Commit 258c4744 authored by Gregor Anzelj's avatar Gregor Anzelj Committed by Robert Lyon

Bug 717196: Isolated institutions

Isolated institutions is a feature that allows locking down
access for members of institutions so that they are separated
entirely and disallow contact between members of one
institution with members of another institution.

behatnotneeded

Change-Id: Ib94681aff5543ad26887f24b2eb7fce9d0c8b8d2
parent 0fa4c2f5
......@@ -36,6 +36,7 @@ $notificationelements = get_notification_settings_elements(null, true);
validate_theme(get_config('theme'));
$spamtraps = available_spam_traps();
$isolatedinstitutions = is_isolated();
$siteoptionform = array(
'name' => 'siteoptions',
'jsform' => true,
......@@ -181,8 +182,8 @@ $siteoptionform = array(
'type' => 'switchbox',
'title' => get_string('loggedinprofileviewaccess1', 'admin'),
'description' => get_string('loggedinprofileviewaccessdescription1', 'admin'),
'defaultvalue' => get_config('loggedinprofileviewaccess'),
'disabled' => in_array('loggedinprofileviewaccess', $OVERRIDDEN),
'defaultvalue' => ($isolatedinstitutions ? false : get_config('loggedinprofileviewaccess')),
'disabled' => in_array('loggedinprofileviewaccess', $OVERRIDDEN) || $isolatedinstitutions,
'help' => true,
),
'staffreports' => array(
......@@ -285,13 +286,15 @@ $siteoptionform = array(
'type' => 'select',
'title' => get_string('whocancreatepublicgroups', 'admin'),
'description' => get_string('whocancreatepublicgroupsdescription', 'admin'),
'defaultvalue' => get_config('createpublicgroups'),
'defaultvalue' => (is_isolated() ? 'siteadmins' : get_config('createpublicgroups')),
'options' => array(
'admins' => get_string('adminsonly', 'admin'),
'all' => get_string('Everyone', 'admin'),
'siteadmins' => get_string('siteadminsonly', 'admin'),
'admins' => get_string('adminsonly', 'admin'),
'staff' => get_string('adminsandstaffonly', 'admin'),
'all' => get_string('Everyone', 'admin'),
),
'help' => true,
'disabled' => in_array('createpublicgroups', $OVERRIDDEN),
'disabled' => in_array('createpublicgroups', $OVERRIDDEN) || is_isolated(),
),
'allowgroupcategories' => array(
'type' => 'switchbox',
......@@ -300,6 +303,13 @@ $siteoptionform = array(
'defaultvalue' => get_config('allowgroupcategories'),
'disabled' => in_array('allowgroupcategories', $OVERRIDDEN),
),
'owngroupsonly' => array(
'type' => 'switchbox',
'title' => get_string('owngroupsonly', 'admin'),
'description' => get_string('owngroupsonlydescription', 'admin'),
'defaultvalue' => get_config('owngroupsonly'),
'disabled' => !$isolatedinstitutions || in_array('owngroupsonly', $OVERRIDDEN),
),
),
),
'institutionsettings' => array(
......@@ -321,15 +331,16 @@ $siteoptionform = array(
'type' => 'switchbox',
'title' => get_string('usersallowedmultipleinstitutions', 'admin'),
'description' => get_string('usersallowedmultipleinstitutionsdescription1', 'admin'),
'defaultvalue' => get_config('usersallowedmultipleinstitutions'),
'defaultvalue' => ($isolatedinstitutions ? false : get_config('usersallowedmultipleinstitutions')),
'help' => true,
'disabled' => in_array('usersallowedmultipleinstitutions', $OVERRIDDEN),
'disabled' => $isolatedinstitutions || in_array('usersallowedmultipleinstitutions', $OVERRIDDEN),
),
