MDL-26647 (1) 'extrauserselectorfields' -> 'showuseridentity', add ca…

…pability

This change:
- Renames the existing setting 'extrauserselectorfields' to 'showuseridentity'
  in preparation for using it in more places. (Upgrade change, new version.)
- Adds a new capability moodle/site:viewuseridentity, now required in order
  to see the extra fields; if you don't have the capability, you don't see them
- Slightly improves the display of extra fields in user selector list; it used
  to be like 'sam marshall, 01234567, email@address' and is now
  'sam marshall [01234567, email@address]' ie the fields are in square
  brackets
- Turns feature on for the group selector - the feature was enabled for other
  user selectors but not for the group selector. Tim did the disable code, he
  thinks this may be to do with more people having access to group selector -
  probably not a problem now it is controlled by capability.

admin/roles/lib.php

@@ -996,13 +996,14 @@ abstract class role_assign_user_selector_base extends user_selector_base {
      */
     public function __construct($name, $options) {
         global $CFG;
-        parent::__construct($name, $options);
-        $this->roleid = $options['roleid'];
         if (isset($options['context'])) {
             $this->context = $options['context'];
         } else {
             $this->context = get_context_instance_by_id($options['contextid']);
         }
+        $options['accesscontext'] = $this->context;
+        parent::__construct($name, $options);
+        $this->roleid = $options['roleid'];
         require_once($CFG->dirroot . '/group/lib.php');
     }
 

admin/settings/users.php

@@ -123,9 +123,24 @@
                              'mycourses' => get_string('mycourses'),
                              'groups' => get_string('groups'))));
 
-        $temp->add(new admin_setting_configmulticheckbox('extrauserselectorfields',
-                get_string('extrauserselectorfields', 'admin'), get_string('configextrauserselectorfields', 'admin'), array('email' => '1'),
-                array('email' => get_string('email'), 'idnumber' => get_string('idnumber'), 'username' => get_string('username'), )));
+        // Select fields to display as part of user identity (only to those
+        // with moodle/site:viewuseridentity).
+        // Options include fields from the user table that might be helpful to
+        // distinguish when adding or listing users ('I want to add the John
+        // Smith from Science faculty').
+        // Username is not included as an option because in some sites, it might
+        // be a security problem to reveal usernames even to trusted staff.
+        // Custom user profile fields are not currently supported.
+        $temp->add(new admin_setting_configmulticheckbox('showuseridentity',
+                get_string('showuseridentity', 'admin'),
+                get_string('showuseridentity_desc', 'admin'), array('email' => 1), array(
+                    'idnumber'    => get_string('idnumber'),
+                    'email'       => get_string('email'),
+                    'phone1'      => get_string('phone'),
+                    'phone2'      => get_string('phone2'),
+                    'department'  => get_string('department'),
+                    'institution' => get_string('institution'),
+                )));
         $temp->add(new admin_setting_configcheckbox('enablegravatar', get_string('enablegravatar', 'admin'), get_string('enablegravatar_help', 'admin'), 0));
     }
 

group/members.php

@@ -34,9 +34,7 @@
 }
 
 $groupmembersselector = new group_members_selector('removeselect', array('groupid' => $groupid, 'courseid' => $course->id));
-$groupmembersselector->set_extra_fields(array());
 $potentialmembersselector = new group_non_members_selector('addselect', array('groupid' => $groupid, 'courseid' => $course->id));
-$potentialmembersselector->set_extra_fields(array());
 
 if (optional_param('add', false, PARAM_BOOL) && confirm_sesskey()) {
     $userstoadd = $potentialmembersselector->get_selected_users();

