MDL-12373 - More instances of links to the participants list being sh…

…own in the navigation bar to people without the necessary capability.

I have not copied and pasted the same code into lots of different places. That sucks. We really need to refactor this into a function that builds the navigation up to, and including the user's name. However, I don't have time now. A list of the places touched by this bug (MDL-12373) will at least give a complete list of places that such a refactoring would have to touch.

admin/roles/assign.php

@@ -131,7 +131,9 @@
         /// course header
         $navlinks = array();
         if ($courseid != SITEID) {
-            $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
+            if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) {
+                $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
+            }
             $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&course=$courseid", 'type' => 'misc');
             $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc');
             $navigation = build_navigation($navlinks);

admin/roles/override.php

@@ -126,7 +126,9 @@
         $navlinks = array();
         /// course header
         if ($course->id != SITEID) {
-            $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
+            if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) {
+                $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
+            }
             $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&course=$courseid", 'type' => 'misc');
             $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc');
             $navigation = build_navigation($navlinks);

course/user.php

@@ -45,7 +45,7 @@
 
     $navlinks = array();
 
-    if ($course->id != SITEID) {
+    if ($course->id != SITEID && has_capability('moodle/course:viewparticipants', $coursecontext)) {
         $navlinks[] = array('name' => $strparticipants, 'link' => "../user/index.php?id=$course->id", 'type' => 'misc');
     }
 

mod/forum/user.php

@@ -40,7 +40,9 @@
     $fullname        = fullname($user, has_capability('moodle/site:viewfullnames', $syscontext));
 
     $navlinks = array();
-    $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'core');
+    if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id)) || has_capability('moodle/site:viewparticipants', $syscontext)) {
+        $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'core');
+    }
     $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", 'type' => 'title');
     $navlinks[] = array('name' => $strforumposts, 'link' => '', 'type' => 'title');
     $navlinks[] = array('name' => $strmode, 'link' => '', 'type' => 'title');

notes/add.php

@@ -31,7 +31,7 @@
     require_once('edit_form.php');
 
 /// create form
-    $noteform = new note_edit_form(null, $extradata);
+    $noteform = new note_edit_form();
 
 /// if form was cancelled then return to the previous notes list
     if ($noteform->is_cancelled()) {
@@ -69,7 +69,9 @@
 
 /// output HTML
     $nav = array();
-    $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
+        $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    }
     $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
     $nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
     $nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity');

notes/delete.php

@@ -15,6 +15,12 @@
 if (!$course = get_record('course', 'id', $note->courseid)) {
     error('Incorrect course id found');
 }
+
+// locate user information
+    if (!$user = get_record('user', 'id', $note->userid)) {
+        error('Incorrect user id found');
+    }
+
 // require login to access notes
 require_login($course->id);
 
@@ -42,8 +48,13 @@
     $optionsno = array('course'=>$course->id, 'user'=>$note->userid);
 
 // output HTML
-    $crumbs = array(array('name' => $strnotes, 'link' => '', 'type' => 'activity'));
-    print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($crumbs));
+    if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
+        $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    }
+    $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
+    $nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
+    $nav[] = array('name' => get_string('delete'), 'link' => '', 'type' => 'activity');
+    print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($nav));
     notice_yesno(get_string('deleteconfirm', 'notes'), 'delete.php', 'index.php', $optionsyes, $optionsno, 'post', 'get');
     echo '<br />';
     note_print($note, NOTES_SHOW_BODY | NOTES_SHOW_HEAD);

notes/edit.php

@@ -36,7 +36,7 @@
 /// get option values for the user select
 
 /// create form
-    $noteform = new note_edit_form(null);
+    $noteform = new note_edit_form();
 
 /// if form was cancelled then return to the notes list of the note
     if ($noteform->is_cancelled()) {
@@ -72,7 +72,9 @@
 
 /// output HTML
     $nav = array();
-    $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) {
+        $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    }
     $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
     $nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc');
     $nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity');

notes/edit_form.php

@@ -13,7 +13,6 @@ function definition() {
         $mform->addElement('textarea', 'content', $strcontent, array('rows'=>15, 'cols'=>40));
         $mform->setType('content', PARAM_RAW);
         $mform->addRule('content', get_string('nocontent', 'notes'), 'required', null, 'client');
-        $mform->setHelpButton('content', 'writing');
 
         $mform->addElement('select', 'publishstate', $strpublishstate, note_get_state_names());
         $mform->setDefault('publishstate', NOTES_STATE_PUBLIC);

notes/index.php

@@ -48,10 +48,18 @@
 
 
 /// output HTML
-
+    if ($course->id == SITEID) {
+        $coursecontext = get_context_instance(CONTEXT_SYSTEM);   // SYSTEM context
+    } else {
+        $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);   // Course context
+    }
+    $systemcontext = get_context_instance(CONTEXT_SYSTEM);   // SYSTEM context
+
     $strnotes = get_string('notes', 'notes');
     $nav = array();
-    $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) {
+        $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc');
+    }
     if ($userid) {
         $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc');
     }