'requireregistrationconfirm' => array(
'type' => 'switchbox',
'title' => get_string('requireregistrationconfirm', 'admin'),
'description' => get_string('requireregistrationconfirmdescription1', 'admin'),
'defaultvalue' => get_config('requireregistrationconfirm'),
'defaultvalue' => ($isolatedinstitutions ? true : get_config('requireregistrationconfirm')),
'disabled' => $isolatedinstitutions,
'help' => true,
),
'institutionexpirynotification' => array(
......@@ -853,7 +864,7 @@ function siteoptions_submit(Pieform $form, $values) {
'recaptchaonregisterform', 'recaptchapublickey', 'recaptchaprivatekey', 'loggedinprofileviewaccess', 'disableexternalresources',
'proxyaddress', 'proxyauthmodel', 'proxyauthcredentials', 'smtphosts', 'smtpport', 'smtpuser', 'smtppass', 'smtpsecure',
'noreplyaddress', 'homepageinfo', 'showprogressbar', 'showonlineuserssideblock', 'onlineuserssideblockmaxusers',
'registerterms', 'licensemetadata', 'licenseallowcustom', 'creategroups', 'createpublicgroups', 'allowgroupcategories', 'wysiwyg',
'registerterms', 'licensemetadata', 'licenseallowcustom', 'creategroups', 'createpublicgroups', 'allowgroupcategories', 'owngroupsonly', 'wysiwyg',
'staffreports', 'staffstats', 'userscandisabledevicedetection', 'watchlistnotification_delay',
'masqueradingreasonrequired', 'masqueradingnotified', 'searchuserspublic',
'eventloglevel', 'eventlogexpiry', 'eventlogenhancedsearch', 'sitefilesaccess', 'exporttoqueue', 'defaultmultipleblogs',
......@@ -898,6 +909,17 @@ function siteoptions_submit(Pieform $form, $values) {
db_commit();
}
}
// If we are using isolated institutions
if (is_isolated()) {
// Make sure the related fields save correctly
$values['loggedinprofileviewaccess'] = false;
$values['usersallowedmultipleinstitutions'] = false;
$values['requireregistrationconfirm'] = true;
}
else {
// Make sure 'owngroupsonly' is used with isolated institutions
$values['owngroupsonly'] = false;
}
// Make sure we have valid strict privacy and multi institutions settings
if (users_in_multiple_institutions()) {
$values['institutionstrictprivacy'] = false;
......@@ -1031,9 +1053,11 @@ function siteoptions_submit(Pieform $form, $values) {
}
$usermultipleinstitutions = (!empty(users_in_multiple_institutions()) ? "true" : "false");
$isolatedinstitutions = (is_isolated() ? "true" : "false");
$js = <<<EOF
var usersinmultipleinstitutions = {$usermultipleinstitutions};
var isolated = {$isolatedinstitutions};
jQuery(function() {
var j = jQuery.noConflict();
var overrideuseraccountlifetime = j('#siteoptions input[name=defaultaccountlifetimeupdate]');
......@@ -1071,16 +1095,16 @@ jQuery(function() {
overrideuseraccountlife(defaultaccountlifetime.val());
jQuery('#siteoptions_institutionstrictprivacy').on("click", function() {
multipleinstitutionscheckallowed();
multipleinstitutionscheckallowed(isolated);
});
jQuery('#siteoptions_usersallowedmultipleinstitutions').on("click", function() {
strictprivacycheckallowed();
strictprivacycheckallowed(isolated);
});
jQuery('#siteoptions_homepageredirect').on("click", function() {
homepageredirect();
});
multipleinstitutionscheckallowed();
strictprivacycheckallowed();
multipleinstitutionscheckallowed(isolated);
strictprivacycheckallowed(isolated);
homepageredirect();
});
......