lang/en/admin.php

@@ -203,7 +203,6 @@
 $string['configerrorlevel'] = 'Choose the amount of PHP warnings that you want to be displayed.  Normal is usually the best choice.';
 $string['configextendedusernamechars'] = 'Enable this setting to allow students to use any characters in their usernames (note this does not affect their actual names).  The default is "false" which restricts usernames to be alphanumeric lowercase characters, underscore (_), hyphen (-), period (.) or at symbol (@).';
 $string['configextramemorylimit'] = 'Some scripts like search, backup/restore or cron require more memory. Set higher values for large sites.';
-$string['configextrauserselectorfields'] = 'Select which fields are searched and displayed, in addition to full names, when selecting users, for example when assigning roles or when adding users to a group. For security reasons, it is recommended that the username field is NOT selected.';
 $string['configfilterall'] = 'Filter all strings, including headings, titles, navigation bar and so on.  This is mostly useful when using the multilang filter, otherwise it will just create extra load on your site for little gain.';
 $string['configfiltermatchoneperpage'] = 'Automatic linking filters will only generate a single link for the first matching text instance found on the complete page. All others are ignored.';
 $string['configfiltermatchonepertext'] = 'Automatic linking filters will only generate a single link for the first matching text instance found in each item of text (e.g., resource, block) on the page. All others are ignored. This setting is ignored if the one per page setting is <i>yes</i>.';
@@ -506,7 +505,6 @@
 $string['experimentalsettings'] = 'Experimental settings';
 $string['extendedusernamechars'] = 'Allow extended characters in usernames';
 $string['extramemorylimit'] = 'Extra PHP memory limit';
-$string['extrauserselectorfields'] = 'When selecting users, search and display';
 $string['fatalmagicquotesruntime'] = '<p>Serious configuration error detected, please notify server administrator.</p><p> To operate properly, Moodle requires that administrator changes PHP settings.</p><p><code>magic_quotes_runtime</code> must be set to <code>off</code>.</p><p>This setting is controlled by editing <code>php.ini</code>, Apache/IIS <br />configuration or <code>.htaccess</code> file on the server.</p>';
 $string['fatalsessionautostart'] = '<p>Serious configuration error detected, please notify server administrator.</p><p> To operate properly, Moodle requires that administrator changes PHP settings.</p><p><code>session.auto_start</code> must be set to <code>off</code>.</p><p>This setting is controlled by editing <code>php.ini</code>, Apache/IIS <br />configuration or <code>.htaccess</code> file on the server.</p>';
 $string['filecreated'] = 'New file created';
@@ -884,6 +882,8 @@
 $string['settingsafemode'] = 'Moodle is not fully compatible with safe mode, please ask server administrator to turn it off. Running Moodle under safe mode is not supported, please expect various problems if you do so.';
 $string['showcommentscount'] = 'Show comments count';
 $string['showdetails'] = 'Show details';
+$string['showuseridentity'] = 'Show user identity';
+$string['showuseridentity_desc'] = 'When selecting or searching for users, and when displaying lists of users, these fields may be shown in addition to their full name. The fields are only shown to users who have the moodle/site:viewuseridentity capability; by default, teachers and managers. (This option makes most sense if you choose one or two fields that are mandatory at your institution.)';$string['simpletest'] = 'Unit tests';
 $string['simplexmlrequired'] = 'The SimpleXML PHP extension is now required by Moodle.';
 $string['sitemaintenance'] = 'The site is undergoing maintenance and is currently not available';
 $string['sitemaintenancemode'] = 'Maintenance mode';

lang/en/role.php

@@ -334,6 +334,7 @@
 $string['site:viewfullnames'] = 'Always see full names of users';
 $string['site:viewparticipants'] = 'View participants';
 $string['site:viewreports'] = 'View reports';
+$string['site:viewuseridentity'] = 'See full user identity in lists';
 $string['tag:create'] = 'Create new tags';
 $string['tag:edit'] = 'Edit existing tags';
 $string['tag:editblocks'] = 'Edit blocks in tags pages';

lib/db/access.php

@@ -385,6 +385,20 @@
         )
     ),
 
+    // In reports that give lists of users, extra information about each user's
+    // identity (the fields configured in site option showuseridentity) will be
+    // displayed to users who have this capability.
+    'moodle/site:viewuseridentity' => array(
+
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_COURSE,
+        'archetypes' => array(
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'manager' => CAP_ALLOW
+        )
+    ),
+
     'moodle/site:viewreports' => array(
 
         'riskbitmask' => RISK_PERSONAL,

lib/db/upgrade.php

@@ -6808,6 +6808,16 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint(true, 2011101900.02);
     }
 
