Merge branch 'MDL-38763-master-amd' of git://github.com/mastnym/moodle

admin/roles/ajax.php

@@ -0,0 +1,81 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * This file processes AJAX requests and returns JSON
+ *
+ * This is a server part of yui permissions manager module
+ *
+ * @package core_role
+ * @copyright 2015 Martin Mastny
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+define('AJAX_SCRIPT', true);
+
+require(__DIR__ . '/../../config.php');
+
+$contextid = required_param('contextid', PARAM_INT);
+$getroles = optional_param('getroles', 0, PARAM_BOOL);
+
+list($context, $course, $cm) = get_context_info_array($contextid);
+
+require_login($course, false, $cm);
+require_capability('moodle/role:review', $context);
+require_sesskey();
+
+list($overridableroles, $overridecounts, $nameswithcounts) = get_overridable_roles($context,
+        ROLENAME_BOTH, true);
+
+if ($getroles) {
+    echo json_encode($overridableroles);
+    die();
+}
+
+$capability = required_param('capability', PARAM_CAPABILITY);
+$roleid = required_param('roleid', PARAM_INT);
+$action = required_param('action', PARAM_ALPHA);
+
+$capability = $DB->get_record('capabilities', array('name' => $capability), '*', MUST_EXIST);
+
+if (!isset($overridableroles[$roleid])) {
+    throw new moodle_exception('invalidarguments');
+}
+
+if (!has_capability('moodle/role:override', $context)) {
+    if (!has_capability('moodle/role:safeoverride', $context) || !is_safe_capability($capability)) {
+        require_capability('moodle/role:override', $context);
+    }
+}
+
+switch ($action) {
+    case 'allow':
+        role_change_permission($roleid, $context, $capability->name, CAP_ALLOW);
+        break;
+    case 'prevent':
+        role_change_permission($roleid, $context, $capability->name, CAP_PREVENT);
+        break;
+    case 'prohibit':
+        role_change_permission($roleid, $context, $capability->name, CAP_PROHIBIT);
+        break;
+    case 'unprohibit':
+        role_change_permission($roleid, $context, $capability->name, CAP_INHERIT);
+        break;
+    default:
+        throw new moodle_exception('invalidarguments');
+}
+
+echo json_encode($action);
+die();

admin/roles/classes/capability_table_base.php

@@ -106,18 +106,22 @@ public function display() {
             $component = $capability->component;
 
             // Start the row.
-            echo '<tr class="' . implode(' ', array_unique(array_merge(array('rolecap'),
-                    $this->get_row_classes($capability)))) . '">';
+            $rowattributes = $this->get_row_attributes($capability);
+            // Handle class attributes same as other.
+            $rowclasses = array_unique(array_merge(array('rolecap'), $this->get_row_classes($capability)));
+            if (array_key_exists('class', $rowattributes)) {
+                $rowclasses = array_unique(array_merge($rowclasses, array($rowattributes['class'])));
+            }
+            $rowattributes['class']  = implode(' ', $rowclasses);
 
             // Table cell for the capability name.
-            echo '<th scope="row" class="name"><span class="cap-desc">' . get_capability_docs_link($capability) .
+            $contents = '<th scope="row" class="name"><span class="cap-desc">' . get_capability_docs_link($capability) .
                 '<span class="cap-name">' . $capability->name . '</span></span></th>';
 
             // Add the cells specific to this table.
-            $this->add_row_cells($capability);
+            $contents .= $this->add_row_cells($capability);
 
-            // End the row.
-            echo "</tr>\n";
+            echo html_writer::tag('tr', $contents, $rowattributes);
         }
 
         // End of the table.
@@ -167,13 +171,25 @@ protected function get_row_classes($capability) {
         return array();
     }
 
+    /**
+     * For subclasses to override. Additional attributes to be added to
+     * each table row for the capability
+     *
+     * @param stdClass $capability the capability this row relates to.
+     * @return array attribute names and their values.
+     */
+    protected function get_row_attributes($capability) {
+        return array();
+    }
+
     /**
      * For subclasses to override. Output the data cells for this capability. The
      * capability name cell will already have been output.
      *
      * You can rely on get_row_classes always being called before add_row_cells.
      *
      * @param stdClass $capability the capability this row relates to.
+     * @return string html of row cells
      */
     protected abstract function add_row_cells($capability);
 }

admin/roles/classes/capability_table_with_risks.php

@@ -165,13 +165,15 @@ protected abstract function add_permission_cells($capability);
     protected function add_row_cells($capability) {
         $this->add_permission_cells($capability);
         // One cell for each possible risk.
+        $cells = '';
         foreach ($this->allrisks as $riskname => $risk) {
-            echo '<td class="risk ' . str_replace('risk', '', $riskname) . '">';
+            $cells .= '<td class="risk ' . str_replace('risk', '', $riskname) . '">';
             if ($risk & (int)$capability->riskbitmask) {
-                echo $this->get_risk_icon($riskname);
+                $cells .= $this->get_risk_icon($riskname);
             }
-            echo '</td>';
+            $cells .= '</td>';
         }
+        return $cells;
     }
 