......@@ -234,6 +234,7 @@ if ($institution || $add) {
$data->commentthreaded = get_config_institution($institution, 'commentthreaded');
$data->allowinstitutionsmartevidence = get_config_institution($institution, 'allowinstitutionsmartevidence');
$data->reviewselfdeletion = get_config_institution($institution, 'reviewselfdeletion');
$data->showonlineusers = (is_isolated() && $data->showonlineusers == 2 ? 1 : $data->showonlineusers);
$lockedprofilefields = (array) get_column('institution_locked_profile_field', 'profilefield', 'name', $institution);
// TODO: Find a better way to work around Smarty's minimal looping logic
......@@ -265,7 +266,7 @@ if ($institution || $add) {
}
$data->theme = 'sitedefault';
$data->defaultmembershipperiod = null;
$data->showonlineusers = 2;
$data->showonlineusers = is_isolated() ? 1 : 2;
$data->allowinstitutionpublicviews = get_config('allowpublicviews') ? 1 : 0;
$data->allowinstitutionsmartevidence = 0;
$data->tags = 0;
......@@ -285,8 +286,15 @@ if ($institution || $add) {
if (validate_theme($data->theme, $institution, $add) === false) {
$data->theme = 'sitedefault';
}
$showonlineusersoptions = array('0' => get_string('none'), '1' => get_string('institutiononly', 'admin'), '2' => get_string('all', 'admin'));
$sitename = get_config('sitename');
$showonlineusersoptions = array('0' => get_string('none'),
'1' => get_string('institutiononly', 'admin'),
'2' => get_string('all', 'admin'));
$isolatedinstitutions = is_isolated();
if ($isolatedinstitutions) {
unset($showonlineusersoptions['2']);
}
$sitename = get_config('sitename');
safe_require('artefact', 'internal');
$elements = array(
......@@ -376,7 +384,7 @@ if ($institution || $add) {
'title' => get_string('registrationconfirm', 'admin'),
'description' => get_string('registrationconfirmdescription3', 'admin'),
'disabled' => get_config('requireregistrationconfirm') == true,
'defaultvalue' => $data->registerconfirm,
'defaultvalue' => ($isolatedinstitutions ? true : $data->registerconfirm),
);
}
......
......@@ -32,6 +32,9 @@ class PluginBlocktypeMyfriends extends MaharaCoreBlocktype {
}
public static function get_viewtypes() {
if (get_config('friendsnotallowed')) {
return array();
}
return array('profile', 'dashboard');
}
......
......@@ -148,7 +148,7 @@ $elements['open'] = array(
'title' => get_string('Open', 'group'),
'description' => get_string('opendescription', 'group'),
'defaultvalue' => $group_data->open,
'disabled' => !$cancreatecontrolled && $group_data->controlled,
'disabled' => $group_data->controlled || $group_data->public,
);
if ($cancreatecontrolled || $group_data->controlled) {
$elements['controlled'] = array(
......@@ -207,20 +207,22 @@ else {
);
}
$elements['invitefriends'] = array(
'type' => 'switchbox',
'title' => get_string('friendinvitations', 'group'),
'description' => get_string('invitefriendsdescription1', 'group'),
'defaultvalue' => $group_data->invitefriends,
);
if (!get_config('friendsnotallowed')) {
$elements['invitefriends'] = array(
'type' => 'switchbox',
'title' => get_string('friendinvitations', 'group'),
'description' => get_string('invitefriendsdescription1', 'group'),
'defaultvalue' => $group_data->invitefriends,
);
$elements['suggestfriends'] = array(
'type' => 'switchbox',
'title' => get_string('Recommendations', 'group'),
'description' => get_string('suggestfriendsdescription1', 'group'),
'defaultvalue' => $group_data->suggestfriends && ($group_data->open || $group_data->request),
'disabled' => !$group_data->open && !$group_data->request,
);
$elements['suggestfriends'] = array(
'type' => 'switchbox',
'title' => get_string('Recommendations', 'group'),
'description' => get_string('suggestfriendsdescription1', 'group'),
'defaultvalue' => $group_data->suggestfriends && ($group_data->open || $group_data->request),
'disabled' => !$group_data->open && !$group_data->request,
