|
Moodle
2.2.1
http://www.collinsharper.com
|
|
Moodle
2.2.1
http://www.collinsharper.com
|
Go to the source code of this file.
| enum CAP_ALLOW |
Allow permission, overrides CAP_PREVENT defined in parent contexts
Definition at line 131 of file accesslib.php.
| enum CAP_INHERIT |
No capability change
Definition at line 129 of file accesslib.php.
| enum CAP_PREVENT |
Prevent permission, overrides CAP_ALLOW defined in parent contexts
Definition at line 133 of file accesslib.php.
| enum CAP_PROHIBIT |
Prohibit permission, overrides everything in current and child contexts
Definition at line 135 of file accesslib.php.
| enum CONTEXT_BLOCK |
Block context level - one instance for each block, sticky blocks are tricky because ppl think they should be able to override them at lower contexts. Any other context level instance can be parent of block context.
Definition at line 152 of file accesslib.php.
| enum CONTEXT_COURSE |
Course context level - one instances for each course
Definition at line 144 of file accesslib.php.
| enum CONTEXT_COURSECAT |
Course category context level - one instance for each category
Definition at line 142 of file accesslib.php.
| enum CONTEXT_MODULE |
Course module context level - one instance for each course module
Definition at line 146 of file accesslib.php.
| enum CONTEXT_SYSTEM |
System context level - only one instance in every system
Definition at line 138 of file accesslib.php.
| enum CONTEXT_USER |
User context level - one instance for each user describing what others can do to user
Definition at line 140 of file accesslib.php.
| enum RISK_CONFIG |
Capability allows changes in system configuration - see http://docs.moodle.org/dev/Hardening_new_Roles_system
Definition at line 157 of file accesslib.php.
| enum RISK_DATALOSS |
capability allows mass delete of data belonging to other users - see http://docs.moodle.org/dev/Hardening_new_Roles_system
Definition at line 165 of file accesslib.php.
| enum RISK_MANAGETRUST |
Capability allow management of trusts - NOT IMPLEMENTED YET - see http://docs.moodle.org/dev/Hardening_new_Roles_system
Definition at line 155 of file accesslib.php.
| enum RISK_PERSONAL |
Capability allows access to personal user information - see http://docs.moodle.org/dev/Hardening_new_Roles_system
Definition at line 161 of file accesslib.php.
| enum RISK_SPAM |
Capability allows users to add content otehrs may see - see http://docs.moodle.org/dev/Hardening_new_Roles_system
Definition at line 163 of file accesslib.php.
| enum RISK_XSS |
Capability allows user to add scritped content - see http://docs.moodle.org/dev/Hardening_new_Roles_system
Definition at line 159 of file accesslib.php.
| enum ROLENAME_ALIAS |
rolename displays - the name as defined by a role alias
Definition at line 170 of file accesslib.php.
| enum ROLENAME_ALIAS_RAW |
rolename displays - the name as defined by a role alias, in raw form suitable for editing
Definition at line 176 of file accesslib.php.
| enum ROLENAME_BOTH |
rolename displays - Both, like this: Role alias (Original)
Definition at line 172 of file accesslib.php.
| enum ROLENAME_ORIGINAL |
rolename displays - the name as defined in the role definition
Definition at line 168 of file accesslib.php.
rolename displays - the name as defined in the role definition and the shortname in brackets
Definition at line 174 of file accesslib.php.
| enum ROLENAME_SHORT |
rolename displays - the name is simply short role name
Definition at line 178 of file accesslib.php.
Clears accesslib's private caches. ONLY BE USED BY UNIT TESTS
This method should ONLY BE USED BY UNIT TESTS. It clears all of accesslib's private caches. You need to do this before setting up test data, and also at the end of the tests.
Definition at line 213 of file accesslib.php.
| allow_assign | ( | $ | fromroleid, |
| $ | targetroleid | ||
| ) |
Creates a record in the role_allow_assign table
| int | $fromroleid | source roleid |
| int | $targetroleid | target roleid |
Definition at line 3003 of file accesslib.php.
| allow_override | ( | $ | sroleid, |
| $ | troleid | ||
| ) |
Creates a record in the role_allow_override table
| int | $sroleid | source roleid |
| int | $troleid | target roleid |
Definition at line 2987 of file accesslib.php.
| allow_switch | ( | $ | fromroleid, |
| $ | targetroleid | ||
| ) |
Creates a record in the role_allow_switch table
| int | $fromroleid | source roleid |
| int | $targetroleid | target roleid |
Definition at line 3019 of file accesslib.php.
| assign_capability | ( | $ | capability, |
| $ | permission, | ||
| $ | roleid, | ||
| $ | contextid, | ||
| $ | overwrite = false |
||
| ) |
Function to write context specific overrides, or default capabilities.
NOTE: use $context->mark_dirty() after this
| string | $capability | string name |
| int | $permission | CAP_ constants |
| int | $roleid | role id |
| int | context | $contextid | context id |
| bool | $overwrite |
Definition at line 1444 of file accesslib.php.
| assign_legacy_capabilities | ( | $ | capability, |
| $ | legacyperms | ||
| ) |
Assign the defaults found in this capability definition to roles that have the corresponding legacy capabilities assigned to them.
| string | $capability | |
| array | $legacyperms | an array in the format (example): 'guest' => CAP_PREVENT, 'student' => CAP_ALLOW, 'teacher' => CAP_ALLOW, 'editingteacher' => CAP_ALLOW, 'coursecreator' => CAP_ALLOW, 'manager' => CAP_ALLOW |
Definition at line 1275 of file accesslib.php.
| build_context_path | ( | $ | force = false | ) |
Populate context.path and context.depth where missing.
| bool | $force | force a complete rebuild of the path and depth fields, defaults to false |
Definition at line 6903 of file accesslib.php.
| can_access_course | ( | stdClass $ | course, |
| $ | user = null, |
||
| $ | withcapability = '', |
||
| $ | onlyactive = false |
||
| ) |
Returns true if the user is able to access the course.
