Skip to content

Commit

Permalink
MDL-35556 completion: Improve user completion data permission checking
Browse files Browse the repository at this point in the history
  • Loading branch information
Aaron Barnes committed Nov 5, 2012
1 parent 6109f21 commit f493d52
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 19 deletions.
20 changes: 2 additions & 18 deletions blocks/completionstatus/details.php
Original file line number Diff line number Diff line change
Expand Up @@ -46,25 +46,9 @@


// Check permissions
require_login($course);

$coursecontext = context_course::instance($course->id);
$personalcontext = context_user::instance($user->id);

$can_view = false;

// Can view own report
if ($USER->id == $user->id) {
$can_view = true;
} else if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) {
$can_view = true;
} else if (has_capability('report/completion:view', $coursecontext)) {
$can_view = true;
} else if (has_capability('report/completion:view', $personalcontext)) {
$can_view = true;
}
require_login();

if (!$can_view) {
if (!completion_can_view_data($user->id, $course)) {
print_error('cannotviewreport');
}

Expand Down
67 changes: 67 additions & 0 deletions lib/completionlib.php
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,73 @@
define('COMPLETION_AGGREGATION_ANY', 2);


/**
* Utility function for checking if the logged in user can view
* another's completion data for a particular course
*
* @access public
* @param int $userid Completion data's owner
* @param mixed $course Course object or Course ID (optional)
* @return boolean
*/
function completion_can_view_data($userid, $course = null) {
global $USER;

if (!isloggedin()) {
return false;
}

if (!is_object($course)) {
$cid = $course;
$course = new object();
$course->id = $cid;
}

// Check if this is the site course
if ($course->id == SITEID) {
$course = null;
}

// Check if completion is enabled
if ($course) {
$cinfo = new completion_info($course);
if (!$cinfo->is_enabled()) {
return false;
}
} else {
if (!completion_info::is_enabled_for_site()) {
return false;
}
}

// Is own user's data?
if ($USER->id == $userid) {
return true;
}

// Check capabilities
$personalcontext = context_user::instance($userid);

if (has_capability('moodle/user:viewuseractivitiesreport', $personalcontext)) {
return true;
} elseif (has_capability('report/completion:view', $personalcontext)) {
return true;
}

if ($courseid) {
$coursecontext = context_course::instance($course->id);
} else {
$coursecontext = context_system::instance();
}

if (has_capability('report/completion:view', $coursecontext)) {
return true;
}

return false;
}


/**
* Class represents completion information for a course.
*
Expand Down
7 changes: 6 additions & 1 deletion report/completion/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,12 @@
} else {
print PHP_EOL.'<tr id="user-'.$user->id.'">';

$userurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id));
if (completion_can_view_data($user->id, $course)) {
$userurl = new moodle_url('/blocks/completionstatus/details.php', array('course' => $course->id, 'user' => $user->id));
} else {
$userurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id));
}

print '<th scope="row"><a href="'.$userurl->out().'">'.fullname($user).'</a></th>';
foreach ($extrafields as $field) {
echo '<td>'.s($user->{$field}).'</td>';
Expand Down

0 comments on commit f493d52

Please sign in to comment.