);
}
$elements['pages'] = array(
'type' => 'html',
......@@ -263,8 +265,7 @@ else {
);
}
$publicallowed = get_config('createpublicgroups') == 'all' || (get_config('createpublicgroups') == 'admins' && $USER->get('admin'));
$publicallowed = $publicallowed && !is_probationary_user();
$publicallowed = group_can_create_public_groups() && !is_probationary_user();
if (!$id && !param_exists('pieform_editgroup')) {
// If a 'public=0' parameter is passed on the first page load, hide the
......@@ -608,6 +609,22 @@ jQuery(function($) {
}
}
});
$("#editgroup_public").on("click", function() {
if (this.checked) {
$("#editgroup_controlled").prop("checked", true);
$("#editgroup_request").prop("checked", true);
$("#editgroup_request").prop("disabled", false);
$("#editgroup_open").prop("checked", false);
$("#editgroup_open").prop("disabled", true);
}
else {
$("#editgroup_controlled").prop("checked", false);
$("#editgroup_request").prop("checked", false);
$("#editgroup_request").prop("disabled", true);
$("#editgroup_open").prop("checked", true);
$("#editgroup_open").prop("disabled", false);
}
});
$("#editgroup_request").on("click", function() {
if (this.checked) {
$("#editgroup_suggestfriends").prop("disabled", false);
......
......@@ -45,26 +45,39 @@ else { // all or some other text
$elements = array();
$queryfield = array(
'title' => get_string('search') . ': ',
'hiddenlabel' => false,
'type' => 'text',
'class' => 'with-dropdown js-with-dropdown',
'defaultvalue' => $query);
'title' => get_string('search') . ': ',
'hiddenlabel' => false,
'type' => 'text',
'class' => 'with-dropdown js-with-dropdown',
'defaultvalue' => $query
);
$filteroptions = array(
'allmy' => get_string('allmygroups', 'group'),
'member' => get_string('groupsimin', 'group'),
'admin' => get_string('groupsiown', 'group'),
'invite' => get_string('groupsiminvitedto', 'group'),
'canjoin' => get_string('groupsicanjoin', 'group'),
'notmember' => get_string('groupsnotin', 'group'),
'all' => get_string('allgroups', 'group')
);
$is_admin = $USER->get('admin') || $USER->is_institutional_admin() || $USER->get('staff') || $USER->is_institutional_staff();
if (is_isolated() && get_config('owngroupsonly') && !$is_admin) {
$filteroptions = array(
'allmy' => get_string('allmygroups', 'group'),
'member' => get_string('groupsimin', 'group'),
'admin' => get_string('groupsiown', 'group'),
'invite' => get_string('groupsiminvitedto', 'group'),
'canjoin' => get_string('groupsicanjoin', 'group')
);
}
$filterfield = array(
'title' => get_string('filter') . ': ',
'hiddenlabel' => false,
'type' => 'select',
'class' => 'dropdown-connect js-dropdown-connect',
'options' => array(
'allmy' => get_string('allmygroups', 'group'),
'member' => get_string('groupsimin', 'group'),
'admin' => get_string('groupsiown', 'group'),
'invite' => get_string('groupsiminvitedto', 'group'),
'canjoin' => get_string('groupsicanjoin', 'group'),
'notmember' => get_string('groupsnotin', 'group'),
'all' => get_string('allgroups', 'group')
),
'defaultvalue' => $filter);
'title' => get_string('filter') . ': ',
'hiddenlabel' => false,
'type' => 'select',
'class' => 'dropdown-connect js-dropdown-connect',
'options' => $filteroptions,
'defaultvalue' => $filter
);
$elements['searchwithin'] = array(
'type' => 'fieldset',
......@@ -135,7 +148,12 @@ if ($searchmode == 'mygroups') {
$groups['count'] = isset($results['count']) ? $results['count'] : 0;
}
else {
$groups = search_group($query, $groupsperpage, $offset, $type, $groupcategory);
if (is_isolated() && !($USER->get('admin') || $USER->get('staff'))) {
$groups = search_group($query, $groupsperpage, $offset, $type, $groupcategory, $USER->get('institutions'));
}
else {
$groups = search_group($query, $groupsperpage, $offset, $type, $groupcategory);
}
}
// gets more data about the groups found by search_group
......