This function is in no way, shape, or form a substitute for require_login. It should only be used in circumstances where it is not possible to call require_login such as the navigation.
This function checks many of the methods of access to a course such as the view capability, enrollments, and guest access. It also makes use of the cache generated by require_login for guest access.
The flags within the $USER object that are used here should NEVER be used outside of this function can_access_course and require_login. Doing so WILL break future versions.
| stdClass | $course | record |
| stdClass | int | null | $user | user record or id, current user if null |
| string | $withcapability | Check for this capability as well. |
| bool | $onlyactive | consider only active enrolments in enabled plugins and time restrictions |
Definition at line 2004 of file accesslib.php.
| capabilities_cleanup | ( | $ | component, |
| $ | newcapdef = null |
||
| ) |
Deletes cached capabilities that are no longer needed by the component. Also unassigns these capabilities from any roles that have them.
| string | $component | examples: 'moodle', 'mod_forum', 'block_quiz_results' |
| array | $newcapdef | array of the new capability definitions that will be compared with the cached capabilities |
Definition at line 2535 of file accesslib.php.
| cleanup_contexts | ( | ) |
Remove stale context records
Definition at line 6891 of file accesslib.php.
| component_level_changed | ( | $ | cap, |
| $ | comp, | ||
| $ | contextlevel | ||
| ) |
Aids in detecting if a new line is required when reading a new capability
This function helps admin/roles/manage.php etc to detect if a new line should be printed when we read in a new capability. Most of the time, if the 2 components are different we should print a new line, (e.g. course system->rss client) but when we are in grade, all reports/import/export capabilities should be together
| string | $cap | component string a |
| string | $comp | component string b |
| int | $contextlevel |
Definition at line 4163 of file accesslib.php.
| context_instance_preload | ( | stdClass $ | rec | ) |
Preloads context information from db record and strips the cached info. The db request has to contain both the $join and $select from context_instance_preload_sql()
| stdClass | $rec |
Definition at line 6958 of file accesslib.php.
| context_instance_preload_sql | ( | $ | joinon, |
| $ | contextlevel, | ||
| $ | tablealias | ||
| ) |
Preloads context information together with instances. Use context_instance_preload() to strip the context info from the record and cache the context instance.
| string | $joinon | for example 'u.id' |
| string | $contextlevel | context level of instance in $joinon |
| string | $tablealias | context table alias |
Definition at line 6944 of file accesslib.php.
| context_moved | ( | context $ | context, |
| context $ | newparent | ||
| ) |
Update the path field of the context and all dep. subcontexts that follow
Update the path field of the context and all the dependent subcontexts that follow the move.
The most important thing here is to be as DB efficient as possible. This op can have a massive impact in the DB.
| context | $context | context obj |
| context | $newparent | new parent obj |
Definition at line 7011 of file accesslib.php.
| count_enrolled_users | ( | context $ | context, |
| $ | withcapability = '', |
||
| $ | groupid = 0 |
||
| ) |
Counts list of users enrolled into course (as per above function)
| context | $context | |
| string | $withcapability | |
| int | $groupid | 0 means ignore groups, any other value limits the result by group id |
Definition at line 2303 of file accesslib.php.
| count_role_users | ( | $ | roleid, |
| context $ | context, | ||
| $ | parent = false |
||
| ) |
Counts all the users assigned this role in this context or higher
| int | array | $roleid | either int or an array of ints |
| context | $context | |
| bool | $parent | if true, get list of users assigned in higher context too |
Definition at line 3790 of file accesslib.php.
| create_contexts | ( | $ | contextlevel = null, |
| $ | buildpaths = true |
||
| ) |
Precreates all contexts including all parents
| int | $contextlevel | empty means all |
| bool | $buildpaths | update paths and depths |
Definition at line 6881 of file accesslib.php.
| create_role | ( | $ | name, |
| $ | shortname, | ||
| $ | description, | ||
| $ | archetype = '' |
||
| ) |
Function that creates a role
| string | $name | role name |
| string | $shortname | role short name |
| string | $description | role description |
| string | $archetype |
Definition at line 1370 of file accesslib.php.
| delete_context | ( | $ | contextlevel, |
| $ | instanceid, | ||
| $ | deleterecord = true |
||
| ) |
Remove a context record and any dependent entries, removes context from static context cache too
| int | $contextlevel | |
| int | $instanceid | |
| bool | $deleterecord | false means keep record for now |
Definition at line 7025 of file accesslib.php.
| delete_role | ( | $ | roleid | ) |
Function that deletes a role and cleanups up after it
| int | $roleid | id of role to delete |
Definition at line 1406 of file accesslib.php.
| fetch_context_capabilities | ( | context $ | context | ) |
Extracts the relevant capabilities given a contextid. All case based, example an instance of forum context. Will fetch all forum related capabilities, while course contexts Will fetch all capabilities
capabilities `name` varchar(150) NOT NULL, `captype` varchar(50) NOT NULL, `contextlevel` int(10) NOT NULL, `component` varchar(100) NOT NULL,
| context | $context |
Definition at line 7146 of file accesslib.php.
| fix_role_sortorder | ( | $ | allroles | ) |
Fix the roles.sortorder field in the database, so it contains sequential integers, and return an array of roleids in order.
| array | $allroles | array of roles, as returned by get_all_roles(); |
Definition at line 4195 of file accesslib.php.
| get_all_risks | ( | ) |
Returns an array of all the known types of risk The array keys can be used, for example as CSS class names, or in calls to print_risk_icon. The values are the corresponding RISK_ constants.
Definition at line 2569 of file accesslib.php.
| get_all_roles | ( | ) |
Returns all site roles in correct sort order.
