Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-31640 course: Move to, edit and search functionality in search.ph…

…p is fixed with proper permission check
  • Loading branch information...
commit 246e844e5f4aabfebb4aac45d4de0cb85d40d5c9 1 parent 832626d
Rajesh Taneja authored February 23, 2012
115  course/search.php
@@ -15,10 +15,19 @@
15 15
     $blocklist = optional_param('blocklist', 0, PARAM_INT);
16 16
     $modulelist= optional_param('modulelist', '', PARAM_PLUGIN);
17 17
 
18  
-    $PAGE->set_url('/course/search.php', compact('search', 'page', 'perpage', 'blocklist', 'modulelist', 'edit'));
19  
-    $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
20  
-    $search = trim(strip_tags($search)); // trim & clean raw searched string
  18
+    // List of minimum capabilities which user need to have for editing/moving course
  19
+    $capabilities = array('moodle/course:create', 'moodle/category:manage');
  20
+
  21
+    // List of category id's in which current user has course:create and category:manage capability.
  22
+    $usercatlist = array();
21 23
 
  24
+    // List of parent category id's
  25
+    $catparentlist = array();
  26
+
  27
+    //Populate usercatlist with list of category id's with required capabilities.
  28
+    make_categories_list($usercatlist, $catparentlist, $capabilities);
  29
+
  30
+    $search = trim(strip_tags($search)); // trim & clean raw searched string
22 31
     if ($search) {
23 32
         $searchterms = explode(" ", $search);    // Search for words independently
24 33
         foreach ($searchterms as $key => $searchterm) {
@@ -32,7 +41,7 @@
32 41
     $site = get_site();
33 42
 
34 43
     $urlparams = array();
35  
-    foreach (array('search', 'page', 'blocklist', 'modulelist') as $param) {
  44
+    foreach (array('search', 'page', 'blocklist', 'modulelist', 'edit') as $param) {
36 45
         if (!empty($$param)) {
37 46
             $urlparams[$param] = $$param;
38 47
         }
@@ -48,7 +57,8 @@
48 57
         require_login();
49 58
     }
50 59
 
51  
-    if (can_edit_in_category()) {
  60
+    //Editing is possible if user have system or category level create and manage capability
  61
+    if (can_edit_in_category() || !empty($usercatlist)) {
52 62
         if ($edit !== -1) {
53 63
             $USER->editing = $edit;
54 64
         }
@@ -74,7 +84,6 @@
74 84
         }
75 85
     }
76 86
 
77  
-    $capabilities = array('moodle/course:create', 'moodle/category:manage');
78 87
     if (has_any_capability($capabilities, get_context_instance(CONTEXT_SYSTEM)) && ($perpage != 99999)) {
79 88
         $perpage = 30;
80 89
     }
@@ -94,7 +103,7 @@
94 103
     $strfrontpage = get_string('frontpage', 'admin');
95 104
     $strnovalidcourses = get_string('novalidcourses');
96 105
 
97  
-    if (empty($search) and empty($blocklist) and empty($modulelist)) {
  106
+    if (empty($search) and empty($blocklist) and empty($modulelist) and empty($moveto) and ($edit != -1)) {
98 107
         $PAGE->navbar->add($strcourses, new moodle_url('/course/index.php'));
99 108
         $PAGE->navbar->add($strsearch);
100 109
         $PAGE->set_title("$site->fullname : $strsearch");
@@ -114,18 +123,28 @@
114 123
         exit;
115 124
     }
116 125
 
  126
+    $courses = array();
117 127
     if (!empty($moveto) and $data = data_submitted() and confirm_sesskey()) {   // Some courses are being moved
118  
-        if (! $destcategory = $DB->get_record("course_categories", array("id"=>$data->moveto))) {
119  
-            print_error('cannotfindcategory', '', '', $data->moveto);
  128
+        if (!$destcategory = $DB->get_record("course_categories", array("id" => $moveto))) {
  129
+            print_error('cannotfindcategory', '', '', $moveto);
120 130
         }
121 131
 
