Skip to content

Commit

Permalink
adding capabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
toyomoyo committed Sep 6, 2006
1 parent 180f410 commit d02eede
Show file tree
Hide file tree
Showing 13 changed files with 46 additions and 48 deletions.
4 changes: 1 addition & 3 deletions course/grades.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,7 @@
error("Course ID was incorrect");
}

if (!isteacher($course->id)) {
error("Only teachers can use this page!");
}
require_capability('moodle/course:viewcoursegrades', get_context_instance(CONTEXT_COURSE, $id));

$strgrades = get_string("grades");
$strgrade = get_string("grade");
Expand Down
8 changes: 4 additions & 4 deletions course/report/log/lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
$showcourses = 1;
}

$context = get_context_instance(CONTEXT_COURSE, $course->id);

/// Setup for group handling.
$isteacher = isteacher($course->id);
$isteacheredit = isteacheredit($course->id);
if ($course->groupmode == SEPARATEGROUPS and !$isteacheredit) {
if ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
$selectedgroup = get_current_group($course->id);
$showgroups = false;
}
Expand Down Expand Up @@ -47,7 +47,7 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
if ($showusers) {
if ($courseusers) {
foreach ($courseusers as $courseuser) {
$users[$courseuser->id] = fullname($courseuser, $isteacher);
$users[$courseuser->id] = fullname($courseuser, has_capability('moodle/site:viewfullnames', $context));
}
}
if ($guest = get_guest()) {
Expand Down
6 changes: 3 additions & 3 deletions grade/lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1003,7 +1003,7 @@ function grade_get_preferences($courseid) {

// Construct some other ones about which fields are shown

$isteacher = isteacher($courseid);
$isteacher = has_capability('moodle/course:managegrades', get_context_instance(CONTEXT_COURSE, $courseid));

$preferences->show_weighted = (($preferences->display_weighted > 0 && $isteacher) ||
($preferences->display_weighted > 1 && !$isteacher));
Expand Down Expand Up @@ -1063,7 +1063,7 @@ function grade_set_preferences($course, $newprefs) {

function grade_preferences_menu($action, $course, $group=0) {

if (!isteacher($course->id)) {
has_capability('moodle/course:managegrades', get_context_instance(CONTEXT_COURSE, $courseid)) {
return;
}

Expand Down Expand Up @@ -1133,7 +1133,7 @@ function grade_nav($course, $action='grades') {
$strgrades = get_string('grades', 'grades');
$gradenav = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>";

if (isteacher($course->id)) {
if (has_capability('moodle/course:managegrades', get_context_instance(CONTEXT_COURSE, $course->id))) {
switch ($action) {
case 'prefs':
case 'set_grade_preferences':
Expand Down
20 changes: 10 additions & 10 deletions lib/moodlelib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1535,7 +1535,7 @@ function require_login($courseid=0, $autologinguest=true, $cm=null) {
// Next, check if the user can be in a particular course
if ($courseid) {
if ($courseid == SITEID) { // Anyone can be in the site course
if (isset($cm) and !$cm->visible and !isteacher(SITEID)) { // Not allowed to see module, send to course page
if (isset($cm) and !$cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return;
Expand All @@ -1552,12 +1552,12 @@ function require_login($courseid=0, $autologinguest=true, $cm=null) {

if (has_capability('moodle/course:view', $context)) {
if (isset($USER->realuser)) { // Make sure the REAL person can also access this course
if (!isteacher($courseid, $USER->realuser)) {
if (!has_capability('moodle/course:view', $context, $USER->realuser)) {
print_header();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
}
}
if (isset($cm) and !$cm->visible and !isteacher($courseid)) { // Not allowed to see module, send to course page
if (isset($cm) and !$cm->visible and !has_capability('moodle/course:viewhiddenactivities', $context)) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; // user is a member of this course.
Expand Down Expand Up @@ -1950,7 +1950,7 @@ function isediting($courseid, $user=NULL) {
if (empty($user->editing)) {
return false;
}
return ($user->editing and isteacher($courseid, $user->id));
return ($user->editing and has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid)));
}