     /**

admin/roles/classes/check_capability_table.php

@@ -79,6 +79,6 @@ protected function add_row_cells($capability) {
         $a->fullname = $this->fullname;
         $a->capability = $capability->name;
         $a->context = $this->contextname;
-        echo '<td>' . $result . '</td>';
+        return '<td>' . $result . '</td>';
     }
 }

admin/roles/classes/permissions_table.php

@@ -67,6 +67,8 @@ protected function num_extra_columns() {
 
     protected function add_row_cells($capability) {
         global $OUTPUT, $PAGE;
+        $renderer = $PAGE->get_renderer('core');
+        $adminurl = new moodle_url("/admin/");
 
         $context = $this->context;
         $contextid = $this->context->id;
@@ -75,7 +77,6 @@ protected function add_row_cells($capability) {
         $overridableroles = $this->overridableroles;
         $roles = $this->roles;
 
-
         list($needed, $forbidden) = get_roles_with_cap_in_context($context, $capability->name);
         $neededroles    = array();
         $forbiddenroles = array();
@@ -91,40 +92,50 @@ protected function add_row_cells($capability) {
 
         foreach ($roles as $id => $name) {
             if (isset($needed[$id])) {
-                $neededroles[$id] = $roles[$id];
+                $templatecontext = array("rolename" => $name, "roleid" => $id, "action" => "prevent", "spanclass" => "allowed",
+                                  "linkclass" => "preventlink", "adminurl" => $adminurl->out(), "imageurl" => "");
                 if (isset($overridableroles[$id]) and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
-                    $preventurl = new moodle_url($PAGE->url, array('contextid'=>$contextid, 'roleid'=>$id, 'capability'=>$capability->name, 'prevent'=>1));
-                    $neededroles[$id] .= $OUTPUT->action_icon($preventurl, new pix_icon('t/delete', get_string('prevent', 'core_role')));
+                    $templatecontext['imageurl'] = $renderer->pix_url('t/delete');
                 }
+                $neededroles[$id] = $renderer->render_from_template('core/permissionmanager_role', $templatecontext);
             }
         }
-        $neededroles = implode(', ', $neededroles);
+        $neededroles = implode(' ', $neededroles);
         foreach ($roles as $id => $name) {
             if (isset($forbidden[$id])  and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
-                $forbiddenroles[$id] = $roles[$id];
+                $templatecontext = array("rolename" => $name, "roleid" => $id, "action" => "unprohibit",
+                                "spanclass" => "forbidden", "linkclass" => "unprohibitlink", "adminurl" => $adminurl->out(),
+                                "imageurl" => "");
                 if (isset($overridableroles[$id]) and prohibit_is_removable($id, $context, $capability->name)) {
-                    $unprohibiturl = new moodle_url($PAGE->url, array('contextid'=>$contextid, 'roleid'=>$id, 'capability'=>$capability->name, 'unprohibit'=>1));
-                    $forbiddenroles[$id] .= $OUTPUT->action_icon($unprohibiturl, new pix_icon('t/delete', get_string('delete')));
+                    $templatecontext['imageurl'] = $renderer->pix_url('t/delete');
                 }
+                $forbiddenroles[$id] = $renderer->render_from_template('core/permissionmanager_role', $templatecontext);
             }
         }
-        $forbiddenroles = implode(', ', $forbiddenroles);
+        $forbiddenroles = implode(' ', $forbiddenroles);
 
         if ($allowable and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
-            $allowurl = new moodle_url($PAGE->url, array('contextid'=>$contextid, 'capability'=>$capability->name, 'allow'=>1));
-            $neededroles .= '<div class="allowmore">'.$OUTPUT->action_icon($allowurl, new pix_icon('t/add', get_string('allow', 'core_role'))).'</div>';
+            $allowurl = new moodle_url($PAGE->url, array('contextid' => $contextid,
+                                       'capability' => $capability->name, 'allow' => 1));
+            $allowicon = $OUTPUT->action_icon($allowurl, new pix_icon('t/add', get_string('allow', 'core_role')), null,
+                                            array('class' => 'allowlink', 'data-action' => 'allow'));
+            $neededroles .= html_writer::div($allowicon, 'allowmore');
         }
 
         if ($forbitable and ($allowoverrides or ($allowsafeoverrides and is_safe_capability($capability)))) {
-            $prohibiturl = new moodle_url($PAGE->url, array('contextid'=>$contextid, 'capability'=>$capability->name, 'prohibit'=>1));
-            $forbiddenroles .= '<div class="prohibitmore">'.$OUTPUT->action_icon($prohibiturl, new pix_icon('t/add', get_string('prohibit', 'core_role'))).'</div>';
+            $prohibiturl = new moodle_url($PAGE->url, array('contextid' => $contextid,
+                                          'capability' => $capability->name, 'prohibit' => 1));
+            $prohibiticon = $OUTPUT->action_icon($prohibiturl, new pix_icon('t/add', get_string('prohibit', 'core_role')), null,
+                                                array('class' => 'prohibitlink', 'data-action' => 'prohibit'));
+            $forbiddenroles .= html_writer::div($prohibiticon, 'prohibitmore');
         }
 
