1 | <?php |
||
2 | /** |
||
3 | * This files contains the common functions for the permissions. |
||
4 | * |
||
5 | * A list of all the functions (in no particular order) |
||
6 | * ---------------------------------------------------- |
||
7 | * store_permissions($content,$id) |
||
8 | * get_permissions($content,$id) |
||
9 | * limited_or_full($current_permissions) |
||
10 | * |
||
11 | * @author Patrick Cool <[email protected]>, Ghent University |
||
12 | * |
||
13 | * @package chamilo.permissions |
||
14 | */ |
||
15 | |||
16 | /** |
||
17 | * This function stores the permissions in the correct table. |
||
18 | * Since Checkboxes are used we do not know which ones are unchecked. |
||
19 | * That's why we first delete them all (for the given user/group/role |
||
20 | * and afterwards we store the checked ones only. |
||
21 | * |
||
22 | * @param $content are we storing rights for a user, a group or a role (the database depends on it) |
||
23 | * @param $id the id of the user, group or role |
||
24 | * |
||
25 | * @author Patrick Cool <[email protected]>, Ghent University |
||
26 | * |
||
27 | * @version 1.0 |
||
28 | */ |
||
29 | function store_permissions($content, $id) |
||
30 | { |
||
31 | $course_id = api_get_course_int_id(); |
||
32 | |||
33 | // Which database are we using (depending on the $content parameter) |
||
34 | if ($content == 'user') { |
||
35 | $table = Database::get_course_table(TABLE_PERMISSION_USER); |
||
36 | $id_field = user_id; |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
37 | } |
||
38 | if ($content == 'group') { |
||
39 | $table = Database::get_course_table(TABLE_PERMISSION_GROUP); |
||
40 | $id_field = group_id; |
||
0 ignored issues
–
show
|
|||
41 | } |
||
42 | if ($content == 'role') { |
||
43 | $table = Database::get_course_table(TABLE_ROLE_PERMISSION); |
||
44 | $id_field = role_id; |
||
0 ignored issues
–
show
|
|||
45 | } |
||
46 | |||
47 | // We first delete all the existing permissions for that user/group/role |
||
48 | $sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."'"; |
||
49 | $result = Database::query($sql); |
||
50 | |||
51 | // looping through the post values to find the permission (containing the string permission* ) |
||
52 | foreach ($_POST as $key => $value) { |
||
53 | if (strstr($key, "permission*")) { |
||
54 | list($brol, $tool, $action) = explode("*", $key); |
||
55 | $sql = "INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')"; |
||
56 | $result = Database::query($sql); |
||
57 | } |
||
58 | } |
||
59 | |||
60 | return get_lang('PermissionsStored'); |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * This function stores one permission in the correct table. |
||
65 | * |
||
66 | * @param $content are we storing rights for a user, a group or a role (the database depends on it) |
||
67 | * @param $action are we granting or revoking a permission? |
||
68 | * @param $id the id of the user, group or role |
||
69 | * @param $tool the tool |
||
70 | * @param $permission the permission the user, group or role has been granted or revoked |
||
71 | * |
||
72 | * @author Patrick Cool <[email protected]>, Ghent University |
||
73 | * |
||
74 | * @version 1.0 |
||
75 | */ |
||
76 | function store_one_permission($content, $action, $id, $tool, $permission) |
||
77 | { |
||
78 | global $rights_full; |
||
79 | $course_id = api_get_course_int_id(); |
||
80 | // for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out. |
||
81 | |||
82 | // check |
||
83 | //if(!in_array($permission, $rights_full)) |
||
84 | //{ |
||
85 | // return get_lang('Error'); |
||
86 | //} |
||
87 | |||
