Major code cleanup of this report (that started as a small code cleanup). None of...
[moodle.git] / lib / accesslib.php
CommitLineData
bbbf2d40 1<?php
2 /* capability session information format
3 * 2 x 2 array
4 * [context][capability]
5 * where context is the context id of the table 'context'
6 * and capability is a string defining the capability
7 * e.g.
8 *
9 * [Capabilities] => [26][mod/forum:viewpost] = 1
10 * [26][mod/forum:startdiscussion] = -8990
11 * [26][mod/forum:editallpost] = -1
12 * [273][moodle:blahblah] = 1
13 * [273][moodle:blahblahblah] = 2
14 */
15
16
17// permission definitions
18define('CAP_ALLOW', 1);
19define('CAP_PREVENT', -1);
20define('CAP_PROHIBIT', -1000);
21
22
23// context definitions
24define('CONTEXT_SYSTEM', 10);
25define('CONTEXT_PERSONAL', 20);
26define('CONTEXT_USERID', 30);
27define('CONTEXT_COURSECAT', 40);
28define('CONTEXT_COURSE', 50);
29define('CONTEXT_GROUP', 60);
30define('CONTEXT_MODULE', 70);
31define('CONTEXT_BLOCK', 80);
32
33
34/**
35 * This functions get all the course categories in proper order
36 * @param int $contextid
37 * @param int $type
38 * @return array of contextids
39 */
40function get_parent_cats($contextid, $type) {
98882637 41
42 $parents = array();
43 $context = get_record('context', 'id', $contextid);
44
45 switch($type) {
46
47 case CONTEXT_COURSECAT:
48
49 $cat = get_record('course_categories','id',$context->instanceid);
50 while ($cat->parent) {
51
52 $context = get_context_instance(CONTEXT_COURSECAT, $cat->parent);
53 $parents[] = $context->id;
54 $cat = get_record('course_categories','id',$cat->parent);
55 }
56
57 break;
58
59 case CONTEXT_COURSE:
60
61 $course = get_record('course', 'id', $context->instanceid);
62 $cat = get_record('course_categories','id',$course->category);
63 $catinstance = get_context_instance(CONTEXT_COURSECAT, $course->category);
64 $parents[] = $catinstance->id;
65
66 // what to do with cat 0?
67 while ($cat->parent) {
68 $context = get_context_instance(CONTEXT_COURSECAT, $cat->parent);
69 $parents[] = $context->id;
70 $cat = get_record('course_categories','id',$cat->parent);
71 }
72 break;
73
74 default:
75 break;
76
77 }
78
79 return array_reverse($parents);
bbbf2d40 80}
81
82
83/* Functions for Roles & Capabilites */
84
85
86/**
87 * This function returns whether the current user has the capability of performing a function
88 * For example, we can do has_capability('mod/forum:replypost',$cm) in forum
89 * only one of the 4 (moduleinstance, courseid, site, userid) would be set at 1 time
90 * This is a recursive funciton.
91 * Might change to require_capability, and throw an error if not authorized.
92 * @uses $USER
93 * @param string $capability - name of the capability
94 * @param int $contextid
95 * @param kill bool - if set, kill when the user has no capability
96 * @return bool
97 */
98function has_capability($capability, $contextid, $kill=false, $userid=NULL) {
99
98882637 100 global $USER;
bbbf2d40 101
98882637 102 if ($userid && $userid != $USER->id) { // loading other user's capability
103 $capabilities = load_user_capability($capability, $contextid, $userid);
104 } else {
105 $capabilities = $USER->capabilities;
106 }
bbbf2d40 107
98882637 108 $context = get_record('context','id',$contextid);
bbbf2d40 109
98882637 110 // Check site
111 $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
112 if (isset($capabilities[$sitecontext->id]['moodle/site:doanything'])) {
113 return ($capabilities[$sitecontext->id]['moodle/site:doanything']);
114 }
115
116 switch (context_level($contextid)) {
bbbf2d40 117
118 case CONTEXT_COURSECAT:
98882637 119 // Check parent cats.
120 $parentcats = get_parent_cats($contextid, CONTEXT_COURSECAT);
121 foreach ($parentcats as $parentcat) {
122 if (isset($capabilities[$parentcat]['moodle/site:doanything'])) {
123 return ($capabilities[$parentcat]['moodle/site:doanything']);
124 }
125 }
bbbf2d40 126 break;
127
128 case CONTEXT_COURSE:
98882637 129 // Check parent cat.
130 $parentcats = get_parent_cats($contextid, CONTEXT_COURSE);
131
132 foreach ($parentcats as $parentcat) {
133 if (isset($capabilities[$parentcat]['do_anything'])) {
134 return ($capabilities[$parentcat]['do_anything']);
135 }
136 }
bbbf2d40 137 break;
138
139 case CONTEXT_GROUP:
98882637 140 // Find course.
141 $group = get_record('groups','id',$context->instanceid);
bbbf2d40 142 $courseinstance = get_context_instance(CONTEXT_COURSE, $group->courseid);
98882637 143
144 $parentcats = get_parent_cats($courseinstance->id, CONTEXT_COURSE);
145 foreach ($parentcats as $parentcat) {
146 if (isset($capabilities[$parentcat->id]['do_anything'])) {
147 return ($capabilities[$parentcat->id]['do_anything']);
148 }
149 }
150
151 $coursecontext = '';
152 if (isset($capabilities[$courseinstance->id]['do_anything'])) {
153 return ($capabilities[$courseinstance->id]['do_anything']);
154 }
155
bbbf2d40 156 break;
157
158 case CONTEXT_MODULE:
159 // Find course.
160 $cm = get_record('course_modules', 'id', $context->instanceid);
98882637 161 $courseinstance = get_context_instance(CONTEXT_COURSE, $cm->course);
bbbf2d40 162
98882637 163 if ($parentcats = get_parent_cats($courseinstance->id, CONTEXT_COURSE)) {
164 foreach ($parentcats as $parentcat) {
165 if (isset($capabilities[$parentcat]['do_anything'])) {
166 return ($capabilities[$parentcat]['do_anything']);
167 }
168 }
169 }
170
171 if (isset($capabilities[$courseinstance->id]['do_anything'])) {
172 return ($capabilities[$courseinstance->id]['do_anything']);
173 }
bbbf2d40 174
175 break;
176
177 case CONTEXT_BLOCK:
178 // 1 to 1 to course.
179 // Find course.
