1<?php 2// This file is part of Moodle - http://moodle.org/ 3// 4// Moodle is free software: you can redistribute it and/or modify 5// it under the terms of the GNU General Public License as published by 6// the Free Software Foundation, either version 3 of the License, or 7// (at your option) any later version. 8// 9// Moodle is distributed in the hope that it will be useful, 10// but WITHOUT ANY WARRANTY; without even the implied warranty of 11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12// GNU General Public License for more details. 13// 14// You should have received a copy of the GNU General Public License 15// along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Wrapper script redirecting user operations to correct destination. 19 * 20 * @copyright 1999 Martin Dougiamas http://dougiamas.com 21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 22 * @package core_user 23 */ 24 25require_once("../config.php"); 26require_once($CFG->dirroot . '/course/lib.php'); 27 28$formaction = required_param('formaction', PARAM_LOCALURL); 29$id = required_param('id', PARAM_INT); 30 31$PAGE->set_url('/user/action_redir.php', array('formaction' => $formaction, 'id' => $id)); 32list($formaction) = explode('?', $formaction, 2); 33 34// This page now only handles the bulk enrolment change actions, other actions are done with ajax. 35$actions = array('bulkchange.php'); 36 37if (array_search($formaction, $actions) === false) { 38 print_error('unknownuseraction'); 39} 40 41if (!confirm_sesskey()) { 42 print_error('confirmsesskeybad'); 43} 44 45if ($formaction == 'bulkchange.php') { 46 // Backwards compatibility for enrolment plugins bulk change functionality. 47 // This awful code is adapting from the participant page with it's param names and values 48 // to the values expected by the bulk enrolment changes forms. 49 $formaction = required_param('formaction', PARAM_URL); 50 require_once($CFG->dirroot . '/enrol/locallib.php'); 51 52 $url = new moodle_url($formaction); 53 // Get the enrolment plugin type and bulk action from the url. 54 $plugin = $url->param('plugin'); 55 $operationname = $url->param('operation'); 56 $dataformat = $url->param('dataformat'); 57 58 $course = $DB->get_record('course', array('id' => $id), '*', MUST_EXIST); 59 $context = context_course::instance($id); 60 $PAGE->set_context($context); 61 62 $userids = optional_param_array('userid', array(), PARAM_INT); 63 $default = new moodle_url('/user/index.php', ['id' => $course->id]); 64 $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_URL)); 65 66 if (empty($userids)) { 67 $userids = optional_param_array('bulkuser', array(), PARAM_INT); 68 } 69 if (empty($userids)) { 70 // The first time list hack. 71 if (empty($userids) and $post = data_submitted()) { 72 foreach ($post as $k => $v) { 73 if (preg_match('/^user(\d+)$/', $k, $m)) { 74 $userids[] = $m[1]; 75 } 76 } 77 } 78 } 79 80 if (empty($plugin) AND $operationname == 'download_participants') { 81 // Check permissions. 82 $pagecontext = ($course->id == SITEID) ? context_system::instance() : $context; 83 if (course_can_view_participants($pagecontext)) { 84 $plugins = core_plugin_manager::instance()->get_plugins_of_type('dataformat'); 85 if (isset($plugins[$dataformat])) { 86 if ($plugins[$dataformat]->is_enabled()) { 87 if (empty($userids)) { 88 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 89 } 90 91 $columnnames = array( 92 'firstname' => get_string('firstname'), 93 'lastname' => get_string('lastname'), 94 ); 95 96 $identityfields = get_extra_user_fields($context); 97 $identityfieldsselect = ''; 98 99 foreach ($identityfields as $field) { 100 $columnnames[$field] = get_string($field); 101 $identityfieldsselect .= ', u.' . $field . ' '; 102 } 103 104 // Ensure users are enrolled in this course context, further limiting them by selected userids. 