88 | // Which database are we using (depending on the $content parameter) |
||
89 | |||
90 | if ($content == 'user') { |
||
91 | $table = Database::get_course_table(TABLE_PERMISSION_USER); |
||
92 | $id_field = user_id; |
||
0 ignored issues
–
show
|
|||
93 | } |
||
94 | if ($content == 'group') { |
||
95 | $table = Database::get_course_table(TABLE_PERMISSION_GROUP); |
||
96 | $id_field = group_id; |
||
0 ignored issues
–
show
|
|||
97 | } |
||
98 | if ($content == 'role') { |
||
99 | $table = Database::get_course_table(TABLE_ROLE_PERMISSION); |
||
100 | $id_field = role_id; |
||
0 ignored issues
–
show
|
|||
101 | } |
||
102 | |||
103 | // grating a right |
||
104 | if ($action == 'grant') { |
||
105 | $sql = "INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')"; |
||
106 | $result = Database::query($sql); |
||
107 | if ($result) { |
||
108 | $result_message = get_lang('PermissionGranted'); |
||
109 | } |
||
110 | } |
||
111 | if ($action == 'revoke') { |
||
112 | $sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'"; |
||
113 | $result = Database::query($sql); |
||
114 | if ($result) { |
||
115 | $result_message = get_lang('PermissionRevoked'); |
||
116 | } |
||
117 | } |
||
118 | |||
119 | return $result_message; |
||
120 | } |
||
121 | |||
122 | /** |
||
123 | * This function retrieves the existing permissions of a user, group or role. |
||
124 | * |
||
125 | * @param string $content are we retrieving the rights of a user, a group or a role (the database depends on it) |
||
126 | * @param int $id the id of the user, group or role |
||
127 | * |
||
128 | * @author Patrick Cool <[email protected]>, Ghent University |
||
129 | * |
||
130 | * @version 1.0 |
||
131 | */ |
||
132 | function get_permissions($content, $id) |
||
133 | { |
||
134 | $course_id = api_get_course_int_id(); |
||
135 | $currentpermissions = []; |
||
136 | // Which database are we using (depending on the $content parameter) |
||
137 | $course_id_condition = " c_id = $course_id AND "; |
||
138 | if ($content == 'user') { |
||
139 | $table = Database::get_course_table(TABLE_PERMISSION_USER); |
||
140 | $id_field = 'user_id'; |
||
141 | } elseif ($content == 'group') { |
||
142 | $table = Database::get_course_table(TABLE_PERMISSION_GROUP); |
||
143 | $id_field = 'group_id'; |
||
144 | } elseif ($content == 'role') { |
||
145 | $table = Database::get_course_table(TABLE_ROLE_PERMISSION); |
||
146 | $id_field = 'role_id'; |
||
147 | } elseif ($content == 'platform_role') { |
||
148 | $table = Database::get_main_table(TABLE_ROLE_PERMISSION); |
||
149 | $id_field = 'role_id'; |
||
150 | $course_id_condition = ''; |
||
151 | } elseif ($content == 'task') { |
||
152 | $table = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS); |
||
153 | $id_field = 'task_id'; |
||
154 | } |
||
155 | |||
156 | // finding all the permissions. We store this in a multidimensional array |
||
157 | // where the first dimension is the tool. |
||
158 | $sql = " |
||
159 | SELECT * FROM ".$table." |
||
160 | WHERE $course_id_condition ".$id_field."='".Database::escape_string($id)."'"; |
||
161 | $result = Database::query($sql); |
||
162 | |||
163 | while ($row = Database::fetch_array($result)) { |
||
164 | $currentpermissions[$row['tool']][] = $row['action']; |
||
165 | } |
||
166 | |||
167 | return $currentpermissions; |
||
168 | } |
||
169 | |||
170 | /** |
||
171 | * the array that contains the current permission a user, group or role has will now be changed depending on |
||
172 | * the Dokeos Config Setting for the permissions (limited [add, edit, delete] or full [view, add, edit, delete, move, visibility]. |
