Permalink
Browse files

MDL-20834 new cap moodle/backup:userinfo - controls who can backup

user related info. Disabled by default to teachers, oh my! :-(
  • Loading branch information...
1 parent edd82b3 commit f484cb3e30e485958bafe54a391064e5d298d6c2 @stronk7 stronk7 committed Nov 18, 2009
Showing with 46 additions and 16 deletions.
  1. +10 −0 backup/backup_check.html
  2. +24 −15 backup/backup_form.html
  3. +11 −0 lib/db/access.php
  4. +1 −1 version.php
View
@@ -4,6 +4,9 @@
//Check login
require_login();
+ // Init backupuserinfo
+ $backupuserinfo = false;
+
if (!empty($course->id)) {
if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id))) {
if (empty($to)) {
@@ -14,10 +17,12 @@
}
}
}
+ $backupuserinfo = has_capability('moodle/backup:userinfo', get_context_instance(CONTEXT_COURSE, $course->id));
} else {
if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
+ $backupuserinfo = has_capability('moodle/backup:userinfo', get_context_instance(CONTEXT_SYSTEM));
}
@@ -65,6 +70,11 @@
}
+ // Re-enforce moodle/backup:userinfo capability
+ if (!$backupuserinfo) {
+ $backupprefs->backup_users = 2; // users => none
+ }
+
//Here we check if backup_users = None. Then, we switch off every module
//user info, user_files, logs and exercises, workshop and messages & blogs backups. A Warning is showed to
//inform the user.
View
@@ -4,6 +4,9 @@
//Check login
require_login();
+ //Init backupuserinfo
+ $backupuserinfo = false;
+
if (!empty($course->id)) {
if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_COURSE, $course->id))) {
if (empty($to)) {
@@ -14,10 +17,12 @@
}
}
}
+ $backupuserinfo = has_capability('moodle/backup:userinfo', get_context_instance(CONTEXT_COURSE, $course->id));
} else {
if (!has_capability('moodle/site:backup', get_context_instance(CONTEXT_SYSTEM))) {
error("You need to be an admin user to use this page.", "$CFG->wwwroot/login/index.php");
}
+ $backupuserinfo = has_capability('moodle/backup:userinfo', get_context_instance(CONTEXT_SYSTEM));
}
//Check site
@@ -130,12 +135,16 @@
echo "<a href=\"javascript:void(0);\" onclick=\"selectItemInCheckboxByName('form1', 'backup_', true);\">". get_string("all")."</a>/";
echo "<a href=\"javascript:void(0);\" onclick=\"selectItemInCheckboxByName('form1', 'backup_', false);\">". get_string("none")."</a>";
echo "</td>";
- echo "<td align=\"right\">";
- echo '<b>&nbsp;</b>';
- echo "</td><td>";
- echo "<a href=\"javascript:void(0);\" onclick=\"selectItemInCheckboxByName('form1', 'backup_user_info_', true);\">". get_string("all")."</a>/";
- echo "<a href=\"javascript:void(0);\" onclick=\"selectItemInCheckboxByName('form1', 'backup_user_info_', false);\">". get_string("none")."</a>";
- echo "</td>";
+ if (empty($to) and $backupuserinfo) {
+ echo "<td align=\"right\">";
+ echo '<b>&nbsp;</b>';
+ echo "</td><td>";
+ echo "<a href=\"javascript:void(0);\" onclick=\"selectItemInCheckboxByName('form1', 'backup_user_info_', true);\">". get_string("all")."</a>/";
+ echo "<a href=\"javascript:void(0);\" onclick=\"selectItemInCheckboxByName('form1', 'backup_user_info_', false);\">". get_string("none")."</a>";
+ echo "</td>";
+ } else {
+ echo "<td colspan=\"2\">&nbsp;</td>";
+ }
echo "</tr>";
echo "<tr><td colspan=\"4\"><hr /></td></tr>";
