Permalink
Browse files

fix for MDL-10273, users with no capability sould not see New Event b…

…utton
  • Loading branch information...
1 parent 9da6b30 commit 0b6c589f2136619e6a8975d509adc6405c8c29b9 toyomoyo committed Jun 28, 2007
Showing with 31 additions and 23 deletions.
  1. +0 −20 calendar/event.php
  2. +28 −0 calendar/lib.php
  3. +3 −3 calendar/view.php
View
@@ -633,24 +633,4 @@ function calendar_add_event_allowed($event) {
return false;
}
}
-
-function calendar_get_allowed_types(&$allowed) {
- global $USER, $CFG, $SESSION;
-
- $allowed->user = true; // User events always allowed
- $allowed->groups = false; // This may change just below
- $allowed->courses = false; // This may change just below
- $allowed->site = has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID));
-
- if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer))) {
- $course = get_record('course', 'id', $SESSION->cal_course_referer);
-
- $allowed->courses = array($course->id => 1);
-
- if($course->groupmode != NOGROUPS || !$course->groupmodeforce) {
- $allowed->groups = get_groups($SESSION->cal_course_referer);
- }
- }
-}
-
?>
View
@@ -1401,4 +1401,32 @@ function calendar_set_filters_status($packed_bitfield) {
return true;
}
+function calendar_get_allowed_types(&$allowed) {
+ global $USER, $CFG, $SESSION;
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM);
+ $allowed->user = has_capability('moodle/calendar:manageownentries', $sitecontext);
+ $allowed->groups = false; // This may change just below
+ $allowed->courses = false; // This may change just below
+ $allowed->site = has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID));
+
+ if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer))) {
+ $course = get_record('course', 'id', $SESSION->cal_course_referer);
+
+ $allowed->courses = array($course->id => 1);
+
+ if($course->groupmode != NOGROUPS || !$course->groupmodeforce) {
+ $allowed->groups = get_groups($SESSION->cal_course_referer);
+ }
+ }
+}
+
+/**
+ * see if user can add calendar entries at all
+ * used to print the "New Event" button
+ * @return bool
+ */
+function calendar_user_can_add_event() {
+ calendar_get_allowed_types($allowed);
+ return (bool)($allowed->user || $allowed->groups || $allowed->courses || $allowed->site);
+}
?>
View
@@ -227,7 +227,7 @@ function calendar_show_day($d, $m, $y, $courses, $groups, $users) {
$events = calendar_get_upcoming($courses, $groups, $users, 1, 100, $starttime);
$text = '';
- if (!isguest() && !empty($USER->id)) {
+ if (!isguest() && !empty($USER->id) && calendar_user_can_add_event()) {
$text.= '<div class="buttons">';
$text.= '<form action="'.CALENDAR_URL.'event.php" method="get">';
$text.= '<div>';
@@ -359,7 +359,7 @@ function calendar_show_month_detailed($m, $y, $courses, $groups, $users) {
calendar_events_by_day($events, $m, $y, $eventsbyday, $durationbyday, $typesbyday);
$text = '';
- if(!isguest() && !empty($USER->id)) {
+ if(!isguest() && !empty($USER->id) && calendar_user_can_add_event()) {
$text.= '<div class="buttons"><form action="'.CALENDAR_URL.'event.php" method="get">';
$text.= '<div>';
$text.= '<input type="hidden" name="action" value="new" />';
@@ -554,7 +554,7 @@ function calendar_show_upcoming_events($courses, $groups, $users, $futuredays, $
$text = '';
- if(!isguest() && !empty($USER->id)) {
+ if(!isguest() && !empty($USER->id) && calendar_user_can_add_event()) {
$text.= '<div class="buttons">';
$text.= '<form action="'.CALENDAR_URL.'event.php" method="get">';
$text.= '<div>';

0 comments on commit 0b6c589

Please sign in to comment.