180 $block = get_record('block_instance','id',$context->instanceid);
181 $courseinstance = get_context_instance(CONTEXT_COURSE, $block->pageid); // needs check
98882637 182
183 $parentcats = get_parent_cats($courseinstance->id, CONTEXT_COURSE);
184 foreach ($parentcats as $parentcat) {
185 if (isset($capabilities[$parentcat]['do_anything'])) {
186 return ($capabilities[$parentcat]['do_anything']);
187 }
188 }
189
190 if (isset($capabilities[$courseinstance->id]['do_anything'])) {
191 return ($capabilities[$courseinstance->id]['do_anything']);
192 }
bbbf2d40 193 break;
194
195 default:
196 // CONTEXT_SYSTEM: CONTEXT_PERSONAL: CONTEXT_USERID:
197 // Do nothing.
198 break;
98882637 199 }
bbbf2d40 200
98882637 201 // Last: check self.
202 if (isset($capabilities[$contextid]['do_anything'])) {
203 return ($capabilities[$contextid]['do_anything']);
204 }
205
206 // do_anything has not been set, we now look for it the normal way.
207 return capability_search($capability, $contextid, $kill, $capabilities);
bbbf2d40 208
209}
210
211
212/**
213 * In a separate function so that we won't have to deal with do_anything.
214 * again. Used by function has_capability.
215 * @param $capability - capability string
216 * @param $contextid - the context id
217 * @param $kill - boolean. Error out and exit if the user doesn't have the
218 * capability?
219 * @param $capabilities - either $USER->capability or loaded array
220 * @return permission (int)
221 */
222function capability_search($capability, $contextid, $kill=false, $capabilities) {
223 global $USER, $CFG;
224
225 if ($CFG->debug) {
98882637 226 notify("We are looking for $capability in context $contextid", 'notifytiny');
bbbf2d40 227 }
228
229 if (isset($capabilities[$contextid][$capability])) {
230 return ($capabilities[$contextid][$capability]);
231 }
232
233 /* Then, we check the cache recursively */
234 $context = get_record('context','id',$contextid); // shared
98882637 235 $permission = 0;
236
bbbf2d40 237 switch (context_level($contextid)) {
238
239 case CONTEXT_SYSTEM: // by now it's a definite an inherit
240 $permission = 0;
241 break;
242
243 case CONTEXT_PERSONAL:
244 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
245 $permission = (capability_search($capability, $parent->id, false, $capabilities));
246 break;
247
248 case CONTEXT_USERID:
249 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
250 $permission = (capability_search($capability, $parent->id, false, $capabilities));
251 break;
252
253 case CONTEXT_COURSECAT: // Coursecat -> coursecat or site
254 $coursecat = get_record('course_categories','id',$context->instanceid);
255 if ($coursecat->parent) { // return parent value if exist
256 $parent = get_context_instance(CONTEXT_COURSECAT, $coursecat->parent);
257 } else { // else return site value
258 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
259 }
260 $permission = (capability_search($capability, $parent->id, false, $capabilities));
261 break;
262
263 case CONTEXT_COURSE: // 1 to 1 to course cat
264 // find the course cat, and return its value
265 $course = get_record('course','id',$context->instanceid);
266 $parent = get_context_instance(CONTEXT_COURSECAT, $course->category);
267 $permission = (capability_search($capability, $parent->id, false, $capabilities));
268 break;
269
270 case CONTEXT_GROUP: // 1 to 1 to course
271 $group = get_record('groups','id',$context->instanceid);
272 $parent = get_context_instance(CONTEXT_COURSE, $group->courseid);
273 $permission = (capability_search($capability, $parent->id, false, $capabilities));
274 break;
275
276 case CONTEXT_MODULE: // 1 to 1 to course
277 $cm = get_record('course_modules','id',$context->instanceid);
278 $parent = get_context_instance(CONTEXT_COURSE, $cm->course);
279 $permission = (capability_search($capability, $parent->id, false, $capabilities));
280 break;
281
282 case CONTEXT_BLOCK: // 1 to 1 to course
283 $block = get_record('block_instance','id',$context->instanceid);
284 $parent = get_context_instance(CONTEXT_COURSE, $block->pageid); // needs check
285 $permission = (capability_search($capability, $parent->id, false, $capabilities));
286 break;
287
288 default:
289 error ('This is an unknown context!');
290 return false;
291 }
292
293 if ($kill && ($permission <= 0)) {
98882637 294 error ('You do not have the required capability '.$capability);
295 }
296 return $permission;
bbbf2d40 297}
298
299
300/**
301 * This function should be called immediately after a login, when $USER is set.
302 * It will build an array of all the capabilities at each level
303 * i.e. site/metacourse/course_category/course/moduleinstance
304 * Note we should only load capabilities if they are explicitly assigned already,
305 * we should not load all module's capability!
306 * @param $userid - the id of the user whose capabilities we want to load
307 * @return array
308 * possible just s simple 2D array with [contextid][capabilityname]
309 * [Capabilities] => [26][forum_post] = 1
310 * [26][forum_start] = -8990
311 * [26][forum_edit] = -1
312 * [273][blah blah] = 1
313 * [273][blah blah blah] = 2
314 */
315function load_user_capability($capability='', $contextid ='', $userid='') {
316
98882637 317 global $USER, $CFG;
bbbf2d40 318
319 if (empty($userid)) {
320 $userid = $USER->id;
321 } else {
98882637 322 $otheruserid = $userid;
bbbf2d40 323 }
324
325 if ($capability) {
98882637 326 $capsearch = ' AND rc.capability = '.$capability.' ';
bbbf2d40 327 } else {
98882637 328 $capsearch ='';
bbbf2d40 329 }
330 // First we generate a list of all relevant contexts of the user
331
98882637 332 if ($contextid) { // if context is specified
333 $context = get_record('context', 'id', $contextid);
334
335 $usercontexts = get_parent_contexts($context->id);
336 $listofcontexts = '('.implode(',', $usercontexts).')';
337 } else { // else, we load everything
338 $usercontexts = get_records('role_assignments','userid',$userid);
339 $listofcontexts = '(';
340 foreach ($usercontexts as $usercontext) {
341 $listofcontexts .= $usercontext->contextid;
342 $listofcontexts .= ',';
343 }
344 $listofcontexts = rtrim ($listofcontexts, ",");
345 $listofcontexts .= ')';
bbbf2d40 346 }
347
348 // Then we use 1 giant SQL to bring out all relevant capabilities.
349 // The first part gets the capabilities of orginal role.
350 // The second part gets the capabilities of overriden roles.
