MDL-37473 completion: Add missing cap checks to tracked users functions

Namely get_num_tracked_users and is_tracked_user()
moodle · Jan 25, 2013 · 10a8581 · 10a8581
1 parent 9da506c
commit 10a8581
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 6 deletions.
diff --git a/blocks/completionstatus/block_completionstatus.php b/blocks/completionstatus/block_completionstatus.php
@@ -220,7 +220,7 @@ public function get_content() {
             $this->content->footer = '<br><a href="'.$details->out().'">'.get_string('moredetails', 'completion').'</a>';
         } else {
             // If user is not enrolled, show error
-            $this->content->text = get_string('notenroled', 'completion');
+            $this->content->text = get_string('nottracked', 'completion');
         }
 
         if (has_capability('report/completion:view', $context)) {

diff --git a/blocks/selfcompletion/block_selfcompletion.php b/blocks/selfcompletion/block_selfcompletion.php
@@ -87,7 +87,7 @@ public function get_content() {
 
         // Check this user is enroled
         if (!$info->is_tracked_user($USER->id)) {
-            $this->content->text = get_string('notenroled', 'completion');
+            $this->content->text = get_string('nottracked', 'completion');
             return $this->content;
         }
 

diff --git a/course/togglecompletion.php b/course/togglecompletion.php
@@ -45,6 +45,11 @@
     require_login($course);
 
     $completion = new completion_info($course);
+    if (!$completion->is_enabled()) {
+        throw new moodle_exception('completionnotenabled', 'completion');
+    } elseif (!$completion->is_tracked_user($USER->id)) {
+        throw new moodle_exception('nottracked', 'completion');
+    }
 
     // Check if we are marking a user complete via the completion report
     $user = optional_param('user', 0, PARAM_INT);
@@ -136,7 +141,9 @@
 // Now change state
 $completion = new completion_info($course);
 if (!$completion->is_enabled()) {
-    die;
+    throw new moodle_exception('completionnotenabled', 'completion');
+} elseif (!$completion->is_tracked_user($USER->id)) {
+    throw new moodle_exception('nottracked', 'completion');
 }
 
 // Check completion state is manual

diff --git a/lang/en/completion.php b/lang/en/completion.php
@@ -135,9 +135,10 @@
 $string['markedcompleteby']='Marked complete by {$a}';
 $string['markingyourselfcomplete']='Marking yourself complete';
 $string['moredetails']='More details';
-$string['notcompleted'] = 'Not completed';
 $string['nocriteriaset']='No completion criteria set for this course';
+$string['notcompleted'] = 'Not completed';
 $string['notenroled']='You are not enrolled in this course';
+$string['nottracked']='You are currently not being tracked by completion in this course';
 $string['notyetstarted']='Not yet started';
 $string['overallcriteriaaggregation']='Overall criteria type aggregation';
 $string['pending']='Pending';

diff --git a/lib/completionlib.php b/lib/completionlib.php
@@ -1021,7 +1021,7 @@ public function get_activities($modinfo=null) {
      * @return bool
      */
     public function is_tracked_user($userid) {
-        return is_enrolled(context_course::instance($this->course->id), $userid, '', true);
+        return is_enrolled(context_course::instance($this->course->id), $userid, 'moodle/course:isincompletionreports', true);
     }
 
     /**
@@ -1038,7 +1038,7 @@ public function get_num_tracked_users($where = '', $whereparams = array(), $grou
         global $DB;
 
         list($enrolledsql, $enrolledparams) = get_enrolled_sql(
-                context_course::instance($this->course->id), '', $groupid, true);
+                context_course::instance($this->course->id), 'moodle/course:isincompletionreports', $groupid, true);
         $sql  = 'SELECT COUNT(eu.id) FROM (' . $enrolledsql . ') eu JOIN {user} u ON u.id = eu.id';
         if ($where) {
             $sql .= " WHERE $where";