Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

declare(strict_types=1);

namespace core_reportbuilder\local\helpers;

use cache;
> use context; use core_collator; > use context_system;
use core_component; use core_plugin_manager; use core_reportbuilder\local\audiences\base; use core_reportbuilder\local\models\audience as audience_model; /** * Class containing report audience helper methods * * @package core_reportbuilder * @copyright 2021 David Matamoros <davidmc@moodle.com> * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class audience { /** * Return audience instances for a given report. Note that any records pointing to invalid audience types will be excluded * * @param int $reportid * @return base[] */ public static function get_base_records(int $reportid): array { $records = audience_model::get_records(['reportid' => $reportid], 'id'); $instances = array_map(static function(audience_model $audience): ?base { return base::instance(0, $audience->to_record()); }, $records); // Filter and remove null elements (invalid audience types). return array_filter($instances); } /**
< * Returns list of reports that the specified user can access. Note this is potentially very expensive to calculate if a
> * Returns list of report IDs that the specified user can access, based on audience configuration. This can be expensive if the
* site has lots of reports, with lots of audiences, so we cache the result for the duration of the users session * * @param int|null $userid User ID to check, or the current user if omitted
< * @return array
> * @return int[]
*/ public static function get_allowed_reports(?int $userid = null): array { global $USER, $DB; $userid = $userid ?: (int) $USER->id; // Prepare cache, if we previously stored the users allowed reports then return that. $cache = cache::make('core', 'reportbuilder_allowed_reports'); $cachedreports = $cache->get($userid); if ($cachedreports !== false) { return $cachedreports; } $allowedreports = []; $reportaudiences = []; // Retrieve all audiences and group them by report for convenience. $audiences = audience_model::get_records(); foreach ($audiences as $audience) { $reportaudiences[$audience->get('reportid')][] = $audience; } foreach ($reportaudiences as $reportid => $audiences) { // Generate audience SQL based on those for the current report. [$wheres, $params] = self::user_audience_sql($audiences);
< $allwheres = implode(' OR ', $wheres);
> if (count($wheres) === 0) { > continue; > }
$paramuserid = database::generate_param_name(); $params[$paramuserid] = $userid; $sql = "SELECT DISTINCT(u.id) FROM {user} u
< WHERE ({$allwheres})
> WHERE (" . implode(' OR ', $wheres) . ") > AND u.deleted = 0
AND u.id = :{$paramuserid}"; // If we have a matching record, user can view the report. if ($DB->record_exists_sql($sql, $params)) { $allowedreports[] = $reportid; } } // Store users allowed reports in cache. $cache->set($userid, $allowedreports); return $allowedreports; } /** * Purge the audience cache of allowed reports */ public static function purge_caches(): void { cache::make('core', 'reportbuilder_allowed_reports')->purge(); } /**
< * Generate SQL select clause and params for selecting reports specified user can access
> * Generate SQL select clause and params for selecting reports specified user can access, based on audience configuration
* * @param string $reporttablealias * @param int|null $userid User ID to check, or the current user if omitted * @return array */ public static function user_reports_list_sql(string $reporttablealias, ?int $userid = null): array { global $DB; $allowedreports = self::get_allowed_reports($userid); if (empty($allowedreports)) { return ['1=0', []]; } // Get all sql audiences. $prefix = database::generate_param_name() . '_'; [$select, $params] = $DB->get_in_or_equal($allowedreports, SQL_PARAMS_NAMED, $prefix); $sql = "{$reporttablealias}.id {$select}"; return [$sql, $params]; } /**
< * Return list of report ID's specified user can access
> * Return list of report ID's specified user can access, based on audience configuration
* * @param int|null $userid User ID to check, or the current user if omitted * @return int[] */ public static function user_reports_list(?int $userid = null): array { global $DB; [$select, $params] = self::user_reports_list_sql('rb', $userid); $sql = "SELECT rb.id FROM {reportbuilder_report} rb WHERE {$select}"; return $DB->get_fieldset_sql($sql, $params); } /**
