Skip to content
Browse files

MDL-31923 Correctly respect hiddenfields and capabilities

  • Loading branch information...
1 parent 7ac10ac commit cfaa50a61d61719c65aa7e26f5444852931e07b6 @andrewnicols andrewnicols committed with Sam Hemelryk Mar 6, 2012
Showing with 73 additions and 51 deletions.
  1. +41 −28 enrol/locallib.php
  2. +19 −22 enrol/otherusers.php
  3. +13 −1 enrol/users.php
View
69 enrol/locallib.php
@@ -764,20 +764,14 @@ public function get_other_users_for_display(core_enrol_renderer $renderer, moodl
$userroles = $this->get_other_users($sort, $direction, $page, $perpage);
$roles = $this->get_all_roles();
- $courseid = $this->get_course()->id;
$context = $this->get_context();
+ $now = time();
+ $extrafields = get_extra_user_fields($context);
$users = array();
foreach ($userroles as $userrole) {
if (!array_key_exists($userrole->id, $users)) {
- $users[$userrole->id] = array(
- 'userid' => $userrole->id,
- 'courseid' => $courseid,
- 'picture' => new user_picture($userrole),
- 'firstname' => fullname($userrole, true),
- 'email' => $userrole->email,
- 'roles' => array()
- );
+ $users[$userrole->id] = $this->prepare_user_for_display($userrole, $extrafields, $now);
}
$a = new stdClass;
$a->role = $roles[$userrole->roleid]->localname;
@@ -800,6 +794,7 @@ public function get_other_users_for_display(core_enrol_renderer $renderer, moodl
break;
}
}
+ $users[$userrole->id]['roles'] = array();
$users[$userrole->id]['roles'][$userrole->roleid] = array(
'text' => $roletext,
'unchangeable' => !$changeable
@@ -825,15 +820,13 @@ public function get_users_for_display(course_enrolment_manager $manager, $sort,
$users = $this->get_users($sort, $direction, $page, $perpage);
$now = time();
- $strnever = get_string('never');
$straddgroup = get_string('addgroup', 'group');
$strunenrol = get_string('unenrol', 'enrol');
$stredit = get_string('edit');
$allroles = $this->get_all_roles();
$assignable = $this->get_assignable_roles();
$allgroups = $this->get_all_groups();
- $courseid = $this->get_course()->id;
$context = $this->get_context();
$canmanagegroups = has_capability('moodle/course:managegroups', $context);
@@ -842,36 +835,23 @@ public function get_users_for_display(course_enrolment_manager $manager, $sort,
$userdetails = array();
foreach ($users as $user) {
- $details = array(
- 'userid' => $user->id,
- 'courseid' => $courseid,
- 'picture' => new user_picture($user),
- 'firstname' => fullname($user, true),
- 'lastseen' => $strnever,
- 'roles' => array(),
- 'groups' => array(),
- 'enrolments' => array()
- );
- foreach ($extrafields as $field) {
- $details[$field] = $user->{$field};
- }
-
- if ($user->lastaccess) {
- $details['lastseen'] = format_time($now - $user->lastaccess);
- }
+ $details = $this->prepare_user_for_display($user, $extrafields, $now);
// Roles
+ $details['roles'] = array();
foreach ($this->get_user_roles($user->id) as $rid=>$rassignable) {
$details['roles'][$rid] = array('text'=>$allroles[$rid]->localname, 'unchangeable'=>(!$rassignable || !isset($assignable[$rid])));
}
// Users
$usergroups = $this->get_user_groups($user->id);
+ $details['groups'] = array();
foreach($usergroups as $gid=>$unused) {
$details['groups'][$gid] = $allgroups[$gid]->name;
}
// Enrolments
+ $details['enrolments'] = array();
foreach ($this->get_user_enrolments($user->id) as $ue) {
if ($ue->timestart and $ue->timeend) {
$period = get_string('periodstartend', 'enrol', array('start'=>userdate($ue->timestart), 'end'=>userdate($ue->timeend)));
@@ -898,6 +878,39 @@ public function get_users_for_display(course_enrolment_manager $manager, $sort,
return $userdetails;
}
+ /**
+ * Prepare a user record for display
+ *
+ * This function is called by both {@link get_users_for_display} and {@link get_other_users_for_display} to correctly
