Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
- Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
- PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
/user/ -> action_redir.php (source)
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401] [Versions 401 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Wrapper script redirecting user operations to correct destination. 19 * 20 * @copyright 1999 Martin Dougiamas http://dougiamas.com 21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 22 * @package core_user 23 */ 24 25 require_once("../config.php"); 26 require_once($CFG->dirroot . '/course/lib.php'); 27 28 $formaction = required_param('formaction', PARAM_LOCALURL); 29 $id = required_param('id', PARAM_INT); 30 31 $PAGE->set_url('/user/action_redir.php', array('formaction' => $formaction, 'id' => $id)); 32 list($formaction) = explode('?', $formaction, 2); 33 34 // This page now only handles the bulk enrolment change actions, other actions are done with ajax. 35 $actions = array('bulkchange.php'); 36 37 if (array_search($formaction, $actions) === false) { 38 throw new \moodle_exception('unknownuseraction'); 39 } 40 41 if (!confirm_sesskey()) { 42 throw new \moodle_exception('confirmsesskeybad'); 43 } 44 45 if ($formaction == 'bulkchange.php') { 46 // Backwards compatibility for enrolment plugins bulk change functionality. 47 // This awful code is adapting from the participant page with it's param names and values 48 // to the values expected by the bulk enrolment changes forms. 49 $formaction = required_param('formaction', PARAM_URL); 50 require_once($CFG->dirroot . '/enrol/locallib.php'); 51 52 $url = new moodle_url($formaction); 53 // Get the enrolment plugin type and bulk action from the url. 54 $plugin = $url->param('plugin'); 55 $operationname = $url->param('operation'); 56 $dataformat = $url->param('dataformat'); 57 58 $course = $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); 59 $context = context_course::instance($id); 60 $PAGE->set_context($context); 61 62 $userids = optional_param_array('userid', array(), PARAM_INT); 63 $default = new moodle_url('/user/index.php', ['id' => $course->id]); 64 $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_LOCALURL)); 65 66 if (empty($userids)) { 67 $userids = optional_param_array('bulkuser', array(), PARAM_INT); 68 } 69 if (empty($userids)) { 70 // The first time list hack. 71 if (empty($userids) and $post = data_submitted()) { 72 foreach ($post as $k => $v) { 73 if (preg_match('/^user(\d+)$/', $k, $m)) { 74 $userids[] = $m[1]; 75 } 76 } 77 } 78 } 79 80 if (empty($plugin) AND $operationname == 'download_participants') { 81 // Check permissions. 82 $pagecontext = ($course->id == SITEID) ? context_system::instance() : $context; 83 if (course_can_view_participants($pagecontext)) { 84 $plugins = core_plugin_manager::instance()->get_plugins_of_type('dataformat'); 85 if (isset($plugins[$dataformat])) { 86 if ($plugins[$dataformat]->is_enabled()) { 87 if (empty($userids)) { 88 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 89 } 90 91 $columnnames = array( 92 'firstname' => get_string('firstname'), 93 'lastname' => get_string('lastname'), 94 ); 95 96 // Get the list of fields we have to hide. 97 $hiddenfields = []; 98 if (!has_capability('moodle/course:viewhiddenuserfields', $context)) { 99 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields)); 100 } 101 102 // Retrieve all identity fields required for users. 103 $userfieldsapi = \core_user\fields::for_identity($context); 104 $userfields = $userfieldsapi->get_sql('u', true); 105 106 $identityfields = array_keys($userfields->mappings); 107 foreach ($identityfields as $field) { 108 $columnnames[$field] = \core_user\fields::get_display_name($field); 109 } 110 111 // Ensure users are enrolled in this course context, further limiting them by selected userids. 112 [$enrolledsql, $enrolledparams] = get_enrolled_sql($context); 113 [$useridsql, $useridparams] = $DB->get_in_or_equal($userids, SQL_PARAMS_NAMED, 'userid'); 114 [$userordersql, $userorderparams] = users_order_by_sql('u', null, $context); 115 116 $params = array_merge($userfields->params, $enrolledparams, $useridparams, $userorderparams); 117 118 // If user can only view their own groups then they can only export users from those groups too. 119 $groupmode = groups_get_course_groupmode($course); 120 if ($groupmode == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $context)) { 121 $groups = groups_get_all_groups($course->id, $USER->id, 0, 'g.id'); 122 $groupids = array_column($groups, 'id'); 123 124 [$groupmembersql, $groupmemberparams] = groups_get_members_ids_sql($groupids, $context); 125 $params = array_merge($params, $groupmemberparams); 126 127 $groupmemberjoin = "JOIN ({$groupmembersql}) jg ON jg.id = u.id"; 128 } else { 129 $groupmemberjoin = ''; 130 } 131 132 // Add column for groups if the user can view them. 133 if (!isset($hiddenfields['groups'])) { 134 $columnnames['groupnames'] = get_string('groups'); 135 $userfields->selects .