||
173 | * |
||
174 | * @author Patrick Cool <[email protected]>, Ghent University |
||
175 | * |
||
176 | * @version 1.0 |
||
177 | * |
||
178 | * @todo currently there is a setting user_permissions and group_permissions. We should merge this in one config setting. |
||
179 | */ |
||
180 | function limited_or_full($current_permissions) |
||
181 | { |
||
182 | if (api_get_setting('permissions') == 'limited') { |
||
183 | foreach ($current_permissions as $tool => $tool_rights) { |
||
184 | // we loop through the possible permissions of a tool and unset the entry if it is view |
||
185 | // if it is visibility or move we have to grant the edit right |
||
186 | foreach ($tool_rights as $key => $value) { |
||
187 | if ($value == 'View') { |
||
188 | unset($current_permissions[$tool][$key]); |
||
189 | } |
||
190 | if ($value == 'Visibility' or $value == 'Move') { |
||
191 | if (!in_array('Edit', $current_permissions[$tool])) { |
||
192 | $current_permissions[$tool][] = 'Edit'; |
||
193 | } |
||
194 | unset($current_permissions[$tool][$key]); |
||
195 | } |
||
196 | //else |
||
197 | //{ |
||
198 | // $current_permissions[$tool][]=$value; |
||
199 | //} |
||
200 | } |
||
201 | } |
||
202 | |||
203 | return $current_permissions; |
||
204 | } |
||
205 | if (api_get_setting('permissions') == 'full') { |
||
206 | return $current_permissions; |
||
207 | } |
||
208 | } |
||
209 | /** |
||
210 | * This function displays a checked or unchecked checkbox. The checkbox will be checked if the |
||
211 | * user, group or role has the permission for the given tool, unchecked if the user, group or role |
||
212 | * does not have the right. |
||
213 | * |
||
214 | * @param $permission_array the array that contains all the permissions of the user, group, role |
||
215 | * @param $tool the tool we want to check a permission for |
||
216 | * @param $permission the permission we want to check for |
||
217 | * |
||
218 | * @author Patrick Cool <[email protected]>, Ghent University |
||
219 | * |
||
220 | * @version 1.0 |
||
221 | */ |
||
222 | function display_checkbox_matrix($permission_array, $tool, $permission, $inherited_permissions = []) |
||
223 | { |
||
224 | $checked = ""; |
||
225 | if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) { |
||
226 | $checked = "checked"; |
||
227 | } |
||
228 | echo "\t\t\t<input type=\"checkbox\" name=\"permission*$tool*$permission\" $checked>\n"; |
||
229 | } |
||
230 | |||
231 | /** |
||
232 | * This function displays a checked or unchecked image. The image will be checked if the |
||
233 | * user, group or role has the permission for the given tool, unchecked if the user, group or role |
||
234 | * does not have the right. |
||
235 | * |
||
236 | * @param $permission_array the array that contains all the permissions of the user, group, role |
||
237 | * @param $tool the tool we want to check a permission for |
||
238 | * @param $permission the permission we want to check for |
||
239 | * |
||
240 | * @author Patrick Cool <[email protected]>, Ghent University |
||
241 | * |
||
242 | * @version 1.0 |
||
243 | */ |
||
244 | function display_image_matrix($permission_array, $tool, $permission, $inherited_permissions = [], $course_admin = false, $editable = true) |
||
245 | { |
||
246 | if ($course_admin) { |
||
247 | echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">"; |
||
248 | } else { |
||
249 | if (in_array($permission, $inherited_permissions[$tool])) { |
||
250 | echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">"; |
||
251 | } else { |
||