351
98882637 352 $siteinstance = get_context_instance(CONTEXT_SYSTEM, SITEID);
bbbf2d40 353
41811960 354 $SQL = " SELECT rc.capability, c1.id, (c1.level * 100) AS aggregatelevel,
bbbf2d40 355 SUM(rc.permission) AS sum
356 FROM
171948fd 357 {$CFG->prefix}role_assignments AS ra,
358 {$CFG->prefix}role_capabilities AS rc,
359 {$CFG->prefix}context AS c1
bbbf2d40 360 WHERE
171948fd 361 ra.contextid=c1.id AND
362 ra.roleid=rc.roleid AND
bbbf2d40 363 ra.userid=$userid AND
364 c1.id IN $listofcontexts AND
365 rc.contextid=$siteinstance->id
98882637 366 $capsearch
bbbf2d40 367 GROUP BY
41811960 368 rc.capability,aggregatelevel,c1.id
bbbf2d40 369 HAVING
41811960 370 SUM(rc.permission) != 0
bbbf2d40 371 UNION
372
41811960 373 SELECT rc.capability, c1.id, (c1.level * 100 + c2.level) AS aggregatelevel,
bbbf2d40 374 SUM(rc.permission) AS sum
375 FROM
171948fd 376 {$CFG->prefix}role_assignments AS ra,
377 {$CFG->prefix}role_capabilities AS rc,
378 {$CFG->prefix}context AS c1,
379 {$CFG->prefix}context AS c2
bbbf2d40 380 WHERE
171948fd 381 ra.contextid=c1.id AND
382 ra.roleid=rc.roleid AND
383 ra.userid=$userid AND
384 rc.contextid=c2.id AND
bbbf2d40 385 c1.id IN $listofcontexts AND
386 c2.id IN $listofcontexts AND rc.contextid != $siteinstance->id
387 $capsearch
388
389 GROUP BY
41811960 390 rc.capability, aggregatelevel, c1.id
bbbf2d40 391 HAVING
41811960 392 SUM(rc.permission) != 0
bbbf2d40 393 ORDER BY
41811960 394 aggregatelevel ASC
bbbf2d40 395 ";
396
bbbf2d40 397
98882637 398 $capabilities = array(); // Reinitialize.
399 $rs = get_recordset_sql($SQL);
400
bbbf2d40 401 if ($rs && $rs->RecordCount() > 0) {
402 while (!$rs->EOF) {
98882637 403 $array = $rs->fields;
404 $temprecord = new object;
405
406 foreach ($array as $key=>$val) {
407 $temprecord->{$key} = $val;
408 }
bbbf2d40 409 $capabilities[] = $temprecord;
410 $rs->MoveNext();
411 }
412 }
413
414 /* so up to this point we should have somethign like this
41811960 415 * $capabilities[1] ->aggregatelevel = 1000
bbbf2d40 416 ->module = SITEID
417 ->capability = do_anything
418 ->id = 1 (id is the context id)
419 ->sum = 0
420
41811960 421 * $capabilities[2] ->aggregatelevel = 1000
bbbf2d40 422 ->module = SITEID
423 ->capability = post_messages
424 ->id = 1
425 ->sum = -9000
426
41811960 427 * $capabilittes[3] ->aggregatelevel = 3000
bbbf2d40 428 ->module = course
429 ->capability = view_course_activities
430 ->id = 25
431 ->sum = 1
432
41811960 433 * $capabilittes[4] ->aggregatelevel = 3000
bbbf2d40 434 ->module = course
435 ->capability = view_course_activities
436 ->id = 26
437 ->sum = 0 (this is another course)
438
41811960 439 * $capabilities[5] ->aggregatelevel = 3050
bbbf2d40 440 ->module = course
441 ->capability = view_course_activities
442 ->id = 25 (override in course 25)
443 ->sum = -1
444 * ....
445 * now we proceed to write the session array, going from top to bottom
446 * at anypoint, we need to go up and check parent to look for prohibit
447 */
448 // print_object($capabilities);
449
450 /* This is where we write to the actualy capabilities array
451 * what we need to do from here on is
452 * going down the array from lowest level to highest level
453 * 1) recursively check for prohibit,
454 * if any, we write prohibit
455 * else, we write the value
456 * 2) at an override level, we overwrite current level
457 * if it's not set to prohibit already, and if different
458 * ........ that should be it ........
459 */
98882637 460 $usercap = array(); // for other user's capabilities
bbbf2d40 461 foreach ($capabilities as $capability) {
462
41811960 463 if (!empty($otheruserid)) { // we are pulling out other user's capabilities, do not write to session
98882637 464
465 if (capability_prohibits($capability->capability, $capability->id, $capability->sum, $usercap)) {
466 $usercap[$capability->id][$capability->capability] = -9000;
467 continue;
468 }
469
470 $usercap[$capability->id][$capability->capability] = $capability->sum;
471
472 } else {
473
474 if (capability_prohibits($capability->capability, $capability->id, $capability->sum)) { // if any parent or parent's parent is set to prohibit
475 $USER->capabilities[$capability->id][$capability->capability] = -9000;
476 continue;
477 }
478
479 // if no parental prohibit set
480 // just write to session, i am not sure this is correct yet
481 // since 3050 shows up after 3000, and 3070 shows up after 3050,
482 // it should be ok just to overwrite like this, provided that there's no
483 // parental prohibits
484 // no point writing 0, since 0 = inherit
485 // we need to write even if it's 0, because it could be an inherit override
486 $USER->capabilities[$capability->id][$capability->capability] = $capability->sum;
487 }
bbbf2d40 488 }
489
490 // now we don't care about the huge array anymore, we can dispose it.
491 unset($capabilities);
492
41811960 493 if (!empty($otheruseid)) {
98882637 494 return $usercap; // return the array
bbbf2d40 495 }
496 // see array in session to see what it looks like
497
498}
499
500
501/**
502 * This is a recursive function that checks whether the capability in this
503 * context, or the parent capabilities are set to prohibit.
504 *
505 * At this point, we can probably just use the values already set in the
506 * session variable, since we are going down the level. Any prohit set in
507 * parents would already reflect in the session.
508 *
509 * @param $capability - capability name
510 * @param $sum - sum of all capabilities values
511 * @param $contextid - the context id
512 * @param $array - when loading another user caps, their caps are not stored in session but an array
513 */
514function capability_prohibits($capability, $contextid, $sum='', $array='') {
515 global $USER;
516 if ($sum < -8000) {
517 // If this capability is set to prohibit.
