Merge pull request #143 from sumaiyamannan/search_users_add_capability_check

danmarsden · web-flow · commit 5879fb7ba04a · 2025-01-31T14:19:56.000+13:00
Search users group add capability check
diff --git a/classes/local/course_enrolment_manager.php b/classes/local/course_enrolment_manager.php
@@ -46,18 +46,22 @@ public function search_users_with_groups(string $search = '', bool $searchanywhe
         $fields      = 'SELECT ' . $ufields;
         $countfields = 'SELECT COUNT(u.id)';
         list($insql, $inparams) = $DB->get_in_or_equal(array_keys($groups), SQL_PARAMS_NAMED);
-
+        $capability = 'mod/dialogue:receive';
+        $context = $this->context;
+        [$enrolledsql, $enrolledparams] = get_enrolled_sql($context, $capability, 0, true);
         $sql = " FROM {user} u
                       $joins
                  JOIN {user_enrolments} ue ON ue.userid = u.id
                  JOIN {enrol} e ON ue.enrolid = e.id
                  JOIN ({groups_members} gm JOIN {groups} g ON (g.id = gm.groupid))
                       ON (u.id = gm.userid AND g.courseid = e.courseid)
+                JOIN ($enrolledsql) je ON je.id = u.id
                 WHERE $wherecondition
+                  AND u.suspended = 0
                   AND e.courseid = :courseid
                   AND g.id $insql";
         $params['courseid'] = $this->course->id;
-        $params = array_merge($params, $inparams);
+        $params = array_merge($params, $inparams, $enrolledparams);
         return $this->execute_search_queries($search, $fields, $countfields, $sql, $params, $page, $perpage, 0, false);
     }
 
@@ -106,7 +110,8 @@ public function search_users(string $search = '', bool $searchanywhere = false,
         $sql = " FROM {user} u
                       $joins
                  JOIN ($enrolledsql) je ON je.id = u.id
-                WHERE $wherecondition";
+                WHERE $wherecondition
+                AND u.suspended = 0";
 
         $params = array_merge($params, $enrolledparams);
 