......@@ -59,7 +59,8 @@ if ($USER->is_logged_in()) {
$group->membershiptype = 'invite';
$group->invite = group_get_accept_form('invite', $group->id);
}
else if ($group->jointype == 'open') {
// When 'isolatedinstitutions' is set, people cannot join public groups by themselves
else if ($group->jointype == 'open' && !is_isolated()) {
$group->groupjoin = group_get_join_form('joingroup', $group->id);
}
else if ($group->request
......@@ -68,6 +69,16 @@ if ($USER->is_logged_in()) {
}
}
// Check to see if we can invite anyone
if ($group->invitefriends) {
$results = get_group_user_search_results($group->id, '', 0, 1, 'notinvited', null, $USER->get('id'), 'adminfirst',
(((int) $group->hidemembers === GROUP_HIDE_TUTORS || (int) $group->hidemembersfrommembers === GROUP_HIDE_TUTORS) ? true : false)
);
if (empty($results['count'])) {
$group->invitefriends = 0;
}
}
$editwindow = group_format_editwindow($group);
$view = group_get_homepage_view($group->id);
......
......@@ -498,6 +498,11 @@ if (!defined('INSTALLER')) {
}
}
if (!defined('INSTALLER')) {
// Check if we need to set/unset isolated institution related things
is_isolated();
}
if (get_config('disableexternalresources')) {
$CFG->wwwhost = parse_url($CFG->wwwroot, PHP_URL_HOST);
}
......
......@@ -20,6 +20,11 @@ if (!is_logged_in()) {
}
$inst = param_alpha('institution');
if (is_isolated() && !in_array($inst, array_keys($USER->get('institutions'))) && !$USER->get('admin')) {
throw new AccessDeniedException(get_string('notinstitutionmember', 'error'));
}
$institution = new Institution($inst);
$admins = $institution->admins();
......
......@@ -16,19 +16,19 @@ var forceReloadElements = ['sitename', 'lang', 'theme',
var isReloadRequired = false;
// if strict privacy is enabled, disables multiple institutions per user
function multipleinstitutionscheckallowed() {
function multipleinstitutionscheckallowed(isolated) {
var target = jQuery('#siteoptions_usersallowedmultipleinstitutions');
if (jQuery('#siteoptions_institutionstrictprivacy').is(':checked')) {
target.prop('disabled', true);
target.prop('checked', false);
}
else {
else if (!isolated) {
target.prop('disabled', false);
}
}
// if multiple institution per user is enabled, disables strict privacy
function strictprivacycheckallowed() {
function strictprivacycheckallowed(isolated) {
if (!usersinmultipleinstitutions) {
var target = jQuery('#siteoptions_institutionstrictprivacy');
if (jQuery('#siteoptions_usersallowedmultipleinstitutions').is(':checked')) {
......@@ -95,16 +95,16 @@ var checkReload = (function($) {
connectElements();
jQuery('#siteoptions_institutionstrictprivacy').on("click", function() {
multipleinstitutionscheckallowed();
multipleinstitutionscheckallowed(isolated);
});
jQuery('#siteoptions_usersallowedmultipleinstitutions').on("click", function() {
strictprivacycheckallowed();
strictprivacycheckallowed(isolated);
});
jQuery('#siteoptions_homepageredirect').on("click", function() {
homepageredirect();
});
multipleinstitutionscheckallowed();
strictprivacycheckallowed();
multipleinstitutionscheckallowed(isolated);
strictprivacycheckallowed(isolated);
homepageredirect();
formSuccess(form, data);
......
