adding capabilities

calendar/set.php

@@ -64,7 +64,6 @@
                 calendar_set_referring_course(0);
             }
             else {
-                // We don't check for membership anymore: if(isstudent($id, $USER->id) || isteacher($id, $USER->id)) {
                 if(get_record('course', 'id', $id) === false) {
                     // There is no such course
                     $SESSION->cal_courses_shown = array();

course/editsection.php

@@ -16,10 +16,7 @@
         error("Could not find the course!");
     }
 
-    if (!isteacher($course->id)) {
-        error("Only teachers can edit this!");
-    }
-
+    require_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $id));
 
 /// If data submitted, then process and store.
 

course/format/lams/format.php

@@ -30,7 +30,9 @@
     }
 }
 
-if (($marker >=0) and isteacher($course->id) and confirm_sesskey()) {
+$context = get_context_instance(CONTEXT_COURSE, $course->id);
+
+if (($marker >=0) and has_capability('moodle/course:setcurrentsection', $context) and confirm_sesskey()) {
     $course->marker = $marker;
     if (! set_field("course", "marker", $marker, "id", $course->id)) {
         error("Could not mark that topic for this course");
@@ -216,7 +218,7 @@
         }
     }
 
-    $showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
+    $showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
 
     if (!empty($displaysection) and $displaysection != $section) {
         if ($showsection) {
@@ -249,7 +251,7 @@
         echo '<td class="left side">&nbsp;</td>';
 
         echo '<td class="content">';
-        if (!isteacher($course->id) and !$thissection->visible) {   // Hidden for students
+        if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) {   // Hidden for students
             echo get_string('notavailable');
         } else {
             echo '<div class="summary">';

course/format/topics/format.php

@@ -35,7 +35,9 @@
         }
     }
 
-    if (($marker >=0) && isteacher($course->id) && confirm_sesskey()) {
+    $context = get_context_instance(CONTEXT_COURSE, $course->id);
+
+    if (($marker >=0) && has_capability('moodle/course:setcurrentsection', $context) && confirm_sesskey()) {
         $course->marker = $marker;
         if (! set_field("course", "marker", $marker, "id", $course->id)) {
             error("Could not mark that topic for this course");
@@ -165,7 +167,7 @@
             }
         }
 
-        $showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
+        $showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
 
         if (!empty($displaysection) and $displaysection != $section) {
             if ($showsection) {
@@ -197,7 +199,7 @@
             echo '<td class="left side">'.$section.'</td>';
 
             echo '<td class="content">';
-            if (!isteacher($course->id) and !$thissection->visible) {   // Hidden for students
+            if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) {   // Hidden for students
                 echo get_string('notavailable');
             } else {
                 echo '<div class="summary">';

course/format/weeks/format.php

@@ -48,7 +48,7 @@
         $strmovedown = get_string('movedown');
     }
 
-
+    $context = get_context_instance(CONTEXT_COURSE, $course->id);
 /// Layout the whole page as three big columns.
     echo '<table id="layout-table" cellspacing="0"><tr>';
 
@@ -146,7 +146,7 @@
             }
         }
 
-        $showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
+        $showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
 
         if (!empty($displaysection) and $displaysection != $section) {  // Check this week is visible
             if ($showsection) {
@@ -173,7 +173,7 @@
             echo '<td class="left side">&nbsp;</td>';
 
             echo '<td class="content">';
-            if (!isteacher($course->id) and !$thissection->visible) {   // Hidden for students
+            if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) {   // Hidden for students
                 echo '<div class="weekdates">'.$weekday.' - '.$endweekday.' ('.get_string('notavailable').')</div>';
 
             } else {

course/format/weekscss/format.php

@@ -60,7 +60,7 @@
         $strmovedown = get_string('movedown');
     }
 
-
+    $context = get_context_instance(CONTEXT_COURSE, $course->id);
 /* Internet Explorer min-width fix. (See theme/standard/styles_layout.css: min-width for Firefox.)
    Window width: 800px, Firefox 763px, IE 752px. (Window width: 640px, Firefox 602px, IE 588px.)    
 */
@@ -175,7 +175,7 @@
             }
         }
 
