Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

adding caapabilities

  • Loading branch information...
commit cc398c726294996462f2ce816c29d055eb39d8f3 1 parent 6ea5ff3
toyomoyo authored
View
6 admin/report/stats/index.php
@@ -43,10 +43,8 @@
redirect("$CFG->wwwroot/$CFG->admin/settings.php?section=stats", get_string('mustenablestats', 'admin'));
}
- if (!isteacher($course->id)) {
- error("You need to be a teacher to use this page");
- }
-
+ require_capability('moodle/site:viewreport', get_context_instance(CONTEXT_COURSE, $course->id));
+
add_to_log($course->id, "course", "report stats", "report/stats/index.php?course=$course->id", $course->id);
stats_check_uptodate($course->id);
View
2  blocks/admin/block_admin.php
@@ -207,7 +207,7 @@ function load_content_for_course() {
$this->content->items[]='<a href="http://docs.moodle.org/'.$lang.'/Teacher_documentation">'.get_string('help').'</a>';
$this->content->icons[]='<img src="'.$CFG->modpixpath.'/resource/icon.gif" alt="" />';
- } else if (!isguest()) { // Students menu
+ } else if (has_capability('moodle/course:view', $context)) { // Students menu
if ($course->showgrades) {
$this->content->items[]='<a href="'.$CFG->wwwroot.'/grade/index.php?id='.$this->instance->pageid.'">'.get_string('grades').'</a>';
View
2  blocks/course_list/block_course_list.php
@@ -34,7 +34,7 @@ function get_content() {
}
}
- if (empty($CFG->disablemycourses) and !empty($USER->id) and !(isadmin() and $adminseesall)) { // Just print My Courses
+ if (empty($CFG->disablemycourses) and !empty($USER->id) and !(has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID)) and $adminseesall)) { // Just print My Courses
if ($courses = get_my_courses($USER->id)) {
foreach ($courses as $course) {
if ($course->id == SITEID) {
View
64 blocks/online_users/block_online_users.php
@@ -56,7 +56,7 @@ function get_content() {
if ($COURSE->id == SITEID) { // Site-level
$courseselect = '';
- $timeselect = "AND (s.timeaccess > $timefrom OR u.lastaccess > $timefrom)";
+ $timeselect = "AND timeaccess > $timefrom OR u.lastaccess > $timefrom)";
} else {
$courseselect = "AND s.course = '".$COURSE->id."'";
$timeselect = "AND s.timeaccess > $timefrom";
@@ -64,54 +64,26 @@ function get_content() {
$users = array();
- if ($students = get_records_sql("SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess, s.timeaccess
- FROM {$CFG->prefix}user u,
- {$CFG->prefix}user_students s
- $groupmembers
- WHERE u.id = s.userid $courseselect $groupselect $timeselect
- ORDER BY s.timeaccess DESC ".sql_paging_limit(0,20))) {
-
- foreach ($students as $student) {
- $student->fullname = fullname($student);
- $users[$student->id] = $student;
+ $SQL1 = "SELECT DISTINCT userid, userid FROM {$CFG->prefix}log WHERE course=$COURSE->id AND time>$timefrom";
+ if ($records = get_records_sql($SQL1)) {
+ $possibleusers = '(';
+ foreach ($records as $record) {
+ $possibleusers .= $record->userid.',';
}
- }
-
- if ($COURSE->id == SITEID && $CFG->allusersaresitestudents) {
- if ($siteusers = get_records_sql("SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess
- FROM {$CFG->prefix}user u
- WHERE u.lastaccess > $timefrom AND u.username <> 'guest'
- ORDER BY u.lastaccess DESC ".sql_paging_limit(0,20))) {
- foreach ($siteusers as $siteuser) {
- $siteuser->fullname = fullname($siteuser);
- $siteuser->timeaccess = $siteuser->lastaccess;
- $users[$siteuser->id] = $siteuser;
+ $possibleusers = rtrim($possibleusers, ',').')';
+ $SQL2 = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess
+ FROM {$CFG->prefix}user u
+ $groupmembers
+ WHERE u.id IN $possibleusers $groupselect ".sql_paging_limit(0,20);
+
+ if ($pusers = get_records_sql($SQL2)) {
+ foreach ($pusers as $puser) {
+ $puser->fullname = fullname($puser);
+ $users[$puser->id] = $puser;
}
- }
- }
-
- $findteacherssql = "SELECT u.id, u.username, u.firstname, u.lastname, u.picture, u.lastaccess, s.timeaccess
- FROM {$CFG->prefix}user u,
- {$CFG->prefix}user_teachers s
- $groupmembers
- WHERE u.id = s.userid $courseselect $groupselect $timeselect ";
+ }
+ }
- // Now that we have the Roles System, how will we handle what
- // used to be hidden teachers?
- if (!isteacher($COURSE->id)) {
- // Hide hidden teachers from students.