Definition at line 2920 of file accesslib.php.
| get_archetype_roles | ( | $ | archetype | ) |
Returns roles of a specified archetype
| string | $archetype |
Definition at line 2931 of file accesslib.php.
| get_assignable_roles | ( | context $ | context, |
| $ | rolenamedisplay = ROLENAME_ALIAS, |
||
| $ | withusercounts = false, |
||
| $ | user = null |
||
| ) |
Gets a list of roles that this user can assign in this context
| context | $context | the context. |
| int | $rolenamedisplay | the type of role name to display. One of the ROLENAME_X constants. Default ROLENAME_ALIAS. |
| bool | $withusercounts | if true, count the number of users with each role. |
| integer | object | $user | A user id or object. By default (null) checks the permissions of the current user. |
Definition at line 3040 of file accesslib.php.
| get_cached_capabilities | ( | $ | component = 'moodle' | ) |
Gets the capabilities that have been cached in the database for this component.
| string | $component | - examples: 'moodle', 'mod_forum' |
Definition at line 2347 of file accesslib.php.
| get_capabilities_from_role_on_context | ( | $ | role, |
| context $ | context | ||
| ) |
Get all capabilities for this role on this context (overrides)
| stdClass | $role | |
| context | $context |
Definition at line 4001 of file accesslib.php.
| get_capability_docs_link | ( | $ | capability | ) |
Return a link to moodle docs for a given capability name
| object | $capability | a capability - a row from the mdl_capabilities table. |
Definition at line 2586 of file accesslib.php.
| get_capability_info | ( | $ | capabilityname | ) |
Returns capability information (cached)
| string | $capabilityname |
Definition at line 2676 of file accesslib.php.
| get_capability_string | ( | $ | capabilityname | ) |
Returns the human-readable, translated version of the capability. Basically a big switch statement.
| string | $capabilityname | e.g. mod/choice:readresponses |
Definition at line 2703 of file accesslib.php.
| get_child_contexts | ( | context $ | context | ) |
Recursive function which, given a context, find all its children context ids.
For course category contexts it will return immediate children only categories and courses. It will NOT recurse into courses or child categories. If you want to do that, call it on the returned courses/categories.
When called for a course context, it will return the modules and blocks displayed in the course page.
If called on a user/course/module context it _will_ populate the cache with the appropriate contexts ;-)
| context | $context,. |
Definition at line 6869 of file accesslib.php.
| get_component_string | ( | $ | component, |
| $ | contextlevel | ||
| ) |
This gets the mod/block/course/core etc strings.
| string | $component | |
| int | $contextlevel |
Definition at line 2740 of file accesslib.php.
| get_context_info_array | ( | $ | contextid | ) |
Returns context instance plus related course and cm instances
| int | $contextid |
Definition at line 1333 of file accesslib.php.
| get_context_instance | ( | $ | contextlevel, |
| $ | instance = 0, |
||
| $ | strictness = IGNORE_MISSING |
||
| ) |
Get the context instance as an object. This function will create the context instance if it does not exist yet.
| integer | $contextlevel | The context level, for example CONTEXT_COURSE, or CONTEXT_MODULE. |
| integer | $instance | The instance id. For $level = CONTEXT_COURSE, this would be $course->id, for $level = CONTEXT_MODULE, this would be $cm->id. And so on. Defaults to 0 |
| int | $strictness | IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found; MUST_EXIST means throw exception if no record or multiple records found |
Definition at line 6791 of file accesslib.php.
| get_context_instance_by_id | ( | $ | id, |
| $ | strictness = IGNORE_MISSING |
||
| ) |
Get a context instance as an object, from a given context id.
| int | $id | context id |
| int | $strictness | IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found; MUST_EXIST means throw exception if no record or multiple records found |
Definition at line 6818 of file accesslib.php.
| get_context_url | ( | context $ | context | ) |
Get a URL for a context, if there is a natural one. For example, for CONTEXT_COURSE, this is the course page. For CONTEXT_USER it is the user profile page.
| context | $context | the context. |
Definition at line 7072 of file accesslib.php.
| get_contextlevel_name | ( | $ | contextlevel | ) |
Returns context level name
| integer | $contextlevel | $context->context level. One of the CONTEXT_... constants. |
Definition at line 7044 of file accesslib.php.
| get_course_context | ( | context $ | context | ) |
Is this context part of any course? if yes return course context, if not return null or throw exception.
| context | $context |
Definition at line 7084 of file accesslib.php.
| get_courseid_from_context | ( | context $ | context | ) |
Returns current course id or null if outside of course based on context parameter.
| context | $context |
Definition at line 7095 of file accesslib.php.
| get_default_capabilities | ( | $ | archetype | ) |
Returns default capabilities for given role archetype.
| string | $archetype | role archetype |
Definition at line 2358 of file accesslib.php.
| get_default_contextlevels | ( | $ | rolearchetype | ) |
Returns default context levels where roles can be assigned.
| string | $rolearchetype | one of the role archetypes - that is, one of the keys from the array returned by get_role_archetypes(); |
Definition at line 3307 of file accesslib.php.
| get_default_enrol_roles | ( | context $ | context, |
| $ | addroleid = null |
||
| ) |
Create a role menu suitable for default role selection in enrol plugins.
| context | $context | |
| int | $addroleid | current or default role - always added to list |
Definition at line 3253 of file accesslib.php.
| get_enrolled_sql | ( | context $ | context, |
| $ | withcapability = '', |
||
| $ | groupid = 0, |
||
| $ | onlyactive = false |
||
| ) |
Returns array with sql code and parameters returning all ids of users enrolled into course.
