Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-23219 check permissions: show relevant role-assignments.

Adding this list of role assignments should make it much easier for
admins to work out why, when the permissions shown in the check
permisisons page are now what they expect.

I thought about making the links go more directly to, for example, the
assign roles pages for each context, but because of things like
enrolments in courses that is hard. It is only two clicks to go to the
context, then click the right link in the settings block there.

I also re-orderd some of the code in check.php to try to get all the DB
code before all the output code.
  • Loading branch information...
commit d8f23e09f25c87de271f053d5668f4a44669b27f 1 parent 9a7c3d5
Tim Hunt timhunt authored
35 admin/roles/check.php
@@ -104,20 +104,45 @@
104 104 break;
105 105 }
106 106
  107 +// Get the list of the reported-on user's role assignments - must be after
  108 +// the page setup code above, or the language might be wrong.
  109 +$reportuser = $userselector->get_selected_user();
  110 +if (!is_null($reportuser)) {
  111 + $roleassignments = get_user_roles_with_special($context, $reportuser->id);
  112 + $rolenames = role_get_names($context);
  113 +}
  114 +
107 115 echo $OUTPUT->header();
108   -// These are needed early because of tabs.php
109   -$assignableroles = get_assignable_roles($context, ROLENAME_BOTH);
110   -$overridableroles = get_overridable_roles($context, ROLENAME_BOTH);
111 116
112 117 // Print heading.
113 118 echo $OUTPUT->heading($title);
114 119
115 120 // If a user has been chosen, show all the permissions for this user.
116   -$reportuser = $userselector->get_selected_user();
117 121 if (!is_null($reportuser)) {
118 122 echo $OUTPUT->box_start('generalbox boxaligncenter boxwidthwide');
119   - echo $OUTPUT->heading(get_string('permissionsforuser', 'role', fullname($reportuser)), 3);
120 123
  124 + if (!empty($roleassignments)) {
  125 + echo $OUTPUT->heading(get_string('rolesforuser', 'role', fullname($reportuser)), 3);
  126 + echo html_writer::start_tag('ul');
  127 +
  128 + $systemcontext = context_system::instance();
  129 + foreach ($roleassignments as $ra) {
  130 + $racontext = context::instance_by_id($ra->contextid);
  131 + $link = html_writer::link($racontext->get_url(), $racontext->get_context_name());
  132 +
  133 + $rolename = $rolenames[$ra->roleid]->localname;
  134 + if (has_capability('moodle/role:manage', $systemcontext)) {
  135 + $rolename = html_writer::link(new moodle_url('/admin/roles/define.php',
  136 + array('action' => 'view', 'roleid' => $ra->roleid)), $rolename);
  137 + }
  138 +
  139 + echo html_writer::tag('li', get_string('roleincontext', 'role',
  140 + array('role' => $rolename, 'context' => $link)));
  141 + }
  142 + echo html_writer::end_tag('ul');
  143 + }
  144 +
  145 + echo $OUTPUT->heading(get_string('permissionsforuser', 'role', fullname($reportuser)), 3);
121 146 $table = new check_capability_table($context, $reportuser, $contextname);
122 147 $table->display();
123 148 echo $OUTPUT->box_end();
2  lang/en/role.php
@@ -300,6 +300,7 @@
300 300 $string['roleassignments'] = 'Role assignments';
301 301 $string['roledefinitions'] = 'Role definitions';
302 302 $string['rolefullname'] = 'Role name';
  303 +$string['roleincontext'] = '{$a->role} in {$a->context}';
303 304 $string['role:manage'] = 'Create and manage roles';
304 305 $string['role:override'] = 'Override permissions for others';
305 306 $string['role:review'] = 'Review permissions for others';
@@ -310,6 +311,7 @@
310 311 $string['roles_link'] = 'roles';
311 312 $string['role:safeoverride'] = 'Override safe permissions for others';
312 313 $string['roleselect'] = 'Select role';
  314 +$string['rolesforuser'] = 'Roles for user {$a}';
313 315 $string['roleshortname'] = 'Short name';
314 316 $string['role:switchroles'] = 'Switch to other roles';
315 317 $string['roletoassign'] = 'Role to assign';
56 lib/accesslib.php
@@ -2982,6 +2982,53 @@ function get_user_roles(context $context, $userid = 0, $checkparentcontexts = tr
2982 2982 }
2983 2983
2984 2984 /**
  2985 + * Like get_user_roles, but adds in the authenticated user role, and the front
  2986 + * page roles, if applicable.
  2987 + *
  2988 + * @param context $context the context.
  2989 + * @param int $userid optional. Defaults to $USER->id
  2990 + * @return array of objects with fields ->userid, ->contextid and ->roleid.
  2991 + */
  2992 +function get_user_roles_with_special(context $context, $userid = 0) {
  2993 + global $CFG, $USER;
  2994 +
  2995 + if (empty($userid)) {
  2996 + if (empty($USER->id)) {
  2997 + return array();
  2998 + }
  2999 + $userid = $USER->id;
  3000 + }
  3001 +
  3002 + $ras = get_user_roles($context, $userid);
  3003 +
  3004 + // Add front-page role if relevant.
  3005 + $defaultfrontpageroleid = isset($CFG->defaultfrontpageroleid) ? $CFG->defaultfrontpageroleid : 0;
  3006 + $isfrontpage = ($context->contextlevel == CONTEXT_COURSE && $context->instanceid == SITEID) ||
  3007 + is_inside_frontpage($context);
  3008 + if ($defaultfrontpageroleid && $isfrontpage) {
  3009 + $frontpagecontext = context_course::instance(SITEID);
  3010 + $ra = new stdClass();
  3011 + $ra->userid = $userid;
  3012 + $ra->contextid = $frontpagecontext->id;
  3013 + $ra->roleid = $defaultfrontpageroleid;
  3014 + $ras[] = $ra;
  3015 + }
  3016 +
  3017 + // Add authenticated user role if relevant.
  3018 + $defaultuserroleid = isset($CFG->defaultuserroleid) ? $CFG->defaultuserroleid : 0;
  3019 + if ($defaultuserroleid && !isguestuser($userid)) {
  3020 + $systemcontext = context_system::instance();
  3021 + $ra = new stdClass();
  3022 + $ra->userid = $userid;
  3023 + $ra->contextid = $systemcontext->id;
  3024 + $ra->roleid = $defaultuserroleid;
  3025 + $ras[] = $ra;
  3026 + }
  3027 +
  3028 + return $ras;
  3029 +}
  3030 +
  3031 +/**
2985 3032 * Creates a record in the role_allow_override table
2986 3033 *
2987 3034 * @param int $sroleid source roleid
@@ -4094,6 +4141,15 @@ function role_get_name($role, context_course $coursecontext) {
4094 4141 }
4095 4142
4096 4143 /**
  4144 + * Get all the localised role names for a context.
  4145 + * @param context $context the context
  4146 + * @param array of role objects with a ->localname field containing the context-specific role name.
  4147 + */
  4148 +function role_get_names(context $context) {
  4149 + return role_fix_names(get_all_roles(), $context);
  4150 +}
  4151 +
  4152 +/**
4097 4153 * Prepare list of roles for display, apply aliases and format text
4098 4154 *
4099 4155 * @param array $roleoptions array roleid => rolename or roleid => roleobject

0 comments on commit d8f23e0

Please sign in to comment.
Something went wrong with that request. Please try again.