Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * View user acceptances to the policies
 *
 * @package     tool_policy
 * @copyright   2018 Marina Glancy
 * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

namespace tool_policy;

use tool_policy\output\acceptances_filter;
use tool_policy\output\renderer;
use tool_policy\output\user_agreement;
use core_user;
use stdClass;

defined('MOODLE_INTERNAL') || die();

global $CFG;
require_once($CFG->dirroot.'/lib/tablelib.php');

/**
 * Class acceptances_table
 *
 * @package     tool_policy
 * @copyright   2018 Marina Glancy
 * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class acceptances_table extends \table_sql {

    /** @var array */
    protected $versionids;

    /** @var acceptances_filter */
    protected $acceptancesfilter;

    /** @var renderer */
    protected $output;

    /**
     * @var string[] The list of countries.
     */
    protected $countries;

    /** @var bool are there any users that this user can agree on behalf of */
    protected $canagreeany = false;

    /**
     * Constructor.
     *
     * @param string $uniqueid Table identifier.
     * @param acceptances_filter $acceptancesfilter
     * @param renderer $output
     */
    public function __construct($uniqueid, acceptances_filter $acceptancesfilter, renderer $output) {
        global $CFG;
        parent::__construct($uniqueid);
        $this->set_attribute('id', 'acceptancetable');
        $this->acceptancesfilter = $acceptancesfilter;
        $this->is_downloading(optional_param('download', 0, PARAM_ALPHA), 'user_acceptances');
        $this->baseurl = $acceptancesfilter->get_url();
        $this->output = $output;

        $this->versionids = [];
        $versions = $acceptancesfilter->get_versions();
        if (count($versions) > 1) {
            foreach ($versions as $version) {
                $this->versionids[$version->id] = $version->name;
            }
        } else {
            $version = reset($versions);
            $this->versionids[$version->id] = $version->name;
            if ($version->status != policy_version::STATUS_ACTIVE) {
                $this->versionids[$version->id] .= '<br>' . $version->revision;
            }
        }

        // TODO Does not support custom user profile fields (MDL-70456).
        $userfieldsapi = \core_user\fields::for_identity(\context_system::instance(), false)->with_userpic();
        $userfields = $userfieldsapi->get_sql('u', false, '', '', false)->selects;
        $extrafields = $userfieldsapi->get_required_fields([\core_user\fields::PURPOSE_IDENTITY]);

        $this->set_sql("$userfields",
            "{user} u",
            'u.id <> :siteguestid AND u.deleted = 0',
            ['siteguestid' => $CFG->siteguest]);
        if (!$this->is_downloading()) {
            $this->add_column_header('select', get_string('select'), false, 'colselect');
        }
        $this->add_column_header('fullname', get_string('fullnameuser', 'core'));
        foreach ($extrafields as $field) {
            $this->add_column_header($field, \core_user\fields::get_display_name($field));
        }

        if (!$this->is_downloading() && !has_capability('tool/policy:acceptbehalf', \context_system::instance())) {
            // We will need to check capability to accept on behalf in each user's context, preload users contexts.
            $this->sql->fields .= ',' . \context_helper::get_preload_record_columns_sql('ctx');
            $this->sql->from .= ' JOIN {context} ctx ON ctx.contextlevel = :usercontextlevel AND ctx.instanceid = u.id';
            $this->sql->params['usercontextlevel'] = CONTEXT_USER;
        }

        if ($this->acceptancesfilter->get_single_version()) {
            $this->configure_for_single_version();
        } else {
            $this->configure_for_multiple_versions();
        }

        $this->build_sql_for_search_string($extrafields);
        $this->build_sql_for_capability_filter();
        $this->build_sql_for_roles_filter();

        $this->sortable(true, 'firstname');
    }

    /**
     * Remove randomness from the list by always sorting by user id in the end
     *
     * @return array
     */
    public function get_sort_columns() {
        $c = parent::get_sort_columns();
        $c['u.id'] = SORT_ASC;
        return $c;
    }

    /**
     * Allows to add only one column name and header to the table (parent class methods only allow to set all).
     *
     * @param string $key
     * @param string $label
     * @param bool $sortable
     * @param string $columnclass
     */
    protected function add_column_header($key, $label, $sortable = true, $columnclass = '') {
        if (empty($this->columns)) {
            $this->define_columns([$key]);
            $this->define_headers([$label]);
        } else {
            $this->columns[$key] = count($this->columns);
            $this->column_style[$key] = array();
            $this->column_class[$key] = $columnclass;
            $this->column_suppress[$key] = false;
            $this->headers[] = $label;
        }
        if ($columnclass !== null) {
            $this->column_class($key, $columnclass);
        }
        if (!$sortable) {
            $this->no_sorting($key);
        }
    }