This function is using 'eu[0-9]+_' prefix for table names and parameters.
| context | $context | |
| string | $withcapability | |
| int | $groupid | 0 means ignore groups, any other value limits the result by group id |
| bool | $onlyactive | consider only active enrolments in enabled plugins and time restrictions |
Definition at line 2111 of file accesslib.php.
| get_enrolled_users | ( | context $ | context, |
| $ | withcapability = '', |
||
| $ | groupid = 0, |
||
| $ | userfields = 'u.*', |
||
| $ | orderby = '', |
||
| $ | limitfrom = 0, |
||
| $ | limitnum = 0 |
||
| ) |
Returns list of users enrolled into course.
| context | $context | |
| string | $withcapability | |
| int | $groupid | 0 means ignore groups, any other value limits the result by group id |
| string | $userfields | requested user record fields |
| string | $orderby | |
| int | $limitfrom | return a subset of records, starting at this point (optional, required if $limitnum is set). |
| int | $limitnum | return a subset comprising this many records (optional, required if $limitfrom is set). |
Definition at line 2277 of file accesslib.php.
| get_guest_role | ( | ) |
Get the default guest role, this is used for guest account, search engine spiders, etc.
Definition at line 306 of file accesslib.php.
| get_local_override | ( | $ | roleid, |
| $ | contextid, | ||
| $ | capability | ||
| ) |
Get the local override (if any) for a given capability in a role in a context
| int | $roleid | |
| int | $contextid | |
| string | $capability |
Definition at line 1322 of file accesslib.php.
| get_overridable_roles | ( | context $ | context, |
| $ | rolenamedisplay = ROLENAME_ALIAS, |
||
| $ | withcounts = false |
||
| ) |
Gets a list of roles that this user can override in this context.
| context | $context | the context. |
| int | $rolenamedisplay | the type of role name to display. One of the ROLENAME_X constants. Default ROLENAME_ALIAS. |
| bool | $withcounts | if true, count the number of overrides that are set for each role. |
Definition at line 3176 of file accesslib.php.
| get_parent_contextid | ( | context $ | context | ) |
Return the id of the parent of this context, or false if there is no parent (only happens if this is the site context.)
| context | $context |
Definition at line 6844 of file accesslib.php.
| get_parent_contexts | ( | context $ | context, |
| $ | includeself = false |
||
| ) |
Recursive function which, given a context, find all parent context ids, and return the array in reverse order, i.e. parent first, then grand parent, etc.
| context | $context | |
| bool | $includeself | optional, defaults to false |
Definition at line 6832 of file accesslib.php.
| get_profile_roles | ( | context $ | context | ) |
Gets the list of roles assigned to this context and up (parents) from the list of roles that are visible on user profile page and participants page.
| context | $context |
Definition at line 2789 of file accesslib.php.
| get_related_contexts_string | ( | context $ | context | ) |
Gets a string for sql calls, searching for stuff in this context or above
NOTE: use $DB->get_in_or_equal($context->get_parent_context_ids()...
| context | $context |
Definition at line 7236 of file accesslib.php.
Returns array of all role archetypes.
Definition at line 1248 of file accesslib.php.
| get_role_context_caps | ( | $ | roleid, |
| context $ | context | ||
| ) |
This is really slow!!! do not use above course context level
| int | $roleid | |
| context | $context |
Definition at line 7191 of file accesslib.php.
| get_role_contextlevels | ( | $ | roleid | ) |
Return context levels where this role is assignable.
| integer | $roleid | the id of a role. |
Definition at line 3280 of file accesslib.php.
| get_role_names_with_caps_in_context | ( | $ | context, |
| $ | capabilities | ||
| ) |
Returns an array of role names that have ALL of the the supplied capabilities Uses get_roles_with_caps_in_context(). Returns $allowed minus $forbidden
| object | $context | |
| array | $capabilities | An array of capabilities |
Definition at line 4356 of file accesslib.php.
| get_role_users | ( | $ | roleid, |
| context $ | context, | ||
| $ | parent = false, |
||
| $ | fields = '', |
||
| $ | sort = 'u.lastname, |
||
| u.firstname' | , | ||
| $ | gethidden_ignored = null, |
||
| $ | group = '', |
||
| $ | limitfrom = '', |
||
| $ | limitnum = '', |
||
| $ | extrawheretest = '', |
||
| $ | whereparams = array() |
||
| ) |
Gets all the users assigned this role in this context or higher
| int | $roleid | (can also be an array of ints!) |
| context | $context | |
| bool | $parent | if true, get list of users assigned in higher context too |
| string | $fields | fields from user (u.) , role assignment (ra) or role (r.) |
| string | $sort | sort from user (u.) , role assignment (ra) or role (r.) |
| bool | $gethidden_ignored | use enrolments instead |
| string | $group | defaults to '' |
| mixed | $limitfrom | defaults to '' |
| mixed | $limitnum | defaults to '' |
| string | $extrawheretest | defaults to '' |
| string | array | $whereparams | defaults to '' |
Definition at line 3723 of file accesslib.php.
| get_roles_for_contextlevels | ( | $ | contextlevel | ) |
Return roles suitable for assignment at the specified context level.
