MDL-37728 show role risks

moodle · Jan 27, 2013 · ba4b17d · ba4b17d
1 parent c7e2e4d
commit ba4b17d
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/admin/roles/lib.php b/admin/roles/lib.php
@@ -767,6 +767,10 @@ protected function get_allow_role_control($type) {
         }
     }
 
+    protected function get_role_risks_info() {
+        return '';
+    }
+
     protected function print_field($name, $caption, $field) {
         global $OUTPUT;
         // Attempt to generate HTML like formslib.
@@ -813,6 +817,9 @@ public function display() {
         $this->print_field('', get_string('allowassign', 'role'), $this->get_allow_role_control('assign'));
         $this->print_field('', get_string('allowoverride', 'role'), $this->get_allow_role_control('override'));
         $this->print_field('', get_string('allowswitch', 'role'), $this->get_allow_role_control('switch'));
+        if ($risks = $this->get_role_risks_info()) {
+            $this->print_field('', get_string('rolerisks', 'role'), $risks);
+        }
         echo "</div>";
 
         $this->print_show_hide_advanced_button();
@@ -914,6 +921,36 @@ protected function print_show_hide_advanced_button() {
         // Do nothing.
     }
 
+    protected function get_role_risks_info() {
+        global $OUTPUT;
+
+        if (empty($this->roleid)) {
+            return '';
+        }
+
+        $risks = array();
+        $allrisks = get_all_risks();
+        foreach ($this->capabilities as $capability) {
+            $perm = $this->permissions[$capability->name];
+            if ($perm != CAP_ALLOW) {
+                continue;
+            }
+            foreach ($allrisks as $type=>$risk) {
+                if ($risk & (int)$capability->riskbitmask) {
+                    $risks[$type] = $risk;
+                }
+            }
+        }
+
+        $risksurl = new moodle_url(get_docs_url(s(get_string('risks', 'role'))));
+        foreach ($risks as $type=>$risk) {
+            $pixicon = new pix_icon('/i/' . str_replace('risk', 'risk_', $type), get_string($type . 'short', 'admin'));
+            $risks[$type] = $OUTPUT->action_icon($risksurl, $pixicon, new popup_action('click', $risksurl));
+        }
+
+        return implode(' ', $risks);
+    }
+
     protected function skip_row($capability) {
         $perm = $this->permissions[$capability->name];
         if ($perm == CAP_INHERIT) {

diff --git a/lang/en/role.php b/lang/en/role.php
@@ -313,6 +313,7 @@
 $string['role:review'] = 'Review permissions for others';
 $string['roleprohibitheader'] = 'Prohibit role';
 $string['roleprohibitinfo'] = 'Select a role to be added to the list of prohibited roles in context {$a->context}, capability {$a->cap}:';
+$string['rolerisks'] = 'Role risks';
 $string['roles'] = 'Roles';
 $string['roles_help'] = 'A role is a collection of permissions defined for the whole system that you can assign to specific users in specific contexts.';
 $string['roles_link'] = 'roles';