From 39392343f09f9c2589c0beda34379cfc98eaa45c Mon Sep 17 00:00:00 2001
From: Nikolai Jahreis <Nikolai.Jahreis@uni-bayreuth.de>
Date: Mon, 13 May 2024 15:30:39 +0000
Subject: [PATCH] add restriction to site admins to smartmenu(items)

---
 classes/form/smartmenu_edit_form.php      | 10 ++++++++++
 classes/form/smartmenu_item_edit_form.php | 10 ++++++++++
 db/install.xml                            |  4 +++-
 db/upgrade.php                            | 24 +++++++++++++++++++++++
 lang/en/theme_boost_union.php             |  3 +++
 smartmenus/menulib.php                    | 18 +++++++++++++++++
 version.php                               |  2 +-
 7 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/classes/form/smartmenu_edit_form.php b/classes/form/smartmenu_edit_form.php
index c8768d6c0dc..724813191fe 100644
--- a/classes/form/smartmenu_edit_form.php
+++ b/classes/form/smartmenu_edit_form.php
@@ -208,6 +208,16 @@ public function definition() {
         $mform->setType('rolecontext', PARAM_INT);
         $mform->addHelpButton('rolecontext', 'smartmenusrolecontext', 'theme_boost_union');
 
+        // Add restrict visibility by admin as header element.
+        $mform->addElement('header', 'restrictbyadminheader',
+                get_string('smartmenusrestrictbyadminheader', 'theme_boost_union'));
+        if (isset($this->_customdata['menu']) && $this->_customdata['menu']->byadmin) {
+            $mform->setExpanded('restrictbyadminheader');
+        }
+        // Add admin restriction as advcheckbox element.
+        $mform->addElement('advcheckbox', 'byadmin', get_string('smartmenusbyadmin', 'theme_boost_union'));
+        $mform->addHelpButton('byadmin', 'smartmenusbyadmin', 'theme_boost_union');
+
         // Add restrict visibility by cohorts as header element.
         $mform->addElement('header', 'restrictbycohortsheader',
                 get_string('smartmenusrestrictbycohortsheader', 'theme_boost_union'));
diff --git a/classes/form/smartmenu_item_edit_form.php b/classes/form/smartmenu_item_edit_form.php
index 804b158e13a..aafed6101c5 100644
--- a/classes/form/smartmenu_item_edit_form.php
+++ b/classes/form/smartmenu_item_edit_form.php
@@ -377,6 +377,16 @@ public function definition() {
         $mform->setType('rolecontext', PARAM_INT);
         $mform->addHelpButton('rolecontext', 'smartmenusrolecontext', 'theme_boost_union');
 
+        // Add restrict visibility by admin as header element.
+        $mform->addElement('header', 'restrictbyadminheader',
+                get_string('smartmenusrestrictbyadminheader', 'theme_boost_union'));
+        if (isset($this->_customdata['menuitem']) && $this->_customdata['menuitem']->byadmin) {
+            $mform->setExpanded('restrictbyadminheader');
+        }
+        // Add admin restriction as advcheckbox element.
+        $mform->addElement('advcheckbox', 'byadmin', get_string('smartmenusbyadmin', 'theme_boost_union'));
+        $mform->addHelpButton('byadmin', 'smartmenusbyadmin', 'theme_boost_union');
+
         // Add restrict visibility by cohorts as header element.
         $mform->addElement('header', 'restrictbycohortsheader',
                 get_string('smartmenusrestrictbycohortsheader', 'theme_boost_union'));
diff --git a/db/install.xml b/db/install.xml
index 7d865e8dc9b..a1bb583694c 100644
--- a/db/install.xml
+++ b/db/install.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <XMLDB PATH="theme/boost_union/db" VERSION="20200525" COMMENT="XMLDB file for Moodle theme/boost_union"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:noNamespaceSchemaLocation="../../../../lib/xmldb/xmldb.xsd"
+    xsi:noNamespaceSchemaLocation="../../../lib/xmldb/xmldb.xsd"
 >
   <TABLES>
     <TABLE NAME="theme_boost_union_flavours" COMMENT="Flavour definitions">
@@ -50,6 +50,7 @@
         <FIELD NAME="start_date" TYPE="int" LENGTH="18" NOTNULL="false" SEQUENCE="false"/>
         <FIELD NAME="end_date" TYPE="int" LENGTH="18" NOTNULL="false" SEQUENCE="false"/>
         <FIELD NAME="visible" TYPE="int" LENGTH="9" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
+        <FIELD NAME="byadmin" TYPE="int" LENGTH="9" NOTNULL="true" DEFAULT="0" SEQUENCE="false"/>
       </FIELDS>
       <KEYS>
         <KEY NAME="primary" TYPE="primary" FIELDS="id"/>
@@ -93,6 +94,7 @@
         <FIELD NAME="end_date" TYPE="int" LENGTH="18" NOTNULL="false" SEQUENCE="false"/>
         <FIELD NAME="visible" TYPE="int" LENGTH="9" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
         <FIELD NAME="timemodified" TYPE="int" LENGTH="18" NOTNULL="false" SEQUENCE="false"/>
+        <FIELD NAME="byadmin" TYPE="int" LENGTH="9" NOTNULL="true" DEFAULT="0" SEQUENCE="false"/>
       </FIELDS>
       <KEYS>
         <KEY NAME="primary" TYPE="primary" FIELDS="id"/>
diff --git a/db/upgrade.php b/db/upgrade.php
index 00f8c2593b7..45423bc195f 100644
--- a/db/upgrade.php
+++ b/db/upgrade.php
@@ -324,5 +324,29 @@ function xmldb_theme_boost_union_upgrade($oldversion) {
         upgrade_plugin_savepoint(true, 2023102027, 'theme', 'boost_union');
     }
 
