Programmatically granting administrative capabilities to a user

Programmatically granting administrative capabilities to a user

Bởi Alan Zaitchik -
Số lượng các câu trả lời: 3
For a given user I want to grant administrative capabilities. The following code fragment (I thought) might do the trick:
require_once(dirname(dirname(dirname(__FILE__))).'/config.php');
require_once($CFG->libdir.'/accesslib.php');
$roleid='moodle/legacy:admin';
$userid=$USER->id;
$groupid='';
$contextid=get_context_instance(CONTEXT_SYSTEM);
$retval = role_assign($roleid, $userid, $groupid, $contextid);
...
but I find that I never return from role_assign. From trace statements I see that I die at /lib/accesslib.php line 386 (in role_assign()):
if (!$context = get_context_instance_by_id($contextid)) {
I then added a debug statement to the fragment above
echo "<br />DBG:Calling role_assign with contextid=",$contextid," for userid=",$userid,"<br />";
and found that $contextid was null.
1. Is there something stupid I am doing or neglecting to do here?
2. While I am at it, should I be using something other than moodle/legacy:admin ?
Thanks,
Alan
Trung bình điểm đánh giá: -
Để phản hồi tới Alan Zaitchik

Re: Programmatically granting administrative capabilities to a user

Bởi John Ehringer -
$roleid will need to be the integer primary key from the roles table in your database.

You can easily find the admin role object from the database using get_roles_with_capability, look for the moodle/site:doanything capability.

$adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $context);

if(empty($adminroles)) {
// TODO: Do something better here.
die('No admin roles!');
}

$adminrole = array_pop($adminroles);

Also, your $contextid doesn't look correct. You're fetching the entire context object using get_context_instance, you'll want to pass only the context id into role_assign like so:

$context = get_context_instance(CONTEXT_SYSTEM);

role_assign($adminrole->id, , , $context->id);
Trung bình điểm đánh giá: -
Để phản hồi tới John Ehringer

Re: Programmatically granting administrative capabilities to a user

Bởi Alan Zaitchik -
I have been struggling, despite your execellent and helpful reply. The following function never returns from the call to get_roles_with_capability. No error message is displayed.

function assign_admin_cap($userid){
// needs /lib/accesslib.php which was included above
$context=get_context_instance(CONTEXT_SYSTEM);
$adminroles=get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $context);
//WE NEVER GET TO THE NEXT LINE!
$adminrole = array_pop($adminroles);
$groupid='';
$retval = role_assign($adminrole->id, $userid, $groupid , $context->id);
return $retval;
}

When I comment out the call to get_roles_with_capability and use a hard coded 1 (which I am guessing is just the id of the row in mdl_role for "Administrator") then we never return from the call to role_assign. Debug statements (not shown above) assure me that we have the correct userid and $context->id (=1).

If you have some suggestions what I might do next I will be very grateful.

Actually I don't really care which particular capability is assigned to the user-- I could assign a legacy role of Administrator for all that it matters, since this is a real admin we're talking about. The username has to be 'Administrator' and the authentication has to be LDAP since he will be coming in from outside through a seamless login, and I want to enable him to run certain scripts normally not allowed to be run through a web browser from outside. That is the rationale behind all the above, and I cannot change the overall situation. Seems like it should be straightforward to do what I want...

Maybe there is a simple way to "clone" the local admin account but simply make its auth method 'ldap' and its username 'Administrator'? That would work too! The real Administrator's names, email, etc. would get updated by LDAP sync when the person actually logs in!

Alan
Trung bình điểm đánh giá: -