$currentrow = 0;
@@ -159,7 +168,7 @@
echo "</td><td align=\"right\">&nbsp;";
echo "</td><td>";
$var = "backup_user_info_".$modname;
- if (empty($to)) {
+ if (empty($to) and $backupuserinfo) {
$backup_user_options[0] = get_string("withoutuserdata");
$backup_user_options[1] = get_string("withuserdata");
//choose_from_menu($backup_user_options, $var, $$var, "");
@@ -179,7 +188,7 @@
echo '</td><td align="right">&nbsp;';
$var = 'backup_user_info_'.$modname.'_instance_'.$instance->id;
$$var = optional_param($var,1);
- if (empty($to)) {
+ if (empty($to) and $backupuserinfo) {
print_checkbox($var,$$var,$$var,get_string('userdata'),'','this.form.elements[\'backup_user_info_'.$modname.'\'].checked=1;');
} else {
echo '<input type="hidden" name="'.$var.'" value="0" />';
@@ -207,7 +216,7 @@
$hidden_options .= '<input type="hidden" name="backup_metacourse" value="0" />';
}
- if (empty($to)) {
+ if (empty($to) and $backupuserinfo) {
//Now print the Users tr
echo "<tr>";
echo "<td align=\"right\" colspan=\"2\"><b>";
@@ -220,10 +229,10 @@
echo "</td></tr>";
}
else {
- $hidden_options .= '<input type="hidden" name="backup_users" value="0" />';
+ $hidden_options .= '<input type="hidden" name="backup_users" value="2" />';
}
- if (empty($to)) {
+ if (empty($to) and $backupuserinfo) {
//Now print the Logs tr
echo "<tr>";
echo "<td align=\"right\" colspan=\"2\"><b>";
@@ -238,7 +247,7 @@
$hidden_options .= '<input type="hidden" name="backup_logs" value="0" />';
}
- if (empty($to)) {
+ if (empty($to) and $backupuserinfo) {
//Now print the User Files tr
echo "<tr>";
echo "<td align=\"right\" colspan=\"2\"><b>";
@@ -291,7 +300,7 @@
$hidden_options .= '<input type="hidden" name="backup_gradebook_history" value="0" />';
}
- if (empty($to) && $course->id == SITEID) {
+ if (empty($to) and $backupuserinfo and $course->id == SITEID) {
//If we are in a SITEID backup print the Messages tr
echo "<tr>";
echo "<td align=\"right\" colspan=\"2\"><b>";
@@ -306,7 +315,7 @@
$hidden_options .= '<input type="hidden" name="backup_messages" value="0" />';
}
- if (empty($to) && $course->id == SITEID && !empty($CFG->bloglevel)) {
+ if (empty($to) and $backupuserinfo and $course->id == SITEID and !empty($CFG->bloglevel)) {
//If we are in a SITEID backup and blogs are enabled print the Blogs tr
echo "<tr>";
echo "<td align=\"right\" colspan=\"2\"><b>";
@@ -323,7 +332,7 @@
}
//Now print a place to select which role assignments to back up.
- if (empty($to)) {
+ if (empty($to) and $backupuserinfo) {
//Line
echo "<tr><td colspan=\"4\"><hr /></td></tr>\n";
View
@@ -168,6 +168,17 @@
)
),
+ 'moodle/backup:userinfo' => array(
+
+ 'riskbitmask' => RISK_PERSONAL | RISK_CONFIG,
+
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_COURSE,
+ 'legacy' => array(
+ 'admin' => CAP_ALLOW
+ )
+ ),
+
'moodle/site:restore' => array(
'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
View
@@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2007101561; // YYYYMMDD = date of the 1.9 branch (don't change)
+ $version = 2007101562; // YYYYMMDD = date of the 1.9 branch (don't change)
// X = release number 1.9.[0,1,2,3,4,5...]
// Y.YY = micro-increments between releases

0 comments on commit f484cb3

Please sign in to comment.