-        $showsection = (isteacher($course->id) or $thissection->visible or !$course->hiddensections);
+        $showsection = (has_capability('moodle/course:viewhiddensections', $context) or $thissection->visible or !$course->hiddensections);
 
         if (!empty($displaysection) and $displaysection != $section) {  // Check this week is visible
             if ($showsection) {
@@ -233,7 +233,7 @@
             echo '</div>';
 
             echo '<div class="content">';
-            if (!isteacher($course->id) and !$thissection->visible) {   // Hidden for students
+            if (!has_capability('moodle/course:viewhiddensections', $context) and !$thissection->visible) {   // Hidden for students
                 echo '<div class="weekdates">'.$weekday.' - '.$endweekday.' ('.get_string('notavailable').')</div>';
 
             } else {

course/import.php

@@ -9,9 +9,7 @@
         error("That's an invalid course id");
     }
 
-    if (!isteacher($course->id)) {
-        error("You are not allowed to look at this page");
-    }
+    require_capability('moodle/site:import', get_context_instance(CONTEXT_COURSE, $id));
 
 /// Always we begin an import, we delete all backup/restore/import session structures
     if (isset($SESSION->course_header)) {

course/lib.php

@@ -82,7 +82,7 @@ function print_recent_selector_form($course, $advancedfilter=0, $selecteduser=0,
                 if ($mod->mod == "label") {
                     continue;
                 }
-                if (!$mod->visible and !$isteacher) {
+                if (!$mod->visible and !has_capability('moodle/course:viewhiddenactivities',get_context_instance(CONTEXT_MODULE, $mod->cm))) {
                     continue;
                 }
 
@@ -174,7 +174,7 @@ function print_recent_selector_form($course, $advancedfilter=0, $selecteduser=0,
 
         $groupmode =  groupmode($course);
 
-        if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) {
+        if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id)))) {
             if ($groups = get_records_menu("groups", "courseid", $course->id, "name ASC", "id,name")) {
             echo '<td><b>';
                 if ($groupmode == VISIBLEGROUPS) {
@@ -272,7 +272,7 @@ function build_logs_array($course, $user=0, $date=0, $order="l.time ASC", $limit
 
     /// If the group mode is separate, and this user does not have editing privileges,
     /// then only the user's group can be viewed.
-    if ($course->groupmode == SEPARATEGROUPS and !$isteacheredit) {
+    if ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) {
         $groupid = get_current_group($course->id);
     }
     /// If this course doesn't have groups, no groupid can be specified.
@@ -985,7 +985,7 @@ function get_all_mods($courseid, &$mods, &$modnames, &$modnamesplural, &$modname
             }
             $mods[$mod->id] = $mod;
             $mods[$mod->id]->modfullname = $modnames[$mod->modname];
-            if ($mod->visible or isteacher($courseid)) {
+            if ($mod->visible or has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE, $courseid))) {
                 $modnamesused[$mod->modname] = $modnames[$mod->modname];
             }
         }
@@ -1099,7 +1099,7 @@ function print_section($course, $section, $mods, $modnamesused, $absolute=false,
             }
             $mod = $mods[$modnumber];
 
-            if ($mod->visible or $isteacher) {
+            if ($mod->visible or has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE, $course->id))) {
                 echo '<li class="activity '.$mod->modname.'" id="module-'.$modnumber.'">';  // Unique ID
                 if ($ismoving) {
                     if ($mod->id == $USER->activitycopy) {
@@ -1149,7 +1149,7 @@ function print_section($course, $section, $mods, $modnamesused, $absolute=false,
                 }
                 if ($usetracking && $mod->modname == 'forum') {
                     $groupmode = groupmode($course, $mod);
-                    $groupid = ($groupmode == SEPARATEGROUPS && !isteacheredit($course->id)) ?
+                    $groupid = ($groupmode == SEPARATEGROUPS && !has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) ?
                                get_current_group($course->id) : false;
 
                     if (forum_tp_can_track_forums() && !isset($untracked[$mod->instance])) {

course/recent.php

@@ -109,7 +109,7 @@
 
     } else { // you chose a group of activities
 
-        if (isteacher($course->id)) {
+        if (has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
             $hiddenfilter = "";
         } else {
             $hiddenfilter = " AND cs.visible = '1' ";
@@ -134,7 +134,7 @@
             $activityfilter = "";
         }
 
