Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
  • Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.

Differences Between: [Versions 400 and 402]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  declare(strict_types=1);
  18  
  19  namespace core_reportbuilder;
  20  
  21  use context;
  22  use context_system;
  23  use core_reportbuilder\local\helpers\audience;
  24  use core_reportbuilder\local\models\report;
  25  use core_reportbuilder\local\report\base;
  26  
  27  /**
  28   * Report permission class
  29   *
  30   * @package     core_reportbuilder
  31   * @copyright   2021 Paul Holden <paulh@moodle.com>
  32   * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  33   */
  34  class permission {
  35  
  36      /**
  37       * Require given user can view reports list
  38       *
  39       * @param int|null $userid User ID to check, or the current user if omitted
  40       * @param context|null $context
  41       * @throws report_access_exception
  42       */
  43      public static function require_can_view_reports_list(?int $userid = null, ?context $context = null): void {
  44          if (!static::can_view_reports_list($userid, $context)) {
  45              throw new report_access_exception();
  46          }
  47      }
  48  
  49      /**
  50       * Whether given user can view reports list
  51       *
  52       * @param int|null $userid User ID to check, or the current user if omitted
  53       * @param context|null $context
  54       * @return bool
  55       */
  56      public static function can_view_reports_list(?int $userid = null, ?context $context = null): bool {
  57          global $CFG;
  58  
  59          if ($context === null) {
  60              $context = context_system::instance();
  61          }
  62  
  63          return !empty($CFG->enablecustomreports) && has_any_capability([
  64              'moodle/reportbuilder:editall',
  65              'moodle/reportbuilder:edit',
  66              'moodle/reportbuilder:view',
  67          ], $context, $userid);
  68      }
  69  
  70      /**
  71       * Require given user can view report
  72       *
  73       * @param report $report
  74       * @param int|null $userid User ID to check, or the current user if omitted
  75       * @throws report_access_exception
  76       */
  77      public static function require_can_view_report(report $report, ?int $userid = null): void {
  78          if (!static::can_view_report($report, $userid)) {
  79              throw new report_access_exception('errorreportview');
  80          }
  81      }
  82  
  83      /**
  84       * Whether given user can view report
  85       *
  86       * @param report $report
  87       * @param int|null $userid User ID to check, or the current user if omitted
  88       * @return bool
  89       */
  90      public static function can_view_report(report $report, ?int $userid = null): bool {
  91          if (!static::can_view_reports_list($userid, $report->get_context())) {
  92              return false;
  93          }
  94  
  95          if (self::can_edit_report($report, $userid)) {
  96              return true;
  97          }
  98  
  99          $reports = audience::user_reports_list($userid);
 100          return in_array($report->get('id'), $reports);
 101      }
 102  
 103      /**
 104       * Require given user can edit report
 105       *
 106       * @param report $report
 107       * @param int|null $userid User ID to check, or the current user if omitted
 108       * @throws report_access_exception
 109       */
 110      public static function require_can_edit_report(report $report, ?int $userid = null): void {
 111          if (!static::can_edit_report($report, $userid)) {
 112              throw new report_access_exception('errorreportedit');
 113          }
 114      }
 115  
 116      /**
 117       * Whether given user can edit report
 118       *
 119       * @param report $report
 120       * @param int|null $userid User ID to check, or the current user if omitted
 121       * @return bool
 122       */
 123      public static function can_edit_report(report $report, ?int $userid = null): bool {
 124          global $CFG, $USER;
 125  
 126          if (empty($CFG->enablecustomreports)) {
 127              return false;
 128          }
 129  
 130          // We can only edit custom reports.
 131          if ($report->get('type') !== base::TYPE_CUSTOM_REPORT) {
 132              return false;
 133          }
 134  
 135          // To edit their own reports, users must have either of the 'edit' or 'editall' capabilities. For reports belonging
 136          // to other users, they must have the specific 'editall' capability.
 137          $userid = $userid ?: (int) $USER->id;
 138          if ($report->get('usercreated') === $userid) {
 139              return has_any_capability([
 140                  'moodle/reportbuilder:edit',
 141                  'moodle/reportbuilder:editall',
 142              ], $report->get_context(), $userid);
 143          } else {
 144              return has_capability('moodle/reportbuilder:editall', $report->get_context(), $userid);
 145          }
 146      }
 147  
 148      /**
 149       * Whether given user can create a new report
 150       *
 151       * @param int|null $userid User ID to check, or the current user if omitted
 152       * @param context|null $context
 153       * @return bool
 154       */
 155      public static function can_create_report(?int $userid = null, ?context $context = null): bool {
 156          global $CFG;
 157  
 158          if ($context === null) {
 159              $context = context_system::instance();
 160          }
 161  
 162          return !empty($CFG->enablecustomreports) && has_any_capability([
 163              'moodle/reportbuilder:edit',
 164              'moodle/reportbuilder:editall',
 165          ], $context, $userid) && !manager::report_limit_reached();
 166      }
 167  
 168      /**
 169       * Require given user can create a new report
 170       *
 171       * @param int|null $userid User ID to check, or the current user if omitted
 172       * @param context|null $context
 173       * @throws report_access_exception
 174       */
 175      public static function require_can_create_report(?int $userid = null, ?context $context = null): void {
 176          if (!static::can_create_report($userid, $context)) {
 177              throw new report_access_exception('errorreportcreate');
 178          }
 179      }
 180  }