......@@ -21,6 +21,8 @@ $limit = param_integer('limit', 10);
$filter = param_alpha('filter', 'all');
$searchtype = 'myfriends';
$is_admin = $USER->get('admin') || $USER->get('staff');
if ($extradata = param_variable('extradata', null)) {
$extradata = json_decode($extradata);
if ($extradata->searchtype) {
......@@ -37,6 +39,15 @@ else {
if ($filter == 'myinstitutions') {
$options['myinstitutions'] = true;
}
if (is_isolated() && !$is_admin) {
$options['myinstitutions'] = true;
if ($filter == 'myinstitutions') {
$options['showadmins'] = false;
}
else {
$options['showadmins'] = true;
}
}
$data = search_user($query, $limit, $offset, $options);
$data['query'] = $query;
if (!empty($options['myinstitutions'])) {
......
......@@ -343,6 +343,7 @@ $string['configurereport'] = 'Configure report';
$string['Columns'] = 'Columns';
// Site options
$string['siteadminsonly'] = 'Site administrators only';
$string['adminsonly'] = 'Administrators only';
$string['adminsandstaffonly'] = 'Administrators and staff only';
$string['advanced'] = 'Advanced';
......@@ -540,6 +541,10 @@ $string['uploadcopyright'] = 'Upload copyright statement';
$string['privacypagedescription'] = 'Edit the privacy statement for the entire site. The version you edited last becomes the current privacy statement automatically.';
$string['termspagedescription'] = 'Edit the terms and conditions for the entire site. The version you edited last becomes the current terms and conditions automatically.';
// Isolated institutions
$string['owngroupsonly'] = 'See own groups only';
$string['owngroupsonlydescription'] = 'Allow users to see only groups that they own or that they are members of. They can also only search for other users who are in these groups. This setting requires that isolated institutions are turned on in the config.php file.';
// Links and resources menu editor
$string['sitefile'] = 'Site file';
$string['adminpublicdirname'] = 'public'; // Name of the directory in which to store public admin files
......
......@@ -103,6 +103,9 @@ $string['viewnotfoundexceptionmessage'] = 'You tried to access a page that does
$string['viewnotfound'] = 'Page with id %s not found.';
$string['viewnotfoundbyname'] = 'Page %s by %s not found.';
$string['youcannotviewthisusersprofile'] = 'You cannot view this user\'s profile.';
$string['notinthesamegroup'] = 'You cannot view this user\'s profile because you are not members of the same group.';
$string['notinthesameinstitution'] = 'You cannot view this user\'s profile because you are not members of the same institution.';
$string['notinstitutionmember'] = 'You cannot view this page because you are not a member of the institution to which the page belongs.';
$string['invalidlayoutselection'] = 'You tried to select a layout that doesn\'t exist.';
$string['invalidnumrows'] = 'You have tried to create a layout with more than the allowed maximum number of rows. (This should not be possible; please notify your site\'s administrator.)';
$string['previewimagegenerationfailed'] = 'Sorry, there was a problem generating the preview image.';
......
......@@ -4,3 +4,5 @@
<p>If you wish to allow all users to create groups that may be viewed by people who are not members of your site, set this option to 'Everyone'.</p>
<p>In a public group, anyone who finds your site (including search engines) will be able to see the group's &quot;About&quot; page, and all discussions in the forums. However, people will still have to become a member of the site before they can perform other actions such as posting to the forums or viewing user profiles.
