"MDL-14651, disable ajax chat room by default"
[moodle.git] / admin / roles / define.php
CommitLineData
f4acee5d 1<?php // $Id$
2
3///////////////////////////////////////////////////////////////////////////
4// //
5// NOTICE OF COPYRIGHT //
6// //
7// Moodle - Modular Object-Oriented Dynamic Learning Environment //
8// http://moodle.org //
9// //
10// Copyright (C) 1999 onwards Martin Dougiamas http://dougiamas.com //
11// //
12// This program is free software; you can redistribute it and/or modify //
13// it under the terms of the GNU General Public License as published by //
14// the Free Software Foundation; either version 2 of the License, or //
15// (at your option) any later version. //
16// //
17// This program is distributed in the hope that it will be useful, //
18// but WITHOUT ANY WARRANTY; without even the implied warranty of //
19// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
20// GNU General Public License for more details: //
21// //
22// http://www.gnu.org/copyleft/gpl.html //
23// //
24///////////////////////////////////////////////////////////////////////////
25
26/**
27 * Lets the user edit role definitions.
28 *
29 * Responds to actions:
30 * add - add a new role
31 * edit - edit the definition of a role
32 * view - view the definition of a role
33 *
34 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
35 * @package roles
36 *//** */
37
38 require_once(dirname(__FILE__) . '/../../config.php');
39 require_once($CFG->dirroot . '/' . $CFG->admin . '/roles/lib.php');
40
41 $action = required_param('action', PARAM_ALPHA);
42 if ($action != 'add') {
43 $roleid = required_param('roleid', PARAM_INTEGER);
44 } else {
45 $roleid = 0;
46 }
47
48/// Get the base URL for this and related pages into a convenient variable.
49 $manageurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/manage.php';
50 $baseurl = $CFG->wwwroot . '/' . $CFG->admin . '/roles/define.php';
51
52/// Check access permissions.
53 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
54 require_login();
55 require_capability('moodle/role:manage', $systemcontext);
56 admin_externalpage_setup('defineroles');
57
58/// Handle the cancel button.
59 if (optional_param('cancel', false, PARAM_BOOL)) {
60 redirect($manageurl);
61 }
62
63/// Handle the toggle advanced mode button.
64 $showadvanced = get_user_preferences('definerole_showadvanced', false);
65 if (optional_param('toggleadvanced', false, PARAM_BOOL)) {
66 $showadvanced = !$showadvanced;
67 set_user_preference('definerole_showadvanced', $showadvanced);
68 }
69
70/// Get some basic data we are going to need.
71 $roles = get_all_roles();
72 $rolescount = count($roles);
73
74 $allcontextlevels = array(
75 CONTEXT_SYSTEM => get_string('coresystem'),
76 CONTEXT_USER => get_string('user'),
77 CONTEXT_COURSECAT => get_string('category'),
78 CONTEXT_COURSE => get_string('course'),
79 CONTEXT_MODULE => get_string('activitymodule'),
80 CONTEXT_BLOCK => get_string('block')
81 );
82
83/// Create the table object.
84 if ($action == 'view') {
85 $definitiontable = new view_role_definition_table($systemcontext, $roleid);
86 } else if ($showadvanced) {
87 $definitiontable = new define_role_table_advanced($systemcontext, $roleid);
88 } else {
89 $definitiontable = new define_role_table_basic($systemcontext, $roleid);
90 }
91 $definitiontable->read_submitted_permissions();
92
93/// form processing, editing a role, adding a role, deleting a role etc.