NOTE: this function name looks like a typo, should be probably get_roles_for_contextlevel()
| integer | $contextlevel | a contextlevel. |
Definition at line 3294 of file accesslib.php.
| get_roles_on_exact_context | ( | context $ | context | ) |
This function finds the roles assigned directly to this context only i.e. no roles in parent contexts
| context | $context |
Definition at line 3891 of file accesslib.php.
| get_roles_used_in_context | ( | context $ | context | ) |
Gets the list of roles assigned to this context and up (parents)
| context | $context |
Definition at line 2816 of file accesslib.php.
| get_roles_with_assignment_on_context | ( | context $ | context | ) |
Find out which roles has assignment on this context
| context | $context |
Definition at line 4017 of file accesslib.php.
| get_roles_with_cap_in_context | ( | $ | context, |
| $ | capability | ||
| ) |
Returns two lists, this can be used to find out if user has capability. Having any needed role and no forbidden role in this context means user has this capability in this context. Use get_role_names_with_cap_in_context() if you need role names to display in the UI
| object | $context | |
| string | $capability |
Definition at line 4262 of file accesslib.php.
| get_roles_with_capability | ( | $ | capability, |
| $ | permission = null, |
||
| $ | context = null |
||
| ) |
Get the roles that have a given capability assigned to it
This function does not resolve the actual permission of the capability. It just checks for permissions and overrides. Use get_roles_with_cap_in_context() if resolution is required.
| string | $capability | - capability name (string) |
| string | $permission | - optional, the permission defined for this capability either CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT. Defaults to null which means any. |
| stdClass | $context,null | means any |
Definition at line 1523 of file accesslib.php.
| get_roles_with_caps_in_context | ( | $ | context, |
| $ | capabilities | ||
| ) |
Returns an array of role IDs that have ALL of the the supplied capabilities Uses get_roles_with_cap_in_context(). Returns $allowed minus $forbidden
| object | $context | |
| array | $capabilities | An array of capabilities |
Definition at line 4321 of file accesslib.php.
| get_roles_with_override_on_context | ( | context $ | context | ) |
Get any role that has an override on exact context
| context | $context | The context to check |
Definition at line 3985 of file accesslib.php.
| get_sorted_contexts | ( | $ | select, |
| $ | params = array() |
||
| ) |
Runs get_records select on context table and returns the result Does get_records_select on the context table, and returns the results ordered by contextlevel, and then the natural sort order within each level. for the purpose of $select, you need to know that the context table has been aliased to ctx, so for example, you can call get_sorted_contexts('ctx.depth = 3');
| string | $select | the contents of the WHERE clause. Remember to do ctx.fieldname. |
| array | $params | any parameters required by $select. |
Definition at line 7162 of file accesslib.php.
| get_switchable_roles | ( | context $ | context | ) |
Gets a list of roles that this user can switch to in a context
Gets a list of roles that this user can switch to in a context, for the switchrole menu. This function just process the contents of the role_allow_switch table. You also need to test the moodle/role:switchroles to see if the user is allowed to switch in the first place.
| context | $context | a context. |
Definition at line 3133 of file accesslib.php.
| get_system_context | ( | $ | cache = true | ) |
Returns system context or null if can not be created yet.
| bool | $cache | use caching |
Definition at line 6775 of file accesslib.php.
| get_user_capability_course | ( | $ | capability, |
| $ | userid = null, |
||
| $ | doanything = true, |
||
| $ | fieldsexceptid = '', |
||
| $ | orderby = '' |
||
| ) |
This function gets the list of courses that this user has a particular capability in. It is still not very efficient.
| string | $capability | Capability in question |
| int | $userid | User ID or null for current user |
| bool | $doanything | True if 'doanything' is permitted (default) |
| string | $fieldsexceptid | Leave blank if you only need 'id' in the course records; otherwise use a comma-separated list of the fields you require, not including id |
| string | $orderby | If set, use a comma-separated list of fields from course table with sql modifiers (DESC) if needed |
Definition at line 3836 of file accesslib.php.
| get_user_courses_bycap | ( | $ | userid, |
| $ | cap, | ||
| $ | accessdata_ignored, | ||
| $ | doanything_ignored, | ||
| $ | sort = 'c.sortorder ASC', |
||
| $ | fields = null, |
||
| $ | limit_ignored = 0 |
||
| ) |
Get an array of courses where cap requested is available and user is enrolled, this can be relatively slow.
| int | $userid | A user id. By default (null) checks the permissions of the current user. |
| string | $cap | - name of the capability |
| array | $accessdata_ignored | |
| bool | $doanything_ignored | |
| string | $sort | - sorting fields - prefix each fieldname with "c." |
| array | $fields | - additional fields you are interested in... |
| int | $limit_ignored |
Definition at line 7117 of file accesslib.php.
| get_user_roles | ( | context $ | context, |
| $ | userid = 0, |
||
| $ | checkparentcontexts = true, |
||
| $ | order = 'c.contextlevel DESC, |
||
| r.sortorder ASC' | |||
| ) |
Gets all the user roles assigned in this context, or higher contexts this is mainly used when checking if a user can assign a role, or overriding a role i.e. we need to know what this user holds, in order to verify against allow_assign and allow_override tables
| context | $context | |
| int | $userid | |
| bool | $checkparentcontexts | defaults to true |
| string | $order | defaults to 'c.contextlevel DESC, r.sortorder ASC' |
Definition at line 2948 of file accesslib.php.
| get_user_roles_in_course | ( | $ | userid, |
| $ | courseid | ||
| ) |
This function is used to print roles column in user profile page. It is using the CFG->profileroles to limit the list to only interesting roles. (The permission tab has full details of user role assignments.)
| int | $userid | |
| int | $courseid |
Definition at line 2839 of file accesslib.php.
| get_users_by_capability | ( | context $ | context, |
| $ | capability, | ||
| $ | fields = '', |
||
| $ | sort = '', |
||
| $ | limitfrom = '', |
||
| $ | limitnum = '', |
||
| $ | groups = '', |
||
| $ | exceptions = '', |
||
| $ | doanything_ignored = null, |
||
| $ | view_ignored = null, |
||
| $ | useviewallgroups = false |
||
| ) |
Who has this capability in this context?
This can be a very expensive call - use sparingly and keep the results if you are going to need them again soon.