518 return true;
519 }
520
521 if (isset($array)) {
522 if (isset($array[$contextid][$capability])
523 && $array[$contextid][$capability] < -8000) {
98882637 524 return true;
525 }
bbbf2d40 526 } else {
98882637 527 // Else if set in session.
528 if (isset($USER->capabilities[$contextid][$capability])
bbbf2d40 529 && $USER->capabilities[$contextid][$capability] < -8000) {
98882637 530 return true;
531 }
bbbf2d40 532 }
533 $context = get_record('context', 'id', $contextid);
534 switch (context_level($contextid)) {
535
536 case CONTEXT_SYSTEM:
537 // By now it's a definite an inherit.
538 return 0;
539 break;
540
541 case CONTEXT_PERSONAL:
542 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
543 return (capability_prohibits($capability, $parent->id));
544 break;
545
546 case CONTEXT_USERID:
547 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
548 return (capability_prohibits($capability, $parent->id));
549 break;
550
551 case CONTEXT_COURSECAT:
552 // Coursecat -> coursecat or site.
553 $coursecat = get_record('course_categories','id',$context->instanceid);
41811960 554 if (!empty($coursecat->parent)) {
bbbf2d40 555 // return parent value if exist.
556 $parent = get_context_instance(CONTEXT_COURSECAT, $coursecat->parent);
557 } else {
558 // Return site value.
559 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
560 }
561 return (capability_prohibits($capability, $parent->id));
562 break;
563
564 case CONTEXT_COURSE:
565 // 1 to 1 to course cat.
566 // Find the course cat, and return its value.
567 $course = get_record('course','id',$context->instanceid);
568 $parent = get_context_instance(CONTEXT_COURSECAT, $course->category);
569 return (capability_prohibits($capability, $parent->id));
570 break;
571
572 case CONTEXT_GROUP:
573 // 1 to 1 to course.
574 $group = get_record('groups','id',$context->instanceid);
575 $parent = get_context_instance(CONTEXT_COURSE, $group->courseid);
576 return (capability_prohibits($capability, $parent->id));
577 break;
578
579 case CONTEXT_MODULE:
580 // 1 to 1 to course.
581 $cm = get_record('course_modules','id',$context->instanceid);
582 $parent = get_context_instance(CONTEXT_COURSE, $cm->course);
583 return (capability_prohibits($capability, $parent->id));
584 break;
585
586 case CONTEXT_BLOCK:
587 // 1 to 1 to course.
588 $block = get_record('block_instance','id',$context->instanceid);
589 $parent = get_context_instance(CONTEXT_COURSE, $block->pageid); // needs check
590 return (capability_prohibits($capability, $parent->id));
591 break;
592
593 default:
594 error ('This is an unknown context!');
595 return false;
596 }
597}
598
599
600/**
601 * A print form function. This should either grab all the capabilities from
602 * files or a central table for that particular module instance, then present
603 * them in check boxes. Only relevant capabilities should print for known
604 * context.
605 * @param $mod - module id of the mod
606 */
607function print_capabilities($modid=0) {
608 global $CFG;
609
610 $capabilities = array();
611
612 if ($modid) {
613 // We are in a module specific context.
614
615 // Get the mod's name.
616 // Call the function that grabs the file and parse.
617 $cm = get_record('course_modules', 'id', $modid);
618 $module = get_record('modules', 'id', $cm->module);
619
620 } else {
621 // Print all capabilities.
622 foreach ($capabilities as $capability) {
623 // Prints the check box component.
624 }
625 }
626}
627
628
629/**
630 * This function handles the upgrade process of assigning default roles
631 * to the existing users
632 */
633function moodle_upgrade_roles_system_17() {
634
98882637 635 global $CFG;
bbbf2d40 636 // Create a system wide context for assignemnt.
637 $systemcontext = $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
638
98882637 639 // loading legacy roles and capabilities (1 legacy capability per legacy role at system levle)
bbbf2d40 640 $adminrole = create_role(get_string('administrator'), get_string('administratordescription'), 'moodle/legacy:admin');
98882637 641 if (!assign_capability('moodle/site:doanything', CAP_ALLOW, $adminrole, $systemcontext->id)) {
bbbf2d40 642 error('Could not assign moodle/site:doanything to the admin role');
643 }
644 $coursecreatorrole = create_role(get_string('coursecreators'), get_string('coursecreatorsdescription'), 'moodle/legacy:coursecreator');
98882637 645 $noneditteacherrole = create_role(get_string('noneditingteacher'), get_string('noneditingteacherdescription'), 'moodle/legacy:teacher');
646 $editteacherrole = create_role(get_string('defaultcourseteacher'), get_string('defaultcourseteacherdescription'), 'moodle/legacy:editingteacher');
647 $studentrole = create_role(get_string('defaultcoursestudent'), get_string('defaultcoursestudentdescription'), 'moodle/legacy:student');
bbbf2d40 648 $guestrole = create_role(get_string('guest'), get_string('guestdescription'), 'moodle/legacy:guest');
649
98882637 650 // Look inside user_admin, user_creator, $user_teachers, $user_students
bbbf2d40 651 // and assign roles. If a user has both teacher and student role, only
652 // teacher role is assigned. The assignment should be system level.
653
98882637 654 /**
bbbf2d40 655 * Upgrade the admins.
656 */
657
658 // sort using id asc, first one is primary admin
659 $useradmins = get_records_sql('SELECT * from '.$CFG->prefix.'user_admins ORDER BY ID ASC');
660 foreach ($useradmins as $admin) {
98882637 661 role_assign($adminrole, $admin->userid, 0, $systemcontext->id);
bbbf2d40 662 }
663 // Do we assign the capability moodle/doanything to the admin roles here?
664
665
666 /**
667 * Upgrade course creators.
668 */
669
670 $usercoursecreators = get_records('user_coursecreators');
671 foreach ($usercoursecreators as $coursecreator) {
672 role_assign($$coursecreatorrole, $coursecreator->userid, 0, $systemcontext->id);
673 }
674
675 /**
676 * Upgrade editting teachers and non-editting teachers.
677 */
678
679 $userteachers = get_records('user_teachers');
680 foreach ($userteachers as $teacher) {
681 $coursecontext = get_context_instance(CONTEXT_COURSE, $teacher->course); // needs cache
682 if ($teacher->editall) { // editting teacher
683 role_assign($editteacherrole, $teacher->userid, 0, $coursecontext->id);
684 } else {
685 role_assign($noneditteacherrole, $teacher->userid, 0, $coursecontext->id);
686 }
687 }
688
689 /**
690 * Upgrade students.