252 | if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) { |
||
253 | if ($editable) { |
||
254 | $url = api_get_self(); |
||
255 | $urlparameters = ''; |
||
256 | foreach ($_GET as $key => $value) { |
||
257 | $parameter[$key] = $value; |
||
258 | } |
||
259 | $parameter['action'] = 'revoke'; |
||
260 | $parameter['permission'] = $permission; |
||
261 | $parameter['tool'] = $tool; |
||
262 | foreach ($parameter as $key => $value) { |
||
263 | $urlparameters .= $key.'='.$value.'&'; |
||
264 | } |
||
265 | $url = $url.'?'.$urlparameters; |
||
266 | |||
267 | echo "\t\t\t <a href=\"".$url."\">"; |
||
268 | } |
||
269 | echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/>"; |
||
270 | if ($editable) { |
||
271 | echo "</a>"; |
||
272 | } |
||
273 | } else { |
||
274 | if ($editable) { |
||
275 | $url = api_get_self(); |
||
276 | $urlparameters = ''; |
||
277 | foreach ($_GET as $key => $value) { |
||
278 | $parameter[$key] = $value; |
||
279 | } |
||
280 | $parameter['action'] = 'grant'; |
||
281 | $parameter['permission'] = $permission; |
||
282 | $parameter['tool'] = $tool; |
||
283 | foreach ($parameter as $key => $value) { |
||
284 | $urlparameters .= $key.'='.$value.'&'; |
||
285 | } |
||
286 | $url = $url.'?'.$urlparameters; |
||
287 | |||
288 | //echo "\t\t\t <a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=grant&permission=$permission&tool=$tool\">"; |
||
289 | echo "\t\t\t <a href=\"".$url."\">"; |
||
290 | } |
||
291 | echo "<img src=\"../img/wrong.gif\" border=\"0\"/>"; |
||
292 | if ($editable) { |
||
293 | echo "</a>"; |
||
294 | } |
||
295 | } |
||
296 | } |
||
297 | } |
||
298 | } |
||
299 | |||
300 | /** |
||
301 | * Slightly modified: Toon Keppens |
||
302 | * This function displays a checked or unchecked image. The image will be checked if the |
||
303 | * user, group or role has the permission for the given tool, unchecked if the user, group or role |
||
304 | * does not have the right. |
||
305 | * |
||
306 | * @param $permission_array the array that contains all the permissions of the user, group, role |
||
307 | * @param $tool the tool we want to check a permission for |
||
308 | * @param $permission the permission we want to check for |
||
309 | * |
||
310 | * @author Patrick Cool <[email protected]>, Ghent University |
||
311 | * |
||
312 | * @version 1.0 |
||
313 | */ |
||
314 | function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $permission, $inherited_permissions = [], $course_admin = false, $editable = true) |
||
315 | { |
||
316 | if ($course_admin) { |
||
317 | echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">"; |
||
318 | } else { |
||
319 | if (!empty($inherited_permissions) and in_array($permission, $inherited_permissions[$tool])) { |
||
320 | echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">"; |
||
321 | } else { |
||
322 | if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) { |
||
323 | if ($editable) { |
||
324 | $url = api_get_self(); |
||
325 | $urlparameters = ''; |
||
326 | foreach ($_GET as $key => $value) { |
||
327 | $parameter[$key] = $value; |
||
328 | } |
||
329 | $parameter['action'] = 'manage_rights'; |
||
330 | $parameter['do'] = 'revoke'; |
||
331 | $parameter['permission'] = $permission; |
||
332 | $parameter['tool'] = $tool; |
||
333 | $parameter['user_id'] = $user_id; |
||
334 | foreach ($parameter as $key => $value) { |
||
335 | $urlparameters .= $key.'='.$value.'&'; |
||
336 | } |
||
337 | $url = $url.'?'.$urlparameters; |
||
338 | |||
339 | echo "\t\t\t <a href=\"".$url."\">"; |
||
340 | } |
||
341 | echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/ title=\"".get_lang('UserHasPermission')."\">"; |