+ * prepare user fields for display
+ *
+ * Please note that this function does not check capability for moodle/coures:viewhiddenuserfields
+ *
+ * @param object $user The user record
+ * @param array $extrafields The list of fields as returned from get_extra_user_fields used to determine which
+ * additional fields may be displayed
+ * @param int $now The time used for lastaccess calculation
+ * @return array The fields to be displayed including userid, courseid, picture, firstname, lastseen and any
+ * additional fields from $extrafields
+ */
+ private function prepare_user_for_display($user, $extrafields, $now) {
+ $details = array(
+ 'userid' => $user->id,
+ 'courseid' => $this->get_course()->id,
+ 'picture' => new user_picture($user),
+ 'firstname' => fullname($user, has_capability('moodle/site:viewfullnames', $this->get_context())),
+ 'lastseen' => get_string('never'),
+ );
+ foreach ($extrafields as $field) {
+ $details[$field] = $user->{$field};
+ }
+
+ if ($user->lastaccess) {
+ $details['lastseen'] = format_time($now - $user->lastaccess);
+ }
+ return $details;
+ }
+
public function get_manual_enrol_buttons() {
$plugins = $this->get_enrolment_plugins();
$buttons = array();
View
41 enrol/otherusers.php
@@ -48,33 +48,30 @@
$table = new course_enrolment_other_users_table($manager, $PAGE);
$PAGE->set_url('/enrol/otherusers.php', $manager->get_url_params()+$table->get_url_params());
-/***
- * Actions will go here
- */
+$userdetails = array (
+ 'picture' => false,
+ 'firstname' => get_string('firstname'),
+ 'lastname' => get_string('lastname'),
+);
+$extrafields = get_extra_user_fields($context);
+foreach ($extrafields as $field) {
+ $userdetails[$field] = get_user_field_name($field);
+}
-/*$fields = array(
- 'userdetails' => array (
- 'picture' => false,
- 'firstname' => get_string('firstname'),
- 'lastname' => get_string('lastname'),
- 'email' => get_string('email')
- ),
- 'lastseen' => get_string('lastaccess'),
- 'role' => array(
- 'roles' => get_string('roles', 'role'),
- 'context' => get_string('context')
- )
-);*/
$fields = array(
- 'userdetails' => array (
- 'picture' => false,
- 'firstname' => get_string('firstname'),
- 'lastname' => get_string('lastname'),
- 'email' => get_string('email')
- ),
+ 'userdetails' => $userdetails,
'lastseen' => get_string('lastaccess'),
'role' => get_string('roles', 'role')
);
+
+// Remove hidden fields if the user has no access
+if (!has_capability('moodle/course:viewhiddenuserfields', $context)) {
+ $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
+ if (isset($hiddenfields['lastaccess'])) {
+ unset($fields['lastseen']);
+ }
+}
+
$table->set_fields($fields, $OUTPUT);
//$users = $manager->get_other_users($table->sort, $table->sortdirection, $table->page, $table->perpage);
View
14 enrol/users.php
@@ -183,6 +183,18 @@
'group' => get_string('groups', 'group'),
'enrol' => get_string('enrolmentinstances', 'enrol')
);
+
+// Remove hidden fields if the user has no access
+if (!has_capability('moodle/course:viewhiddenuserfields', $context)) {
+ $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
+ if (isset($hiddenfields['lastaccess'])) {
+ unset($fields['lastseen']);
+ }
+ if (isset($hiddenfields['groups'])) {
+ unset($fields['group']);
+ }
+}
+
$table->set_fields($fields, $renderer);
$canassign = has_capability('moodle/role:assign', $manager->get_context());
@@ -202,4 +214,4 @@
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('enrolledusers', 'enrol'));
echo $renderer->render($table);
-echo $OUTPUT->footer();
+echo $OUTPUT->footer();

0 comments on commit cfaa50a

Please sign in to comment.
Something went wrong with that request. Please try again.