Differences Between: [Versions 400 and 402]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 declare(strict_types=1); 18 19 namespace core_reportbuilder; 20 21 use context; 22 use context_system; 23 use core_reportbuilder\local\helpers\audience; 24 use core_reportbuilder\local\models\report; 25 use core_reportbuilder\local\report\base; 26 27 /** 28 * Report permission class 29 * 30 * @package core_reportbuilder 31 * @copyright 2021 Paul Holden <paulh@moodle.com> 32 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 33 */ 34 class permission { 35 36 /** 37 * Require given user can view reports list 38 * 39 * @param int|null $userid User ID to check, or the current user if omitted 40 * @param context|null $context 41 * @throws report_access_exception 42 */ 43 public static function require_can_view_reports_list(?int $userid = null, ?context $context = null): void { 44 if (!static::can_view_reports_list($userid, $context)) { 45 throw new report_access_exception(); 46 } 47 } 48 49 /** 50 * Whether given user can view reports list 51 * 52 * @param int|null $userid User ID to check, or the current user if omitted 53 * @param context|null $context 54 * @return bool 55 */ 56 public static function can_view_reports_list(?int $userid = null, ?context $context = null): bool { 57 global $CFG; 58 59 if ($context === null) { 60 $context = context_system::instance(); 61 } 62 63 return !empty($CFG->enablecustomreports) && has_any_capability([ 64 'moodle/reportbuilder:editall', 65 'moodle/reportbuilder:edit', 66 'moodle/reportbuilder:view', 67 ], $context, $userid); 68 } 69 70 /** 71 * Require given user can view report 72 * 73 * @param report $report 74 * @param int|null $userid User ID to check, or the current user if omitted 75 * @throws report_access_exception 76 */ 77 public static function require_can_view_report(report $report, ?int $userid = null): void { 78 if (!static::can_view_report($report, $userid)) { 79 throw new report_access_exception('errorreportview'); 80 } 81 } 82 83 /** 84 * Whether given user can view report 85 * 86 * @param report $report 87 * @param int|null $userid User ID to check, or the current user if omitted 88 * @return bool 89 */ 90 public static function can_view_report(report $report, ?int $userid = null): bool { 91 if (!static::can_view_reports_list($userid, $report->get_context())) { 92 return false; 93 } 94 95 if (self::can_edit_report($report, $userid)) { 96 return true; 97 } 98 99 $reports = audience::user_reports_list($userid); 100 return in_array($report->get('id'), $reports); 101 } 102 103 /** 104 * Require given user can edit report 105 * 106 * @param report $report 107 * @param int|null $userid User ID to check, or the current user if omitted 108 * @throws report_access_exception 109 */ 110 public static function require_can_edit_report(report $report, ?int $userid = null): void { 111 if (!static::can_edit_report($report, $userid)) { 112 throw new report_access_exception('errorreportedit'); 113 } 114 } 115 116 /** 117 * Whether given user can edit report 118 * 119 * @param report $report 120 * @param int|null $userid User ID to check, or the current user if omitted 121 * @return bool 122 */ 123 public static function can_edit_report(report $report, ?int $userid = null): bool { 124 global $CFG, $USER; 125 126 if (empty($CFG->enablecustomreports)) { 127 return false; 128 } 129 130 // We can only edit custom reports. 131 if ($report->get('type') !== base::TYPE_CUSTOM_REPORT) { 132 return false; 133 } 134 135 // To edit their own reports, users must have either of the 'edit' or 'editall' capabilities. For reports belonging 136 // to other users, they must have the specific 'editall' capability. 137 $userid = $userid ?: (int) $USER->id; 138 if ($report->get('usercreated') === $userid) { 139 return has_any_capability([ 140 'moodle/reportbuilder:edit', 141 'moodle/reportbuilder:editall', 142 ], $report->get_context(), $userid); 143 } else { 144 return has_capability('moodle/reportbuilder:editall', $report->get_context(), $userid); 145 } 146 } 147 148 /** 149 * Whether given user can create a new report 150 * 151 * @param int|null $userid User ID to check, or the current user if omitted 152 * @param context|null $context 153 * @return bool 154 */ 155 public static function can_create_report(?int $userid = null, ?context $context = null): bool { 156 global $CFG; 157 158 if ($context === null) { 159 $context = context_system::instance(); 160 } 161 162 return !empty($CFG->enablecustomreports) && has_any_capability([ 163 'moodle/reportbuilder:edit', 164 'moodle/reportbuilder:editall', 165 ], $context, $userid) && !manager::report_limit_reached(); 166 } 167 168 /** 169 * Require given user can create a new report 170 * 171 * @param int|null $userid User ID to check, or the current user if omitted 172 * @param context|null $context 173 * @throws report_access_exception 174 */ 175 public static function require_can_create_report(?int $userid = null, ?context $context = null): void { 176 if (!static::can_create_report($userid, $context)) { 177 throw new report_access_exception('errorreportcreate'); 178 } 179 } 180 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body