691 */
692 $userstudents = get_records('user_students');
693 foreach ($userstudents as $student) {
694 $coursecontext = get_context_instance(CONTEXT_COURSE, $student->course);
695 role_assign($studentrole, $student->userid, 0, $coursecontext->id);
696 }
697
698 /**
699 * Upgrade guest (only 1 entry).
700 */
701 $guestuser = get_record('user', 'username', 'guest');
702 role_assign($guestrole, $guestuser->id, 0, $systemcontext->id);
703
704 //
705 // Should we delete the tables after we are done?
706 //
707
708 set_config('rolesactive', 1);
709}
710
711
712/**
713 * Assign the defaults found in this capabality definition to roles that have
714 * the corresponding legacy capabilities assigned to them.
715 * @param $legacyperms - an array in the format (example):
716 * 'guest' => CAP_PREVENT,
717 * 'student' => CAP_ALLOW,
718 * 'teacher' => CAP_ALLOW,
719 * 'editingteacher' => CAP_ALLOW,
720 * 'coursecreator' => CAP_ALLOW,
721 * 'admin' => CAP_ALLOW
722 * @return boolean - success or failure.
723 */
724function assign_legacy_capabilities($capability, $legacyperms) {
725
726 foreach ($legacyperms as $type => $perm) {
727
728 $systemcontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
729
730 // The legacy capabilities are:
731 // 'moodle/legacy:guest'
732 // 'moodle/legacy:student'
733 // 'moodle/legacy:teacher'
734 // 'moodle/legacy:editingteacher'
735 // 'moodle/legacy:coursecreator'
736 // 'moodle/legacy:admin'
737
738 if (!$roles = get_roles_with_capability('moodle/legacy:'.$type, CAP_ALLOW)) {
739 return false;
740 }
741
742 foreach ($roles as $role) {
743 // Assign a site level capability.
744 if(!assign_capability($capability, $perm, $role->id, $systemcontext->id)) {
745 return false;
746 }
747 }
748 }
749 return true;
750}
751
752
753// checks to see if a capability is a legacy capability, returns bool
754function islegacy($capabilityname) {
98882637 755 if (strstr($capabilityname, 'legacy') === false) {
756 return false;
757 } else {
758 return true;
759 }
bbbf2d40 760}
761
762/************************************
763 * Context Manipulation functions *
764 **********************************/
765
766
767/**
768 * This should be called prolly everytime a user, group, module, course,
769 * coursecat or site is set up maybe?
770 * @param $level
771 * @param $instanceid
772 */
773function create_context($level, $instanceid) {
774 if (!get_record('context','level',$level,'instanceid',$instanceid)) {
775 $context = new object;
776 $context->level = $level;
777 $context->instanceid = $instanceid;
778 return insert_record('context',$context);
779 }
780}
781
782
783/**
784 * Get the context instance as an object. This function will create the
785 * context instance if it does not exist yet.
786 * @param $level
787 * @param $instance
788 */
789function get_context_instance($level, $instance=SITEID) {
790 // echo "getting level $level instance $instance";
791
792 // XXX TODO Add caching here
98882637 793 if (!$context = get_record('context', 'level', $level, 'instanceid', $instance)) {
794 //echo "creating ...";
795 create_context($level, $instance);
796 $context = get_record('context', 'level', $level, 'instanceid', $instance);
797 }
bbbf2d40 798 return $context;
799}
800
801
802/**
803 * Looks up the context level.
804 * @param int $contextid
805 * @return int
806 */
807function context_level($contextid) {
808 $context = get_record('context','id',$contextid);
809 return ($context->level);
810}
811
812
813
814/************************************
815 * DB TABLE RELATED FUNCTIONS *
816 ************************************/
817
818/**********************************************
819 * function that creates a role
820 * @param name - role name
821 * @param description - role description
822 * @param legacy - optional legacy capability
823 * @return id or false
824 */
825function create_role($name, $description, $legacy='') {
98882637 826
827 // check for duplicate role name
828
829 if ($role = get_record('role','name', $name)) {
830 print_object($role);
831 error('there is already a role with this name!');
832 }
833
834 $role->name = $name;
835 $role->description = $description;
836
837 if ($id = insert_record('role', $role)) {
838 if ($legacy) {
839 $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
840 assign_capability($legacy, CAP_ALLOW, $id, $context->id);
841 }
842 return $id;
843 } else {
844 return false;
845 }
bbbf2d40 846
847}
848
849/**
850 * Function to write context specific overrides, or default capabilities.
851 * @param module - string name
852 * @param capability - string name
853 * @param contextid - context id
854 * @param roleid - role id
855 * @param permission - int 1,-1 or -1000
856 */
857function assign_capability($capability, $permission, $roleid, $contextid) {
98882637 858
859 global $USER;
860
861 if (empty($permission) || $permission == 0) { // if permission is not set
862 unassign_capability($capability, $roleid, $contextid);
863 }
bbbf2d40 864
865 $cap = new object;
866 $cap->contextid = $contextid;
867 $cap->roleid = $roleid;
868 $cap->capability = $capability;
869 $cap->permission = $permission;
870 $cap->timemodified = time();
871 $cap->modifierid = $USER->id;
872
873 return insert_record('role_capabilities', $cap);
874}
875
876
877/**
878 * Unassign a capability from a role.
879 * @param $roleid - the role id
880 * @param $capability - the name of the capability
881 * @return boolean - success or failure
882 */
883function unassign_capability($capability, $roleid, $contextid=NULL) {
98882637 884
885 if (isset($contextid)) {
886 $status = delete_records('role_capabilities', 'capability', $capability,
887 'roleid', $roleid, 'contextid', $contextid);
888 } else {
889 $status = delete_records('role_capabilities', 'capability', $capability,
890 'roleid', $roleid);
891 }
892 return $status;
bbbf2d40 893}
894
895
896/**
897 * Get the roles that have a given capability.