+    if ($oldversion < 2023102038) {
+
+        // Define field byadmin to be added to theme_boost_union_menus.
+        $table = new xmldb_table('theme_boost_union_menus');
+        $field = new xmldb_field('byadmin', XMLDB_TYPE_INTEGER, '9', null, XMLDB_NOTNULL, null, '0', 'visible');
+
+        // Conditionally launch add field byadmin.
+        if (!$dbman->field_exists($table, $field)) {
+            $dbman->add_field($table, $field);
+        }
+
+        // Define field byadmin to be added to theme_boost_union_menuitems.
+        $table = new xmldb_table('theme_boost_union_menuitems');
+        $field = new xmldb_field('byadmin', XMLDB_TYPE_INTEGER, '9', null, XMLDB_NOTNULL, null, '0', 'timemodified');
+
+        // Conditionally launch add field byadmin.
+        if (!$dbman->field_exists($table, $field)) {
+            $dbman->add_field($table, $field);
+        }
+
+        // Boost_union savepoint reached.
+        upgrade_plugin_savepoint(true, 2023102038, 'theme', 'boost_union');
+    }
+
     return true;
 }
diff --git a/lang/en/theme_boost_union.php b/lang/en/theme_boost_union.php
index c75e002a02e..6e7930322da 100644
--- a/lang/en/theme_boost_union.php
+++ b/lang/en/theme_boost_union.php
@@ -1033,6 +1033,8 @@
 $string['smartmenusbylanguage_help'] = 'Restrict the visibility based on the user\'s language';
 $string['smartmenusbyrole'] = 'By role';
 $string['smartmenusbyrole_help'] = 'Restrict the visibility based on the user\'s roles.';
+$string['smartmenusbyadmin'] = 'Only for site admin';
+$string['smartmenusbyadmin_help'] = 'Restrict the visibility to site admin users.';
 $string['smartmenusdynamiccoursescompletionstatus'] = 'Completion status';
 $string['smartmenusdynamiccoursescompletionstatus_help'] = 'The dynamic courses menu item list will contain all courses of the user which match the selected completion status. For example, if you select \'In progress\' as the completion status, the dynamic courses menu item list will only contain courses that the current user is currently working on.';
 $string['smartmenusdynamiccoursescompletionstatuscompleted'] = 'Completed';
@@ -1190,6 +1192,7 @@
 $string['smartmenusrestrictbydateheader'] = 'Restrict visibility by date';
 $string['smartmenusrestrictbylanguageheader'] = 'Restrict visibility by language';
 $string['smartmenusrestrictbyrolesheader'] = 'Restrict visibility by roles';
+$string['smartmenusrestrictbyadminheader'] = 'Restrict visibility to admins';
 $string['smartmenusrolecontext'] = 'Context';
 $string['smartmenusrolecontext_help'] = 'Select the context for which the user\'s role should be checked (Any context or system context only)';
 $string['smartmenussavechangesandconfigure'] = 'Save and configure items';
diff --git a/smartmenus/menulib.php b/smartmenus/menulib.php
index 3eef818e154..20512088e5e 100644
--- a/smartmenus/menulib.php
+++ b/smartmenus/menulib.php
@@ -97,6 +97,11 @@ public function verify_access_restrictions() {
         // Restriction by roles.
         $this->restriction_byroles($query);
 
+        // Restricted to admins.
+        if (!$this->restriction_byadminrole()) {
+            return false;
+        }
+
         // Restriction by cohorts.
         $this->restriction_bycohorts($query);
 
@@ -180,6 +185,19 @@ public function restriction_byroles(&$query) {
         $query->params += array_merge($params, $inparam);
     }
 
+    /**
+     * Verify if the menu is restricted to admins.
+     *
+     * @return bool True if the user is a site admin
+     */
+    public function restriction_byadminrole() {
+        // Check if the item is restricted to admins.
+        if ($this->data->byadmin) {
+            return is_siteadmin($this->userid); // Returns true if the user is a site admin.
+        }
+        return true;
+    }
+
     /**
      * The purpose of this function is to check if a user is assigned to one or more cohorts that are specified in a menu.
      * For the operator "ALL" it gets the count of records and verfiy the records count is same as count of selected cohorts.
diff --git a/version.php b/version.php
index 448857d540d..2c4c6c5fdb4 100644
--- a/version.php
+++ b/version.php
@@ -25,7 +25,7 @@
 defined('MOODLE_INTERNAL') || die();
 
 $plugin->component = 'theme_boost_union';
-$plugin->version = 2023102037;
+$plugin->version = 2023102038;
 $plugin->release = 'v4.3-r12';
 $plugin->requires = 2023100900;
 $plugin->supported = [403, 403];