    /**
     * Helper configuration method.
     */
    protected function configure_for_single_version() {
        $userfieldsapi = \core_user\fields::for_name();
        $userfieldsmod = $userfieldsapi->get_sql('m', false, 'mod', '', false)->selects;
        $v = key($this->versionids);
        $this->sql->fields .= ", $userfieldsmod, a{$v}.status AS status{$v}, a{$v}.note, ".
           "a{$v}.timemodified, a{$v}.usermodified AS usermodified{$v}";

        $join = "JOIN {tool_policy_acceptances} a{$v} ON a{$v}.userid = u.id AND a{$v}.policyversionid=:versionid{$v}";
        $filterstatus = $this->acceptancesfilter->get_status_filter();
        if ($filterstatus == 1) {
            $this->sql->from .= " $join AND a{$v}.status=1";
        } else if ($filterstatus == 2) {
            $this->sql->from .= " $join AND a{$v}.status=0";
        } else {
            $this->sql->from .= " LEFT $join";
        }

        $this->sql->from .= " LEFT JOIN {user} m ON m.id = a{$v}.usermodified AND m.id <> u.id AND a{$v}.status IS NOT NULL";

        $this->sql->params['versionid' . $v] = $v;

        if ($filterstatus === 0) {
            $this->sql->where .= " AND a{$v}.status IS NULL";
        }

        $this->add_column_header('status' . $v, get_string('response', 'tool_policy'));
        $this->add_column_header('timemodified', get_string('responseon', 'tool_policy'));
        $this->add_column_header('usermodified' . $v, get_string('responseby', 'tool_policy'));
        $this->add_column_header('note', get_string('acceptancenote', 'tool_policy'), false);
    }

    /**
     * Helper configuration method.
     */
    protected function configure_for_multiple_versions() {
        $this->add_column_header('statusall', get_string('acceptancestatusoverall', 'tool_policy'));
        $filterstatus = $this->acceptancesfilter->get_status_filter();
        $statusall = [];
        foreach ($this->versionids as $v => $versionname) {
            $this->sql->fields .= ", a{$v}.status AS status{$v}, a{$v}.usermodified AS usermodified{$v}";
            $join = "JOIN {tool_policy_acceptances} a{$v} ON a{$v}.userid = u.id AND a{$v}.policyversionid=:versionid{$v}";
            if ($filterstatus == 1) {
                $this->sql->from .= " {$join} AND a{$v}.status=1";
            } else if ($filterstatus == 2) {
                $this->sql->from .= " {$join} AND a{$v}.status=0";
            } else {
                $this->sql->from .= " LEFT {$join}";
            }
            $this->sql->params['versionid' . $v] = $v;
            $this->add_column_header('status' . $v, $versionname);
            $statusall[] = "COALESCE(a{$v}.status, 0)";
        }
        $this->sql->fields .= ",".join('+', $statusall)." AS statusall";

        if ($filterstatus === 0) {
            $statussql = [];
            foreach ($this->versionids as $v => $versionname) {
                $statussql[] = "a{$v}.status IS NULL";
            }
            $this->sql->where .= " AND (u.policyagreed = 0 OR ".join(" OR ", $statussql).")";
        }
    }

    /**
     * Download the data.
     */
    public function download() {
        \core\session\manager::write_close();
        $this->out(0, false);
        exit;
    }

    /**
     * Get sql to add to where statement.
     *
     * @return string
     */
    public function get_sql_where() {
        list($where, $params) = parent::get_sql_where();
        $where = preg_replace('/firstname/', 'u.firstname', $where);
        $where = preg_replace('/lastname/', 'u.lastname', $where);
        return [$where, $params];
    }

    /**
     * Helper SQL query builder.
     *
     * @param array $userfields
     */
    protected function build_sql_for_search_string($userfields) {
        global $DB, $USER;

        $search = $this->acceptancesfilter->get_search_strings();
        if (empty($search)) {
            return;
        }