<p>Viewing the list of group members for group members and non-members can be restricted by the group administrator.</p>
<p>If isolated institutions are turned on in the config.php file than only site administrators will be able to create public groups.</p>
......@@ -8,3 +8,6 @@ by all logged-in users, but the owner is allowed to restrict access to
a smaller group if they wish.</p>
<p>Profiles of institution members will always be visible to other
members of the same institution.</p>
<p>If isolated institutions are turned on in the config.php file
than all users will be able to see only the profile pages of the
members of the same institution.</p>
......@@ -19,3 +19,8 @@
<p>Self-registration without any administrator approval may be useful for sites
that are open to the public for registration. Institutions though should always
consider using the registration confirmation to only give access to their members.</p>
<p>If isolated institutions are turned on in the config.php file than the "Confirm
registration" on the site level is turned on per default so that institutions
cannot change that setting and every account needs to be approved. It is then
disabled so that the site administrator cannot change it.</p>
\ No newline at end of file
......@@ -2,3 +2,5 @@
<!-- @copyright For copyright information on Mahara, please see the README file distributed with this software. -->
<h3>Users allowed multiple institutions</h3>
<p>If enabled, users can belong to more than one institution at once. Users will be able to apply to join an institution at any time, although the institution will have to approve their request first. Likewise, institutions will be able to invite users, but users must approve this request.</p>
<p>If isolated institutions are turned on in the config.php file than users can only be in one institution at one point in time. Being a member of multiple institutions is not allowed.</p>
......@@ -791,3 +791,20 @@ $cfg->sessionhandler = 'file';
* The location of the dwoo cache directory
*/
//$cfg->customdwoocachedir = '/var/cache/appcache/testing';
/**
* Uncomment the following line if you wish to lock down access for members of institutions
* so that they are separated entirely and disallow contact between members of one institution
* with members of another institution.
*
* Users can only be in one institution at one point in time. Being a member of multiple
* institutions is not allowed. Only institution staff, institution admins, site staff and
* site admins can create groups. No friends allowed.
*/
//$cfg->isolatedinstitutions = true;
/**
* Uncomment the following line if you do not wish to allow friends and friend related
* activites on your install of Mahara. No friends allowed - this is a site-wide setting.
*/
//$cfg->friendsnotallowed = true;
......@@ -46,8 +46,10 @@ function pieform_element_viewacl(Pieform $form, $element) {
$allowedpresets[] = 'public';
$loggedinindex = 1;
}
$allowedpresets[] = 'loggedin';
if ($form->get_property('userview')) {
if (!is_isolated()) {
$allowedpresets[] = 'loggedin';
}
if ($form->get_property('userview') && !get_config('friendsnotallowed')) {
$allowedpresets[] = 'friends';
}
......
......@@ -1714,7 +1714,8 @@ function group_prepare_usergroups_for_display($groups) {
else if ($group->membershiptype == 'invite') {
$group->invite = group_get_accept_form('invite' . $i++, $group->id);
}
else if ($group->jointype == 'open') {
// When 'isolatedinstitutions' is set, people cannot join public groups by themselves
else if ($group->jointype == 'open' && !(is_isolated() && $group->public == 1)) {
$group->groupjoin = group_get_join_form('joingroup' . $i++, $group->id);
}
......@@ -2458,6 +2459,31 @@ function group_can_create_groups() {
return $creators == 'staff' && ($USER->get('staff') || $USER->is_institutional_staff());
}
function group_can_create_public_groups() {
global $USER;
$creators = get_config('createpublicgroups');
// Only site administrators can create public groups when 'isolatedinstitutions' is set
if (is_isolated()) {
if ($USER->get('admin')) {
return true;
}
else {
return false;
}
}
// Different user roles can create public groups when 'isolatedinstitutions' is not set
if ($creators == 'all' && !is_isolated()) {
return true;
}
if (($USER->get('admin') || $USER->is_institutional_admin()) && !is_isolated()) {
return true;
}
return $creators == 'staff' && (($USER->get('staff') || $USER->is_institutional_staff()) && !is_isolated());
}
/* Returns groups containing a given member which accept view submissions */
function group_get_user_course_groups($userid=null) {
if (is_null($userid)) {
......
