MDL-51861 enrol: Don't get all parts in get_enrolled_users with groups
authorDani Palou <dani@moodle.com>
Mon, 26 Oct 2015 10:02:26 +0000 (11:02 +0100)
committerAndrew Nicols <andrew@nicols.co.uk>
Fri, 6 Nov 2015 07:07:24 +0000 (15:07 +0800)
enrol/externallib.php
enrol/upgrade.txt

index c520d5b..7e64f21 100644 (file)
@@ -378,7 +378,10 @@ class core_enrol_external extends external_api {
                         )
                     ), 'Option names:
                             * withcapability (string) return only users with this capability. This option requires \'moodle/role:review\' on the course context.
-                            * groupid (integer) return only users in this group id. This option requires \'moodle/site:accessallgroups\' on the course context.
+                            * groupid (integer) return only users in this group id. If the course has groups enabled and this param
+                                                isn\'t defined, returns all the viewable users.
+                                                This option requires \'moodle/site:accessallgroups\' on the course context if the
+                                                user doesn\'t belong to the group.
                             * onlyactive (integer) return only users with active enrolments and matching time restrictions. This option requires \'moodle/course:enrolreview\' on the course context.
                             * userfields (\'string, string, ...\') return only the values of these user fields.
                             * limitfrom (integer) sql limit from.
@@ -466,7 +469,7 @@ class core_enrol_external extends external_api {
             require_capability('moodle/role:review', $coursecontext);
         }
         // need accessallgroups capability if you want to overwrite this option
-        if (!empty($groupid) && groups_is_member($groupid)) {
+        if (!empty($groupid) && !groups_is_member($groupid)) {
             require_capability('moodle/site:accessallgroups', $coursecontext);
         }
         // to overwrite this option, you need course:enrolereview permission
@@ -478,10 +481,29 @@ class core_enrol_external extends external_api {
         $ctxselect = ', ' . context_helper::get_preload_record_columns_sql('ctx');
         $ctxjoin = "LEFT JOIN {context} ctx ON (ctx.instanceid = u.id AND ctx.contextlevel = :contextlevel)";
         $enrolledparams['contextlevel'] = CONTEXT_USER;
-        $sql = "SELECT u.* $ctxselect
-                  FROM {user} u $ctxjoin
-                 WHERE u.id IN ($enrolledsql)
-                 ORDER BY u.id ASC";
+
+        $groupjoin = '';
+        if (empty($groupid) && groups_get_course_groupmode($course) == SEPARATEGROUPS &&
+                !has_capability('moodle/site:accessallgroups', $coursecontext)) {
+            // Filter by groups the user can view.
+            $usergroups = groups_get_user_groups($course->id);
+            if (!empty($usergroups['0'])) {
+                list($groupsql, $groupparams) = $DB->get_in_or_equal($usergroups['0'], SQL_PARAMS_NAMED);
+                $groupjoin = "JOIN {groups_members} gm ON (u.id = gm.userid AND gm.groupid $groupsql)";
+                $enrolledparams = array_merge($enrolledparams, $groupparams);
+            } else {
+                // User doesn't belong to any group, so he can't see any user. Return an empty array.
+                return array();
+            }
+        }
+        $sql = "SELECT us.*
+                  FROM {user} us
+                  JOIN (
+                      SELECT DISTINCT u.id $ctxselect
+                        FROM {user} u $ctxjoin $groupjoin
+                       WHERE u.id IN ($enrolledsql)
+                  ) q ON q.id = us.id
+                ORDER BY us.id ASC";
         $enrolledusers = $DB->get_recordset_sql($sql, $enrolledparams, $limitfrom, $limitnumber);
         $users = array();
         foreach ($enrolledusers as $user) {
index 1b9cc21..f98bcbb 100644 (file)
@@ -7,6 +7,7 @@ information provided here is intended especially for developers.
   enrol_instance_deleted . Always trigger them when changing records in the
   DB table 'enrol'.
 * Constant CACHE_COURSE_CONTACTS_TTL was deleted.
+* External function core_enrol_external::get_enrolled_users now returns only the viewable participants if the course has groups enabled and no groupid is passed.
 
 === 2.9 ===