roles interface: MDL-16965 make a view that explains the has_capability calculation for a given capability in a given context for a given user, like on http://docs.moodle.org/en/How_permissions_are_calculated.

2025-01-18 22:08:20 +01:00 · 2008-10-22 09:48:16 +00:00 · 2008-10-22 09:48:16 +00:00 · 98bcd9d1ff
commit 98bcd9d1ff
parent ba1891d290
2 changed files with 209 additions and 0 deletions
--- a/admin/roles/explainhascapabiltiy.php
+++ b/admin/roles/explainhascapabiltiy.php
@ -0,0 +1,172 @@
+<?php
+require(dirname(__FILE__) . '/../../config.php');
+
+// Get parameters.
+$userid = required_param('user', PARAM_INTEGER); // We use 0 here to mean not-logged-in.
+$contextid = required_param('contextid', PARAM_INTEGER);
+$capability = required_param('capability', PARAM_CAPABILITY);
+
+// Get the context and its parents.
+$context = get_context_instance_by_id($contextid);
+if (!$context) {
+    print_error('unknowncontext');
+}
+$contextids = get_parent_contexts($context);
+array_unshift($contextids, $context->id);
+$contexts = array();
+foreach ($contextids as $contextid) {
+    $contexts[$contextid] = get_context_instance_by_id($contextid);
+    $contexts[$contextid]->name = print_context_name($contexts[$contextid], true, true);
+}
+
+// Validate the user id.
+if ($userid) {
+    $user = $DB->get_record('user', array('id' => $userid));
+    if (!$user) {
+        print_error('nosuchuser');
+    }
+} else {
+    $frontpagecontext = get_context_instance(CONTEXT_COURSE, SITEID);
+    if (!empty($CFG->forcelogin) ||
+            ($context->contextlevel >= CONTEXT_COURSE && !in_array($frontpagecontext->id, $contextids))) {
+        print_error('cannotgetherewithoutloggingin', 'role');
+    }
+}
+
+// Check access permissions.
+require_login();
+if (!has_any_capability(array('moodle/role:assign', 'moodle/role:safeoverride',
+        'moodle/role:override', 'moodle/role:assign'), $context)) {
+    print_error('nopermissions', '', get_string('explainpermissions'));
+}
+
+// This duplicates code in load_all_capabilities and has_capability.
+$systempath = '/' . SYSCONTEXTID;
+if ($userid == 0) {
+    if (!empty($CFG->notloggedinroleid)) {
+        $accessdata = get_role_access($CFG->notloggedinroleid);
+        $accessdata['ra'][$systempath] = array($CFG->notloggedinroleid);
+    } else {
+        $accessdata = array();
+        $accessdata['ra'] = array();
+        $accessdata['rdef'] = array();
+        $accessdata['loaded'] = array();
+    }
+} else if (isguestuser($user)) {
+    $guestrole = get_guest_role();
+    $accessdata = get_role_access($guestrole->id);
+    $accessdata['ra'][$systempath] = array($guestrole->id);
+} else {
+    load_user_accessdata($userid);
+    $accessdata = $ACCESS[$userid];
+}
+if ($context->contextlevel > CONTEXT_COURSE && !path_inaccessdata($context->path, $accessdata)) {
+    load_subcontext($userid, $context, $accessdata);
+}
+
+// Load the roles we need.
+$roleids = array();
+foreach ($accessdata['ra'] as $roleassignments) {
+    $roleids = array_merge($roleassignments, $roleids);
+}
+$roles = $DB->get_records_list('role', 'id', $roleids);
+$rolenames = array();
+foreach ($roles as $role) {
+    $rolenames[$role->id] = $role->name;
+}
+$rolenames = role_fix_names($rolenames, $context);
+
+// Make a fake role to simplify rendering the table below.
+$rolenames[0] = get_string('none');
+
+// Prepare some arrays of strings.
+$cssclasses = array(
+    CAP_INHERIT => 'inherit',
+    CAP_ALLOW => 'allow',
+    CAP_PREVENT => 'prevent',
+    CAP_PROHIBIT => 'prohibit',
+    '' => ''
+);
+$strperm = array(
+    CAP_INHERIT => get_string('inherit', 'role'),
+    CAP_ALLOW => get_string('allow', 'role'),
+    CAP_PREVENT => get_string('prevent', 'role'),
+    CAP_PROHIBIT => get_string('prohibit', 'role'),
+    '' => ''
+);
+
+// Start the output.