= ', gcn.groupnames'; 136 137 [$groupconcatnamesql, $groupconcatnameparams] = groups_get_names_concat_sql($course->id); 138 $groupconcatjoin = "LEFT JOIN ({$groupconcatnamesql}) gcn ON gcn.userid = u.id"; 139 $params = array_merge($params, $groupconcatnameparams); 140 } else { 141 $groupconcatjoin = ''; 142 } 143 144 $sql = "SELECT u.firstname, u.lastname {$userfields->selects} 145 FROM {user} u 146 {$userfields->joins} 147 JOIN ({$enrolledsql}) je ON je.id = u.id 148 {$groupmemberjoin} 149 {$groupconcatjoin} 150 WHERE u.id {$useridsql} 151 ORDER BY {$userordersql}"; 152 153 $rs = $DB->get_recordset_sql($sql, $params); 154 155 // Provide callback to pre-process all records ensuring user identity fields are escaped if HTML supported. 156 \core\dataformat::download_data( 157 'courseid_' . $course->id . '_participants', 158 $dataformat, 159 $columnnames, 160 $rs, 161 function(stdClass $record, bool $supportshtml) use ($identityfields): stdClass { 162 if ($supportshtml) { 163 foreach ($identityfields as $identityfield) { 164 $record->{$identityfield} = s($record->{$identityfield}); 165 } 166 } 167 168 return $record; 169 } 170 ); 171 $rs->close(); 172 } 173 } 174 } 175 } else { 176 $instances = enrol_get_instances($course->id, false); 177 $instance = false; 178 foreach ($instances as $oneinstance) { 179 if ($oneinstance->enrol == $plugin) { 180 $instance = $oneinstance; 181 break; 182 } 183 } 184 if (!$instance) { 185 throw new \moodle_exception('errorwithbulkoperation', 'enrol'); 186 } 187 188 $manager = new course_enrolment_manager($PAGE, $course, $instance->id); 189 $plugins = $manager->get_enrolment_plugins(); 190 191 if (!isset($plugins[$plugin])) { 192 throw new \moodle_exception('errorwithbulkoperation', 'enrol'); 193 } 194 195 $plugin = $plugins[$plugin]; 196 197 $operations = $plugin->get_bulk_operations($manager); 198 199 if (!isset($operations[$operationname])) { 200 throw new \moodle_exception('errorwithbulkoperation', 'enrol'); 201 } 202 $operation = $operations[$operationname]; 203 204 if (empty($userids)) { 205 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 206 } 207 208 $users = $manager->get_users_enrolments($userids); 209 210 $removed = array_diff($userids, array_keys($users)); 211 if (!empty($removed)) { 212 // This manager does not filter by enrolment method - so we can get the removed users details. 213 $removedmanager = new course_enrolment_manager($PAGE, $course); 214 $removedusers = $removedmanager->get_users_enrolments($removed); 215 216 foreach ($removedusers as $removeduser) { 217 $msg = get_string('userremovedfromselectiona', 'enrol', fullname($removeduser)); 218 \core\notification::warning($msg); 219 } 220 } 221 222 // We may have users from any kind of enrolment, we need to filter for the enrolment plugin matching the bulk action. 223 $matchesplugin = function($user) use ($plugin) { 224 foreach ($user->enrolments as $enrolment) { 225 if ($enrolment->enrolmentplugin->get_name() == $plugin->get_name()) { 226 return true; 227 } 228 } 229 return false; 230 }; 231 $filteredusers = array_filter($users, $matchesplugin); 232 233 if (empty($filteredusers)) { 234 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 235 } 236 237 $users = $filteredusers; 238 239 // Get the form for the bulk operation. 240 $mform = $operation->get_form($PAGE->url, array('users' => $users)); 241 // If the mform is false then attempt an immediate process. This may be an immediate action that 242 // doesn't require user input OR confirmation.... who know what but maybe one day. 243 if ($mform === false) { 244 if ($operation->process($manager, $users, new stdClass)) { 245 redirect($returnurl); 246 } else { 247 throw new \moodle_exception('errorwithbulkoperation', 'enrol'); 248 } 249 } 250 // Check if the bulk operation has been cancelled. 251 if ($mform->is_cancelled()) { 252 redirect($returnurl); 253 } 254 if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) { 255 if ($operation->process($manager, $users, $mform->get_data())) { 256 redirect($returnurl); 257 } 258 } 259 260 $pagetitle = get_string('bulkuseroperation', 'enrol'); 261 262 $PAGE->set_title($pagetitle); 263 $PAGE->set_heading($pagetitle); 264 echo $OUTPUT->header(); 265 echo $OUTPUT->heading($operation->get_title()); 266 $mform->display(); 267 echo $OUTPUT->footer(); 268 exit(); 269 } 270 } else { 271 throw new coding_exception('invalidaction'); 272 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
