diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php
index 2909fe4319c..19bcd4b7376 100644
--- a/admin/report/security/lib.php
+++ b/admin/report/security/lib.php
@@ -992,7 +992,7 @@ function report_security_check_courserole($detailed=false) {
* @return object result
*/
function report_security_check_riskadmin($detailed=false) {
- global $DB;
+ global $DB, $CFG;
$result = new object();
$result->issue = 'report_security_check_riskadmin';
@@ -1004,7 +1004,7 @@ function report_security_check_riskadmin($detailed=false) {
$params = array('doanything'=>'moodle/site:doanything', 'syscontextid'=>SYSCONTEXTID, 'capallow'=>CAP_ALLOW);
- $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt
+ $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email
FROM {role_capabilities} rc
JOIN {role_assignments} ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid)
JOIN {user} u ON u.id = ra.userid
@@ -1014,8 +1014,10 @@ function report_security_check_riskadmin($detailed=false) {
AND rc.contextid = :syscontextid";
$admins = $DB->get_records_sql($sql, $params);
+ $admincount = count($admins);
- $sqlfrom = "FROM (SELECT rcx.*
+ $sqlunsup = "SELECT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid
+ FROM (SELECT rcx.*
FROM {role_capabilities} rcx
WHERE rcx.capability = :doanything AND rcx.permission = :capallow) rc,
{context} c,
@@ -1025,37 +1027,42 @@ function report_security_check_riskadmin($detailed=false) {
WHERE c.id = rc.contextid
AND (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").")
AND u.id = ra.userid AND u.deleted = 0
- AND ra.contextid = sc.id AND ra.roleid = rc.roleid AND ra.contextid <> :syscontextid";
+ AND ra.contextid = sc.id AND ra.roleid = rc.roleid AND ra.contextid <> :syscontextid
+ GROUP BY u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid
+ ORDER BY u.lastname, u.firstname";
- $count = $DB->count_records_sql("SELECT COUNT(DISTINCT u.id) $sqlfrom", $params);
+ $unsupcount = $DB->count_records_sql("SELECT COUNT('x') FROM ($sqlunsup) unsup", $params);
- if (!$count) {
+ if ($detailed) {
+ foreach ($admins as $uid=>$user) {
+ $url = "$CFG->wwwroot/user/view.php?id=$user->id";
+ $admins[$uid] = ''.fullname($user).' ('.$user->email.')';
+ }
+ $admins = '';
+ }
+
+ if (!$unsupcount) {
$result->status = REPORT_SECURITY_OK;
- $result->info = get_string('check_riskadmin_ok', 'report_security', count($admins));
+ $result->info = get_string('check_riskadmin_ok', 'report_security', $admincount);
if ($detailed) {
- foreach ($admins as $uid=>$user) {
- $admins[$uid] = fullname($user);
- }
- $admins = implode(', ', $admins);
$result->details = get_string('check_riskadmin_detailsok', 'report_security', $admins);
}
} else {
$result->status = REPORT_SECURITY_WARNING;
- $a = (object)array('admincount'=>count($admins), 'unsupcount'=>$count);
+ $a = (object)array('admincount'=>$admincount, 'unsupcount'=>$unsupcount);
$result->info = get_string('check_riskadmin_warning', 'report_security', $a);
if ($detailed) {
- foreach ($admins as $uid=>$user) {
- $admins[$uid] = fullname($user);
+ $rs = $DB->get_recordset_sql($sqlunsup, $params);
+ $users = array();
+ foreach ($rs as $user) {
+ $url = "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=$user->contextid&roleid=$user->roleid";
+ $users[] = ''.fullname($user).' ('.$user->email.')';
}
- $admins = implode(', ', $admins);
- $users = $DB->get_records_sql("SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt $sqlfrom", $params);
- foreach ($users as $uid=>$user) {
- $users[$uid] = fullname($user);
- }
- $users = implode(', ', $users);
+ $rs->close();
+ $users = '';
$a = (object)array('admins'=>$admins, 'unsupported'=>$users);
$result->details = get_string('check_riskadmin_detailswarning', 'report_security', $a);
}
diff --git a/lang/en_utf8/report_security.php b/lang/en_utf8/report_security.php
index b9407fe8b99..efb88b14814 100644
--- a/lang/en_utf8/report_security.php
+++ b/lang/en_utf8/report_security.php
@@ -119,9 +119,9 @@ $string['check_passwordpolicy_error'] = 'Password policy not set.';
$string['check_passwordpolicy_name'] = 'Password policy';
$string['check_passwordpolicy_ok'] = 'Password policy enabled.';
-$string['check_riskadmin_detailsok'] = 'Please verify the following list of administrators:
$a
';
-$string['check_riskadmin_detailswarning'] = 'Please verify the following list of administrators:
$a->admins
-It is recommended to assign administrator role in system context only. Following users have unsupported admin role assignments:
$a->unsupported
';
+$string['check_riskadmin_detailsok'] = 'Please verify the following list of system administrators:
$a';
+$string['check_riskadmin_detailswarning'] = 'Please verify the following list of system administrators:
$a->admins
+It is recommended to assign administrator role in system context only. Following users have unsupported admin role assignments:
$a->unsupported';
$string['check_riskadmin_name'] = 'Administrators';
$string['check_riskadmin_ok'] = 'Found $a server administrator(s).';
$string['check_riskadmin_warning'] = 'Found $a->admincount server administrators and $a->unsupcount unsupported admin role assignments.';