+print_header(get_string('explainpermissions', 'role'));
+print_heading(get_string('explainpermissions', 'role'));
+
+// Print a summary of what we are doing.
+$a = new stdClass;
+if ($userid) {
+    $a->fullname = fullname($user);
+} else {
+    $a->fullname = get_string('nobody');
+}
+$a->context = reset($contexts)->name;
+$a->capability = $capability;
+echo '<p>' . get_string('explainpermissionsdetails', 'role', $a) . '</p>';
+
+// Print the table header rows.
+echo '<table class="generaltable explainpermissions"><thead>';
+echo '<tr><th scope="col" rowspan="2" class="header">' . get_string('assignmentcontext', 'role') .
+        '</th><th scope="row" class="header overridecontextheader">' . get_string('overridecontext', 'role') . '</th>';
+foreach ($contexts as $con) {
+    echo '<th scope="col" rowspan="2" class="header overridecontext">' . $con->id . '</th>';
+}
+echo '</tr>';
+echo '<tr><th scope="col" class="header rolename">' . get_string('role') . '</th></tr>';
+echo '</thead><tbody>';
+
+// Now print the bulk of the table.
+foreach ($contexts as $con) {
+    if (!empty($accessdata['ra'][$con->path])) {
+        $ras = $accessdata['ra'][$con->path];
+    } else {
+        $ras = array(0);
+    }
+    $firstcell = '<th class="cell assignmentcontext" rowspan="' . count($ras) . '">' . $con->id . ' ' . $con->name . '</th>';
+    $rowclass = ' class="newcontext"';
+    foreach ($ras as $roleid) {
+        $extraclass = '';
+        if (!$roleid) {
+            $extraclass = ' noroles';
+        }
+        echo '<tr' . $rowclass . '>' . $firstcell . '<th class="cell rolename' . $extraclass . '" scope="row">' . $rolenames[$roleid] . '</th>';
+        foreach ($contexts as $ocon) {
+            if ($roleid == 0) {
+                $perm = '';
+            } else {
+                if (isset($accessdata['rdef'][$ocon->path . ':' . $roleid][$capability])) {
+                    $perm = $accessdata['rdef'][$ocon->path . ':' . $roleid][$capability];
+                } else {
+                    $perm = CAP_INHERIT;
+                }
+            }
+            if ($perm === CAP_INHERIT && $ocon->id == SYSCONTEXTID) {
+                $permission = get_string('notset', 'role');
+            } else {
+                $permission = $strperm[$perm];
+            }
+            echo '<td class="cell ' . $cssclasses[$perm] . '">' . $permission . '</td>';
+        }
+        echo '</tr>';
+        $firstcell = '';
+        $rowclass = '';
+    }
+}
+echo '</tbody></table>';
+
+// Finish the page.
+echo get_string('explainpermissionsinfo', 'role');
+if ($userid && $capability != 'moodle/site:doanything' &&
+        has_capability('moodle/site:doanything', $context, $userid) &&
+        !has_capability($capability, $context, $userid, false)) {
+    echo '<p>' . get_string('explainpermissionsdoanything', 'role', $capability) . '</p>';
+}
+close_window_button();
+print_footer('empty');
+?>
--- a/theme/standard/styles_layout.css
+++ b/theme/standard/styles_layout.css
@ -1040,6 +1040,43 @@ table.rolecap .hiddenrow {
  text-align:center;
 }

+table.explainpermissions {
+  border: 1px solid black;
+}
+table.explainpermissions .cell {
+  border-bottom: none;
+}
+table.explainpermissions th.header,
+table.explainpermissions th.cell,
+table.explainpermissions td.cell {
+  border-left: 1px solid black;
+  border-right: 1px solid black;
+}
+table.explainpermissions .newcontext .cell,
+table.explainpermissions th.header.rolename {
+    border-top: 1px solid black;
+}
+table.explainpermissions .cell.inherit,
+table.explainpermissions .cell.noroles {
+  color: grey;
+}
+table.explainpermissions th.assignmentcontext,
+table.explainpermissions th.rolename {
+  text-align: left;
+  padding-left: 0.5em;
+}
+table.explainpermissions th.overridecontextheader {
+  text-align: right;
+  padding-right: 0.5em;
+}
+table.explainpermissions .cell.prohibit {
+  font-weight: bold;
+}
+table.explainpermissions .cell {
+  padding: 0.2em 0.5em;
+  text-align: center;
+}
+
 #admin-lang .generalbox {
  text-align:center;
  margin:auto;