Note if $fields is empty this function attempts to get u.* which can get rather large - and has a serious perf impact on some DBs.
| context | $context | |
| string | array | $capability | - capability name(s) |
| string | $fields | - fields to be pulled. The user table is aliased to 'u'. u.id MUST be included. |
| string | $sort | - the sort order. Default is lastaccess time. |
| mixed | $limitfrom | - number of records to skip (offset) |
| mixed | $limitnum | - number of records to fetch |
| string | array | $groups | - single group or array of groups - only return users who are in one of these group(s). |
| string | array | $exceptions | - list of users to exclude, comma separated or array |
| bool | $doanything_ignored | not used any more, admin accounts are never returned |
| bool | $view_ignored | - use get_enrolled_sql() instead |
| bool | $useviewallgroups | if $groups is set the return users who have capability both $capability and moodle/site:accessallgroups in this context, as well as users who have $capability and who are in $groups. |
***** Set up default fields ******
Set up default sort
We never return deleted users or guest account.
Groups
User exceptions
Ok, let's get the users!
Definition at line 3373 of file accesslib.php.
| get_users_from_role_on_context | ( | $ | role, |
| context $ | context | ||
| ) |
Find all user assignment of users for this role, on this context
| stdClass | $role | |
| context | $context |
Definition at line 4033 of file accesslib.php.
| has_all_capabilities | ( | array $ | capabilities, |
| context $ | context, | ||
| $ | userid = null, |
||
| $ | doanything = true |
||
| ) |
Check if the user has all the capabilities in a list.
This is just a utility method that calls has_capability in a loop. Try to put the capabilities that fewest users are likely to have first in the list for best performance.
| array | $capabilities | an array of capability names. |
| context | $context | the context to check the capability in. You normally get this with get_context_instance. |
| integer | $userid | A user id. By default (null) checks the permissions of the current user. |
| boolean | $doanything | If false, ignore effect of admin role assignment |
Definition at line 515 of file accesslib.php.
| has_any_capability | ( | array $ | capabilities, |
| context $ | context, | ||
| $ | userid = null, |
||
| $ | doanything = true |
||
| ) |
Check if the user has any one of several capabilities from a list.
This is just a utility method that calls has_capability in a loop. Try to put the capabilities that most users are likely to have first in the list for best performance.
| array | $capabilities | an array of capability names. |
| context | $context | the context to check the capability in. You normally get this with get_context_instance. |
| integer | $userid | A user id. By default (null) checks the permissions of the current user. |
| boolean | $doanything | If false, ignore effect of admin role assignment |
Definition at line 492 of file accesslib.php.
| has_capability | ( | $ | capability, |
| context $ | context, | ||
| $ | user = null, |
||
| $ | doanything = true |
||
| ) |
Check whether a user has a particular capability in a given context.
For example: $context = get_context_instance(CONTEXT_MODULE, $cm->id); has_capability('mod/forum:replypost',$context)
By default checks the capabilities of the current user, but you can pass a different userid. By default will return true for admin users, but you can override that with the fourth argument.
Guest and not-logged-in users can never get any dangerous capability - that is any write capability or capabilities with XSS, config or data loss risks.
| string | $capability | the name of the capability to check. For example mod/forum:view |
| context | $context | the context to check the capability in. You normally get this with get_context_instance. |
| integer | object | $user | A user id or object. By default (null) checks the permissions of the current user. |
| boolean | $doanything | If false, ignores effect of admin role assignment |
Definition at line 348 of file accesslib.php.
| has_coursecontact_role | ( | $ | userid | ) |
Returns true if user has at least one role assign of 'coursecontact' role (is potentially listed in some course descriptions).
| int | $userid |
Definition at line 560 of file accesslib.php.
| is_enrolled | ( | context $ | context, |
| $ | user = null, |
||
| $ | withcapability = '', |
||
| $ | onlyactive = false |
||
| ) |
Returns true if user is enrolled (is participating) in course this is intended for students and teachers.
Since 2.2 the result for active enrolments and current user are cached.
| context | $context | |
| int | stdClass | $user,if | null $USER is used, otherwise user object or id expected |
| string | $withcapability | extra capability name |
| bool | $onlyactive | consider only active enrolments in enabled plugins and time restrictions |
Definition at line 1909 of file accesslib.php.
Does user have a (temporary or real) guest access to course?
| context | $context | |
| stdClass | int | $user |
Definition at line 1835 of file accesslib.php.
| is_inside_frontpage | ( | context $ | context | ) |
Check if context is the front page context or a context inside it
Returns true if this context is the front page context, or a context inside it, otherwise false.
| context | $context | a context object. |
Definition at line 2665 of file accesslib.php.
| is_role_switched | ( | $ | courseid | ) |
Checks if the user has switched roles within the given course.
Note: You can only switch roles within the course, hence it takes a courseid rather than a context. On that note Petr volunteered to implement this across all other contexts, all requests for this should be forwarded to him ;)
| int | $courseid | The id of the course to check |
Definition at line 3973 of file accesslib.php.
| is_safe_capability | ( | $ | capability | ) |
Verify capability risks.
| object | $capability | a capability - a row from the capabilities table. |
Definition at line 1310 of file accesslib.php.
| is_siteadmin | ( | $ | user_or_id = null | ) |
Check if the user is an admin at the site level.
Please note that use of proper capabilities is always encouraged, this function is supposed to be used from core or for temporary hacks.
| int | stdClass | $user_or_id | user id or user object |
Definition at line 533 of file accesslib.php.
| is_viewing | ( | context $ | context, |
| $ | user = null, |
||
| $ | withcapability = '' |
||
| ) |
Returns true if the user has moodle/course:view capability in the course, this is intended for admins, managers (aka small admins), inspectors, etc.
| context | $context | |
| int | stdClass | $user,if | null $USER is used |
| string | $withcapability | extra capability name |
Definition at line 1875 of file accesslib.php.
| isguestuser | ( | $ | user = null | ) |
Determines if a user is logged in as real guest user with username 'guest'.
| int | object | $user | mixed user object or id, $USER if not specified |
Definition at line 1794 of file accesslib.php.
| isloggedin | ( | ) |
Determines if a user is currently logged in
Definition at line 1782 of file accesslib.php.
| load_capability_def | ( | $ | component | ) |
Loads the capability definitions for the component (from file).
