Helper functions to implement the complex get_user_capability_course function.
More...
|
static | get_sql ($userid, $capability) |
| Gets SQL to restrict a query to contexts in which the user has a capability.
|
|
static | map_fieldnames (string $fieldsexceptid='') |
| Map fieldnames to get ready for the SQL query.
|
|
|
static | any_path_is_above ($prohibitpaths, $otherpath) |
| Test if a context path $otherpath is the same as, or underneath, any of $prohibitpaths.
|
|
static | calculate_permission_tree (array $pathroleperms) |
| Calculates a permission tree based on an array of information about role permissions.
|
|
static | create_sql ($parent) |
| Creates SQL suitable for restricting by contexts listed in the given permission tree.
|
|
static | get_capability_info_at_each_context ($userid, $capability) |
| Based on the given user's access data (roles) and system role definitions, works out an array of capability values at each relevant context for the given user and capability.
|
|
static | get_tree ($userid, $capability) |
| Gets a permission tree for the given user and capability, representing the value of that capability at different contexts across the system.
|
|
static | path_is_above ($parentpath, $otherpath) |
| Test if a context path $otherpath is the same as, or underneath, $parentpath.
|
|
static | remove_duplicate_nodes ($parent) |
| Removes duplicate nodes of a tree - where a child node has the same permission as its parent.
|
|
static | remove_negative_subtrees ($root) |
| Given a permission tree (in calculate_permission_tree format), removes any subtrees that are negative from the root.
|
|
Helper functions to implement the complex get_user_capability_course function.
- Copyright
- 2017 The Open University
- License
- http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
◆ any_path_is_above()
static core\access\get_user_capability_course_helper::any_path_is_above |
( |
| $prohibitpaths, |
|
|
| $otherpath ) |
|
staticprotected |
Test if a context path $otherpath is the same as, or underneath, any of $prohibitpaths.
- Parameters
-
array | $prohibitpaths | array keys are context paths. |
string | $otherpath | the path of another context. |
- Return values
-
int | releavant $roleid if $otherpath is underneath (or equal to) any of the $prohibitpaths, 0 otherwise (so, can be used as a bool). |
◆ calculate_permission_tree()
static core\access\get_user_capability_course_helper::calculate_permission_tree |
( |
array | $pathroleperms | ) |
|
|
staticprotected |
Calculates a permission tree based on an array of information about role permissions.
The input parameter must be in the format returned by get_capability_info_at_each_context.
The output is the root of a tree of stdClass objects with the fields 'path' (a context path), 'allow' (true or false), and 'children' (an array of similar objects).
- Parameters
-
array | $pathroleperms | Array of permissions |
- Return values
-
stdClass | Root object of permission tree |
◆ create_sql()
static core\access\get_user_capability_course_helper::create_sql |
( |
| $parent | ) |
|
|
staticprotected |
Creates SQL suitable for restricting by contexts listed in the given permission tree.
This function relies on the permission tree being in the format created by get_tree. Specifically, all the children of the root element must be set to 'allow' permission, children of those children must be 'not allow', children of those grandchildren 'allow', etc.
- Parameters
-
stdClass | $parent | Root node of permission tree |
- Return values
-
array | Two-element array of SQL (containing ? placeholders) and then a params array |
◆ get_capability_info_at_each_context()
static core\access\get_user_capability_course_helper::get_capability_info_at_each_context |
( |
| $userid, |
|
|
| $capability ) |
|
staticprotected |
Based on the given user's access data (roles) and system role definitions, works out an array of capability values at each relevant context for the given user and capability.
This is organised by the effective context path (the one at which the capability takes effect) and then by role id. Note, however, that the resulting array only has the information that will be needed later. If there are Prohibits present in some roles, then they cannot be overridden by other roles or role overrides in lower contexts, therefore, such information, if any, is absent from the results.
- Parameters
-
int | $userid | User id |
string | $capability | Capability e.g. 'moodle/course:view' |
- Return values
-
array | Array of capability constants, indexed by context path and role id |
◆ get_sql()
static core\access\get_user_capability_course_helper::get_sql |
( |
| $userid, |
|
|
| $capability ) |
|
static |
Gets SQL to restrict a query to contexts in which the user has a capability.
This returns an array with two elements (SQL containing ? placeholders, and a params array). The SQL is intended to be used as part of a WHERE clause. It relies on the prefix 'x' being used for the Moodle context table.
If the user does not have the permission anywhere at all (so that there is no point doing the query) then the two returned values will both be false.
- Parameters
-
int | $userid | User id |
string | $capability | Capability e.g. 'moodle/course:view' |
- Return values
-
array | Two-element array of SQL (containing ? placeholders) and then a params array |
◆ get_tree()
static core\access\get_user_capability_course_helper::get_tree |
( |
| $userid, |
|
|
| $capability ) |
|
staticprotected |
Gets a permission tree for the given user and capability, representing the value of that capability at different contexts across the system.
The tree will be simplified as far as possible.
The output is the root of a tree of stdClass objects with the fields 'path' (a context path), 'allow' (true or false), and 'children' (an array of similar objects).
- Parameters
-
int | $userid | User id |
string | $capability | Capability e.g. 'moodle/course:view' |
- Return values
-
stdClass | Root node of tree |
◆ map_fieldnames()
static core\access\get_user_capability_course_helper::map_fieldnames |
( |
string | $fieldsexceptid = '' | ) |
|
|
static |
Map fieldnames to get ready for the SQL query.
- Parameters
-
string | $fieldsexceptid | A comma-separated list of the fields you require, not including id. Add ctxid, ctxpath, ctxdepth etc to return course context information for preloading. |
- Return values
-
string | Mapped field list for the SQL query. |
◆ path_is_above()
static core\access\get_user_capability_course_helper::path_is_above |
( |
| $parentpath, |
|
|
| $otherpath ) |
|
staticprotected |
Test if a context path $otherpath is the same as, or underneath, $parentpath.
- Parameters
-
string | $parentpath | the path of the parent context. |
string | $otherpath | the path of another context. |
- Return values
-
bool | true if $otherpath is underneath (or equal to) $parentpath. |
◆ remove_duplicate_nodes()
static core\access\get_user_capability_course_helper::remove_duplicate_nodes |
( |
| $parent | ) |
|
|
staticprotected |
Removes duplicate nodes of a tree - where a child node has the same permission as its parent.
- Parameters
-
stdClass | $parent | Tree root node |
◆ remove_negative_subtrees()
static core\access\get_user_capability_course_helper::remove_negative_subtrees |
( |
| $root | ) |
|
|
staticprotected |
Given a permission tree (in calculate_permission_tree format), removes any subtrees that are negative from the root.
For example, if a top-level node of the permission tree has 'false' permission then it is meaningless because the default permission is already false; this function will remove it. However, if there is a child within that node that is positive, then that will need to be kept.
- Parameters
-
- Return values
-
stdClass | Filtered tree root |
The documentation for this class was generated from the following file:
- lib/classes/access/get_user_capability_course_helper.php