Skip to content
Browse files

MDL-26621 respect email privacy settings on the main user profile and…

… fix missing context
  • Loading branch information...
1 parent c096042 commit 181991e791a13a3c383234718c26c499e31d3df1 @skodak skodak committed Mar 12, 2011
Showing with 47 additions and 3 deletions.
  1. +41 −0 lib/enrollib.php
  2. +6 −3 user/profile.php
View
41 lib/enrollib.php
@@ -221,6 +221,47 @@ function enrol_check_plugins($user) {
}
/**
+ * Do these two students share any course?
+ *
+ * The courses has to be visible and enrolments has to be active,
+ * timestart and timeend restrictions are ignored.
+ *
+ * @param stdClass|int $user1
+ * @param stdClass|int $user2
+ * @return bool
+ */
+function enrol_sharing_course($user1, $user2) {
+ global $DB, $CFG;
+
+ $user1 = !empty($user1->id) ? $user1->id : $user1;
+ $user2 = !empty($user2->id) ? $user2->id : $user2;
+
+ if (empty($user1) or empty($user2)) {
+ return false;
+ }
+
+ if (!$plugins = explode(',', $CFG->enrol_plugins_enabled)) {
+ return false;
+ }
+
+ list($plugins, $params) = $DB->get_in_or_equal($plugins, SQL_PARAMS_NAMED, 'ee00');
+ $params['enabled'] = ENROL_INSTANCE_ENABLED;
+ $params['active1'] = ENROL_USER_ACTIVE;
+ $params['active2'] = ENROL_USER_ACTIVE;
+ $params['user1'] = $user1;
+ $params['user2'] = $user2;
+
+ $sql = "SELECT DISTINCT 'x'
+ FROM {enrol} e
+ JOIN {user_enrolments} ue1 ON (ue1.enrolid = e.id AND ue1.status = :active1 AND ue1.userid = :user1)
+ JOIN {user_enrolments} ue2 ON (ue1.enrolid = e.id AND ue1.status = :active2 AND ue2.userid = :user2)
+ JOIN {course} c ON (c.id = e.courseid AND c.visible = 1)
+ WHERE e.status = :enabled AND e.enrol $plugins";
+
+ return $DB->record_exists_sql($sql, $params);
+}
+
+/**
* This function adds necessary enrol plugins UI into the course edit form.
*
* @param MoodleQuickForm $mform
View
9 user/profile.php
@@ -63,8 +63,10 @@
!empty($CFG->forceloginforprofiles) &&
!has_capability('moodle/user:viewdetails', $context) &&
!has_coursecontact_role($userid)) {
+
// Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366)
$struser = get_string('user');
+ $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
$PAGE->set_title("$SITE->shortname: $struser"); // Do not leak the name
$PAGE->set_heading("$SITE->shortname: $struser");
$PAGE->set_url('/user/profile.php', array('id'=>$userid));
@@ -247,9 +249,10 @@
}
}
-if ($user->maildisplay == 1
- or ($user->maildisplay == 2 && !isguestuser())
- or has_capability('moodle/course:useremail', $context)) {
+if ($currentuser
+ or $user->maildisplay == 1
+ or has_capability('moodle/course:useremail', $context)
+ or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER))) {
print_row(get_string("email").":", obfuscate_mailto($user->email, ''));
}

0 comments on commit 181991e

Please sign in to comment.
Something went wrong with that request. Please try again.