94 $errors = array();
95 $newrole = false;
96
97 $name = optional_param('name', '', PARAM_MULTILANG); // new role name
98 $shortname = optional_param('shortname', '', PARAM_RAW); // new role shortname, special cleaning before storage
99 $description = optional_param('description', '', PARAM_CLEAN); // new role desc
100
101 if (optional_param('savechanges', false, PARAM_BOOL) && confirm_sesskey()) {
102 switch ($action) {
103 case 'add':
104
105 $shortname = textlib_get_instance()->specialtoascii($shortname);
106
107 $shortname = moodle_strtolower(clean_param($shortname, PARAM_ALPHANUMEXT)); // only lowercase safe ASCII characters
108 $legacytype = required_param('legacytype', PARAM_RAW);
109
110 $legacyroles = get_legacy_roles();
111 if (!array_key_exists($legacytype, $legacyroles)) {
112 $legacytype = '';
113 }
114
115 if (empty($name)) {
116 $errors['name'] = get_string('errorbadrolename', 'role');
117 } else if ($DB->count_records('role', array('name'=>$name))) {
118 $errors['name'] = get_string('errorexistsrolename', 'role');
119 }
120
121 if (empty($shortname)) {
122 $errors['shortname'] = get_string('errorbadroleshortname', 'role');
123 } else if ($DB->count_records('role', array('shortname'=>$shortname))) {
124 $errors['shortname'] = get_string('errorexistsroleshortname', 'role');
125 }
126
127 if (empty($errors)) {
128 $newroleid = create_role($name, $shortname, $description);
129
130 // set proper legacy type
131 if (!empty($legacytype)) {
132 assign_capability($legacyroles[$legacytype], CAP_ALLOW, $newroleid, $systemcontext->id);
133 }
134
135 } else {
136 $newrole = new object();
137 $newrole->name = $name;
138 $newrole->shortname = $shortname;
139 $newrole->description = $description;
140 $newrole->legacytype = $legacytype;
141 }
142
143 $newcontextlevels = array();
144 foreach (array_keys($allcontextlevels) as $cl) {
145 if (optional_param('contextlevel' . $cl, false, PARAM_BOOL)) {
146 $newcontextlevels[$cl] = $cl;
147 }
148 }
149 if (empty($errors)) {
150 set_role_contextlevels($newroleid, $newcontextlevels);
151 }
152
153 $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
154 $capabilities = fetch_context_capabilities($systemcontext); // capabilities applicable in this context
155
156 foreach ($capabilities as $cap) {
157 if (!isset($data->{$cap->name})) {
158 continue;
159 }
160
161 // legacy caps have their own selector
162 if (is_legacy($data->{$cap->name})) {
163 continue;
164 }
165
166 $capname = $cap->name;
167 $value = clean_param($data->{$cap->name}, PARAM_INT);
168 if (!in_array($value, $allowed_values)) {
169 continue;
170 }
171
172 if (empty($errors)) {
173 assign_capability($capname, $value, $newroleid, $systemcontext->id);
174 } else {
175 $newrole->$capname = $value;
176 }
177 }
178
179 // added a role sitewide...
180 mark_context_dirty($systemcontext->path);
181
182 if (empty($errors)) {
183 $rolename = $DB->get_field('role', 'name', array('id'=>$newroleid));
184 add_to_log(SITEID, 'role', 'add', 'admin/roles/manage.php?action=add', $rolename, '', $USER->id);
185 redirect('manage.php');
186 }
187
188 break;
189
190 case 'edit':
191 $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
192 $legacytype = required_param('legacytype', PARAM_RAW);
193
194 $legacyroles = get_legacy_roles();
195 if (!array_key_exists($legacytype, $legacyroles)) {
196 $legacytype = '';
197 }
198
199 if (empty($name)) {
200 $errors['name'] = get_string('errorbadrolename', 'role');
201 } else if ($rs = $DB->get_records('role', array('name'=>$name))) {
202 unset($rs[$roleid]);
203 if (!empty($rs)) {
204 $errors['name'] = get_string('errorexistsrolename', 'role');
205 }
206 }
207
208 if (empty($shortname)) {
209 $errors['shortname'] = get_string('errorbadroleshortname', 'role');
210 } else if ($rs = $DB->get_records('role', array('shortname'=>$shortname))) {
211 unset($rs[$roleid]);
212 if (!empty($rs)) {
213 $errors['shortname'] = get_string('errorexistsroleshortname', 'role');
214 }
215 }
216 if (!empty($errors)) {
217 $newrole = new object();
218 $newrole->name = $name;
219 $newrole->shortname = $shortname;
220 $newrole->description = $description;
221 $newrole->legacytype = $legacytype;
222 }
223
224 $newcontextlevels = array();
225 foreach (array_keys($allcontextlevels) as $cl) {
226 if (optional_param('contextlevel' . $cl, false, PARAM_BOOL)) {
227 $newcontextlevels[$cl] = $cl;
228 }
229 }
230 if (empty($errors)) {
231 set_role_contextlevels($roleid, $newcontextlevels);
232 }
233
234 $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
235 $capabilities = fetch_context_capabilities($systemcontext); // capabilities applicable in this context
236
237 foreach ($capabilities as $cap) {
238 if (!isset($data->{$cap->name})) {
239 continue;
240 }
241
242 // legacy caps have their own selector
243 if (is_legacy($data->{$cap->name}) === 0 ) {
244 continue;
245 }
246
247 $capname = $cap->name;
248 $value = clean_param($data->{$cap->name}, PARAM_INT);
249 if (!in_array($value, $allowed_values)) {
250 continue;
251 }
252
253 if (!empty($errors)) {
254 $newrole->$capname = $value;
255 continue;