> * Returns SQL to limit the list of reports to those that the given user has access to * Return appropriate list of where clauses and params for given audiences > * * > * - A user with 'editall' capability will have access to all reports * @param audience_model[] $audiences > * - A user with 'edit' capability will have access to: * @param string $usertablealias > * - Those reports this user has created * @return array[] [$wheres, $params] > * - Those reports this user is in audience of */ > * - A user with 'view' capability will have access to: public static function user_audience_sql(array $audiences, string $usertablealias = 'u'): array { > * - Those reports this user is in audience of $wheres = $params = []; > * > * @param string $reporttablealias foreach ($audiences as $audience) { > * @param int|null $userid User ID to check, or the current user if omitted if ($instance = base::instance(0, $audience->to_record())) { > * @param context|null $context $instancetablealias = database::generate_alias(); > * @return array [$instancejoin, $instancewhere, $instanceparams] = $instance->get_sql($instancetablealias); > */ > public static function user_reports_list_access_sql( $wheres[] = "{$usertablealias}.id IN ( > string $reporttablealias, SELECT {$instancetablealias}.id > ?int $userid = null, FROM {user} {$instancetablealias} > ?context $context = null {$instancejoin} > ): array { WHERE {$instancewhere} > global $DB, $USER; )"; > $params += $instanceparams; > if ($context === null) { } > $context = context_system::instance(); } > } > return [$wheres, $params]; > // If user can't view all reports, limit the returned list to those reports they can see. } > if (!has_capability('moodle/reportbuilder:editall', $context, $userid)) { > $reports = self::user_reports_list($userid); /** > * Returns the list of audiences types in the system. > [$paramprefix, $paramuserid] = database::generate_param_names(2); * > [$reportselect, $params] = $DB->get_in_or_equal($reports, SQL_PARAMS_NAMED, "{$paramprefix}_", true, null); * @return array > */ > $where = "{$reporttablealias}.id {$reportselect}"; private static function get_audience_types(): array { > $sources = []; > // User can also see any reports that they can edit. > if (has_capability('moodle/reportbuilder:edit', $context, $userid)) { $audiences = core_component::get_component_classes_in_namespace(null, 'reportbuilder\\audience'); > $where = "({$reporttablealias}.usercreated = :{$paramuserid} OR {$where})"; foreach ($audiences as $class => $path) { > $params[$paramuserid] = $userid ?? $USER->id; $audienceclass = $class::instance(); > } if (is_subclass_of($class, base::class) && $audienceclass->user_can_add()) { > [$component] = explode('\\', $class); > return [$where, $params]; > } if ($plugininfo = core_plugin_manager::instance()->get_plugin_info($component)) { > $componentname = $plugininfo->displayname; > return ['1=1', []]; } else { > } $componentname = get_string('site'); > } > /**
$sources[$componentname][$class] = $audienceclass->get_name(); } } return $sources; } /** * Get all the audiences types the current user can add to, organised by categories. * * @return array
> * */ > * @deprecated since Moodle 4.1 - please do not use this function any more, {@see custom_report_audience_cards_exporter}
public static function get_all_audiences_menu_types(): array {
> debugging('The function ' . __FUNCTION__ . '() is deprecated, please do not use it any more. ' . $menucardsarray = []; > 'See \'custom_report_audience_cards_exporter\' class for replacement', DEBUG_DEVELOPER); $notavailablestr = get_string('notavailable', 'moodle'); >
$audiencetypes = self::get_audience_types(); $audiencetypeindex = 0; foreach ($audiencetypes as $categoryname => $audience) { $menucards = [ 'name' => $categoryname, 'key' => 'index' . ++$audiencetypeindex, ]; foreach ($audience as $classname => $name) { $class = $classname::instance(); $title = $class->is_available() ? get_string('addaudience', 'core_reportbuilder', $class->get_name()) : $notavailablestr; $menucard['title'] = $title; $menucard['name'] = $class->get_name(); $menucard['disabled'] = !$class->is_available(); $menucard['identifier'] = get_class($class); $menucard['action'] = 'add-audience'; $menucards['items'][] = $menucard; } // Order audience types on each category alphabetically. core_collator::asort_array_of_arrays_by_key($menucards['items'], 'name'); $menucards['items'] = array_values($menucards['items']); $menucardsarray[] = $menucards; } return $menucardsarray; } }