122  
-        $courses = array();
  132
+        //User should have manage and create capablity on destination category.
  133
+        require_capability('moodle/category:manage', get_context_instance(CONTEXT_COURSECAT, $moveto));
  134
+        require_capability('moodle/course:create', get_context_instance(CONTEXT_COURSECAT, $moveto));
  135
+
123 136
         foreach ( $data as $key => $value ) {
124 137
             if (preg_match('/^c\d+$/', $key)) {
125  
-                array_push($courses, substr($key, 1));
  138
+                $courseid = substr($key, 1);
  139
+                // user must have category:manage and course:create capability for the course to be moved.
  140
+                if (has_all_capabilities($capabilities, get_context_instance(CONTEXT_COURSE, $courseid))) {
  141
+                    array_push($courses, $courseid);
  142
+                } else {
  143
+                    print_error('cannotmovecoursetocategory');
  144
+                }
126 145
             }
127 146
         }
128  
-        move_courses($courses, $data->moveto);
  147
+        move_courses($courses, $moveto);
129 148
     }
130 149
 
131 150
     // get list of courses containing blocks if required
@@ -148,9 +167,7 @@
148 167
         foreach ($courses as $course) {
149 168
             $courses[$course->id] = $course;
150 169
         }
151  
-    }
152  
-    // get list of courses containing modules if required
153  
-    elseif (!empty($modulelist) and confirm_sesskey()) {
  170
+    } elseif (!empty($modulelist) and confirm_sesskey()) { // get list of courses containing modules
154 171
         $modulename = $modulelist;
155 172
         $sql =  "SELECT DISTINCT c.id FROM {".$modulelist."} module, {course} c"
156 173
             ." WHERE module.course=c.id";
@@ -172,34 +189,26 @@
172 189
         else {
173 190
             $totalcount = 0;
174 191
         }
175  
-    }
176  
-    else {
  192
+    } else if (!empty($searchterm)) { //Donot do search for empty search request.
177 193
         $courses = get_courses_search($searchterms, "fullname ASC",
178 194
             $page, $perpage, $totalcount);
179 195
     }
180 196
 
181  
-    $searchform = print_course_search($search, true, "navbar");
182  
-
183  
-    if (!empty($courses) && has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM))) {
184  
-        $searchform = '';
185  
-        // not sure if this capability is the best  here
186  
-        if (has_capability('moodle/category:manage', get_context_instance(CONTEXT_SYSTEM))) {
187  
-            if ($PAGE->user_is_editing()) {
188  
-                $string = get_string("turneditingoff");
189  
-                $edit = "off";
190  
-            } else {
191  
-                $string = get_string("turneditingon");
192  
-                $edit = "on";
193  
-            }
194  
-
195  
-            $aurl = new moodle_url("$CFG->wwwroot/course/search.php", array(
196  
-                    'edit' => $edit,
197  
-                    'sesskey' => sesskey(),
198  
-                    'search' => $search,
199  
-                    'page' => $page,
200  
-                    'perpage' => $perpage));
201  
-            $searchform = $OUTPUT->single_button($aurl, $string, 'get');
  197
+    $searchform = '';
  198
+    //Turn editing should be visible if user have system or category level capability
  199
+    if (!empty($courses) && (can_edit_in_category() || !empty($usercatlist))) {
  200
+        if ($PAGE->user_is_editing()) {
  201
+            $string = get_string("turneditingoff");
  202
+            $edit = "off";
  203
+        } else {
  204
+            $string = get_string("turneditingon");
  205
+            $edit = "on";
202 206
         }
  207
+        $params = array_merge($urlparams, array('sesskey' => sesskey(), 'edit' => $edit));
  208
+        $aurl = new moodle_url("$CFG->wwwroot/course/search.php", $params);
  209
+        $searchform = $OUTPUT->single_button($aurl, $string, 'get');
  210
+    } else {
  211
+        $searchform = print_course_search($search, true, "navbar");
203 212
     }
204 213
 
205 214
     $PAGE->navbar->add($strcourses, new moodle_url('/course/index.php'));
@@ -228,21 +237,21 @@
228 237
 
229 238
         print_navigation_bar($totalcount, $page, $perpage, $encodedsearch, $modulelink);
230 239
 
