From ddd946ec78168ff324ce63f7e3936dcf593dc8d3 Mon Sep 17 00:00:00 2001 From: Sumaiya Javed Date: Tue, 28 Jan 2025 15:41:39 +1300 Subject: [PATCH] Search users group add capability check --- classes/local/course_enrolment_manager.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/classes/local/course_enrolment_manager.php b/classes/local/course_enrolment_manager.php index ad574c7..e53f3fb 100644 --- a/classes/local/course_enrolment_manager.php +++ b/classes/local/course_enrolment_manager.php @@ -46,18 +46,22 @@ public function search_users_with_groups(string $search = '', bool $searchanywhe $fields = 'SELECT ' . $ufields; $countfields = 'SELECT COUNT(u.id)'; list($insql, $inparams) = $DB->get_in_or_equal(array_keys($groups), SQL_PARAMS_NAMED); - + $capability = 'mod/dialogue:receive'; + $context = $this->context; + [$enrolledsql, $enrolledparams] = get_enrolled_sql($context, $capability, 0, true); $sql = " FROM {user} u $joins JOIN {user_enrolments} ue ON ue.userid = u.id JOIN {enrol} e ON ue.enrolid = e.id JOIN ({groups_members} gm JOIN {groups} g ON (g.id = gm.groupid)) ON (u.id = gm.userid AND g.courseid = e.courseid) + JOIN ($enrolledsql) je ON je.id = u.id WHERE $wherecondition + AND u.suspended = 0 AND e.courseid = :courseid AND g.id $insql"; $params['courseid'] = $this->course->id; - $params = array_merge($params, $inparams); + $params = array_merge($params, $inparams, $enrolledparams); return $this->execute_search_queries($search, $fields, $countfields, $sql, $params, $page, $perpage, 0, false); } @@ -106,7 +110,8 @@ public function search_users(string $search = '', bool $searchanywhere = false, $sql = " FROM {user} u $joins JOIN ($enrolledsql) je ON je.id = u.id - WHERE $wherecondition"; + WHERE $wherecondition + AND u.suspended = 0"; $params = array_merge($params, $enrolledparams);