898 * @param $capability - capability name (string)
899 * @param $permission - optional, the permission defined for this capability
900 * either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT
901 * @return array or role objects
902 */
903function get_roles_with_capability($capability, $permission=NULL) {
904
905 global $CFG;
906
907 $selectroles = "SELECT r.*
908 FROM {$CFG->prefix}role AS r,
909 {$CFG->prefix}role_capabilities AS rc
910 WHERE rc.capability = '$capability'
911 AND rc.roleid = r.id";
912
913 if (isset($permission)) {
914 $selectroles .= " AND rc.permission = '$permission'";
915 }
916 return get_records_sql($selectroles);
917}
918
919
920/**
921 * This function makes a role-assignment (user to a role)
922 * @param $roleid - the role of the id
923 * @param $userid - userid
924 * @param $groupid - group id
925 * @param $contextid - id of the context
926 * @param $timestart - time this assignment becomes effective
927 * @param $timeend - time this assignemnt ceases to be effective
928 * @uses $USER
929 * @return id - new id of the assigment
930 */
931function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $timeend=0, $hidden=0) {
aa311411 932 global $USER, $CFG;
bbbf2d40 933
aa311411 934 if ($CFG->debug) {
98882637 935 notify("Assign roleid $roleid userid $userid contextid $contextid", 'notifytiny');
aa311411 936 }
bbbf2d40 937
938 if (empty($roleid)) {
939 error ('you need to select a role');
940 }
941
942 if (empty($userid) && empty($groupid)) {
943 error ('you need to assign this role to a user or a group');
944 }
945
946 if (empty($contextid)) {
947 error ('you need to assign this role to a context, e.g. a course, or an activity');
948 }
949
950 $ra = new object;
951 $ra->roleid = $roleid;
952 $ra->contextid = $contextid;
953 $ra->userid = $userid;
954 $ra->hidden = $hidden;
955 $ra->groupid = $groupid;
956 $ra->timestart = $timestart;
957 $ra->timeend = $timeend;
958 $ra->timemodified = time();
959 $ra->modifier = $USER->id;
960
961 return insert_record('role_assignments', $ra);
962
963}
964
965
966/**
967 * Deletes a role assignment.
968 * @param $roleid
969 * @param $userid
970 * @param $groupid
971 * @param $contextid
972 * @return boolean - success or failure
973 */
974function role_unassign($roleid, $userid, $groupid, $contextid) {
98882637 975 if ($groupid) {
976 // do nothing yet as this is not implemented
977 }
978 else {
979 return delete_records('role_assignments', 'userid', $userid,
980 'roleid', $roleid, 'contextid', $contextid);
981 }
bbbf2d40 982}
983
984
985/**
986 * Loads the capability definitions for the component (from file). If no
987 * capabilities are defined for the component, we simply return an empty array.
988 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
989 * @return array of capabilities
990 */
991function load_capability_def($component) {
992 global $CFG;
993
994 if ($component == 'moodle') {
995 $defpath = $CFG->libdir.'/db/access.php';
996 $varprefix = 'moodle';
997 } else {
998 $defpath = $CFG->dirroot.'/'.$component.'/db/access.php';
999 $varprefix = str_replace('/', '_', $component);
1000 }
1001 $capabilities = array();
1002
1003 if (file_exists($defpath)) {
1004 require_once($defpath);
1005 $capabilities = ${$varprefix.'_capabilities'};
1006 }
1007 return $capabilities;
1008}
1009
1010
1011/**
1012 * Gets the capabilities that have been cached in the database for this
1013 * component.
1014 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
1015 * @return array of capabilities
1016 */
1017function get_cached_capabilities($component='moodle') {
1018 if ($component == 'moodle') {
1019 $storedcaps = get_records_select('capabilities',
1020 "name LIKE 'moodle/%:%'");
1021 } else {
1022 $storedcaps = get_records_select('capabilities',
1023 "name LIKE '$component:%'");
1024 }
1025 return $storedcaps;
1026}
1027
1028
1029/**
1030 * Updates the capabilities table with the component capability definitions.
1031 * If no parameters are given, the function updates the core moodle
1032 * capabilities.
1033 *
1034 * Note that the absence of the db/access.php capabilities definition file
1035 * will cause any stored capabilities for the component to be removed from
1036 * the database.
1037 *
1038 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
1039 * @return boolean
1040 */
1041function update_capabilities($component='moodle') {
1042
1043 $storedcaps = array();
1044 $filecaps = array();
1045
1046 $cachedcaps = get_cached_capabilities($component);
1047 if ($cachedcaps) {
1048 foreach ($cachedcaps as $cachedcap) {
1049 array_push($storedcaps, $cachedcap->name);
1050 }
1051 }
1052
1053 $filecaps = load_capability_def($component);
1054
1055 // Are there new capabilities in the file definition?
1056 $newcaps = array();
1057
1058 foreach ($filecaps as $filecap => $def) {
1059 if (!$storedcaps ||
1060 ($storedcaps && in_array($filecap, $storedcaps) === false)) {
1061 $newcaps[$filecap] = $def;
1062 }
1063 }
1064 // Add new capabilities to the stored definition.
1065 foreach ($newcaps as $capname => $capdef) {
1066 $capability = new object;
1067 $capability->name = $capname;
1068 $capability->captype = $capdef['captype'];
1069 $capability->contextlevel = $capdef['contextlevel'];
1070 $capability->component = $component;
1071
1072 if (!insert_record('capabilities', $capability, false, 'id')) {
1073 return false;
1074 }
1075 // Do we need to assign the new capabilities to roles that have the
1076 // legacy capabilities moodle/legacy:* as well?
1077 if (isset($capdef['legacy']) && is_array($capdef['legacy']) &&
1078 !assign_legacy_capabilities($capname, $capdef['legacy'])) {
1079 error('Could not assign legacy capabilities');
1080 return false;
1081 }
1082 }
1083 // Are there any capabilities that have been removed from the file
1084 // definition that we need to delete from the stored capabilities and
1085 // role assignments?
1086 capabilities_cleanup($component, $filecaps);
1087
1088 return true;
1089}
1090
1091
1092/**
1093 * Deletes cached capabilities that are no longer needed by the component.
1094 * Also unassigns these capabilities from any roles that have them.
1095 * @param $component - examples: 'moodle', 'mod/forum', 'block/quiz_results'
1096 * @param $newcapdef - array of the new capability definitions that will be
1097 * compared with the cached capabilities
1098 * @return int - number of deprecated capabilities that have been removed
1099 */
1100function capabilities_cleanup($component, $newcapdef=NULL) {
1101
1102 $removedcount = 0;
1103
1104 if ($cachedcaps = get_cached_capabilities($component)) {
1105 foreach ($cachedcaps as $cachedcap) {
1106 if (empty($newcapdef) ||
1107 array_key_exists($cachedcap->name, $newcapdef) === false) {
1108
1109 // Remove from capabilities cache.
1110 if (!delete_records('capabilities', 'name', $cachedcap->name)) {
1111 error('Could not delete deprecated capability '.$cachedcap->name);
1112 } else {
1113 $removedcount++;
1114 }
1115 // Delete from roles.