        $wheres = [];
        $params = [];
        foreach ($search as $index => $keyword) {
            $searchkey1 = 'search' . $index . '1';
            $searchkey2 = 'search' . $index . '2';
            $searchkey3 = 'search' . $index . '3';
            $searchkey4 = 'search' . $index . '4';
            $searchkey5 = 'search' . $index . '5';
            $searchkey6 = 'search' . $index . '6';
            $searchkey7 = 'search' . $index . '7';

            $conditions = array();
            // Search by fullname.
            $fullname = $DB->sql_fullname('u.firstname', 'u.lastname');
            $conditions[] = $DB->sql_like($fullname, ':' . $searchkey1, false, false);

            // Search by email.
            $email = $DB->sql_like('u.email', ':' . $searchkey2, false, false);
            if (!in_array('email', $userfields)) {
                $maildisplay = 'maildisplay' . $index;
                $userid1 = 'userid' . $index . '1';
                // Prevent users who hide their email address from being found by others
                // who aren't allowed to see hidden email addresses.
                $email = "(". $email ." AND (" .
                    "u.maildisplay <> :$maildisplay " .
                    "OR u.id = :$userid1". // User can always find himself.
                    "))";
                $params[$maildisplay] = core_user::MAILDISPLAY_HIDE;
                $params[$userid1] = $USER->id;
            }
            $conditions[] = $email;

            // Search by idnumber.
            $idnumber = $DB->sql_like('u.idnumber', ':' . $searchkey3, false, false);
            if (!in_array('idnumber', $userfields)) {
                $userid2 = 'userid' . $index . '2';
                // Users who aren't allowed to see idnumbers should at most find themselves
                // when searching for an idnumber.
                $idnumber = "(". $idnumber . " AND u.id = :$userid2)";
                $params[$userid2] = $USER->id;
            }
            $conditions[] = $idnumber;

            // Search by middlename.
            $middlename = $DB->sql_like('u.middlename', ':' . $searchkey4, false, false);
            $conditions[] = $middlename;

            // Search by alternatename.
            $alternatename = $DB->sql_like('u.alternatename', ':' . $searchkey5, false, false);
            $conditions[] = $alternatename;

            // Search by firstnamephonetic.
            $firstnamephonetic = $DB->sql_like('u.firstnamephonetic', ':' . $searchkey6, false, false);
            $conditions[] = $firstnamephonetic;

            // Search by lastnamephonetic.
            $lastnamephonetic = $DB->sql_like('u.lastnamephonetic', ':' . $searchkey7, false, false);
            $conditions[] = $lastnamephonetic;

            $wheres[] = "(". implode(" OR ", $conditions) .") ";
            $params[$searchkey1] = "%$keyword%";
            $params[$searchkey2] = "%$keyword%";
            $params[$searchkey3] = "%$keyword%";
            $params[$searchkey4] = "%$keyword%";
            $params[$searchkey5] = "%$keyword%";
            $params[$searchkey6] = "%$keyword%";
            $params[$searchkey7] = "%$keyword%";
        }

        $this->sql->where .= ' AND '.join(' AND ', $wheres);
        $this->sql->params += $params;
    }

    /**
     * If there is a filter to find users who can/cannot accept on their own behalf add it to the SQL query
     */
    protected function build_sql_for_capability_filter() {
        global $CFG;
        $hascapability = $this->acceptancesfilter->get_capability_accept_filter();
        if ($hascapability === null) {
            return;
        }

        list($neededroles, $forbiddenroles) = get_roles_with_cap_in_context(\context_system::instance(), 'tool/policy:accept');

        if (empty($neededroles)) {
            // There are no roles that allow to accept agreement on one own's behalf.
            $this->sql->where .= $hascapability ? ' AND 1=0' : '';
            return;
        }

        if (empty($forbiddenroles)) {
            // There are no roles that prohibit to accept agreement on one own's behalf.
            $this->sql->where .= ' AND ' . $this->sql_has_role($neededroles, $hascapability);
            return;
        }

        $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
        if (!empty($neededroles[$defaultuserroleid])) {
            // Default role allows to accept agreement. Make sure user has/does not have one of the roles prohibiting it.
            $this->sql->where .= ' AND ' . $this->sql_has_role($forbiddenroles, !$hascapability);
            return;
        }

        if ($hascapability) {
            // User has at least one role allowing to accept and no roles prohibiting.
            $this->sql->where .= ' AND ' . $this->sql_has_role($neededroles);
            $this->sql->where .= ' AND ' . $this->sql_has_role($forbiddenroles, false);
        } else {
            // Option 1: User has one of the roles prohibiting to accept.
            $this->sql->where .= ' AND (' . $this->sql_has_role($forbiddenroles);
            // Option 2: User has none of the roles allowing to accept.
            $this->sql->where .= ' OR ' . $this->sql_has_role($neededroles, false) . ")";
        }
    }

