Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403] [Versions 402 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Wrapper script redirecting user operations to correct destination.
  19   *
  20   * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  21   * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   * @package core_user
  23   */
  24  
  25  require_once("../config.php");
  26  require_once($CFG->dirroot . '/course/lib.php');
  27  
  28  $formaction = required_param('formaction', PARAM_LOCALURL);
  29  $id = required_param('id', PARAM_INT);
  30  
  31  $PAGE->set_url('/user/action_redir.php', array('formaction' => $formaction, 'id' => $id));
  32  list($formaction) = explode('?', $formaction, 2);
  33  
  34  // This page now only handles the bulk enrolment change actions, other actions are done with ajax.
  35  $actions = array('bulkchange.php');
  36  
  37  if (array_search($formaction, $actions) === false) {
  38      throw new \moodle_exception('unknownuseraction');
  39  }
  40  
  41  if (!confirm_sesskey()) {
  42      throw new \moodle_exception('confirmsesskeybad');
  43  }
  44  
  45  if ($formaction == 'bulkchange.php') {
  46      // Backwards compatibility for enrolment plugins bulk change functionality.
  47      // This awful code is adapting from the participant page with it's param names and values
  48      // to the values expected by the bulk enrolment changes forms.
  49      $formaction = required_param('formaction', PARAM_URL);
  50      require_once($CFG->dirroot . '/enrol/locallib.php');
  51  
  52      $url = new moodle_url($formaction);
  53      // Get the enrolment plugin type and bulk action from the url.
  54      $plugin = $url->param('plugin');
  55      $operationname = $url->param('operation');
  56      $dataformat = $url->param('dataformat');
  57  
  58      $course = $DB->get_record('course', array('id' => $id), '*', MUST_EXIST);
  59      $context = context_course::instance($id);
  60      $PAGE->set_context($context);
  61  
  62      $userids = optional_param_array('userid', array(), PARAM_INT);
  63      $default = new moodle_url('/user/index.php', ['id' => $course->id]);
  64      $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_LOCALURL));
  65  
  66      if (empty($userids)) {
  67          $userids = optional_param_array('bulkuser', array(), PARAM_INT);
  68      }
  69      if (empty($userids)) {
  70          // The first time list hack.
  71          if (empty($userids) and $post = data_submitted()) {
  72              foreach ($post as $k => $v) {
  73                  if (preg_match('/^user(\d+)$/', $k, $m)) {
  74                      $userids[] = $m[1];
  75                  }
  76              }
  77          }
  78      }
  79  
  80      if (empty($plugin) AND $operationname == 'download_participants') {
  81          // Check permissions.
  82          $pagecontext = ($course->id == SITEID) ? context_system::instance() : $context;
  83          if (course_can_view_participants($pagecontext)) {
  84              $plugins = core_plugin_manager::instance()->get_plugins_of_type('dataformat');
  85              if (isset($plugins[$dataformat])) {
  86                  if ($plugins[$dataformat]->is_enabled()) {
  87                      if (empty($userids)) {
  88                          redirect($returnurl, get_string('noselectedusers', 'bulkusers'));
  89                      }
  90  
  91                      $columnnames = array(
  92                          'firstname' => get_string('firstname'),
  93                          'lastname' => get_string('lastname'),
  94                      );
  95  
  96                      // Get the list of fields we have to hide.
  97                      $hiddenfields = [];
  98                      if (!has_capability('moodle/course:viewhiddenuserfields', $context)) {
  99                          $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
 100                      }
 101  
 102                      // Retrieve all identity fields required for users.
 103                      $userfieldsapi = \core_user\fields::for_identity($context);
 104                      $userfields = $userfieldsapi->get_sql('u', true);
 105  
 106                      $identityfields = array_keys($userfields->mappings);
 107                      foreach ($identityfields as $field) {
 108                          $columnnames[$field] = \core_user\fields::get_display_name($field);
 109                      }
 110  
 111                      // Ensure users are enrolled in this course context, further limiting them by selected userids.
 112                      [$enrolledsql, $enrolledparams] = get_enrolled_sql($context);
 113                      [$useridsql, $useridparams] = $DB->get_in_or_equal($userids, SQL_PARAMS_NAMED, 'userid');
 114                      [$userordersql, $userorderparams] = users_order_by_sql('u', null, $context);
 115  
 116                      $params = array_merge($userfields->params, $enrolledparams, $useridparams, $userorderparams);
 117  
 118                      // If user can only view their own groups then they can only export users from those groups too.
 119                      $groupmode = groups_get_course_groupmode($course);
 120                      if ($groupmode == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $context)) {
 121                          $groups = groups_get_all_groups($course->id, $USER->id, 0, 'g.id');
 122                          $groupids = array_column($groups, 'id');
 123  
 124                          [$groupmembersql, $groupmemberparams] = groups_get_members_ids_sql($groupids, $context);
 125                          $params = array_merge($params, $groupmemberparams);
 126  
 127                          $groupmemberjoin = "JOIN ({$groupmembersql}) jg ON jg.id = u.id";
 128                      } else {
 129                          $groupmemberjoin = '';
 130                      }
 131  
 132                      // Add column for groups if the user can view them.