+    if ($oldversion < 2011102700.01) {
+        // Rename 'extrauserselectorfields' to 'showuseridentity' as it is
+        // being used more widely
+        if (isset($CFG->extrauserselectorfields)) {
+            set_config('showuseridentity', $CFG->extrauserselectorfields);
+            unset_config('extrauserselectorfields');
+        }
+        upgrade_main_savepoint(true, 2011102700.01);
+    }
+
     return true;
 }
 

mod/forum/lib.php

@@ -7761,6 +7761,7 @@ abstract class forum_subscriber_selector_base extends user_selector_base {
      * @param array $options
      */
     public function __construct($name, $options) {
+        $options['accesscontext'] = $options['context'];
         parent::__construct($name, $options);
         if (isset($options['context'])) {
             $this->context = $options['context'];
@@ -8357,4 +8358,4 @@ function forum_get_posts_by_user($user, array $courses, $musthaveaccess = false,
     }
 
     return $return;
-}
+}

user/selector/lib.php

@@ -40,6 +40,9 @@ abstract class user_selector_base {
     protected $name;
     /** @var array Extra fields to search on and return in addition to firstname and lastname. */
     protected $extrafields;
+    /** @var object Context used for capability checks regarding this selector (does
+     * not necessarily restrict user list) */
+    protected $accesscontext;
     /** @var boolean Whether the conrol should allow selection of many users, or just one. */
     protected $multiselect = true;
     /** @var int The height this control should have, in rows. */
@@ -89,10 +92,20 @@ public function __construct($name, $options = array()) {
 
         // Initialise member variables from constructor arguments.
         $this->name = $name;
+
+        // Use specified context for permission checks, system context if not
+        // specified
+        if (isset($options['accesscontext'])) {
+            $this->accesscontext = $options['accesscontext'];
+        } else {
+            $this->accesscontext = get_context_instance(CONTEXT_SYSTEM);
+        }
+
         if (isset($options['extrafields'])) {
             $this->extrafields = $options['extrafields'];
-        } else if (!empty($CFG->extrauserselectorfields)) {
-            $this->extrafields = explode(',', $CFG->extrauserselectorfields);
+        } else if (!empty($CFG->showuseridentity) &&
+                has_capability('moodle/site:viewuseridentity', $this->accesscontext)) {
+            $this->extrafields = explode(',', $CFG->showuseridentity);
         } else {
             $this->extrafields = array();
         }
@@ -331,7 +344,8 @@ protected function get_options() {
             'name' => $this->name,
             'exclude' => $this->exclude,
             'extrafields' => $this->extrafields,
-            'multiselect' => $this->multiselect
+            'multiselect' => $this->multiselect,
+            'accesscontext' => $this->accesscontext,
         );
     }
 
@@ -580,13 +594,15 @@ protected function output_optgroup($groupname, $users, $select) {
      * @return string a string representation of the user.
      */
     public function output_user($user) {
-        $bits = array(
-            fullname($user)
-        );
-        foreach ($this->extrafields as $field) {
-            $bits[] = $user->$field;
+        $out = fullname($user);
+        if ($this->extrafields) {
+            $displayfields = array();
+            foreach ($this->extrafields as $field) {
+                $displayfields[] = $user->{$field};
+            }
+            $out .= ' (' . implode(', ', $displayfields) . ')';
         }
-        return implode(', ', $bits);
+        return $out;
     }
 
     /**
@@ -660,6 +676,7 @@ abstract class groups_user_selector_base extends user_selector_base {
      */
     public function __construct($name, $options) {
         global $CFG;
+        $options['accesscontext'] = get_context_instance(CONTEXT_COURSE, $options['courseid']);
         parent::__construct($name, $options);
         $this->groupid = $options['groupid'];
         $this->courseid = $options['courseid'];

version.php

@@ -30,8 +30,7 @@
 defined('MOODLE_INTERNAL') || die();
 
 
-
-$version  = 2011102700.00;              // YYYYMMDD      = weekly release date of this DEV branch
+$version  = 2011102700.01;              // YYYYMMDD      = weekly release date of this DEV branch
                                         //         RR    = release increments - 00 in DEV branches
                                         //           .XX = incremental changes