From 33d2459c8df2328b70ff10b7d67dddbe618dc7ce Mon Sep 17 00:00:00 2001 From: tjhunt Date: Thu, 10 Jan 2008 10:58:09 +0000 Subject: [PATCH] MDL-12373 - More instances of links to the participants list being shown in the navigation bar to people without the necessary capability. I have not copied and pasted the same code into lots of different places. That sucks. We really need to refactor this into a function that builds the navigation up to, and including the user's name. However, I don't have time now. A list of the places touched by this bug (MDL-12373) will at least give a complete list of places that such a refactoring would have to touch. --- admin/roles/assign.php | 4 +++- admin/roles/override.php | 4 +++- course/user.php | 2 +- mod/forum/user.php | 4 +++- notes/add.php | 6 ++++-- notes/delete.php | 15 +++++++++++++-- notes/edit.php | 6 ++++-- notes/edit_form.php | 1 - notes/index.php | 12 ++++++++++-- 9 files changed, 41 insertions(+), 13 deletions(-) diff --git a/admin/roles/assign.php b/admin/roles/assign.php index 537231a0f5d36..2e46637536f83 100755 --- a/admin/roles/assign.php +++ b/admin/roles/assign.php @@ -131,7 +131,9 @@ /// course header $navlinks = array(); if ($courseid != SITEID) { - $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); + if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) { + $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); + } $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&course=$courseid", 'type' => 'misc'); $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc'); $navigation = build_navigation($navlinks); diff --git a/admin/roles/override.php b/admin/roles/override.php index 4432d6c426d82..4a76aeb5a938d 100755 --- a/admin/roles/override.php +++ b/admin/roles/override.php @@ -126,7 +126,9 @@ $navlinks = array(); /// course header if ($course->id != SITEID) { - $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); + if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id))) { + $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); + } $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$userid&course=$courseid", 'type' => 'misc'); $navlinks[] = array('name' => $straction, 'link' => null, 'type' => 'misc'); $navigation = build_navigation($navlinks); diff --git a/course/user.php b/course/user.php index e10fa7f729497..320284abfaa1d 100644 --- a/course/user.php +++ b/course/user.php @@ -45,7 +45,7 @@ $navlinks = array(); - if ($course->id != SITEID) { + if ($course->id != SITEID && has_capability('moodle/course:viewparticipants', $coursecontext)) { $navlinks[] = array('name' => $strparticipants, 'link' => "../user/index.php?id=$course->id", 'type' => 'misc'); } diff --git a/mod/forum/user.php b/mod/forum/user.php index 39b537a53efd9..29547316316d2 100644 --- a/mod/forum/user.php +++ b/mod/forum/user.php @@ -40,7 +40,9 @@ $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $syscontext)); $navlinks = array(); - $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'core'); + if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_COURSE, $course->id)) || has_capability('moodle/site:viewparticipants', $syscontext)) { + $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'core'); + } $navlinks[] = array('name' => $fullname, 'link' => "$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", 'type' => 'title'); $navlinks[] = array('name' => $strforumposts, 'link' => '', 'type' => 'title'); $navlinks[] = array('name' => $strmode, 'link' => '', 'type' => 'title'); diff --git a/notes/add.php b/notes/add.php index 28d5647a640f8..58b5cf44a30ff 100644 --- a/notes/add.php +++ b/notes/add.php @@ -31,7 +31,7 @@ require_once('edit_form.php'); /// create form - $noteform = new note_edit_form(null, $extradata); + $noteform = new note_edit_form(); /// if form was cancelled then return to the previous notes list if ($noteform->is_cancelled()) { @@ -69,7 +69,9 @@ /// output HTML $nav = array(); - $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) { + $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + } $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc'); $nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc'); $nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity'); diff --git a/notes/delete.php b/notes/delete.php index 0ffe0ec7fc8d9..dc17409b3ccaf 100644 --- a/notes/delete.php +++ b/notes/delete.php @@ -15,6 +15,12 @@ if (!$course = get_record('course', 'id', $note->courseid)) { error('Incorrect course id found'); } + +// locate user information + if (!$user = get_record('user', 'id', $note->userid)) { + error('Incorrect user id found'); + } + // require login to access notes require_login($course->id); @@ -42,8 +48,13 @@ $optionsno = array('course'=>$course->id, 'user'=>$note->userid); // output HTML - $crumbs = array(array('name' => $strnotes, 'link' => '', 'type' => 'activity')); - print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($crumbs)); + if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) { + $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + } + $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc'); + $nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc'); + $nav[] = array('name' => get_string('delete'), 'link' => '', 'type' => 'activity'); + print_header($course->shortname . ': ' . $strnotes, $course->fullname, build_navigation($nav)); notice_yesno(get_string('deleteconfirm', 'notes'), 'delete.php', 'index.php', $optionsyes, $optionsno, 'post', 'get'); echo '
'; note_print($note, NOTES_SHOW_BODY | NOTES_SHOW_HEAD); diff --git a/notes/edit.php b/notes/edit.php index ba2238a031752..bf6f36f3714be 100644 --- a/notes/edit.php +++ b/notes/edit.php @@ -36,7 +36,7 @@ /// get option values for the user select /// create form - $noteform = new note_edit_form(null); + $noteform = new note_edit_form(); /// if form was cancelled then return to the notes list of the note if ($noteform->is_cancelled()) { @@ -72,7 +72,9 @@ /// output HTML $nav = array(); - $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + if (has_capability('moodle/course:viewparticipants', $context) || has_capability('moodle/site:viewparticipants', get_context_instance(CONTEXT_SYSTEM))) { + $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + } $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc'); $nav[] = array('name' => get_string('notes', 'notes'), 'link' => $CFG->wwwroot . '/notes/index.php?course=' . $course->id . '&user=' . $user->id, 'type' => 'misc'); $nav[] = array('name' => $strnotes, 'link' => '', 'type' => 'activity'); diff --git a/notes/edit_form.php b/notes/edit_form.php index ef39288f2e923..0eddb1366b5bd 100644 --- a/notes/edit_form.php +++ b/notes/edit_form.php @@ -13,7 +13,6 @@ function definition() { $mform->addElement('textarea', 'content', $strcontent, array('rows'=>15, 'cols'=>40)); $mform->setType('content', PARAM_RAW); $mform->addRule('content', get_string('nocontent', 'notes'), 'required', null, 'client'); - $mform->setHelpButton('content', 'writing'); $mform->addElement('select', 'publishstate', $strpublishstate, note_get_state_names()); $mform->setDefault('publishstate', NOTES_STATE_PUBLIC); diff --git a/notes/index.php b/notes/index.php index e563e94c998c8..3c2832c21a24b 100644 --- a/notes/index.php +++ b/notes/index.php @@ -48,10 +48,18 @@ /// output HTML - + if ($course->id == SITEID) { + $coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context + } else { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context + } + $systemcontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context + $strnotes = get_string('notes', 'notes'); $nav = array(); - $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) { + $nav[] = array('name' => get_string('participants'), 'link' => $CFG->wwwroot . '/user/index.php?id=' . $course->id, 'type' => 'misc'); + } if ($userid) { $nav[] = array('name' => fullname($user), 'link' => $CFG->wwwroot . '/user/view.php?id=' . $user->id. '&course=' . $course->id, 'type' => 'misc'); }