1116 if($roles = get_roles_with_capability($cachedcap->name)) {
1117 foreach($roles as $role) {
1118 if (!unassign_capability($role->id, $cachedcap->name)) {
1119 error('Could not unassign deprecated capability '.
1120 $cachedcap->name.' from role '.$role->name);
1121 }
1122 }
1123 }
1124 } // End if.
1125 }
1126 }
1127 return $removedcount;
1128}
1129
1130
1131
1132
1133/************************************************************
1134 * * UI FUNCTIONS * *
1135 ************************************************************/
1136
1137
1138/**
1139 * prints human readable context identifier.
1140 */
1141function print_context_name($contextid) {
1142
ec0810ee 1143 $name = '';
1144
98882637 1145 $context = get_record('context', 'id', $contextid);
ec0810ee 1146
98882637 1147 switch ($context->level) {
1148
bbbf2d40 1149 case CONTEXT_SYSTEM: // by now it's a definite an inherit
ec0810ee 1150 $name = get_string('site');
bbbf2d40 1151 break;
1152
1153 case CONTEXT_PERSONAL:
ec0810ee 1154 $name = get_string('personal');
bbbf2d40 1155 break;
1156
1157 case CONTEXT_USERID:
ec0810ee 1158 if ($user = get_record('user', 'id', $context->instanceid)) {
1159 $name = get_string('user').': '.fullname($user);
1160 }
bbbf2d40 1161 break;
1162
1163 case CONTEXT_COURSECAT: // Coursecat -> coursecat or site
ec0810ee 1164 if ($category = get_record('course_categories', 'id', $context->instanceid)) {
1165 $name = get_string('category').': '.$category->name;
1166 }
bbbf2d40 1167 break;
1168
1169 case CONTEXT_COURSE: // 1 to 1 to course cat
ec0810ee 1170 if ($course = get_record('course', 'id', $context->instanceid)) {
1171 $name = get_string('course').': '.$course->fullname;
1172 }
bbbf2d40 1173 break;
1174
1175 case CONTEXT_GROUP: // 1 to 1 to course
ec0810ee 1176 if ($group = get_record('groups', 'id', $context->instanceid)) {
1177 $name = get_string('group').': '.$group->name;
1178 }
bbbf2d40 1179 break;
1180
1181 case CONTEXT_MODULE: // 1 to 1 to course
98882637 1182 if ($cm = get_record('course_modules','id',$context->instanceid)) {
1183 if ($module = get_record('modules','id',$cm->module)) {
1184 if ($mod = get_record($module->name, 'id', $cm->instance)) {
ec0810ee 1185 $name = get_string('activitymodule').': '.$mod->name;
98882637 1186 }
ec0810ee 1187 }
1188 }
bbbf2d40 1189 break;
1190
1191 case CONTEXT_BLOCK: // 1 to 1 to course
98882637 1192 if ($blockinstance = get_record('block_instance','id',$context->instanceid)) {
1193 if ($block = get_record('block','id',$blockinstance->blockid)) {
ec0810ee 1194 $name = get_string('blocks').': '.get_string($block->name, 'block_'.$block->name);
1195 }
1196 }
bbbf2d40 1197 break;
1198
1199 default:
1200 error ('This is an unknown context!');
1201 return false;
98882637 1202
1203 }
bbbf2d40 1204
98882637 1205 return $name;
bbbf2d40 1206}
1207
1208
1209/**
1210 * Extracts the relevant capabilities given a contextid.
1211 * All case based, example an instance of forum context.
1212 * Will fetch all forum related capabilities, while course contexts
1213 * Will fetch all capabilities
1214 * @param int contextid
1215 * @return array();
1216 *
1217 * capabilities
1218 * `name` varchar(150) NOT NULL,
1219 * `captype` varchar(50) NOT NULL,
1220 * `contextlevel` int(10) NOT NULL,
1221 * `component` varchar(100) NOT NULL,
1222 */
1223function fetch_context_capabilities($contextid) {
98882637 1224
1225 global $CFG;
bbbf2d40 1226
1227 $sort = 'ORDER BY contextlevel,component,id'; // To group them sensibly for display
98882637 1228
bbbf2d40 1229 switch (context_level($contextid)) {
1230
98882637 1231 case CONTEXT_SYSTEM: // all
1232 $SQL = "select * from {$CFG->prefix}capabilities";
bbbf2d40 1233 break;
1234
1235 case CONTEXT_PERSONAL:
1236 break;
1237
1238 case CONTEXT_USERID:
1239 break;
1240
1241 case CONTEXT_COURSECAT: // all
98882637 1242 $SQL = "select * from {$CFG->prefix}capabilities";
bbbf2d40 1243 break;
1244
1245 case CONTEXT_COURSE: // all
98882637 1246 $SQL = "select * from {$CFG->prefix}capabilities";
bbbf2d40 1247 break;
1248
1249 case CONTEXT_GROUP: // group caps
1250 break;
1251
1252 case CONTEXT_MODULE: // mod caps
98882637 1253 $context = get_record('context','id',$contextid);
1254 $cm = get_record('course_modules', 'id', $context->instanceid);
1255 $module = get_record('modules', 'id', $cm->module);
bbbf2d40 1256
98882637 1257 $SQL = "select * from {$CFG->prefix}capabilities where contextlevel = ".CONTEXT_MODULE."
1258 and component = 'mod/$module->name'";
bbbf2d40 1259 break;
1260
1261 case CONTEXT_BLOCK: // block caps
1262 $context = get_record('context','id',$contextid);
98882637 1263 $cb = get_record('block_instance', 'id', $context->instanceid);
1264 $block = get_record('block', 'id', $cb->blockid);
bbbf2d40 1265
98882637 1266 $SQL = "select * from {$CFG->prefix}capabilities where contextlevel = ".CONTEXT_BLOCK."
1267 and component = 'block/$block->name'";
bbbf2d40 1268 break;
1269
1270 default:
1271 return false;
1272 }
1273
1274 $records = get_records_sql($SQL.' '.$sort);
1275 return $records;
1276
1277}
1278
1279
1280/**
1281 * This function pulls out all the resolved capabilities (overrides and
1282 * defaults) of a role used in capability overrieds in contexts at a given
1283 * context.