    /**
     * Returns SQL snippet for users that have (do not have) one of the given roles in the system context
     *
     * @param array $roles list of roles indexed by role id
     * @param bool $positive true: return users who HAVE roles; false: return users who DO NOT HAVE roles
     * @return string
     */
    protected function sql_has_role($roles, $positive = true) {
        global $CFG;
        if (empty($roles)) {
            return $positive ? '1=0' : '1=1';
        }
        $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
        if (!empty($roles[$defaultuserroleid])) {
            // No need to query, everybody has the default role.
            return $positive ? '1=1' : '1=0';
        }
        return "u.id " . ($positive ? "" : "NOT") . " IN (
                SELECT userid
                FROM {role_assignments}
                WHERE contextid = " . SYSCONTEXTID . " AND roleid IN (" . implode(',', array_keys($roles)) . ")
            )";
    }

    /**
     * If there is a filter by user roles add it to the SQL query.
     */
    protected function build_sql_for_roles_filter() {
        foreach ($this->acceptancesfilter->get_role_filters() as $roleid) {
            $this->sql->where .= ' AND ' . $this->sql_has_role([$roleid => $roleid]);
        }
    }

    /**
     * Hook that can be overridden in child classes to wrap a table in a form
     * for example. Called only when there is data to display and not
     * downloading.
     */
    public function wrap_html_start() {
        echo \html_writer::start_tag('form',
            ['action' => new \moodle_url('/admin/tool/policy/accept.php')]);
        echo \html_writer::empty_tag('input', ['type' => 'hidden', 'name' => 'sesskey', 'value' => sesskey()]);
        echo \html_writer::empty_tag('input', ['type' => 'hidden', 'name' => 'returnurl',
            'value' => $this->get_return_url()]);
        foreach (array_keys($this->versionids) as $versionid) {
            echo \html_writer::empty_tag('input', ['type' => 'hidden', 'name' => 'versionids[]',
                'value' => $versionid]);
        }
    }

    /**
     * Hook that can be overridden in child classes to wrap a table in a form
     * for example. Called only when there is data to display and not
     * downloading.
     */
    public function wrap_html_finish() {
        global $PAGE;
        if ($this->canagreeany) {
            echo \html_writer::empty_tag('input', ['type' => 'hidden', 'name' => 'action', 'value' => 'accept']);
            echo \html_writer::empty_tag('input', ['type' => 'submit', 'data-action' => 'acceptmodal',
                'value' => get_string('consentbulk', 'tool_policy'), 'class' => 'btn btn-primary mt-1']);
            $PAGE->requires->js_call_amd('tool_policy/acceptmodal', 'getInstance', [\context_system::instance()->id]);
        }
        echo "</form>\n";
    }

    /**
     * Render the table.
     */
    public function display() {
        $this->out(100, true);
    }

    /**
     * Call appropriate methods on this table class to perform any processing on values before displaying in table.
     * Takes raw data from the database and process it into human readable format, perhaps also adding html linking when
     * displaying table as html, adding a div wrap, etc.
     *
     * See for example col_fullname below which will be called for a column whose name is 'fullname'.
     *
     * @param array|object $row row of data from db used to make one row of the table.
     * @return array one row for the table, added using add_data_keyed method.
     */
    public function format_row($row) {
        \context_helper::preload_from_record($row);
        $row->canaccept = false;
        $row->user = \user_picture::unalias($row, [], $this->useridfield);
        $row->select = null;
        if (!$this->is_downloading()) {
            if (has_capability('tool/policy:acceptbehalf', \context_system::instance()) ||
                has_capability('tool/policy:acceptbehalf', \context_user::instance($row->id))) {
                $row->canaccept = true;
                $row->select = \html_writer::empty_tag('input',
                    ['type' => 'checkbox', 'name' => 'userids[]', 'value' => $row->id, 'class' => 'usercheckbox',
                    'id' => 'selectuser' . $row->id]) .
                \html_writer::tag('label', get_string('selectuser', 'tool_policy', $this->username($row->user, false)),
                    ['for' => 'selectuser' . $row->id, 'class' => 'accesshide']);
                $this->canagreeany = true;
            }
        }
        return parent::format_row($row);
    }