 133                      if (!isset($hiddenfields['groups'])) {
 134                          $columnnames['groupnames'] = get_string('groups');
 135                          $userfields->selects .= ', gcn.groupnames';
 136  
 137                          [$groupconcatnamesql, $groupconcatnameparams] = groups_get_names_concat_sql($course->id);
 138                          $groupconcatjoin = "LEFT JOIN ({$groupconcatnamesql}) gcn ON gcn.userid = u.id";
 139                          $params = array_merge($params, $groupconcatnameparams);
 140                      } else {
 141                          $groupconcatjoin = '';
 142                      }
 143  
 144                      $sql = "SELECT u.firstname, u.lastname {$userfields->selects}
 145                                FROM {user} u
 146                                     {$userfields->joins}
 147                                JOIN ({$enrolledsql}) je ON je.id = u.id
 148                                     {$groupmemberjoin}
 149                                     {$groupconcatjoin}
 150                               WHERE u.id {$useridsql}
 151                            ORDER BY {$userordersql}";
 152  
 153                      $rs = $DB->get_recordset_sql($sql, $params);
 154  
 155                      // Provide callback to pre-process all records ensuring user identity fields are escaped if HTML supported.
 156                      \core\dataformat::download_data(
 157                          'courseid_' . $course->id . '_participants',
 158                          $dataformat,
 159                          $columnnames,
 160                          $rs,
 161                          function(stdClass $record, bool $supportshtml) use ($identityfields): stdClass {
 162                              if ($supportshtml) {
 163                                  foreach ($identityfields as $identityfield) {
 164                                      $record->{$identityfield} = s($record->{$identityfield});
 165                                  }
 166                              }
 167  
 168                              return $record;
 169                          }
 170                      );
 171                      $rs->close();
 172                  }
 173              }
 174          }
 175      } else {
 176          $instances = enrol_get_instances($course->id, false);
 177          $instance = false;
 178          foreach ($instances as $oneinstance) {
 179              if ($oneinstance->enrol == $plugin) {
 180                  $instance = $oneinstance;
 181                  break;
 182              }
 183          }
 184          if (!$instance) {
 185              throw new \moodle_exception('errorwithbulkoperation', 'enrol');
 186          }
 187  
 188          $manager = new course_enrolment_manager($PAGE, $course, $instance->id);
 189          $plugins = $manager->get_enrolment_plugins();
 190  
 191          if (!isset($plugins[$plugin])) {
 192              throw new \moodle_exception('errorwithbulkoperation', 'enrol');
 193          }
 194  
 195          $plugin = $plugins[$plugin];
 196  
 197          $operations = $plugin->get_bulk_operations($manager);
 198  
 199          if (!isset($operations[$operationname])) {
 200              throw new \moodle_exception('errorwithbulkoperation', 'enrol');
 201          }
 202          $operation = $operations[$operationname];
 203  
 204          if (empty($userids)) {
 205              redirect($returnurl, get_string('noselectedusers', 'bulkusers'));
 206          }
 207  
 208          $users = $manager->get_users_enrolments($userids);
 209  
 210          $removed = array_diff($userids, array_keys($users));
 211          if (!empty($removed)) {
 212              // This manager does not filter by enrolment method - so we can get the removed users details.
 213              $removedmanager = new course_enrolment_manager($PAGE, $course);
 214              $removedusers = $removedmanager->get_users_enrolments($removed);
 215  
 216              foreach ($removedusers as $removeduser) {
 217                  $msg = get_string('userremovedfromselectiona', 'enrol', fullname($removeduser));
 218                  \core\notification::warning($msg);
 219              }
 220          }
 221  
 222          // We may have users from any kind of enrolment, we need to filter for the enrolment plugin matching the bulk action.
 223          $matchesplugin = function($user) use ($plugin) {
 224              foreach ($user->enrolments as $enrolment) {
 225                  if ($enrolment->enrolmentplugin->get_name() == $plugin->get_name()) {
 226                      return true;
 227                  }
 228              }
 229              return false;
 230          };
 231          $filteredusers = array_filter($users, $matchesplugin);
 232  
 233          // If the bulk operation is deleting enrolments, we exclude in any case the current user as it was probably a mistake.
 234          if ($operationname === 'deleteselectedusers' && (!in_array($USER->id, $removed))) {
 235              \core\notification::warning(get_string('userremovedfromselectiona', 'enrol', fullname($USER)));
 236              unset($filteredusers[$USER->id]);
 237          }
 238  
 239          if (empty($filteredusers)) {
 240              redirect($returnurl, get_string('noselectedusers', 'bulkusers'));
 241          }
 242  
 243          $users = $filteredusers;
 244  
 245          // Get the form for the bulk operation.
 246          $mform = $operation->get_form($PAGE->url, array('users' => $users));
 247          // If the mform is false then attempt an immediate process. This may be an immediate action that
 248          // doesn't require user input OR confirmation.... who know what but maybe one day.
 249          if ($mform === false) {
 250              if ($operation->process($manager, $users, new stdClass)) {
 251                  redirect($returnurl);
 252              } else {
 253                  throw new \moodle_exception('errorwithbulkoperation', 'enrol');
 254              }
 255          }
 256          // Check if the bulk operation has been cancelled.
 257          if ($mform->is_cancelled()) {
 258              redirect($returnurl);
 259          }
 260          if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) {
 261              if ($operation->process($manager, $users, $mform->get_data())) {
 262                  redirect($returnurl);
 263              }
 264          }
 265  
 266          $pagetitle = get_string('bulkuseroperation', 'enrol');
 267  
 268          $PAGE->set_title($pagetitle);
 269          $PAGE->set_heading($pagetitle);
 270          echo $OUTPUT->header();
 271          echo $OUTPUT->heading($operation->get_title());
 272          $mform->display();
 273          echo $OUTPUT->footer();
 274          exit();
 275      }
 276  } else {
 277      throw new coding_exception('invalidaction');
 278  }