Skip to content

Commit

Permalink
MDL-31750 - course: Creating a consistent api for checking permission…
Browse files Browse the repository at this point in the history 
…s for moving courses to different categories.
  • Loading branch information
@abgreeve
abgreeve committed Nov 13, 2012
1 parent 8ccaa29 commit fae5191
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 11 deletions.
16 changes: 7 additions & 9 deletions course/category.php
View file
Expand Up @@ -101,13 +101,8 @@

// Move a specified course to a new category
if (!empty($moveto) and $data = data_submitted()) {
// Some courses are being moved
// user must have category update in both cats to perform this
require_capability('moodle/category:manage', $context);
require_capability('moodle/category:manage', context_coursecat::instance($moveto));

if (!$destcategory = $DB->get_record('course_categories', array('id' => $data->moveto))) {
print_error('cannotfindcategory', '', '', $data->moveto);
if (!$destcategory = $DB->get_record('course_categories', array('id' => $moveto))) {
print_error('cannotfindcategory', '', '', $moveto);
}

$courses = array();
Expand All @@ -126,7 +121,10 @@
}
}
}
move_courses($courses, $data->moveto);
if (!can_move_courses_to_category($courses, $moveto, $category->id)) {
print_error('cannotmovecoursetocategory');
}
move_courses($courses, $moveto);
}

// Hide or show a course
Expand Down Expand Up @@ -435,7 +433,7 @@
if ($abletomovecourses) {
$movetocategories = array();
$notused = array();
make_categories_list($movetocategories, $notused, 'moodle/category:manage');
make_categories_list($movetocategories, $notused, array('moodle/course:create', 'moodle/course:delete', 'moodle/category:manage'));
$movetocategories[$category->id] = get_string('moveselectedcoursesto');
echo '<tr><td colspan="3" align="right">';
echo html_writer::label(get_string('moveselectedcoursesto'), 'movetoid', false, array('class' => 'accesshide'));
Expand Down
3 changes: 3 additions & 0 deletions course/edit.php
View file
Expand Up @@ -129,6 +129,9 @@
}
}
} else {
if (!can_move_courses_to_category($course->id, $data->category)) {
print_error('cannotmovecoursetocategory');
}
// Save any changes to the files used in the editor
update_course($data, $editoroptions);
}
Expand Down
4 changes: 2 additions & 2 deletions course/edit_form.php
View file
Expand Up @@ -50,7 +50,7 @@ function definition() {
if (has_capability('moodle/course:create', $categorycontext)) {
$displaylist = array();
$parentlist = array();
make_categories_list($displaylist, $parentlist, 'moodle/course:create');
make_categories_list($displaylist, $parentlist, array('moodle/course:create', 'moodle/course:delete', 'moodle/category:manage'));
$mform->addElement('select', 'category', get_string('category'), $displaylist);
$mform->addHelpButton('category', 'category');
$mform->setDefault('category', $category->id);
Expand All @@ -63,7 +63,7 @@ function definition() {
if (has_capability('moodle/course:changecategory', $coursecontext)) {
$displaylist = array();
$parentlist = array();
make_categories_list($displaylist, $parentlist, 'moodle/course:create');
make_categories_list($displaylist, $parentlist, array('moodle/course:create', 'moodle/course:delete', 'moodle/category:manage'));
if (!isset($displaylist[$course->category])) {
//always keep current
$displaylist[$course->category] = format_string($DB->get_field('course_categories', 'name', array('id'=>$course->category)));
Expand Down
53 changes: 53 additions & 0 deletions course/lib.php
View file
Expand Up @@ -4526,3 +4526,56 @@ function include_course_ajax($course, $usedmodules = array(), $enabledmodules =
function course_get_url($courseorid, $section = null, $options = array()) {
return course_get_format($courseorid)->get_view_url($section, $options);
}

/**
* Determine whether a user can move a course to a different category.
*
* @param int|array $courseid The course ID (int) or course IDs (array) that are being moved.
* @param int $moveto The category ID of where we are moving the course to.
* @param int $movefrom The current category ID. If not provided will be looked up.
* @return bool True if the user can move the course. False if the user can't move the course.
*/
function can_move_courses_to_category($courseid, $moveto, $movefrom = null) {
global $DB;

$tocontext = context_coursecat::instance($moveto);

if (!has_capability('moodle/category:manage', $tocontext)) {
return false;
}

if (is_array($courseid)) {
foreach ($courseid as $id) {
if (!$movefrom) {
$movefrom = $DB->get_field('course', 'category', array('id' => $id));
}

$fromcontext = context_coursecat::instance($movefrom);
if (!has_capability('moodle/category:manage', $fromcontext)) {
return false;
}

$coursecontext = context_course::instance($id);
$capabilities = array('moodle/course:delete', 'moodle/course:create');
if (!has_all_capabilities($capabilities, $coursecontext)) {
return false;
}
}
} else {
if (!$movefrom) {
$movefrom = $DB->get_field('course', 'category', array('id' => $courseid));
}

$fromcontext = context_coursecat::instance($movefrom);
if (!has_capability('moodle/category:manage', $fromcontext)) {
return false;
}

$coursecontext = context_course::instance($courseid);
$capabilities = array('moodle/course:delete', 'moodle/course:create');
if (!has_all_capabilities($capabilities, $coursecontext)) {
return false;
}
}
return true;
}
1 change: 1 addition & 0 deletions lang/en/error.php
View file
Expand Up @@ -105,6 +105,7 @@
$string['cannotmodulename'] = 'Cannot get the module name in build navigation';
$string['cannotmoduletype'] = 'Cannot get the module type in build navigation';
$string['cannotmoverolewithid'] = 'Cannot move role with ID {$a}';
$string['cannotmovecoursetocategory'] = 'You can not move this course to the category specified';
$string['cannotopencsv'] = 'Cannot open CSV file';
$string['cannotopenfile'] = 'Cannot open file ({$a})';
$string['cannotopenforwrit'] = 'Cannot open for writing: {$a}';
Expand Down

0 comments on commit fae5191

Please sign in to comment.