Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 401 and 402] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - https://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <https://www.gnu.org/licenses/>.
  16  
  17  namespace core_user\external;
  18  
  19  /**
  20   * Provides the core_user_search_identity external function.
  21   *
  22   * @package     core_user
  23   * @category    external
  24   * @copyright   2021 David Mudrák <david@moodle.com>
  25   * @license     https://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  26   */
  27  class search_identity extends \external_api {
  28  
  29      /**
  30       * Describes the external function parameters.
  31       *
  32       * @return \external_function_parameters
  33       */
  34      public static function execute_parameters(): \external_function_parameters {
  35          return new \external_function_parameters([
  36              'query' => new \external_value(PARAM_RAW, 'The search query', VALUE_REQUIRED),
  37          ]);
  38      }
  39  
  40      /**
  41       * Finds users with the identity matching the given query.
  42       *
  43       * @param string $query The search request.
  44       * @return array
  45       */
  46      public static function execute(string $query): array {
  47          global $DB, $CFG;
  48  
  49          $params = \external_api::validate_parameters(self::execute_parameters(), [
  50              'query' => $query,
  51          ]);
  52          $query = clean_param($params['query'], PARAM_TEXT);
  53  
  54          // Validate context.
  55          $context = \context_system::instance();
  56          self::validate_context($context);
  57          require_capability('moodle/user:viewalldetails', $context);
  58  
  59          $hasviewfullnames = has_capability('moodle/site:viewfullnames', $context);
  60  
  61          $fields = \core_user\fields::for_name()->with_identity($context, false);
  62          $extrafields = $fields->get_required_fields([\core_user\fields::PURPOSE_IDENTITY]);
  63  
  64          list($searchsql, $searchparams) = users_search_sql($query, '', true, $extrafields);
  65          list($sortsql, $sortparams) = users_order_by_sql('', $query, $context);
  66          $params = array_merge($searchparams, $sortparams);
  67  
  68          $rs = $DB->get_recordset_select('user', $searchsql, $params, $sortsql,
  69              'id' . $fields->get_sql()->selects, 0, $CFG->maxusersperpage + 1);
  70  
  71          $count = 0;
  72          $list = [];
  73  
  74          foreach ($rs as $record) {
  75              $user = (object)[
  76                  'id' => $record->id,
  77                  'fullname' => fullname($record, $hasviewfullnames),
  78                  'extrafields' => [],
  79              ];
  80  
  81              foreach ($extrafields as $extrafield) {
  82                  // Sanitize the extra fields to prevent potential XSS exploit.
  83                  $user->extrafields[] = (object)[
  84                      'name' => $extrafield,
  85                      'value' => s($record->$extrafield)
  86                  ];
  87              }
  88  
  89              $count++;
  90  
  91              if ($count <= $CFG->maxusersperpage) {
  92                  $list[$record->id] = $user;
  93              }
  94          }
  95  
  96          $rs->close();
  97  
  98          return [
  99              'list' => $list,
 100              'maxusersperpage' => $CFG->maxusersperpage,
 101              'overflow' => ($count > $CFG->maxusersperpage),
 102          ];
 103      }
 104  
 105      /**
 106       * Describes the external function result value.
 107       *
 108       * @return \external_description
 109       */
 110      public static function execute_returns(): \external_description {
 111  
 112          return new \external_single_structure([
 113              'list' => new \external_multiple_structure(
 114                  new \external_single_structure([
 115                      'id' => new \external_value(\core_user::get_property_type('id'), 'ID of the user'),
 116                      // The output of the {@see fullname()} can contain formatting HTML such as <ruby> tags.
 117                      // So we need PARAM_RAW here and the caller is supposed to render it appropriately.
 118                      'fullname' => new \external_value(PARAM_RAW, 'The fullname of the user'),
 119                      'extrafields' => new \external_multiple_structure(
 120                          new \external_single_structure([
 121                              'name' => new \external_value(PARAM_TEXT, 'Name of the extrafield.'),
 122                              'value' => new \external_value(PARAM_TEXT, 'Value of the extrafield.'),
 123                          ]), 'List of extra fields', VALUE_OPTIONAL)
 124                  ])
 125              ),
 126              'maxusersperpage' => new \external_value(PARAM_INT, 'Configured maximum users per page.'),
 127              'overflow' => new \external_value(PARAM_BOOL, 'Were there more records than maxusersperpage found?'),
 128          ]);
 129      }
 130  }