Loads the capability definitions for the component (from file). If no capabilities are defined for the component, we simply return an empty array.
| string | $component | full plugin name, examples: 'moodle', 'mod_forum' |
Definition at line 2324 of file accesslib.php.
| load_temp_course_role | ( | context_course $ | coursecontext, |
| $ | roleid | ||
| ) |
Adds a temp role to current USER->access array.
Useful for the "temporary guest" access we grant to logged-in users.
| context_course | $coursecontext | |
| int | $roleid |
Definition at line 1181 of file accesslib.php.
| load_temp_role | ( | $ | context, |
| $ | roleid, | ||
| array $ | accessdata | ||
| ) |
Not available any more, use load_temp_course_role() instead.
| stdClass | $context | |
| int | $roleid | |
| array | $accessdata |
Definition at line 6750 of file accesslib.php.
| mark_context_dirty | ( | $ | path | ) |
Mark a context as dirty (with timestamp) so as to force reloading of the context.
| string | $path | context path |
Definition at line 6968 of file accesslib.php.
| preload_course_contexts | ( | $ | courseid | ) |
Preloads all contexts relating to a course: course, modules. Block contexts are no longer loaded here. The contexts for all the blocks on the current page are now efficiently loaded by block_manager::load_blocks().
| int | $courseid | Course ID |
Definition at line 6930 of file accesslib.php.
| print_context_name | ( | context $ | context, |
| $ | withprefix = true, |
||
| $ | short = false |
||
| ) |
Prints human readable context identifier.
| context | $context | the context. |
| boolean | $withprefix | whether to prefix the name of the context with the type of context, e.g. User, Course, Forum, etc. |
| boolean | $short | whether to user the short name of the thing. Only applies to course contexts |
Definition at line 7059 of file accesslib.php.
| prohibit_is_removable | ( | $ | roleid, |
| context $ | context, | ||
| $ | capability | ||
| ) |
This function verifies the prohibit comes from this context and there are no more prohibits in parent contexts.
| int | $roleid | |
| context | $context | |
| string | $capability | name |
Definition at line 4384 of file accesslib.php.
| rebuild_contexts | ( | array $ | fixcontexts | ) |
Rebuild all related context depth and path caches
| array | $fixcontexts | array of contexts, strongtyped |
Definition at line 6914 of file accesslib.php.
| remove_temp_course_roles | ( | context_course $ | coursecontext | ) |
Removes any extra guest roles from current USER->access array.
| context_course | $coursecontext |
Definition at line 1219 of file accesslib.php.
| remove_temp_roles | ( | $ | context, |
| array $ | accessdata | ||
| ) |
Not available any more, use remove_temp_course_roles() instead.
| object | $context | |
| array | $accessdata |
Definition at line 6763 of file accesslib.php.
| require_capability | ( | $ | capability, |
| context $ | context, | ||
| $ | userid = null, |
||
| $ | doanything = true, |
||
| $ | errormessage = 'nopermissions', |
||
| $ | stringfile = '' |
||
| ) |
A convenience function that tests has_capability, and displays an error if the user does not have that capability.
NOTE before Moodle 2.0, this function attempted to make an appropriate require_login call before checking the capability. This is no longer the case. You must call require_login (or one of its variants) if you want to check the user is logged in, before you call this function.
| string | $capability | the name of the capability to check. For example mod/forum:view |
| context | $context | the context to check the capability in. You normally get this with get_context_instance. |
| int | $userid | A user id. By default (null) checks the permissions of the current user. |
| bool | $doanything | If false, ignore effect of admin role assignment |
| string | $errormessage | The error string to to user. Defaults to 'nopermissions'. |
| string | $stringfile | The language file to load the error string from. Defaults to 'error'. |
Definition at line 688 of file accesslib.php.
| reset_role_capabilities | ( | $ | roleid | ) |
Reset role capabilities to default according to selected role archetype. If no archetype selected, removes all capabilities.
| int | $roleid |
Definition at line 2400 of file accesslib.php.
| role_assign | ( | $ | roleid, |
| $ | userid, | ||
| $ | contextid, | ||
| $ | component = '', |
||
| $ | itemid = 0, |
||
| $ | timemodified = '' |
||
| ) |
This function makes a role-assignment (a role for a user in a particular context)
| int | $roleid | the role of the id |
| int | $userid | userid |
| int | context | $contextid | id of the context |
| string | $component | example 'enrol_ldap', defaults to '' which means manual assignment, |
| int | $itemid | id of enrolment/auth plugin |
| string | $timemodified | defaults to current time |
Definition at line 1566 of file accesslib.php.
| role_cap_duplicate | ( | $ | sourcerole, |
| $ | targetrole | ||
| ) |
Duplicates all the base definitions of a role
| object | $sourcerole | role to copy from |
| int | $targetrole | id of role to copy to |
Definition at line 4236 of file accesslib.php.
| role_change_permission | ( | $ | roleid, |
| $ | context, | ||
| $ | capname, | ||
| $ | permission | ||
| ) |
More user friendly role permission changing, it should produce as few overrides as possible.
| int | $roleid | |
| object | $context | |
| string | $capname | capability name |
| int | $permission |
Definition at line 4420 of file accesslib.php.
| role_context_capabilities | ( | $ | roleid, |
| context $ | context, | ||
| $ | cap = '' |
||
| ) |
This function pulls out all the resolved capabilities (overrides and defaults) of a role used in capability overrides in contexts at a given context.
| context | $context | |
| int | $roleid | |
| string | $cap | capability, optional, defaults to '' |
Definition at line 2601 of file accesslib.php.
| role_fix_names | ( | $ | roleoptions, |
| context $ | context, | ||
| $ | rolenamedisplay = ROLENAME_ALIAS |
||
| ) |
Prepare list of roles for display, apply aliases and format text
| array | $roleoptions | array roleid => rolename or roleid => roleobject |
| context | $context | a context |
| int | $rolenamedisplay |
Definition at line 4100 of file accesslib.php.
| role_get_name | ( | $ | role, |
| context_course $ | coursecontext | ||
| ) |
Get role name or alias if exists and format the text.
| stdClass | $role | role object |
| context_course | $coursecontext |
Definition at line 4082 of file accesslib.php.
| role_switch | ( | $ | roleid, |
| context $ | context | ||
| ) |
Switches the current user to another role for the current session and only in the given context.
