'legacy' => array(
'admin' => CAP_ALLOW
)
- ),
-
- 'mod/data:editownentries' => array(
- 'riskbitmask' => RISK_SPAM,
-
- 'captype' => 'write',
- 'contextlevel' => CONTEXT_MODULE,
- 'legacy' => array(
- 'student' => CAP_ALLOW,
- 'teacher' => CAP_ALLOW,
- 'editingteacher' => CAP_ALLOW,
- 'admin' => CAP_ALLOW
- )
- ),
+ )
- 'mod/data:deleteownentries' => array(
- 'captype' => 'read',
- 'contextlevel' => CONTEXT_MODULE,
- 'legacy' => array(
- 'student' => CAP_ALLOW,
- 'teacher' => CAP_ALLOW,
- 'editingteacher' => CAP_ALLOW,
- 'admin' => CAP_ALLOW
- )
- ),
);
?>
}
if ($rid) { // So do you have access?
- if (!confirm_sesskey()) {
- print_error('confirmsesskeybad', 'error');
- }
-
- if (data_isowner($rid)){
- require_capability('mod/data:editownentries', $context);
- }else{
- require_capability('mod/data:manageentries', $context);
+ if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey() ) {
+ print_error('noaccess','data');
}
}
/// Replacing special tags (##Edit##, ##Delete##, ##More##)
$patterns[]='##edit##';
$patterns[]='##delete##';
- $isteacher = has_capability('mod/data:manageentries', $context);
- $isowner = data_isowner($record->id);
- $canedit = $isteacher or ($isowner && has_capability('mod/data:editownentries', $context));
- $candelete = $isteacher or ($isowner && has_capability('mod/data:deleteownentries', $context));
-
- if ($canedit) {
+ if (has_capability('mod/data:manageentries', $context) or data_isowner($record->id)) {
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/edit.php?d='
.$data->id.'&rid='.$record->id.'&sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/t/edit.gif" class="iconsmall" alt="'.get_string('edit').'" title="'.get_string('edit').'" /></a>';
- }else{
- $replacement[] = '';
- }
-
- if($candelete) {
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='
.$data->id.'&delete='.$record->id.'&sesskey='.sesskey().'"><img src="'.$CFG->pixpath.'/t/delete.gif" class="iconsmall" alt="'.get_string('delete').'" title="'.get_string('delete').'" /></a>';
- }else{
+ } else {
$replacement[] = '';
}
-
$patterns[]='##more##';
$replacement[] = '<a href="'.$CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&rid='.$record->id.'"><img src="'.$CFG->pixpath.'/i/search.gif" class="iconsmall" alt="'.get_string('more', 'data').'" title="'.get_string('more', 'data').'" /></a>';
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
-$module->version = 2007101510;
+$module->version = 2007101511;
$module->requires = 2007101509; // Requires this Moodle version
$module->cron = 60;
/// Delete any requested records
- if ($delete){
-
- if (!confirm_sesskey()) {
- print_error('confirmsesskeybad', 'error');
- }
-
- if(data_isowner($delete)){
- require_capability('mod/data:deleteownentries', $context);
- }else{
- require_capability('mod/data:manageentries', $context);
- }
-
+ if ($delete && confirm_sesskey() && (has_capability('mod/data:manageentries', $context) or data_isowner($delete))) {
if ($confirm = optional_param('confirm',0,PARAM_INT)) {
if ($deleterecord = get_record('data_records', 'id', $delete)) { // Need to check this is valid
if ($deleterecord->dataid == $data->id) { // Must be from this database
projects / moodle.git / commitdiff