MDL-26621 respect email privacy settings on the main user profile and…

… fix missing context
ralferlebach · Mar 12, 2011 · 181991e · 181991e
1 parent c096042
commit 181991e
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 3 deletions.
diff --git a/lib/enrollib.php b/lib/enrollib.php
@@ -220,6 +220,47 @@ function enrol_check_plugins($user) {
     unset($inprogress[$user->id]);  // Unset the flag
 }
 
+/**
+ * Do these two students share any course?
+ *
+ * The courses has to be visible and enrolments has to be active,
+ * timestart and timeend restrictions are ignored.
+ *
+ * @param stdClass|int $user1
+ * @param stdClass|int $user2
+ * @return bool
+ */
+function enrol_sharing_course($user1, $user2) {
+    global $DB, $CFG;
+
+    $user1 = !empty($user1->id) ? $user1->id : $user1;
+    $user2 = !empty($user2->id) ? $user2->id : $user2;
+
+    if (empty($user1) or empty($user2)) {
+        return false;
+    }
+
+    if (!$plugins = explode(',', $CFG->enrol_plugins_enabled)) {
+        return false;
+    }
+
+    list($plugins, $params) = $DB->get_in_or_equal($plugins, SQL_PARAMS_NAMED, 'ee00');
+    $params['enabled'] = ENROL_INSTANCE_ENABLED;
+    $params['active1'] = ENROL_USER_ACTIVE;
+    $params['active2'] = ENROL_USER_ACTIVE;
+    $params['user1']   = $user1;
+    $params['user2']   = $user2;
+
+    $sql = "SELECT DISTINCT 'x'
+              FROM {enrol} e
+              JOIN {user_enrolments} ue1 ON (ue1.enrolid = e.id AND ue1.status = :active1 AND ue1.userid = :user1)
+              JOIN {user_enrolments} ue2 ON (ue1.enrolid = e.id AND ue1.status = :active2 AND ue2.userid = :user2)
+              JOIN {course} c ON (c.id = e.courseid AND c.visible = 1)
+             WHERE e.status = :enabled AND e.enrol $plugins";
+
+    return $DB->record_exists_sql($sql, $params);
+}
+
 /**
  * This function adds necessary enrol plugins UI into the course edit form.
  *

diff --git a/user/profile.php b/user/profile.php
@@ -63,8 +63,10 @@
     !empty($CFG->forceloginforprofiles) &&
     !has_capability('moodle/user:viewdetails', $context) &&
     !has_coursecontact_role($userid)) {
+
     // Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366)
     $struser = get_string('user');
+    $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
     $PAGE->set_title("$SITE->shortname: $struser");  // Do not leak the name
     $PAGE->set_heading("$SITE->shortname: $struser");
     $PAGE->set_url('/user/profile.php', array('id'=>$userid));
@@ -247,9 +249,10 @@
     }
 }
 
-if ($user->maildisplay == 1
-   or ($user->maildisplay == 2 && !isguestuser())
-   or has_capability('moodle/course:useremail', $context)) {
+if ($currentuser
+  or $user->maildisplay == 1
+  or has_capability('moodle/course:useremail', $context)
+  or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER))) {
 
     print_row(get_string("email").":", obfuscate_mailto($user->email, ''));
 }