The caller *must* check
To "unswitch" pass 0 as the roleid.
This function *will* modify $USER->access - beware
| integer | $roleid | the role to switch to. |
| context | $context | the context in which to perform the switch. |
Definition at line 3917 of file accesslib.php.
| role_unassign | ( | $ | roleid, |
| $ | userid, | ||
| $ | contextid, | ||
| $ | component = '', |
||
| $ | itemid = 0 |
||
| ) |
Removes one role assignment
| int | $roleid | |
| int | $userid | |
| int | context | $contextid | |
| string | $component | |
| int | $itemid |
Definition at line 1664 of file accesslib.php.
| role_unassign_all | ( | array $ | params, |
| $ | subcontexts = false, |
||
| $ | includemanual = false |
||
| ) |
Removes multiple role assignments, parameters may contain: 'roleid', 'userid', 'contextid', 'component', 'enrolid'.
| array | $params | role assignment parameters |
| bool | $subcontexts | unassign in subcontexts too |
| bool | $includemanual | include manual role assignments too |
If the user is the current user, then do full reload of capabilities too.
If the user is the current user, then do full reload of capabilities too.
Definition at line 1693 of file accesslib.php.
| set_role_contextlevels | ( | $ | roleid, |
| array $ | contextlevels | ||
| ) |
Set the context levels at which a particular role can be assigned. Throws exceptions in case of error.
| integer | $roleid | the id of a role. |
| array | $contextlevels | the context levels at which this role should be assignable, duplicate levels are removed. |
Definition at line 3334 of file accesslib.php.
| sort_by_roleassignment_authority | ( | $ | users, |
| context $ | context, | ||
| $ | roles = array(), |
||
| $ | sortpolicy = 'locality' |
||
| ) |
Re-sort a users array based on a sorting policy
Will re-sort a $users results array (from get_users_by_capability(), usually) based on a sorting policy. This is to support the odd practice of sorting teachers by 'authority', where authority was "lowest id of the role assignment".
Will execute 1 database query. Only suitable for small numbers of users, as it uses an u.id IN() clause.
Notes about the sorting criteria.
As a default, we cannot rely on role.sortorder because then admins/coursecreators will always win. That is why the sane rule "is locality matters most", with sortorder as 2nd consideration.
If you want role.sortorder, use the 'sortorder' policy, and name explicitly what roles you want to cover. It's probably a good idea to see what roles have the capabilities you want (array_diff() them against roiles that have 'can-do-anything' to weed out admin-ish roles. Or fetch a list of roles from variables like $CFG->coursecontact .
| array | $users | Users array, keyed on userid |
| context | $context | |
| array | $roles | ids of the roles to include, optional |
| string | $sortpolicy | defaults to locality, more about |
Definition at line 3657 of file accesslib.php.
| switch_roles | ( | $ | first, |
| $ | second | ||
| ) |
Switch the sort order of two roles (used in admin/roles/manage.php).
| object | $first | The first role. Actually, only ->sortorder is used. |
| object | $second | The second role. Actually, only ->sortorder is used. |
Definition at line 4221 of file accesslib.php.
| unassign_capability | ( | $ | capability, |
| $ | roleid, | ||
| $ | contextid = null |
||
| ) |
Unassign a capability from a role.
NOTE: use $context->mark_dirty() after this
| string | $capability | the name of the capability |
| int | $roleid | the role id |
| int | context | $contextid | null means all contexts |
Definition at line 1493 of file accesslib.php.
| update_capabilities | ( | $ | component = 'moodle' | ) |
Updates the capabilities table with the component capability definitions. If no parameters are given, the function updates the core moodle capabilities.
Note that the absence of the db/access.php capabilities definition file will cause any stored capabilities for the component to be removed from the database.
| string | $component | examples: 'moodle', 'mod/forum', 'block/quiz_results' |
Definition at line 2427 of file accesslib.php.
| user_can_assign | ( | context $ | context, |
| $ | targetroleid | ||
| ) |
Checks if a user can assign users to a particular role in this context
| context | $context | |
| int | $targetroleid | - the id of the role you want to assign users to |
Definition at line 2894 of file accesslib.php.
| user_has_role_assignment | ( | $ | userid, |
| $ | roleid, | ||
| $ | contextid = 0 |
||
| ) |
Simple function returning a boolean true if user has roles in context or parent contexts, otherwise false.
| int | $userid | |
| int | $roleid | |
| int | $contextid | empty means any context |
Definition at line 4051 of file accesslib.php.
| $ACCESSLIB_PRIVATE = new stdClass() |
Definition at line 197 of file accesslib.php.
| $ACCESSLIB_PRIVATE accessdatabyuser = array() |
Definition at line 200 of file accesslib.php.
| $ACCESSLIB_PRIVATE capabilities = null |
Definition at line 202 of file accesslib.php.
| $ACCESSLIB_PRIVATE dirtycontexts = null |
Definition at line 199 of file accesslib.php.
| $ACCESSLIB_PRIVATE rolepermissions = array() |
Definition at line 201 of file accesslib.php.
1.7.6.1 