-        if (isteacher($course->id)) {
+        if (has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
             $hiddenfilter = "";
         } else {
             $hiddenfilter = " AND cm.visible = '1' ";
@@ -224,7 +224,7 @@
 
         $section = 0;
 
-        if (isteacher($course->id)) {
+        if (has_capability('moodle/course:viewhiddensections', get_context_instance(CONTEXT_COURSE, $course->id))) {
             $teacher = true;
         } else {
             $teacher = false;

course/report.php

@@ -9,9 +9,7 @@
         error("That's an invalid course id");
     }
 
-    if (!isteacher($course->id)) {
-        error("You are not allowed to look at this page");
-    }
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_COURSE, $id));
 
     $strreports = get_string('reports');
 

course/report/outline/index.php

@@ -17,9 +17,7 @@
         error("Course id is incorrect.");
     }
 
-    if (!isteacher($course->id)) {
-        error("You are not allowed to look at this page");
-    }
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_COURSE, $courseid));
 
     add_to_log($course->id, "course", "report outline", "report/outline/index.php?id=$course->id", $course->id); 
 

course/user.php

@@ -23,7 +23,11 @@
         error("User ID is incorrect");
     }
 
-    if (! (isteacher($course->id) or ($course->showreports and $USER->id == $user->id))) {
+    $coursecontext = get_context_instance(CONTEXT_COURSE, $id);
+    $personalcontext = get_context_instance(CONTEXT_USERID, $user->id);
+
+    // if in either context, we can read report, then we can proceed
+    if (!(has_capability('moodle/site:viewreports', $coursecontext) or ($course->showreports and $USER->id == $user->id) or has_capability('moodle/user:viewuseractivitiesreport', $personalcontext))) {
         error("You are not allowed to look at this page");
     }
 
@@ -160,7 +164,7 @@
                 if (isset($sections[$i])) {   // should always be true
 
                     $section = $sections[$i];
-                    $showsection = (isteacher($course->id) or $section->visible or !$course->hiddensections);
+                    $showsection = (has_capability('moodle/course:viewhiddensections', $context) or $section->visible or !$course->hiddensections);
 
                     if ($showsection) { // prevent hidden sections in user activity. Thanks to Geoff Wilbert!
 

file.php

@@ -54,7 +54,7 @@
     }
 
     // security: only editing teachers can access backups
-    if ((!isteacheredit($course->id))
+    if ((!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id)))
         and (count($args) >= 2)
         and (strtolower($args[1]) == 'backupdata')) {
 
@@ -83,7 +83,7 @@
         and (strtolower($args[2]) == 'assignment')) {
 
         $lifetime = 0;  // do not cache assignments, students may reupload them
-        if ((!isteacher($course->id)) && (count($args) != 6 || $args[4] != $USER->id)) {
+        if ((!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_COURSE, $course->id))) && (count($args) != 6 || $args[4] != $USER->id)) {
            error('Access not allowed');
         }
     }

grade/exceptions.php

@@ -12,9 +12,7 @@
 
     require_login($course->id);
 
-    if (!isteacher($course->id)) {
-        error(get_string('notteachererror', 'grades'));
-    }
+    require_capability('moodle/course:managegrades', get_context_instance(CONTEXT_MODULE, $id));
 
     $group = get_current_group($course->id);
 

lib/db/access.php

@@ -766,6 +766,84 @@
             'coursecreator' => CAP_ALLOW,
             'admin' => CAP_ALLOW
         )
+    ),
+
+    'moodle/course:sectionvisibility' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_PREVENT,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
+    'moodle/course:viewhiddensections' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_PREVENT,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
+    'moodle/course:setcurrentsection' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_PREVENT,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
+    'moodle/course:viewcoursegrades' => array(
+        'captype' => 'read',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
+    'moodle/course:managegrades' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_PREVENT,
+            'teacher' => CAP_PREVENT,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
+    ),
+
+    'moodle/user:viewusergrades' => array(
+        'captype' => 'write',
+        'contextlevel' => CONTEXT_COURSE,
+        'legacy' => array(
+            'guest' => CAP_PREVENT,
+            'student' => CAP_ALLOW,
+            'teacher' => CAP_ALLOW,
+            'editingteacher' => CAP_ALLOW,
+            'coursecreator' => CAP_ALLOW,
+            'admin' => CAP_ALLOW
+        )
     )
 );