||
342 | if ($editable) { |
||
343 | echo "</a>"; |
||
344 | } |
||
345 | } else { |
||
346 | if ($editable) { |
||
347 | $url = api_get_self(); |
||
348 | $urlparameters = ''; |
||
349 | foreach ($_GET as $key => $value) { |
||
350 | $parameter[$key] = $value; |
||
351 | } |
||
352 | $parameter['action'] = 'manage_rights'; |
||
353 | $parameter['do'] = 'grant'; |
||
354 | $parameter['permission'] = $permission; |
||
355 | $parameter['tool'] = $tool; |
||
356 | $parameter['user_id'] = $user_id; |
||
357 | foreach ($parameter as $key => $value) { |
||
358 | $urlparameters .= $key.'='.$value.'&'; |
||
359 | } |
||
360 | $url = $url.'?'.$urlparameters; |
||
361 | |||
362 | //echo "\t\t\t <a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=grant&permission=$permission&tool=$tool\">"; |
||
363 | echo "\t\t\t <a href=\"".$url."\">"; |
||
364 | } |
||
365 | echo "<img src=\"../img/wrong.gif\" border=\"0\"/ title=\"".get_lang('UserHasPermissionNot')."\">"; |
||
366 | if ($editable) { |
||
367 | echo "</a>"; |
||
368 | } |
||
369 | } |
||
370 | } |
||
371 | } |
||
372 | } |
||
373 | |||
374 | /** |
||
375 | * This function displays a list off all the roles of the course (and those defined by the platform admin). |
||
376 | * |
||
377 | * @author Patrick Cool <[email protected]>, Ghent University |
||
378 | * |
||
379 | * @version 1.0 |
||
380 | */ |
||
381 | function display_role_list($current_course_roles, $current_platform_roles) |
||
382 | { |
||
383 | global $setting_visualisation; |
||
384 | $course_id = api_get_course_int_id(); |
||
385 | |||
386 | $coures_roles_table = Database::get_course_table(TABLE_ROLE); |
||
387 | |||
388 | // course roles |
||
389 | $sql = "SELECT * FROM $coures_roles_table WHERE c_id = $course_id "; |
||
390 | $result = Database::query($sql); |
||
391 | while ($row = Database::fetch_array($result)) { |
||
392 | if (in_array($row['role_id'], $current_course_roles)) { |
||
393 | $checked = 'checked'; |
||
394 | $image = 'checkbox_on2.gif'; |
||
395 | $action = 'revoke'; |
||
396 | } else { |
||
397 | $checked = ''; |
||
398 | $image = 'wrong.gif'; |
||
399 | $action = 'grant'; |
||
400 | } |
||
401 | if ($setting_visualisation == 'checkbox') { |
||
402 | echo "<input type=\"checkbox\" name=\"role*course*".$row['role_id']."\" $checked>"; |
||
403 | } |
||
404 | if ($setting_visualisation == 'image') { |
||
405 | echo "<a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=$action&role=".$row['role_id']."&scope=course\"><img src=\"../img/".$image."\" border=\"0\"/></a>"; |
||
406 | } |
||
407 | |||
408 | echo $row['role_name']." <a href=\"../permissions/roles.php?role_id=".$row['role_id']."&scope=course\"><img src=\"../img/edit.gif\" /></a><br />\n"; |
||
409 | echo $row['role_comment']."<br />\n"; |
||
410 | } |
||
411 | } |
||
412 | |||
413 | /** |
||
414 | * This function gets all the current roles of the user or group. |
||
415 | * |
||
416 | * @param $content are we finding the roles for a user or a group (the database depends on it) |
||
417 | * @param $id the id of the user or group |
||
418 | * |
||
419 | * @return array that contains the name of the roles the user has |
||
420 | * |
||
421 | * @todo consider having a separate table that contains only an id and a name of the role. |
||
422 | * |
||
423 | * @author Patrick Cool <[email protected]>, Ghent University |
||
424 | * |
||
425 | * @version 1.0 |
||
426 | */ |
||
427 | function get_roles($content, $id, $scope = 'course') |
||
428 | { |
||
429 | $course_id = api_get_course_int_id(); |
||
430 | if ($content == 'user') { |