/**
Expand Down Expand Up @@ -2972,7 +2972,7 @@ function get_current_group($courseid, $full=false) {
global $SESSION, $USER;

if (!isset($SESSION->currentgroup[$courseid])) {
if (empty($USER->groupmember[$courseid]) or isteacheredit($courseid)) {
if (empty($USER->groupmember[$courseid]) or has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $courseid))) {

return 0;
} else {
Expand Down Expand Up @@ -3016,7 +3016,7 @@ function get_and_set_current_group($course, $groupmode, $groupid=-1) {

if ($groupid) { // Try to change the current group to this groupid
if ($group = get_record('groups', 'id', $groupid, 'courseid', $course->id)) { // Exists
if (isteacheredit($course->id)) { // Sets current default group
if (has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id))) { // Sets current default group
$currentgroupid = set_current_group($course->id, $group->id);

} else if ($groupmode == VISIBLEGROUPS) {
Expand All @@ -3037,7 +3037,7 @@ function get_and_set_current_group($course, $groupmode, $groupid=-1) {
}
} else { // When groupid = 0 it means show ALL groups
//this is changed, non editting teacher needs access to group 0 as well, for viewing work in visible groups (need to set current group for multiple pages)
if (isteacheredit($course->id) OR (isteacher($course->id) AND ($groupmode == VISIBLEGROUPS))) { // Sets current default group
if (has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)) AND ($groupmode == VISIBLEGROUPS)) { // Sets current default group
$currentgroupid = set_current_group($course->id, 0);

} else if ($groupmode == VISIBLEGROUPS) { // All groups are visible
Expand Down Expand Up @@ -3075,7 +3075,7 @@ function setup_and_print_groups($course, $groupmode, $urlroot) {
return false;
}

if ($groupmode == SEPARATEGROUPS and !isteacheredit($course->id) and !$currentgroup) {
if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)) and !$currentgroup) {
//we are in separate groups and the current group is group 0, as last set.
//this can mean that either, this guy has no group
//or, this guy just came from a visible all forum, and he left when he set his current group to 0 (show all)
Expand All @@ -3092,15 +3092,15 @@ function setup_and_print_groups($course, $groupmode, $urlroot) {
}
}

if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) {
if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)))) {
if ($groups = get_records_menu('groups', 'courseid', $course->id, 'name ASC', 'id,name')) {
echo '<div align="center">';
print_group_menu($groups, $groupmode, $currentgroup, $urlroot);
echo '</div>';
}
}//added code here to allow non-editting teacher to swap in-between his own groups
//added code for students in separategrous to swtich groups
else if ($groupmode == SEPARATEGROUPS and (isteacher($course->id) or isstudent($course->id))) {
else if ($groupmode == SEPARATEGROUPS and has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id))) {
$validgroups = array();
//get all the groups this guy is in in this course
if ($p = user_group($course->id,$USER->id)){
Expand Down
2 changes: 1 addition & 1 deletion mod/glossary/view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@

$user = get_record("user","id",$entry->uid);
print_user_picture($user->id, $course->id, $user->picture);
$pivottoshow = fullname($user, isteacher($course->id));;
$pivottoshow = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));
} else {
echo '<td align="center">';
}
Expand Down
2 changes: 1 addition & 1 deletion mod/resource/lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ function resource_base($cmid=0) {
$this->navigation = "<a target=\"{$CFG->framename}\" href=\"index.php?id={$this->course->id}\">$this->strresources</a> ->";
}

if (!$this->cm->visible and !isteacher($this->course->id)) {
if (!$this->cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_MODULE, $this->cm->id))) {
$pagetitle = strip_tags($this->course->shortname.': '.$this->strresource);
print_header($pagetitle, $this->course->fullname, "$this->navigation $this->strresource", "", "", true, '', navmenu($this->course, $this->cm));
notice(get_string("activityiscurrentlyhidden"), "$CFG->wwwroot/course/view.php?id={$this->course->id}");
Expand Down
9 changes: 4 additions & 5 deletions question/export.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,9 @@
}

require_login($course->id, false);

if (!isteacher($course->id)) {
error( get_string('onlyteachersexport','quiz') );
}