105 [$enrolledsql, $enrolledparams] = get_enrolled_sql($context); 106 [$useridsql, $useridparams] = $DB->get_in_or_equal($userids, SQL_PARAMS_NAMED, 'userid'); 107 108 $params = array_merge($enrolledparams, $useridparams); 109 110 // If user can only view their own groups then they can only export users from those groups too. 111 $groupmode = groups_get_course_groupmode($course); 112 if ($groupmode == SEPARATEGROUPS && !has_capability('moodle/site:accessallgroups', $context)) { 113 $groups = groups_get_all_groups($course->id, $USER->id, 0, 'g.id'); 114 $groupids = array_column($groups, 'id'); 115 116 [$groupmembersql, $groupmemberparams] = groups_get_members_ids_sql($groupids, $context); 117 $params = array_merge($params, $groupmemberparams); 118 119 $groupmemberjoin = "JOIN ({$groupmembersql}) jg ON jg.id = u.id"; 120 } else { 121 $groupmemberjoin = ''; 122 } 123 124 $sql = "SELECT u.firstname, u.lastname" . $identityfieldsselect . " 125 FROM {user} u 126 JOIN ({$enrolledsql}) je ON je.id = u.id 127 {$groupmemberjoin} 128 WHERE u.id {$useridsql}"; 129 130 $rs = $DB->get_recordset_sql($sql, $params); 131 132 // Provide callback to pre-process all records ensuring user identity fields are escaped if HTML supported. 133 \core\dataformat::download_data( 134 'courseid_' . $course->id . '_participants', 135 $dataformat, 136 $columnnames, 137 $rs, 138 function(stdClass $record, bool $supportshtml) use ($identityfields): stdClass { 139 if ($supportshtml) { 140 foreach ($identityfields as $identityfield) { 141 $record->{$identityfield} = s($record->{$identityfield}); 142 } 143 } 144 145 return $record; 146 } 147 ); 148 $rs->close(); 149 } 150 } 151 } 152 } else { 153 $instances = enrol_get_instances($course->id, false); 154 $instance = false; 155 foreach ($instances as $oneinstance) { 156 if ($oneinstance->enrol == $plugin) { 157 $instance = $oneinstance; 158 break; 159 } 160 } 161 if (!$instance) { 162 print_error('errorwithbulkoperation', 'enrol'); 163 } 164 165 $manager = new course_enrolment_manager($PAGE, $course, $instance->id); 166 $plugins = $manager->get_enrolment_plugins(); 167 168 if (!isset($plugins[$plugin])) { 169 print_error('errorwithbulkoperation', 'enrol'); 170 } 171 172 $plugin = $plugins[$plugin]; 173 174 $operations = $plugin->get_bulk_operations($manager); 175 176 if (!isset($operations[$operationname])) { 177 print_error('errorwithbulkoperation', 'enrol'); 178 } 179 $operation = $operations[$operationname]; 180 181 if (empty($userids)) { 182 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 183 } 184 185 $users = $manager->get_users_enrolments($userids); 186 187 $removed = array_diff($userids, array_keys($users)); 188 if (!empty($removed)) { 189 // This manager does not filter by enrolment method - so we can get the removed users details. 190 $removedmanager = new course_enrolment_manager($PAGE, $course); 191 $removedusers = $removedmanager->get_users_enrolments($removed); 192 193 foreach ($removedusers as $removeduser) { 194 $msg = get_string('userremovedfromselectiona', 'enrol', fullname($removeduser)); 195 \core\notification::warning($msg); 196 } 197 } 198 199 // We may have users from any kind of enrolment, we need to filter for the enrolment plugin matching the bulk action. 200 $matchesplugin = function($user) use ($plugin) { 201 foreach ($user->enrolments as $enrolment) { 202 if ($enrolment->enrolmentplugin->get_name() == $plugin->get_name()) { 203 return true; 204 } 205 } 206 return false; 207 }; 208 $filteredusers = array_filter($users, $matchesplugin); 209 210 if (empty($filteredusers)) { 211 redirect($returnurl, get_string('noselectedusers', 'bulkusers')); 212 } 213 214 $users = $filteredusers; 215 216 // Get the form for the bulk operation. 217 $mform = $operation->get_form($PAGE->url, array('users' => $users)); 218 // If the mform is false then attempt an immediate process. This may be an immediate action that 219 // doesn't require user input OR confirmation.... who know what but maybe one day. 220 if ($mform === false) { 221 if ($operation->process($manager, $users, new stdClass)) { 222 redirect($returnurl); 223 } else { 224 print_error('errorwithbulkoperation', 'enrol'); 225 } 226 } 227 // Check if the bulk operation has been cancelled. 228 if ($mform->is_cancelled()) { 229 redirect($returnurl); 230 } 231 if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) { 232 if ($operation->process($manager, $users, $mform->get_data())) { 233 redirect($returnurl); 234 } 235 } 236 237 $pagetitle = get_string('bulkuseroperation', 'enrol'); 238 239 $PAGE->set_title($pagetitle); 240 $PAGE->set_heading($pagetitle); 241 echo $OUTPUT->header(); 242 echo $OUTPUT->heading($operation->get_title()); 243 $mform->display(); 244 echo $OUTPUT->footer(); 245 exit(); 246 } 247} else { 248 throw new coding_exception('invalidaction'); 249} 250