Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-23219 check permissions: show relevant role-assignments.

Adding this list of role assignments should make it much easier for
admins to work out why, when the permissions shown in the check
permisisons page are now what they expect.

I thought about making the links go more directly to, for example, the
assign roles pages for each context, but because of things like
enrolments in courses that is hard. It is only two clicks to go to the
context, then click the right link in the settings block there.

I also re-orderd some of the code in check.php to try to get all the DB
code before all the output code.
  • Loading branch information...
commit d8f23e09f25c87de271f053d5668f4a44669b27f 1 parent 9a7c3d5
Tim Hunt timhunt authored
Showing with 88 additions and 5 deletions.
  1. +30 −5 admin/roles/check.php
  2. +2 −0  lang/en/role.php
  3. +56 −0 lib/accesslib.php
35 admin/roles/check.php
View
@@ -104,20 +104,45 @@
break;
}
+// Get the list of the reported-on user's role assignments - must be after
+// the page setup code above, or the language might be wrong.
+$reportuser = $userselector->get_selected_user();
+if (!is_null($reportuser)) {
+ $roleassignments = get_user_roles_with_special($context, $reportuser->id);
+ $rolenames = role_get_names($context);
+}
+
echo $OUTPUT->header();
-// These are needed early because of tabs.php
-$assignableroles = get_assignable_roles($context, ROLENAME_BOTH);
-$overridableroles = get_overridable_roles($context, ROLENAME_BOTH);
// Print heading.
echo $OUTPUT->heading($title);
// If a user has been chosen, show all the permissions for this user.
-$reportuser = $userselector->get_selected_user();
if (!is_null($reportuser)) {
echo $OUTPUT->box_start('generalbox boxaligncenter boxwidthwide');
- echo $OUTPUT->heading(get_string('permissionsforuser', 'role', fullname($reportuser)), 3);
+ if (!empty($roleassignments)) {
+ echo $OUTPUT->heading(get_string('rolesforuser', 'role', fullname($reportuser)), 3);
+ echo html_writer::start_tag('ul');
+
+ $systemcontext = context_system::instance();
+ foreach ($roleassignments as $ra) {
+ $racontext = context::instance_by_id($ra->contextid);
+ $link = html_writer::link($racontext->get_url(), $racontext->get_context_name());
+
+ $rolename = $rolenames[$ra->roleid]->localname;
+ if (has_capability('moodle/role:manage', $systemcontext)) {
+ $rolename = html_writer::link(new moodle_url('/admin/roles/define.php',
+ array('action' => 'view', 'roleid' => $ra->roleid)), $rolename);
+ }
+
+ echo html_writer::tag('li', get_string('roleincontext', 'role',
+ array('role' => $rolename, 'context' => $link)));
+ }
+ echo html_writer::end_tag('ul');
+ }
+
+ echo $OUTPUT->heading(get_string('permissionsforuser', 'role', fullname($reportuser)), 3);
$table = new check_capability_table($context, $reportuser, $contextname);
$table->display();
echo $OUTPUT->box_end();
2  lang/en/role.php
View
@@ -300,6 +300,7 @@
$string['roleassignments'] = 'Role assignments';
$string['roledefinitions'] = 'Role definitions';
$string['rolefullname'] = 'Role name';
+$string['roleincontext'] = '{$a->role} in {$a->context}';
$string['role:manage'] = 'Create and manage roles';
$string['role:override'] = 'Override permissions for others';
$string['role:review'] = 'Review permissions for others';
@@ -310,6 +311,7 @@
$string['roles_link'] = 'roles';
$string['role:safeoverride'] = 'Override safe permissions for others';
$string['roleselect'] = 'Select role';
+$string['rolesforuser'] = 'Roles for user {$a}';
$string['roleshortname'] = 'Short name';
$string['role:switchroles'] = 'Switch to other roles';
$string['roletoassign'] = 'Role to assign';
56 lib/accesslib.php
View
@@ -2982,6 +2982,53 @@ function get_user_roles(context $context, $userid = 0, $checkparentcontexts = tr
}
/**
+ * Like get_user_roles, but adds in the authenticated user role, and the front
+ * page roles, if applicable.
+ *
+ * @param context $context the context.
+ * @param int $userid optional. Defaults to $USER->id
+ * @return array of objects with fields ->userid, ->contextid and ->roleid.
+ */
+function get_user_roles_with_special(context $context, $userid = 0) {
+ global $CFG, $USER;
+
+ if (empty($userid)) {
+ if (empty($USER->id)) {
+ return array();
+ }
+ $userid = $USER->id;
+ }
+
+ $ras = get_user_roles($context, $userid);
+
+ // Add front-page role if relevant.
+ $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
+ $isfrontpage = ($context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID) ||
+ is_inside_frontpage($context);
+ if ($defaultfrontpageroleid && $isfrontpage) {
+ $frontpagecontext = context_course::instance(SITEID);
+ $ra = new stdClass();
+ $ra->userid = $userid;
+ $ra->contextid = $frontpagecontext->id;
+ $ra->roleid = $defaultfrontpageroleid;
+ $ras[] = $ra;
+ }
+
+ // Add authenticated user role if relevant.
+ $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
+ if ($defaultuserroleid && !isguestuser($userid)) {
+ $systemcontext = context_system::instance();
+ $ra = new stdClass();
+ $ra->userid = $userid;
+ $ra->contextid = $systemcontext->id;
+ $ra->roleid = $defaultuserroleid;
+ $ras[] = $ra;
+ }
+
+ return $ras;
+}
+
+/**
* Creates a record in the role_allow_override table
*
* @param int $sroleid source roleid
@@ -4094,6 +4141,15 @@ function role_get_name($role, context_course $coursecontext) {
}
/**
+ * Get all the localised role names for a context.
+ * @param context $context the context
+ * @param array of role objects with a ->localname field containing the context-specific role name.
+ */
+function role_get_names(context $context) {
+ return role_fix_names(get_all_roles(), $context);
+}
+
+/**
* Prepare list of roles for display, apply aliases and format text
*
* @param array $roleoptions array roleid => rolename or roleid => roleobject
Please sign in to comment.
Something went wrong with that request. Please try again.