- $findteacherssql .= 'AND s.authority > 0 ';
- }
- $findteacherssql .= 'ORDER BY s.timeaccess DESC';
-
- if ($teachers = get_records_sql($findteacherssql)) {
- foreach ($teachers as $teacher) {
- $teacher->fullname = '<strong>'.fullname($teacher).'</strong>';
- $users[$teacher->id] = $teacher;
- }
- }
-
-
//Calculate minutes
$minutes = floor($timetoshowusers/60);
View
3  blocks/rss_client/block_rss_client.php
@@ -90,7 +90,7 @@ function get_content() {
$this->courseid = SITEID;
if ($this->instance->pagetype == PAGE_COURSE_VIEW) {
$this->courseid = $COURSE->id;
- $isteacher = isteacher($this->courseid);
+ $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_BLOCK, $this->instance->id));
}
//if the user is an admin, course teacher, or all users are allowed
@@ -100,6 +100,7 @@ function get_content() {
if (isset($USER) && !empty($USER->id) && $USER->id && !isguest()) {
$userisloggedin = true;
}
+
if ( $userisloggedin && ($submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS || ($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher)) ) {
$page = page_create_object($this->instance->pagetype, $this->instance->pageid);
View
12 blocks/rss_client/block_rss_client_action.php
@@ -69,7 +69,15 @@
//check to make sure that the user is allowed to post new feeds
$submitters = $CFG->block_rss_client_submitters;
-$isteacher = empty($course) ? false : isteacher($id);
+if (empty($course)) {
+ $isteacher = false;
+} else {
+ if ($id == SITEID) {
+ $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SITE, SITEID));
+ } else {
+ $isteacher = has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_COURSE, $id));
+ }
+}
if ( !isset($act) ) {
rss_display_feeds($id);
@@ -84,7 +92,7 @@
//if the user is an admin or course teacher then allow the user to
//assign categories to other uses than personal
-if (isset($rss_record) && !( isadmin() || $submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS ||
+if (isset($rss_record) && !( has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID)) || $submitters == SUBMITTERS_ALL_ACCOUNT_HOLDERS ||
($submitters == SUBMITTERS_ADMIN_AND_TEACHER && $isteacher) ||
( ($act == 'rssedit' || $act == 'delfeed' || $act == 'updfeed') && $USER->id == $rss_record->userid) ) ) {
error(get_string('noguestpost', 'forum').' You are not allowed to make modifications to this RSS feed at this time.', $referrer);
View
18 calendar/event.php
@@ -581,11 +581,10 @@ function validate_form(&$form, &$err) {
function calendar_add_event_allowed($courseid, $groupid, $userid) {
global $USER;
-
- if(isadmin()) {
- return true;
- }
- else if($courseid == 0 && $groupid == 0 && $userid == $USER->id) {
+
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $group->courseid);
+
+ if ($courseid == 0 && $groupid == 0 && $userid == $USER->id && has_capability('moodle/calendar:manageownentries', $context)) {
return true;
}
else if($courseid == 0 && $groupid != 0) {
@@ -593,9 +592,14 @@ function calendar_add_event_allowed($courseid, $groupid, $userid) {
if($group === false) {
return false;
}
- return isteacheredit($group->courseid) || isteacher($group->courseid) && ismember($groupid);
+ $course = get_record('course', 'id', $courseid);
+ if ($course->groupmode == SEPARATE_GROUPS) {
+ return has_capability('moodle/calendar:manageentries', $context) && ismember($groupid);
+ } else {
+ return has_capability('moodle/calendar:manageentries', $context);
+ }
}
- else if($courseid != 0 && isteacher($courseid)) {
+ else if($courseid != 0 && has_capability('moodle/calendar:manageentries', $context)) {
return true;
}
View
22 calendar/lib.php
@@ -1125,7 +1125,7 @@ function calendar_set_filters(&$courses, &$group, &$user, $courseeventsfrom = NU
foreach($groupcourses as $courseid) {
// If the user is an editing teacher in there,
- if(!empty($USER->id) && isteacheredit($courseid, $USER->id)) {
+ if(!empty($USER->id) && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $courseid))) {
// The first time we get in here, retrieve all groupmodes at once
if($groupmodes === NULL) {
@@ -1163,22 +1163,28 @@ function calendar_set_filters(&$courses, &$group, &$user, $courseeventsfrom = NU
function calendar_edit_event_allowed($event) {
global $USER;
- if(empty($USER->id) || isguest($USER->id)) {
+ $context = get_context_instance(CONTEXT_COURSE, $event->courseid);
+
+ if(!has_capability('moodle/calendar:manageownentries', $context)) {
return false;
}
- if (isadmin($USER->id)) return true; // Admins are allowed anything
-
- if ($event->courseid != 0 && isteacher($event->courseid)) {
+ if ($event->courseid != 0 && has_capability('moodle/calendar:manageentries', $context)) {
return true;
- } else if($event->courseid == 0 && $event->groupid != 0) {
+ } else if ($event->courseid == 0 && $event->groupid != 0) {
// Group event
$group = get_record('groups', 'id', $event->groupid);
if($group === false) {
return false;
}
- return isteacheredit($group->courseid) || isteacher($group->courseid) && ismember($event->groupid);
- } else if($event->courseid == 0 && $event->groupid == 0 && $event->userid == $USER->id) {
+ $course = get_record('course', 'id', $event->courseid);
+
+ if ($course->groupmode == SEPARATE_GROUPS) {
+ return has_capability('moodle/calendar:manageownentries', $context) && ismember($event->groupid);
+ } else {
+ return has_capability('moodle/calendar:manageownentries', $context);
+ }
+ } else if ($event->courseid == 0 && $event->groupid == 0 && $event->userid == $USER->id && has_capability('moodle/calendar:manageownentries', $context)) {
// User event, owned by this user
return true;
}
Please sign in to comment.
Something went wrong with that request. Please try again.