unprohibit', 0, PARAM_BOOL);
  35  $prohibit   = optional_param('prohibit', 0, PARAM_BOOL);
  36  $returnurl  = optional_param('returnurl', null, PARAM_LOCALURL);
  37  
  38  list($context, $course, $cm) = get_context_info_array($contextid);
  39  
  40  $url = new moodle_url('/admin/roles/permissions.php', array('contextid' => $contextid));
  41  
  42  if ($course) {
  43      $isfrontpage = ($course->id == SITEID);
  44  } else {
  45      $isfrontpage = false;
  46      if ($context->contextlevel == CONTEXT_USER) {
  47          $course = $DB->get_record('course', array('id'=>optional_param('courseid', SITEID, PARAM_INT)), '*', MUST_EXIST);
  48          $user = $DB->get_record('user', array('id'=>$context->instanceid), '*', MUST_EXIST);
  49          $url->param('courseid', $course->id);
  50          $url->param('userid', $user->id);
  51      } else {
  52          $course = $SITE;
  53      }
  54  }
  55  
  56  // Security first.
  57  require_login($course, false, $cm);
  58  require_capability('moodle/role:review', $context);
  59  
  60  navigation_node::override_active_url($url);
  61  $pageurl = new moodle_url($url);
  62  if ($returnurl) {
  63      $pageurl->param('returnurl', $returnurl);
  64  }
  65  $PAGE->set_url($pageurl);
  66  
  67  if ($context->contextlevel == CONTEXT_USER and $USER->id != $context->instanceid) {
  68      $PAGE->navbar->includesettingsbase = true;
  69      $PAGE->navigation->extend_for_user($user);
  70      $PAGE->set_context(context_user::instance($user->id));
  71  } else {
  72      $PAGE->set_context($context);
  73  }
  74  
  75  $courseid = $course->id;
  76  
  77  
  78  // These are needed early because of tabs.php.
  79  $assignableroles = get_assignable_roles($context, ROLENAME_BOTH);
  80  list($overridableroles, $overridecounts, $nameswithcounts) = get_overridable_roles($context, ROLENAME_BOTH, true);
  81  if ($capability) {
  82      $capability = $DB->get_record('capabilities', array('name'=>$capability), '*', MUST_EXIST);
  83  }
  84  
  85  $allowoverrides     = has_capability('moodle/role:override', $context);
  86  $allowsafeoverrides = has_capability('moodle/role:safeoverride', $context);
  87  
  88  $contextname = $context->get_context_name();
  89  $title = get_string('permissionsincontext', 'core_role', $contextname);
  90  $straction = get_string('permissions', 'core_role'); // Used by tabs.php.
  91  $currenttab = 'permissions';
  92  
  93  $PAGE->set_pagelayout('admin');
  94  if ($context->contextlevel == CONTEXT_BLOCK) {
  95      // Do not show blocks when changing block's settings, it is confusing.
  96      $PAGE->blocks->show_only_fake_blocks(true);
  97  }
  98  
  99  $PAGE->set_title($title);
 100  $PAGE->activityheader->disable();
 101  switch ($context->contextlevel) {
 102      case CONTEXT_SYSTEM:
 103          throw new \moodle_exception('cannotoverridebaserole', 'error');
 104          break;
 105      case CONTEXT_USER:
 106          $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $context));
 107          $PAGE->set_heading($fullname);
 108          $showroles = 1;
 109          break;
 110      case CONTEXT_COURSECAT:
 111          core_course_category::page_setup();
 112          break;
 113      case CONTEXT_COURSE:
 114          if ($isfrontpage) {
 115              $PAGE->set_heading(get_string('frontpage', 'admin'));
 116          } else {
 117              $PAGE->set_heading($course->fullname);
 118          }
 119          break;
 120      case CONTEXT_MODULE:
 121          $PAGE->set_heading($context->get_context_name(false));
 122          $PAGE->set_cacheable(false);
 123          break;
 124      case CONTEXT_BLOCK:
 125          $PAGE->set_heading($PAGE->course->fullname);
 126          break;
 127  }
 128  
 129  // Handle confirmations and actions.
 130  // We have a capability and overrides are allowed or safe overrides are allowed and this is safe.
 131  if ($capability && ($allowoverrides || ($allowsafeoverrides && is_safe_capability($capability)))) {
 132      // If we already know the the role ID, it is overrideable, and we are setting prevent or unprohibit.
 133      if (isset($overridableroles[$roleid]) && ($prevent || $unprohibit)) {
 134          // We are preventing.
 135          if ($prevent) {
 136              if ($confirm && data_submitted() && confirm_sesskey()) {
 137                  role_change_permission($roleid, $context, $capability->name, CAP_PREVENT);
 138                  redirect($PAGE->url);
 139  
 140              } else {
 141                  $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'role'=>$overridableroles[$roleid], 'context'=>$contextname);
 142                  $message = get_string('confirmroleprevent', 'core_role', $a);
 143                  $continueurl = new moodle_url($PAGE->url,
 144                      array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability->name, 'prevent'=>1, 'sesskey'=>sesskey(), 'confirm'=>1));
 145              }
 146          }
 147          // We are unprohibiting.
