From 10a8581f2bcdf4edf6f73ad23ce9ef5ce2033dd9 Mon Sep 17 00:00:00 2001 From: Aaron Barnes Date: Fri, 11 Jan 2013 14:41:05 +1300 Subject: [PATCH] MDL-37473 completion: Add missing cap checks to tracked users functions Namely get_num_tracked_users and is_tracked_user() --- blocks/completionstatus/block_completionstatus.php | 2 +- blocks/selfcompletion/block_selfcompletion.php | 2 +- course/togglecompletion.php | 9 ++++++++- lang/en/completion.php | 3 ++- lib/completionlib.php | 4 ++-- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/blocks/completionstatus/block_completionstatus.php b/blocks/completionstatus/block_completionstatus.php index 12f0ea18593eb..b2cb80365a06a 100644 --- a/blocks/completionstatus/block_completionstatus.php +++ b/blocks/completionstatus/block_completionstatus.php @@ -220,7 +220,7 @@ public function get_content() { $this->content->footer = '
'.get_string('moredetails', 'completion').''; } else { // If user is not enrolled, show error - $this->content->text = get_string('notenroled', 'completion'); + $this->content->text = get_string('nottracked', 'completion'); } if (has_capability('report/completion:view', $context)) { diff --git a/blocks/selfcompletion/block_selfcompletion.php b/blocks/selfcompletion/block_selfcompletion.php index 9ea6db40cf3ae..fe0d3af927980 100644 --- a/blocks/selfcompletion/block_selfcompletion.php +++ b/blocks/selfcompletion/block_selfcompletion.php @@ -87,7 +87,7 @@ public function get_content() { // Check this user is enroled if (!$info->is_tracked_user($USER->id)) { - $this->content->text = get_string('notenroled', 'completion'); + $this->content->text = get_string('nottracked', 'completion'); return $this->content; } diff --git a/course/togglecompletion.php b/course/togglecompletion.php index 3773890099ac6..0be21089a9d2c 100644 --- a/course/togglecompletion.php +++ b/course/togglecompletion.php @@ -45,6 +45,11 @@ require_login($course); $completion = new completion_info($course); + if (!$completion->is_enabled()) { + throw new moodle_exception('completionnotenabled', 'completion'); + } elseif (!$completion->is_tracked_user($USER->id)) { + throw new moodle_exception('nottracked', 'completion'); + } // Check if we are marking a user complete via the completion report $user = optional_param('user', 0, PARAM_INT); @@ -136,7 +141,9 @@ // Now change state $completion = new completion_info($course); if (!$completion->is_enabled()) { - die; + throw new moodle_exception('completionnotenabled', 'completion'); +} elseif (!$completion->is_tracked_user($USER->id)) { + throw new moodle_exception('nottracked', 'completion'); } // Check completion state is manual diff --git a/lang/en/completion.php b/lang/en/completion.php index a488b9dabd61e..d3230bb7c4971 100644 --- a/lang/en/completion.php +++ b/lang/en/completion.php @@ -135,9 +135,10 @@ $string['markedcompleteby']='Marked complete by {$a}'; $string['markingyourselfcomplete']='Marking yourself complete'; $string['moredetails']='More details'; -$string['notcompleted'] = 'Not completed'; $string['nocriteriaset']='No completion criteria set for this course'; +$string['notcompleted'] = 'Not completed'; $string['notenroled']='You are not enrolled in this course'; +$string['nottracked']='You are currently not being tracked by completion in this course'; $string['notyetstarted']='Not yet started'; $string['overallcriteriaaggregation']='Overall criteria type aggregation'; $string['pending']='Pending'; diff --git a/lib/completionlib.php b/lib/completionlib.php index 1dd79dd550946..4a4abcba056d9 100644 --- a/lib/completionlib.php +++ b/lib/completionlib.php @@ -1021,7 +1021,7 @@ public function get_activities($modinfo=null) { * @return bool */ public function is_tracked_user($userid) { - return is_enrolled(context_course::instance($this->course->id), $userid, '', true); + return is_enrolled(context_course::instance($this->course->id), $userid, 'moodle/course:isincompletionreports', true); } /** @@ -1038,7 +1038,7 @@ public function get_num_tracked_users($where = '', $whereparams = array(), $grou global $DB; list($enrolledsql, $enrolledparams) = get_enrolled_sql( - context_course::instance($this->course->id), '', $groupid, true); + context_course::instance($this->course->id), 'moodle/course:isincompletionreports', $groupid, true); $sql = 'SELECT COUNT(eu.id) FROM (' . $enrolledsql . ') eu JOIN {user} u ON u.id = eu.id'; if ($where) { $sql .= " WHERE $where";