查詢權限修改

  1. 若開放教師自訂報表,教師可以產生全網站資料報表,並不限於教授的那門課。因此,自訂報表時如果不限制條件,不但查詢時間長且佔用較大的記憶體,若記憶體不夠,報表無法產生,可以變更 php 記憶限制。
    Fatal error: Allowed memory size of 268435456 bytes exhausted 
    (tried to allocate 32 bytes) in ......./mysqli_native_moodle_database.php 
    on line 949
    
  2. 修改最大記憶體限制:
    [root@dywang ~]# vim /etc/php.ini
    [root@dywang ~]# grep memory_limit /etc/php.ini
    memory_limit = 512M
    [root@dywang ~]# /etc/init.d/httpd reload
    Reloading httpd:
    
  3. 自訂報表區塊預設並沒有提供教師自訂報表,如今開放讓教師產生自訂報表,如果不限制查詢的範圍,若老師沒有設定查詢條件限制,是可以查詢全網站資訊,不但造成網站負擔且增加老師的困擾。先查看本次修改更動過的程式有那些:
    [root@dywang blocks]# diff -qrNwbBE ../mod_tmp/configurable_reports configurable_reports 
    Files ../mod_tmp/configurable_reports/editreport_form.php and
     configurable_reports/editreport_form.php differ
    Files ../mod_tmp/configurable_reports/editreport.php and
     configurable_reports/editreport.php differ
    Files ../mod_tmp/configurable_reports/locallib.php and
     configurable_reports/locallib.php differ
    Files ../mod_tmp/configurable_reports/reports/courses/report.class.php and
     configurable_reports/reports/courses/report.class.php differ
    Files ../mod_tmp/configurable_reports/reports/users/report.class.php and
     configurable_reports/reports/users/report.class.php differ
    
  4. 加大報表寬度。
    [root@dywang blocks]# diff -urNwbBE ../mod_tmp/configurable_reports/locallib.php \
    configurable_reports/locallib.php 
    --- ../mod_tmp/configurable_reports/locallib.php	2013-02-27 08:35:12.000000000 +0800
    +++ configurable_reports/locallib.php	2013-11-10 11:38:56.000000000 +0800
    @@ -224,7 +224,7 @@
         }
     
         if (empty($table->width)) {
    -        $table->width = '80%';
    +        $table->width = '90%'; //dywang
         }
     
         if (empty($table->tablealign)) {
    
  5. 如果沒有管理自訂報表權限 (教師只有管理自己報表的權限),只能查詢課程選課學生資料。
    [root@dywang blocks]# diff -urNwbBE ../mod_tmp/configurable_reports/editreport_form.php  configurable_reports/editreport_form.php 
    --- ../mod_tmp/configurable_reports/editreport_form.php	2013-02-27 08:35:12.000000000 +0800
    +++ configurable_reports/editreport_form.php	2014-11-21 13:29:17.352770625 +0800
    @@ -30,7 +30,7 @@
     
     class report_edit_form extends moodleform {
         function definition() {
    -        global $DB, $USER, $CFG;
    +        global $DB, $USER, $CFG, $COURSE;
     
             $mform =& $this->_form;
     
    @@ -47,8 +47,12 @@
     		$mform->addElement('htmleditor', 'summary', get_string('summary'));
             $mform->setType('summary', PARAM_RAW);
             	
    +		$context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
    +		if(! has_capability('block/configurable_reports:managereports', $context)) {
    +			$typeoptions  = array('users' => 'Users report');
    +		} else {	
             $typeoptions = cr_get_report_plugins($this->_customdata['courseid']);
    -		
    +		}
     		$eloptions = array();
     		if(isset($this->_customdata['report']->id) && $this->_customdata['report']->id)
     			$eloptions = array('disabled'=>'disabled');
    
  6. 如果沒有管理自訂報表權限 (教師只有管理自己報表的權限),查詢課程資料時,只能查到目前的課程。
    [root@dywang blocks]# diff -urNwbBE ../mod_tmp/configurable_reports/reports/courses/report.class.php \
      configurable_reports/reports/courses/report.class.php 
    --- ../mod_tmp/configurable_reports/reports/courses/report.class.php	2013-02-27 08:35:12.000000000 +0800
    +++ configurable_reports/reports/courses/report.class.php	2014-11-21 11:38:14.521484419 +0800
    @@ -29,14 +29,19 @@
     	}	
     
     	function get_all_elements(){
    -		global $DB;
    +		global $DB,$COURSE;
     		
     		$elements = array();
    +		$context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
    +		if(! has_capability('block/configurable_reports:managereports', $context)) {
    +			$elements[] = $COURSE->id;
    +		} else {
     		$rs = $DB->get_recordset('course', null, ”, 'id');
             foreach ($rs as $result) {
     			$elements[] = $result->id;
     		}
     		$rs->close();
    +		}
     		return $elements;
     	}
    
  7. 查詢用戶資料時,全部只限選目前課程的學生。
    [root@dywang blocks]# diff -urNwbBE ../mod_tmp/configurable_reports/reports/users/report.class.php \
     configurable_reports/reports/users/report.class.php 
    --- ../mod_tmp/configurable_reports/reports/users/report.class.php	2013-02-27 08:35:12.000000000 +0800
    +++ configurable_reports/reports/users/report.class.php	2014-11-21 12:56:26.236207155 +0800
    @@ -29,14 +29,14 @@
     	}	
     
     	function get_all_elements(){
    -		global $DB;
    +		global $DB,$COURSE;
     		
     		$elements = array();
    -		$rs = $DB->get_recordset('user', null, ”, 'id');
    -        foreach ($rs as $result) {
    +		$context = get_context_instance(CONTEXT_COURSE, $COURSE->id, MUST_EXIST);
    +		$ro = get_role_users(5 , $context);
    +        foreach ($ro as $result) {
     			$elements[] = $result->id;
     		}
    -		$rs->close();
     		return $elements;
     	}
    
  8. 教師產生自訂報表後,若要回頭編輯報告設定,因此系統的課程會回到網站首頁,因此教師沒有權限編輯而輸出錯誤訊息。再者,教師如果要新增報表,使用自訂報表資料取得的課程 id 是空的,將造成程式無法往下執行,因此若取得的課程 id 是空的,就設定為網站首頁課程 id 。
    [root@dywang blocks]# diff -urNwbBE ../mod_tmp/configurable_reports/editreport.php \
    configurable_reports/editreport.php
    --- ../mod_tmp/configurable_reports/editreport.php	2013-02-27 08:35:12.000000000 +0800
    +++ configurable_reports/editreport.php	2014-11-21 12:39:19.908346443 +0800
    @@ -28,7 +28,8 @@
     	
     
     	$id = optional_param('id', 0,PARAM_INT);
    -	$courseid = optional_param('courseid',SITEID,PARAM_INT);
    +	$courseid = $DB->get_record('block_configurable_reports', array('id'=>$id))->courseid;
    +	if (is_NULL($courseid)){$courseid = optional_param('courseid',SITEID,PARAM_INT);}
     	$delete = optional_param('delete', 0,PARAM_BOOL);
     	$confirm = optional_param('confirm', 0,PARAM_BOOL);
     	$show = optional_param('show', 0,PARAM_BOOL);