231  
-        if (!$adminediting) {
  240
+        // Show list of courses
  241
+        if (!$adminediting) { //Not editing mode
232 242
             foreach ($courses as $course) {
233  
-
234  
-                $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
235  
-
236  
-                $course->summary .= "<br /><p class=\"category\">";
237  
-                $course->summary .= "$strcategory: <a href=\"category.php?id=$course->category\">";
238  
-                $course->summary .= $displaylist[$course->category];
239  
-                $course->summary .= "</a></p>";
  243
+                // front page don't belong to any category and block can exist.
  244
+                if ($course->category > 0) {
  245
+                    $course->summary .= "<br /><p class=\"category\">";
  246
+                    $course->summary .= "$strcategory: <a href=\"category.php?id=$course->category\">";
  247
+                    $course->summary .= $displaylist[$course->category];
  248
+                    $course->summary .= "</a></p>";
  249
+                }
240 250
                 print_course($course, $search);
241 251
                 echo $OUTPUT->spacer(array('height'=>5, 'width'=>5, 'br'=>true)); // should be done with CSS instead
242 252
             }
243  
-        } else {
244  
-        /// Show editing UI.
245  
-            echo "<form id=\"movecourses\" action=\"search.php\" method=\"post\">\n";
  253
+        } else { //editing mode
  254
+            echo "<form id=\"movecourses\" action=\"search.php?".$modulelink."\" method=\"post\">\n";
246 255
             echo "<div><input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />\n";
247 256
             echo "<input type=\"hidden\" name=\"search\" value=\"".s($search)."\" />\n";
248 257
             echo "<input type=\"hidden\" name=\"page\" value=\"$page\" />\n";
@@ -278,9 +287,8 @@
278 287
                 echo "<td>".$displaylist[$course->category]."</td>\n";
279 288
                 echo "<td>\n";
280 289
 
281  
-                // this is ok since this will get inherited from course category context
282  
-                // if it is set
283  
-                if (has_capability('moodle/category:manage', $coursecontext)) {
  290
+                // If user has all required capabilities to move course then show selectable checkbox
  291
+                if (has_all_capabilities($capabilities, $coursecontext)) {
284 292
                     echo "<input type=\"checkbox\" name=\"c$course->id\" />\n";
285 293
                 } else {
286 294
                     echo "<input type=\"checkbox\" name=\"c$course->id\" disabled=\"disabled\" />\n";
@@ -338,7 +346,8 @@
338 346
             echo "<br />";
339 347
             echo "<input type=\"button\" onclick=\"checkall()\" value=\"$strselectall\" />\n";
340 348
             echo "<input type=\"button\" onclick=\"checknone()\" value=\"$strdeselectall\" />\n";
341  
-            echo html_writer::select($displaylist, 'moveto', '', array(''=>get_string('moveselectedcoursesto')), array('id'=>'movetoid'));
  349
+            //Select box should only show categories in which user has min capability to move course.
  350
+            echo html_writer::select($usercatlist, 'moveto', '', array(''=>get_string('moveselectedcoursesto')), array('id'=>'movetoid'));
342 351
             $PAGE->requires->js_init_call('M.util.init_select_autosubmit', array('movecourses', 'movetoid', false));
343 352
             echo "</td>\n</tr>\n";
344 353
             echo "</table>\n</form>";
1  lang/en/error.php
@@ -103,6 +103,7 @@
103 103
 $string['cannotmigratedatacomments'] = 'Cannot migrate data module comments';
104 104
 $string['cannotmodulename'] = 'Cannot get the module name in build navigation';
105 105
 $string['cannotmoduletype'] = 'Cannot get the module type in build navigation';
  106
+$string['cannotmovecoursetocategory'] = 'You do not have capabilities to move the course into different category.';
106 107
 $string['cannotmoverolewithid'] = 'Cannot move role with ID {$a}';
107 108
 $string['cannotnetgeo'] = 'Cannot connect to NetGeo server at http://netgeo.caida.org, please check proxy settings or better install MaxMind GeoLite City data file';
108 109
 $string['cannotopencsv'] = 'Cannot open CSV file';

0 notes on commit 246e844

Please sign in to comment.
Something went wrong with that request. Please try again.