$context = get_context_instance(CONTEXT_COURSE, $course->id);
require_capability('moodle/question:export', $context);

// ensure the files area exists for this course
make_upload_directory( "$course->id" );
Expand All @@ -59,7 +58,7 @@
/// Header:

if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) {
$strupdatemodule = isteacheredit($course->id)
$strupdatemodule = has_capability('moodle/course:manageactivities', $context)
? update_module_button($SESSION->modform->cmid, $course->id, get_string('modulename', 'quiz'))
: "";
print_header_simple($strexportquestions, '',
Expand Down
3 changes: 2 additions & 1 deletion question/preview.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@

require_login();

// this might break things in the future
if (!isteacherinanycourse()) {
error('This page is for teachers only');
}
Expand Down Expand Up @@ -81,7 +82,7 @@
error("This question doesn't belong to a valid category!");
}

if (!isteacher($category->course) and !$category->publish) {
if (!has_capability('moodle/question:manage', get_context_instance(CONTEXT_COURSE, $category->course)) and !$category->publish) {
error("You can't preview these questions!");
}
$quiz->course = $category->course;
Expand Down
10 changes: 5 additions & 5 deletions rss/file.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,18 +70,18 @@
rss_not_found();
}

$isstudent = isstudent($courseid,$userid);
$isteacher = isteacher($courseid,$userid);

$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$isuser = has_capability('moodle/course:view', $context, $userid);
//Check for "security" if !course->guest or course->password
if ($course->id != SITEID) {
if ((!$course->guest || $course->password) && (!($isstudent || $isteacher))) {
if ((!$course->guest || $course->password) && (!$isuser)) {
rss_not_found();
}
}

//Check for "security" if the course is hidden or the activity is hidden
if (!$isblog and (!$course->visible || !$cm->visible) && (!$isteacher)) {
if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) {
rss_not_found();
}

Expand Down
2 changes: 1 addition & 1 deletion user/edit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,7 @@
if ($newaccount) {
$userfullname = $strnewuser;
} else {
$userfullname = fullname($user, isteacher($course->id));
$userfullname = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));
}
if ($course->category) {
print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
Expand Down
12 changes: 6 additions & 6 deletions user/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
require_capability('moodle/course:viewparticipants', $context);

if (!$course->category) {
if (!$CFG->showsiteparticipantslist and !isteacher(SITEID)) {
if (!$CFG->showsiteparticipantslist and !has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
print_header("$course->shortname: ".get_string('participants'), $course->fullname,
get_string('participants'), "", "", true, "&nbsp;", navmenu($course));
notice(get_string('sitepartlist0'));
Expand Down Expand Up @@ -110,7 +110,7 @@
}

$isseparategroups = ($course->groupmode == SEPARATEGROUPS and $course->groupmodeforce and
!isteacheredit($course->id));
!has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)));

if ($isseparategroups and (!$currentgroup) ) { //XXX
print_heading(get_string("notingroup", "forum"));
Expand Down Expand Up @@ -195,7 +195,7 @@
popup_form($CFG->wwwroot.'/user/index.php?contextid='.$context->id.'&amp;roleid='.$roleid.'&amp;id=',$my_course,'courseform',$course->id);
echo '</td>';

if ($groupmode == VISIBLEGROUPS or ($groupmode and isteacheredit($course->id))) {
if ($groupmode == VISIBLEGROUPS or ($groupmode and has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)))) {
if ($groups = get_records_menu("groups", "courseid", $course->id, "name ASC", "id,name")) {
echo '<td class="left">';
print_group_menu($groups, $groupmode, $currentgroup, $baseurl);
Expand Down Expand Up @@ -257,14 +257,14 @@
echo popup_form($baseurl.'&amp;mode=', $formatmenu, 'formatmenu', $fullmode, '', '', '', true);
echo '</td></tr></table>';