    /**
     * Get the column fullname value.
     *
     * @param stdClass $row
     * @return string
     */
    public function col_fullname($row) {
        global $OUTPUT;
        $userpic = $this->is_downloading() ? '' : $OUTPUT->user_picture($row->user);
        return $userpic . $this->username($row->user, true);
    }

    /**
     * User name with a link to profile
     *
     * @param stdClass $user
     * @param bool $profilelink show link to profile (when we are downloading never show links)
     * @return string
     */
    protected function username($user, $profilelink = true) {
        $canviewfullnames = has_capability('moodle/site:viewfullnames', \context_system::instance()) ||
            has_capability('moodle/site:viewfullnames', \context_user::instance($user->id));
        $name = fullname($user, $canviewfullnames);
        if (!$this->is_downloading() && $profilelink) {
            $profileurl = new \moodle_url('/user/profile.php', array('id' => $user->id));
            return \html_writer::link($profileurl, $name);
        }
        return $name;
    }

    /**
     * Helper.
     */
    protected function get_return_url() {
        $pageurl = $this->baseurl;
        if ($this->currpage) {
            $pageurl = new \moodle_url($pageurl, [$this->request[TABLE_VAR_PAGE] => $this->currpage]);
        }
        return $pageurl;
    }

    /**
     * Return agreement status
     *
     * @param int $versionid either id of an individual version or empty for overall status
     * @param stdClass $row
     * @return string
     */
    protected function status($versionid, $row) {
        $onbehalf = false;
        $versions = $versionid ? [$versionid => $this->versionids[$versionid]] : $this->versionids; // List of versions.
        $accepted = []; // List of versionids that user has accepted.
        $declined = [];

        foreach ($versions as $v => $name) {
            if ($row->{'status' . $v} !== null) {
                if (empty($row->{'status' . $v})) {
                    $declined[] = $v;
                } else {
                    $accepted[] = $v;
                }
                $agreedby = $row->{'usermodified' . $v};
                if ($agreedby && $agreedby != $row->id) {
                    $onbehalf = true;
                }
            }
        }

        $ua = new user_agreement($row->id, $accepted, $declined, $this->get_return_url(), $versions, $onbehalf, $row->canaccept);

        if ($this->is_downloading()) {
            return $ua->export_for_download();

        } else {
            return $this->output->render($ua);
        }
    }

    /**
     * Get the column timemodified value.
     *
     * @param stdClass $row
     * @return string
     */
    public function col_timemodified($row) {
        if ($row->timemodified) {
            if ($this->is_downloading()) {
                // Use timestamp format readable for both machines and humans.
< return date_format_string($row->timemodified, '%Y-%m-%d %H:%M:%S %Z');
> return date_format_string((int) $row->timemodified, '%Y-%m-%d %H:%M:%S %Z');
} else { // Use localised calendar format. return userdate($row->timemodified, get_string('strftimedatetime')); } } else { return null; } } /** * Get the column note value. * * @param stdClass $row * @return string */ public function col_note($row) { if ($this->is_downloading()) { return $row->note; } else { return format_text($row->note, FORMAT_MOODLE); } } /** * Get the column statusall value. * * @param stdClass $row * @return string */ public function col_statusall($row) { return $this->status(0, $row); } /** * Generate the country column. * * @param \stdClass $data * @return string */ public function col_country($data) { if ($data->country && $this->countries === null) { $this->countries = get_string_manager()->get_list_of_countries(); } if (!empty($this->countries[$data->country])) { return $this->countries[$data->country]; } return ''; } /** * You can override this method in a child class. See the description of * build_table which calls this method. * * @param string $column * @param stdClass $row * @return string */ public function other_cols($column, $row) { if (preg_match('/^status([\d]+)$/', $column, $matches)) { $versionid = $matches[1]; return $this->status($versionid, $row); } if (preg_match('/^usermodified([\d]+)$/', $column, $matches)) { if ($row->$column && $row->$column != $row->id) { $user = (object)['id' => $row->$column]; username_load_fields_from_object($user, $row, 'mod'); return $this->username($user, true); } return ''; // User agreed by themselves. } return parent::other_cols($column, $row); } }