1284 * @param int $contextid
1285 * @param int $roleid
1286 * @return array
1287 */
1288function role_context_capabilities($roleid, $contextid) {
98882637 1289 global $CFG;
1290
1291 $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
1292 if ($sitecontext->id == $contextid) {
1293 return array();
1294 }
1295
1296 // first of all, figure out all parental contexts
1297 $context = get_record('context', 'id', $contextid);
1298 $contexts = array_reverse(get_parent_contexts($context));
1299 $contexts = '('.implode(',', $contexts).')';
1300
1301 $SQL = "SELECT rc.* FROM {$CFG->prefix}role_capabilities rc, {$CFG->prefix}context c
1302 where rc.contextid in $contexts
1303 and rc.roleid = $roleid
1304 and rc.contextid = c.id
1305 ORDER BY c.level DESC, rc.capability DESC";
1306
1307 $records = get_records_sql($SQL);
1308
1309 $capabilities = array();
1310
1311 // We are traversing via reverse order.
1312 foreach ($records as $record) {
1313 // If not set yet (i.e. inherit or not set at all), or currently we have a prohibit
1314 if (!isset($capabilities[$record->capability]) || $record->permission<-500) {
1315 $capabilities[$record->capability] = $record->permission;
1316 }
1317 }
1318 return $capabilities;
bbbf2d40 1319}
1320
1321
1322/**
1323 * Recursive function which, given a contextid, find all parent context ids,
1324 * and return the array in reverse order, i.e. parent first, then grand
1325 * parent, etc.
1326 * @param object $context
1327 * @return array()
1328 */
1329
1330
1331function get_parent_contexts($context) {
1332
1333 switch (context_level($context->id)) {
1334
1335 case CONTEXT_SYSTEM: // no parent
98882637 1336 return null;
bbbf2d40 1337 break;
1338
1339 case CONTEXT_PERSONAL:
1340 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
1341 return array($parent->id);
1342 break;
1343
1344 case CONTEXT_USERID:
1345 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
1346 return array($parent->id);
1347 break;
1348
1349 case CONTEXT_COURSECAT: // Coursecat -> coursecat or site
1350 $coursecat = get_record('course_categories','id',$context->instanceid);
1351 if ($coursecat->parent) { // return parent value if exist
1352 $parent = get_context_instance(CONTEXT_COURSECAT, $coursecat->parent);
1353 return array_merge(array($parent->id), get_parent_contexts($parent));
1354 } else { // else return site value
1355 $parent = get_context_instance(CONTEXT_SYSTEM, SITEID);
1356 return array($parent->id);
1357 }
1358 break;
1359
1360 case CONTEXT_COURSE: // 1 to 1 to course cat
1361 // find the course cat, and return its value
1362 $course = get_record('course','id',$context->instanceid);
1363 $parent = get_context_instance(CONTEXT_COURSECAT, $course->category);
1364 return array_merge(array($parent->id), get_parent_contexts($parent));
1365 break;
1366
1367 case CONTEXT_GROUP: // 1 to 1 to course
1368 $group = get_record('groups','id',$context->instanceid);
1369 $parent = get_context_instance(CONTEXT_COURSE, $group->courseid);
1370 return array_merge(array($parent->id), get_parent_contexts($parent));
1371 break;
1372
1373 case CONTEXT_MODULE: // 1 to 1 to course
1374 $cm = get_record('course_modules','id',$context->instanceid);
1375 $parent = get_context_instance(CONTEXT_COURSE, $cm->course);
1376 return array_merge(array($parent->id), get_parent_contexts($parent));
1377 break;
1378
1379 case CONTEXT_BLOCK: // 1 to 1 to course
1380 $block = get_record('block_instance','id',$context->instanceid);
1381 $parent = get_context_instance(CONTEXT_COURSE, $block->pageid); // needs check
1382 return array_merge(array($parent->id), get_parent_contexts($parent));
1383 break;
1384
1385 default:
1386 error ('This is an unknown context!');
1387 return false;
1388 }
1389
1390}
1391
1392
1393/**
1394 * This function gets the capability of a role in a given context.
1395 * It is needed when printing override forms.
1396 * @param int $contextid
1397 * @param int $roleid // no need? since role is used in extraction in $capability
1398 * @param string $capability
1399 * @param array $capabilities - array loaded using role_context_capabilities
1400 * @return int (allow, prevent, prohibit, inherit)
1401 */
1402
1403
1404function get_role_context_capability($contextid, $capability, $capabilities) {
98882637 1405 return $capabilities[$contextid][$capability];
bbbf2d40 1406}
1407
1408
1409// a big switch statement
1410function get_capability_string($capname) {
1411
98882637 1412 $names = split('/', $capname);
1413 $componentname = split(':', $names[1]);
1414 $componentname = $componentname[0];
1415 $capability = split(':', $capname);
1416 $capability = 'capability_'.$capability[1];
1417
1418 switch ($names[0]) {
1419 case 'mod':
1420 $string = get_string($capability, $componentname);
1421 break;
1422
1423 case 'block':
1424 $string = get_string($capability, 'block_'.$componentname);
1425 break;
1426
1427 case 'moodle':
1428 $string = get_string($capability);
1429 break;
1430
1431 case 'enrol':
1432 $string = get_string($capability, 'enrol_'.$componentname);
1433
1434 default:
1435 $string = get_string($capability);
1436 break;
1437
1438
1439 }
1440
1441 return $string;
bbbf2d40 1442}
1443
1444
1445// this gets the mod/block/course/core etc strings
1446function get_component_string($component, $contextlevel) {
1447
98882637 1448 switch ($contextlevel) {
bbbf2d40 1449
98882637 1450 case CONTEXT_SYSTEM:
1451 $string = get_string('system');
bbbf2d40 1452 break;
1453
1454 case CONTEXT_PERSONAL:
98882637 1455 $string = get_string('personal');
bbbf2d40 1456 break;
1457
1458 case CONTEXT_USERID:
98882637 1459 $string = get_string('users');
bbbf2d40 1460 break;
1461
1462 case CONTEXT_COURSECAT:
98882637 1463 $string = get_string('categories');
bbbf2d40 1464 break;
1465
1466 case CONTEXT_COURSE:
98882637 1467 $string = get_string('course');
bbbf2d40 1468 break;
1469
1470 case CONTEXT_GROUP:
98882637 1471 $string = get_string('group');
bbbf2d40 1472 break;
1473
1474 case CONTEXT_MODULE:
98882637 1475 $string = get_string('modulename', basename($component));
bbbf2d40 1476 break;
1477
1478 case CONTEXT_BLOCK:
98882637 1479 $string = get_string('blockname', 'block_'.$component.'.php');
bbbf2d40 1480 break;
1481
1482 default:
1483 error ('This is an unknown context!');
1484 return false;
98882637 1485
1486 }
1487
1488 return $string;
bbbf2d40 1489
1490}
1491?>