||
431 | $table = Database::get_course_table(TABLE_ROLE_USER); |
||
432 | $id_field = user_id; |
||
0 ignored issues
–
show
|
|||
433 | } |
||
434 | if ($content == 'group') { |
||
435 | $table = Database::get_course_table(TABLE_ROLE_GROUP); |
||
436 | $id_field = 'group_id'; |
||
437 | } |
||
438 | $table_role = Database::get_course_table(TABLE_ROLE); |
||
439 | |||
440 | $current_roles = []; |
||
441 | //$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'"; |
||
442 | $sql = "SELECT role_id FROM $table WHERE c_id = $course_id AND $id_field = '$id' AND scope='".$scope."'"; |
||
443 | $result = Database::query($sql); |
||
444 | while ($row = Database::fetch_array($result)) { |
||
445 | $current_roles[] = $row['role_id']; |
||
446 | } |
||
447 | |||
448 | return $current_roles; |
||
449 | } |
||
450 | |||
451 | /** |
||
452 | * This function gets all the current roles of the user or group. |
||
453 | * |
||
454 | * @return array that contains the name of the roles the user has |
||
455 | * |
||
456 | * @author Patrick Cool <[email protected]>, Ghent University |
||
457 | * |
||
458 | * @version 1.0 |
||
459 | */ |
||
460 | function get_all_roles($content = 'course') |
||
461 | { |
||
462 | $course_id = api_get_course_int_id(); |
||
463 | $course_id_condition = " WHERE c_id = $course_id "; |
||
464 | |||
465 | if ($content == 'course') { |
||
466 | $table_role = Database::get_course_table(TABLE_ROLE); |
||
467 | } |
||
468 | if ($content == 'platform') { |
||
469 | $table_role = Database::get_main_table(TABLE_ROLE); |
||
470 | $course_id_condition = ''; |
||
471 | } |
||
472 | |||
473 | $current_roles = []; |
||
474 | $sql = "SELECT * FROM $table_role $course_id_condition "; |
||
475 | $result = Database::query($sql); |
||
476 | while ($row = Database::fetch_array($result)) { |
||
477 | $roles[] = $row; |
||
478 | } |
||
479 | |||
480 | return $roles; |
||
481 | } |
||
482 | |||
483 | /** |
||
484 | * This function gets all the roles that are defined. |
||
485 | * |
||
486 | * @param string $content are we finding the roles for a user or a group (the database depends on it) |
||
487 | * @param int $id the id of the user or group |
||
488 | * @param string $scope Deprecated parameter allowing use of 'platform' scope - the corresponding tables don't exist anymore so the scope is always set to 'course' |
||
489 | * |
||
490 | * @return array that contains the name of the roles the user has |
||
491 | * |
||
492 | * @todo consider having a separate table that contains only an id and a name of the role. |
||
493 | * |
||
494 | * @author Patrick Cool <[email protected]>, Ghent University |
||
495 | * |
||
496 | * @version 1.0 |
||
497 | */ |
||
498 | function get_roles_permissions($content, $id, $scope = 'course') |
||
499 | { |
||
500 | $course_id = api_get_course_int_id(); |
||
501 | if ($content == 'user') { |
||
502 | $table = Database::get_course_table(TABLE_ROLE_USER); |
||
503 | $id_field = 'user_id'; |
||
504 | } |
||
505 | |||
506 | if ($content == 'group') { |
||
507 | $table = Database::get_course_table(TABLE_ROLE_GROUP); |
||
508 | $id_field = 'group_id'; |
||
509 | } |
||
510 | |||
511 | // course roles or platform roles |
||
512 | $scope = 'course'; |
||
513 | if ($scope == 'course') { |
||
514 | $table_role = Database::get_course_table(TABLE_ROLE); |
||
515 | $table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION); |
||
516 | |||
517 | $role_condition = " role.c_id = $course_id AND role_permissions.c_id = $course_id AND "; |
||
518 | } |
||
519 | |||
520 | if ($scope == 'platform') { |
||