         $risks = $this->get_risks($capability);
 
-        echo '<td>' . $risks . '</td>';
-        echo '<td>' . $neededroles . '</td>';
-        echo '<td>' . $forbiddenroles . '</td>';
+        $contents = html_writer::tag('td', $risks, array('class' => 'risks'));
+        $contents .= html_writer::tag('td', $neededroles, array('class' => 'allowedroles'));
+        $contents .= html_writer::tag('td', $forbiddenroles, array('class' => 'forbiddenroles'));
+        return $contents;
     }
 
     protected function get_risks($capability) {
@@ -147,4 +158,18 @@ protected function get_risks($capability) {
 
         return $return;
     }
+
+    /**
+     * Add additional attributes to row
+     *
+     * @param stdClass $capability capability that this table row relates to.
+     * @return array key value pairs of attribute names and values.
+     */
+    protected function get_row_attributes($capability) {
+        return array(
+                'data-id' => $capability->id,
+                'data-name' => $capability->name,
+                'data-humanname' => get_capability_string($capability->name),
+        );
+    }
 }

admin/roles/permissions.php

@@ -195,6 +195,15 @@
 echo $OUTPUT->header();
 echo $OUTPUT->heading($title);
 
+$adminurl = new moodle_url('/admin/');
+$arguments = array('contextid' => $contextid,
+                'contextname' => $contextname,
+                'adminurl' => $adminurl->out());
+$PAGE->requires->strings_for_js(
+                                array('roleprohibitinfo', 'roleprohibitheader', 'roleallowinfo', 'roleallowheader',
+                                    'confirmunassigntitle', 'confirmroleunprohibit', 'confirmroleprevent', 'confirmunassignyes',
+                                    'confirmunassignno'), 'core_role');
+$PAGE->requires->js_call_amd('core/permissionmanager', 'initialize', array($arguments));
 $table = new core_role_permissions_table($context, $contextname, $allowoverrides, $allowsafeoverrides, $overridableroles);
 echo $OUTPUT->box_start('generalbox capbox');
 // Print link to advanced override page.

lang/en/role.php

@@ -112,8 +112,8 @@
 $string['community:download'] = 'Download a course from the community block';
 $string['confirmaddadmin'] = 'Do you really want to add user <strong>{$a}</strong> as new site administrator?';
 $string['confirmdeladmin'] = 'Do you really want to remove user <strong>{$a}</strong> from the list of site administrators?';
-$string['confirmroleprevent'] = 'Do you really want to remove <strong>{$a->role}</strong> from the list of allowed roles for capability {$a->cap} in context {$a->context}?';
-$string['confirmroleunprohibit'] = 'Do you really want to remove <strong>{$a->role}</strong> from the list of prohibited roles for capability {$a->cap} in context {$a->context}?';
+$string['confirmroleprevent'] = 'Do you really want to remove <strong>"{$a->role}"</strong> from the list of allowed roles for capability "{$a->cap}" in context "{$a->context}"?';
+$string['confirmroleunprohibit'] = 'Do you really want to remove <strong>"{$a->role}"</strong> from the list of prohibited roles for capability "{$a->cap}" in context "{$a->context}"?';
 $string['confirmunassign'] = 'Are you sure you wish to remove this role from this user?';
 $string['confirmunassigntitle'] = 'Confirm role change';
 $string['confirmunassignyes'] = 'Remove';
@@ -321,7 +321,7 @@
 $string['restore:viewautomatedfilearea'] = 'Restore courses from automated backups';
 $string['risks'] = 'Risks';
 $string['roleallowheader'] = 'Allow role:';
-$string['roleallowinfo'] = 'Select a role to be added to the list of allowed roles in context {$a->context}, capability {$a->cap}:';
+$string['roleallowinfo'] = 'Select a role to be added to the list of allowed roles in context "{$a->context}", capability "{$a->cap}":';
 $string['role:assign'] = 'Assign roles to users';
 $string['roleassignments'] = 'Role assignments';
 $string['roledefinitions'] = 'Role definitions';
@@ -331,7 +331,7 @@
 $string['role:override'] = 'Override permissions for others';
 $string['role:review'] = 'Review permissions for others';
 $string['roleprohibitheader'] = 'Prohibit role';
-$string['roleprohibitinfo'] = 'Select a role to be added to the list of prohibited roles in context {$a->context}, capability {$a->cap}:';
+$string['roleprohibitinfo'] = 'Select a role to be added to the list of prohibited roles in context "{$a->context}", capability "{$a->cap}":';
 $string['rolerisks'] = 'Role risks';
 $string['roles'] = 'Roles';
 $string['roles_help'] = 'A role is a collection of permissions defined for the whole system that you can assign to specific users in specific contexts.';