......@@ -5636,8 +5636,9 @@ function get_institutions_to_associate() {
global $USER;
$institutions = array();
if (is_array($USER->institutions) && count($USER->institutions) > 0) {
if (is_array($USER->institutions) && count($USER->institutions) > 0 && !$USER->get('admin')) {
// Get all institutions where user is member
// This does not apply for site admins
foreach ($USER->institutions as $inst) {
if (empty($inst->suspended)) {
$institutions = array_merge($institutions, array($inst->institution => $inst->displayname));
......@@ -5696,6 +5697,37 @@ function get_password_policy_description($type = 'generic') {
return $description;
}
/**
*
* Check if this site is using isolated institutions
*/
function is_isolated() {
global $CFG;
// If isolated institutions are turned on in $config.php we need to make sure
// that the correct site settings exist in case they don't edit / save the Admin -> Config form
// Note: we ned to save 'isolatedinstitutionset' in db as it needs to be different to the one set in $cfg
if (isset($CFG->isolatedinstitutions) && $CFG->isolatedinstitutions && !get_field('config', 'value', 'field', 'isolatedinstitutionset')) {
// Setting $cfg->isolatedinstitutions to true
set_config('loggedinprofileviewaccess', false);
set_config('creategroups', 'staff');
set_config('createpublicgroups', 'siteadmins');
set_config('usersallowedmultipleinstitutions', false);
set_config('requireregistrationconfirm', true);
set_config('isolatedinstitutionset', true); // set this in Db so we only do this check/update once
}
else if ((isset($CFG->isolatedinstitutions) && !$CFG->isolatedinstitutions) && get_field('config', 'value', 'field', 'isolatedinstitutionset')) {
// Setting $cfg->isolatedinstitutions to false
set_config('owngroupsonly', false);
set_config('isolatedinstitutionset', false); // set this in Db so we only do this check/update once
}
else if (!isset($CFG->isolatedinstitutions) && get_field('config', 'value', 'field', 'isolatedinstitutionset')) {
// Removing $cfg->isolatedinstitutions line
set_config('owngroupsonly', false);
set_config('isolatedinstitutionset', false); // set this in Db so we only do this check/update once
}
return (bool)get_config('isolatedinstitutions');
}
function get_homepage_redirect_results($request, $limit, $offset, $type = null, $id = null) {
$admins = get_site_admins();
$adminids = array();
......
......@@ -1135,6 +1135,15 @@ function search_friend($filter, $limit = null, $offset = 0, $query='') {
global $USER;
$userid = $USER->get('id');
if (get_config('friendsnotallowed')) {
return array(
'count' => 0,
'limit' => $limit,
'offset' => $offset,
'data' => array(),
);
}
if (!in_array($filter, array('allmy','current','pending'))) {
throw new SystemException('Invalid search filter');
}
......@@ -1228,9 +1237,9 @@ function search_friend($filter, $limit = null, $offset = 0, $query='') {
}
return array(
'count' => $count,
'limit' => $limit,
'offset' => $offset,
'data' => $data,
'count' => $count,
'limit' => $limit,
'offset' => $offset,
'data' => $data,
);
}
......@@ -253,17 +253,19 @@ function general_account_prefs_form_elements($prefs) {
global $USER;
require_once('license.php');
$elements = array();
$elements['friendscontrol'] = array(
'type' => 'radio',
'defaultvalue' => $prefs->friendscontrol,
'title' => get_string('friendsdescr', 'account'),
'options' => array(
'nobody' => get_string('friendsnobody', 'account'),
'auth' => get_string('friendsauth', 'account'),
'auto' => get_string('friendsauto', 'account')
),
'help' => true
);
if (!get_config('friendsnotallowed')) {
$elements['friendscontrol'] = array(
'type' => 'radio',
'defaultvalue' => $prefs->friendscontrol,
'title' => get_string('friendsdescr', 'account'),
'options' => array(
'nobody' => get_string('friendsnobody', 'account'),
'auth' => get_string('friendsauth', 'account'),
'auto' => get_string('friendsauto', 'account')
),
'help' => true
);
}
$elements['wysiwyg'] = array(
'type' => 'switchbox',
'defaultvalue' => (get_config('wysiwyg')) ? get_config('wysiwyg') == 'enable' : $prefs->wysiwyg,
......@@ -288,17 +290,19 @@ function general_account_prefs_form_elements($prefs) {
'title' => get_string('disableemail', 'account'),
'help' => true,