521 | $table_role = Database::get_main_table(TABLE_ROLE); |
||
522 | $table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION); |
||
523 | $role_condition = ''; |
||
524 | } |
||
525 | |||
526 | $sql = " |
||
527 | SELECT * |
||
528 | FROM |
||
529 | ".$table." role_group_user, |
||
530 | ".$table_role." role, |
||
531 | ".$table_role_permissions." role_permissions |
||
532 | WHERE |
||
533 | role_group_user.c_id = $course_id AND |
||
534 | $role_condition |
||
535 | role_group_user.scope = '".$scope."' AND |
||
536 | role_group_user.".$id_field." = '".$id."' AND |
||
537 | role_group_user.role_id = role.role_id AND |
||
538 | role.role_id = role_permissions.role_id"; |
||
539 | |||
540 | $result = Database::query($sql); |
||
541 | $current_role_permissions = []; |
||
542 | while ($row = Database::fetch_array($result)) { |
||
543 | $current_role_permissions[$row['tool']][] = $row['action']; |
||
544 | } |
||
545 | |||
546 | return $current_role_permissions; |
||
547 | } |
||
548 | |||
549 | /** |
||
550 | * This function is called when we assign a role to a user or a group. |
||
551 | * |
||
552 | * @param $content are we assigning a role to a group or a user |
||
553 | * @param $action we can grant a role to a group or user or revoke it |
||
554 | * @param $id the user_id of the user or the group_id of the group |
||
555 | * @param $role_id the id of the role we are giving to a user or a group |
||
556 | * |
||
557 | * @author Patrick Cool <[email protected]>, Ghent University |
||
558 | */ |
||
559 | function assign_role($content, $action, $id, $role_id, $scope = 'course') |
||
560 | { |
||
561 | $course_id = api_get_course_int_id(); |
||
562 | // Which database are we using (depending on the $content parameter) |
||
563 | if ($content == 'user') { |
||
564 | $table = Database::get_course_table(TABLE_ROLE_USER); |
||
565 | $id_field = 'user_id'; |
||
566 | } elseif ($content == 'group') { |
||
567 | $table = Database::get_course_table(TABLE_ROLE_GROUP); |
||
568 | $id_field = 'group_id'; |
||
569 | } else { |
||
570 | return get_lang('Error'); |
||
571 | } |
||
572 | |||
573 | // grating a right |
||
574 | if ($action == 'grant') { |
||
575 | $sql = "INSERT INTO $table (c_id, role_id, scope, $id_field) VALUES ($course_id, '".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')"; |
||
576 | $result = Database::query($sql); |
||
577 | if ($result) { |
||
578 | $result_message = get_lang('RoleGranted'); |
||
579 | } |
||
580 | } |
||
581 | |||
582 | if ($action == 'revoke') { |
||
583 | $sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'"; |
||
584 | $result = Database::query($sql); |
||
585 | if ($result) { |
||
586 | $result_message = get_lang('RoleRevoked'); |
||
587 | } |
||
588 | } |
||
589 | |||
590 | return $result_message; |
||
591 | } |
||
592 | |||
593 | /** |
||
594 | * This function merges permission arrays. Each permission array has the |
||
595 | * following structure |
||
596 | * a permission array has a tool contanst as a key and an array as a value. |
||
597 | * This value array consists of all the permissions that are granted in that tool. |
||
598 | */ |
||
599 | function permission_array_merge($array1, $array2) |
||
600 | { |
||
601 | foreach ($array2 as $tool => $permissions) { |
||
602 | foreach ($permissions as $permissionkey => $permissionvalue) { |
||
603 | $array1[$tool][] = $permissionvalue; |
||
604 | } |
||
605 | } |
||
606 | |||
607 | return $array1; |
||
608 | } |
||
609 | |||
610 | function my_print_r($array) |
||
611 | { |
||
612 | echo '<pre>'; |
||
613 | print_r($array); |
||
614 | echo '</pre>'; |
||
615 | } |
||
616 |