 148          if ($unprohibit) {
 149              if ($confirm && data_submitted() && confirm_sesskey()) {
 150                  role_change_permission($roleid, $context, $capability->name, CAP_INHERIT);
 151                  redirect($PAGE->url);
 152              } else {
 153                  $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'role'=>$overridableroles[$roleid], 'context'=>$contextname);
 154                  $message = get_string('confirmroleunprohibit', 'core_role', $a);
 155                  $continueurl = new moodle_url($PAGE->url,
 156                      array('contextid'=>$context->id, 'roleid'=>$roleid, 'capability'=>$capability->name, 'unprohibit'=>1, 'sesskey'=>sesskey(), 'confirm'=>1));
 157              }
 158          }
 159          // Display and print.
 160          echo $OUTPUT->header();
 161          echo $OUTPUT->heading($title);
 162          echo $OUTPUT->confirm($message, $continueurl, $PAGE->url);
 163          echo $OUTPUT->footer();
 164          die;
 165      }
 166  
 167      if ($allow || $prohibit) {
 168          if ($allow) {
 169              $mform = new core_role_permission_allow_form(null, array($context, $capability, $overridableroles));
 170              if ($mform->is_cancelled()) {
 171                  redirect($PAGE->url);
 172              } else if ($data = $mform->get_data() and !empty($data->roleid)) {
 173                  $roleid = $data->roleid;
 174                  if (isset($overridableroles[$roleid])) {
 175                      role_change_permission($roleid, $context, $capability->name, CAP_ALLOW);
 176                  }
 177                  redirect($PAGE->url);
 178              } else {
 179                  $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'context'=>$contextname);
 180                  $message = get_string('roleallowinfo', 'core_role', $a);
 181              }
 182          }
 183          if ($prohibit) {
 184              $mform = new core_role_permission_prohibit_form(null, array($context, $capability, $overridableroles));
 185              if ($mform->is_cancelled()) {
 186                  redirect($PAGE->url);
 187              } else if ($data = $mform->get_data() and !empty($data->roleid)) {
 188                  $roleid = $data->roleid;
 189                  if (isset($overridableroles[$roleid])) {
 190                      role_change_permission($roleid, $context, $capability->name, CAP_PROHIBIT);
 191                  }
 192                  redirect($PAGE->url);
 193              } else {
 194                  $a = (object)array('cap'=>get_capability_docs_link($capability)." ($capability->name)", 'context'=>$contextname);
 195                  $message = get_string('roleprohibitinfo', 'core_role', $a);
 196              }
 197          }
 198          echo $OUTPUT->header();
 199          echo $OUTPUT->heading($title);
 200          echo $OUTPUT->box($message);
 201          $mform->display();
 202          echo $OUTPUT->footer();
 203          die;
 204      }
 205  }
 206  
 207  $PAGE->set_navigation_overflow_state(false);
 208  
 209  echo $OUTPUT->header();
 210  if (in_array($context->contextlevel, [CONTEXT_COURSE, CONTEXT_MODULE, CONTEXT_COURSECAT])) {
 211      echo $OUTPUT->render_participants_tertiary_nav($course);
 212  }
 213  
 214  echo $OUTPUT->heading($title);
 215  
 216  $adminurl = new moodle_url('/admin/');
 217  $arguments = array('contextid' => $contextid,
 218                  'contextname' => $contextname,
 219                  'adminurl' => $adminurl->out());
 220  $PAGE->requires->strings_for_js(
 221                                  array('roleprohibitinfo', 'roleprohibitheader', 'roleallowinfo', 'roleallowheader',
 222                                      'confirmunassigntitle', 'confirmroleunprohibit', 'confirmroleprevent', 'confirmunassignyes',
 223                                      'confirmunassignno', 'deletexrole'), 'core_role');
 224  $PAGE->requires->js_call_amd('core/permissionmanager', 'initialize', array($arguments));
 225  $table = new core_role_permissions_table($context, $contextname, $allowoverrides, $allowsafeoverrides, $overridableroles);
 226  echo $OUTPUT->box_start('generalbox capbox');
 227  // Print link to advanced override page.
 228  if ($overridableroles) {
 229      $overrideurl = new moodle_url('/admin/roles/override.php', array('contextid' => $context->id));
 230      $select = new single_select($overrideurl, 'roleid', $nameswithcounts);
 231      $select->label = get_string('advancedoverride', 'core_role');
 232      echo html_writer::tag('div', $OUTPUT->render($select), array('class'=>'advancedoverride'));
 233  }
 234  $table->display();
 235  echo $OUTPUT->box_end();
 236  
 237  
 238  if ($context->contextlevel > CONTEXT_USER) {
 239  
 240      if ($returnurl) {
 241          $url = new moodle_url($returnurl);
 242      } else {
 243          $url = $context->get_url();
 244      }
 245  
 246      echo html_writer::start_tag('div', array('class'=>'backlink'));
 247      echo html_writer::tag('a', get_string('backto', '', $contextname), array('href' => $url));
 248      echo html_writer::end_tag('div');
 249  }
 250  
 251  echo $OUTPUT->footer($course);