if ($currentgroup and (!$isseparategroups or isteacheredit($course->id))) { /// Display info about the group
if ($currentgroup and (!$isseparategroups or has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)))) { /// Display info about the group
if ($group = get_record('groups', 'id', $currentgroup)) {
if (!empty($group->description) or (!empty($group->picture) and empty($group->hidepicture))) {
echo '<table class="groupinfobox"><tr><td class="left side picture">';
print_group_picture($group, $course->id, true, false, false);
echo '</td><td class="content">';
echo '<h3>'.$group->name;
if (isteacheredit($course->id)) {
if (has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) {
echo '&nbsp;<a title="'.get_string('editgroupprofile').'" href="../course/groups.php?id='.$course->id.'&amp;group='.$group->id.'">';
echo '<img src="'.$CFG->pixpath.'/t/edit.gif" alt="" border="0">';
echo '</a>';
Expand Down Expand Up @@ -431,7 +431,7 @@ function checkchecked(form) {
$a->count = $totalcount;
$a->items = $currentrole->name;
echo '<h2>'.get_string('counteditems', '', $a);
if (isteacheredit($course->id)) {
if (user_can_assign($context, $roleid)) {
echo ' <a href="'.$CFG->wwwroot.'/admin/roles/assign.php?roleid='.$roleid.'&amp;contextid='.$context->id.'">';
echo '<img src="'.$CFG->pixpath.'/i/edit.gif" height="16" width="16" alt="" /></a>';
}
Expand Down
2 changes: 1 addition & 1 deletion user/tabs.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@
if (isset($userid)) {
$user = get_record('user','id', $userid);
}
print_heading(fullname($user, isteacher($course->id)));
print_heading(fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id))));

$toprow[] = new tabobject('profile', $CFG->wwwroot.'/user/view.php?id='.$user->id.'&amp;course='.$course->id, get_string('profile'));

Expand Down
14 changes: 7 additions & 7 deletions user/view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
}
}

$fullname = fullname($user, isteacher($course->id));
$fullname = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));
$personalprofile = get_string("personalprofile");
$participants = get_string("participants");

Expand All @@ -55,7 +55,7 @@
$currentuser = ($user->id == $USER->id);
}

if (groupmode($course) == SEPARATEGROUPS and !isteacheredit($course->id)) { // Groups must be kept separate
if (groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/course:managegroups', get_context_instance(CONTEXT_COURSE, $course->id))) { // Groups must be kept separate
require_login();

///this is changed because of mygroupid
Expand Down Expand Up @@ -106,7 +106,7 @@


if ($course->category and ! isguest() ) { // Need to have access to a course to see that info
if (!isstudent($course->id, $user->id) && !isteacher($course->id, $user->id)) {
if (!has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id))) {
print_heading(get_string("notenrolled", "", $fullname));
print_footer($course);
die;
Expand All @@ -117,8 +117,8 @@
print_heading(get_string("userdeleted"));
}

/// Get the hidden field list
if (isteacher($course->id) || isadmin()) {
/// Get the hidden field list (user must have update capability to see hidden files?)
if (has_capability('moodle/user:update', get_context_instance(CONTEXT_COURSE, $course->id))) {
$hiddenfields = array(); // teachers and admins are allowed to see everything
} else {
$hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
Expand Down Expand Up @@ -165,7 +165,7 @@
print_row(get_string("location").":", $location);
}

if (isteacher($course->id)) {
if (has_capability('moodle/user:update', get_context_instance(CONTEXT_COURSE, $course->id))) {
if ($user->address) {
print_row(get_string("address").":", "$user->address");
}
Expand Down Expand Up @@ -279,7 +279,7 @@

/// Printing groups
$isseparategroups = ($course->groupmode == SEPARATEGROUPS and $course->groupmodeforce and
!isteacheredit($course->id));
!has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id)));
if (!$isseparategroups){
if ($usergroups = user_group($course->id, $user->id)){
$groupstr = '';
Expand Down

0 comments on commit d02eede

Please sign in to comment.