Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 311 and 403] [Versions 400 and 403] [Versions 401 and 403] [Versions 402 and 403]

   1  <?php
   2  // This file is part of Moodle - https://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <https://www.gnu.org/licenses/>.
  16  
  17  namespace core_user\external;
  18  
  19  use core_external\external_api;
  20  use core_external\external_description;
  21  use core_external\external_function_parameters;
  22  use core_external\external_multiple_structure;
  23  use core_external\external_single_structure;
  24  use core_external\external_value;
  25  
  26  /**
  27   * Provides the core_user_search_identity external function.
  28   *
  29   * @package     core_user
  30   * @category    external
  31   * @copyright   2021 David Mudrák <david@moodle.com>
  32   * @license     https://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  33   */
  34  class search_identity extends external_api {
  35  
  36      /**
  37       * Describes the external function parameters.
  38       *
  39       * @return external_function_parameters
  40       */
  41      public static function execute_parameters(): external_function_parameters {
  42          return new external_function_parameters([
  43              'query' => new external_value(PARAM_RAW, 'The search query', VALUE_REQUIRED),
  44          ]);
  45      }
  46  
  47      /**
  48       * Finds users with the identity matching the given query.
  49       *
  50       * @param string $query The search request.
  51       * @return array
  52       */
  53      public static function execute(string $query): array {
  54          global $DB, $CFG;
  55  
  56          $params = external_api::validate_parameters(self::execute_parameters(), [
  57              'query' => $query,
  58          ]);
  59          $query = clean_param($params['query'], PARAM_TEXT);
  60  
  61          // Validate context.
  62          $context = \context_system::instance();
  63          self::validate_context($context);
  64          require_capability('moodle/user:viewalldetails', $context);
  65  
  66          $hasviewfullnames = has_capability('moodle/site:viewfullnames', $context);
  67  
  68          $fields = \core_user\fields::for_name()->with_identity($context, false);
  69          $extrafields = $fields->get_required_fields([\core_user\fields::PURPOSE_IDENTITY]);
  70  
  71          list($searchsql, $searchparams) = users_search_sql($query, '', USER_SEARCH_CONTAINS, $extrafields);
  72          list($sortsql, $sortparams) = users_order_by_sql('', $query, $context);
  73          $params = array_merge($searchparams, $sortparams);
  74  
  75          $rs = $DB->get_recordset_select('user', $searchsql, $params, $sortsql,
  76              'id' . $fields->get_sql()->selects, 0, $CFG->maxusersperpage + 1);
  77  
  78          $count = 0;
  79          $list = [];
  80  
  81          foreach ($rs as $record) {
  82              $user = (object)[
  83                  'id' => $record->id,
  84                  'fullname' => fullname($record, $hasviewfullnames),
  85                  'extrafields' => [],
  86              ];
  87  
  88              foreach ($extrafields as $extrafield) {
  89                  // Sanitize the extra fields to prevent potential XSS exploit.
  90                  $user->extrafields[] = (object)[
  91                      'name' => $extrafield,
  92                      'value' => s($record->$extrafield)
  93                  ];
  94              }
  95  
  96              $count++;
  97  
  98              if ($count <= $CFG->maxusersperpage) {
  99                  $list[$record->id] = $user;
 100              }
 101          }
 102  
 103          $rs->close();
 104  
 105          return [
 106              'list' => $list,
 107              'maxusersperpage' => $CFG->maxusersperpage,
 108              'overflow' => ($count > $CFG->maxusersperpage),
 109          ];
 110      }
 111  
 112      /**
 113       * Describes the external function result value.
 114       *
 115       * @return external_description
 116       */
 117      public static function execute_returns(): external_description {
 118  
 119          return new external_single_structure([
 120              'list' => new external_multiple_structure(
 121                  new external_single_structure([
 122                      'id' => new external_value(\core_user::get_property_type('id'), 'ID of the user'),
 123                      // The output of the {@see fullname()} can contain formatting HTML such as <ruby> tags.
 124                      // So we need PARAM_RAW here and the caller is supposed to render it appropriately.
 125                      'fullname' => new external_value(PARAM_RAW, 'The fullname of the user'),
 126                      'extrafields' => new external_multiple_structure(
 127                          new external_single_structure([
 128                              'name' => new external_value(PARAM_TEXT, 'Name of the extrafield.'),
 129                              'value' => new external_value(PARAM_TEXT, 'Value of the extrafield.'),
 130                          ]), 'List of extra fields', VALUE_OPTIONAL)
 131                  ])
 132              ),
 133              'maxusersperpage' => new external_value(PARAM_INT, 'Configured maximum users per page.'),
 134              'overflow' => new external_value(PARAM_BOOL, 'Were there more records than maxusersperpage found?'),
 135          ]);
 136      }
 137  }