256 }
257
258 // edit default caps
259 $SQL = "SELECT *
260 FROM {role_capabilities}
261 WHERE roleid = ? AND capability = ?
262 AND contextid = ?";
263 $params = array($roleid, $capname, $systemcontext->id);
264
265 $localoverride = $DB->get_record_sql($SQL, $params);
266
267 if ($localoverride) { // update current overrides
268 if ($value == CAP_INHERIT) { // inherit = delete
269 unassign_capability($capname, $roleid, $systemcontext->id);
270
271 } else {
272 $localoverride->permission = $value;
273 $localoverride->timemodified = time();
274 $localoverride->modifierid = $USER->id;
275 $DB->update_record('role_capabilities', $localoverride);
276 }
277 } else { // insert a record
278 if ($value != CAP_INHERIT) {
279 assign_capability($capname, $value, $roleid, $systemcontext->id);
280 }
281 }
282
283 }
284
285 if (empty($errors)) {
286 // update normal role settings
287 $role->id = $roleid;
288 $role->name = $name;
289 $role->shortname = $shortname;
290 $role->description = $description;
291
292 if (!$DB->update_record('role', $role)) {
293 print_error('cannotupdaterole', 'error');
294 }
295
296 // set proper legacy type
297 foreach($legacyroles as $ltype=>$lcap) {
298 if ($ltype == $legacytype) {
299 assign_capability($lcap, CAP_ALLOW, $roleid, $systemcontext->id);
300 } else {
301 unassign_capability($lcap, $roleid);
302 }
303 }
304
305 // edited a role sitewide...
306 mark_context_dirty($systemcontext->path);
307 add_to_log(SITEID, 'role', 'edit', 'admin/roles/manage.php?action=edit&roleid='.$role->id, $role->name, '', $USER->id);
308
309 redirect('manage.php');
310 }
311
312 // edited a role sitewide - with errors, but still...
313 mark_context_dirty($systemcontext->path);
314 }
315 }
316
317 $rolenames = role_fix_names($roles, $systemcontext, ROLENAME_ORIGINAL);
318
319/// Print the page header and tabs.
320 admin_externalpage_print_header();
321
322 $currenttab = 'manage';
323 include_once('managetabs.php');
324
325 if ($action == 'add') {
326 $title = get_string('addinganewrole', 'role');
327 } else if ($action == 'view') {
328 $title = get_string('viewingdefinitionofrolex', 'role', $rolenames[$roleid]->localname);
329 } else if ($action == 'edit') {
330 $title = get_string('editingrolex', 'role', $rolenames[$roleid]->localname);
331 }
332 print_heading_with_help($title, 'roles');
333
334/// Display the role definition, either read-only, or for editing.
335 if ($action == 'add') {
336 $roleid = 0;
337 if (empty($errors) or empty($newrole)) {
338 $role = new object();
339 $role->name = '';
340 $role->shortname = '';
341 $role->description = '';
342 $role->legacytype = '';
343 $rolecontextlevels = array();
344 } else {
345 $role = $newrole;
346 $rolecontextlevels = $newcontextlevels;
347 }
348 } else if ($action == 'edit' and !empty($errors) and !empty($newrole)) {
349 $role = $newrole;
350 $rolecontextlevels = $newcontextlevels;
351 } else {
352 if(!$role = $DB->get_record('role', array('id'=>$roleid))) {
353 print_error('wrongroleid', 'error');
354 }
355 $role->legacytype = get_legacy_type($role->id);
356 $rolecontextlevels = get_role_contextlevels($roleid);
357 }
358
359
360 if ($action == 'view') {
361 echo '<div class="selector">';
362 popup_form('manage.php?action=view&amp;roleid=', $roleoptions, 'switchrole', $roleid, '', '', '',
363 false, 'self', get_string('selectrole', 'role'));
364
365 echo '<div class="buttons">';
366
367 $legacytype = get_legacy_type($roleid);
368 $options = array();
369 $options['roleid'] = $roleid;
370 $options['action'] = 'edit';
371 print_single_button('manage.php', $options, get_string('edit'));
372 $options['action'] = 'reset';
373 if (empty($legacytype)) {
374 print_single_button('manage.php', $options, get_string('resetrolenolegacy', 'role'));
375 } else {
376 print_single_button('manage.php', $options, get_string('resetrole', 'role'));
377 }
378 $options['action'] = 'duplicate';
379 print_single_button('manage.php', $options, get_string('duplicaterole', 'role'));
380 print_single_button('manage.php', null, get_string('listallroles', 'role'));
381 echo '</div>';
382 echo '</div>';
383 }
384
385 print_box_start('generalbox boxwidthwide boxaligncenter');
386 $definitiontable->display();
387 print_box_end();
388
389 admin_externalpage_print_footer();
390?>