weblib:update_course_icon() - remove access control from here

Access control for the course icon display should happen
at the page level, as we'll need to ask "can edit?" quite
a few times in the page.

The fact that this is weblib should be a good hint that
functions that print html should not be doing access control...

diff --git a/lib/weblib.php b/lib/weblib.php
index 3fd2e540c96baef4484e76d5ee1048c4bcf43626..d66d5154442284e642cfdaf726d785a1846bd236 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -4441,6 +4441,8 @@ function print_editor_config($editorhidebuttons='', $return=false) {
  * Returns a turn edit on/off button for course in a self contained form.
  * Used to be an icon, but it's now a simple form button
  *
+ * Note that the caller is responsible for capchecks.
+ *
  * @uses $CFG
  * @uses $USER
  * @param int $courseid The course  to update by id as found in 'course' table
@@ -4449,23 +4451,21 @@ function print_editor_config($editorhidebuttons='', $return=false) {
 function update_course_icon($courseid) {
     global $CFG, $USER;
 
-    if (editcourseallowed($courseid)) {
-        if (!empty($USER->editing)) {
-            $string = get_string('turneditingoff');
-            $edit = '0';
-        } else {
-            $string = get_string('turneditingon');
-            $edit = '1';
-        }
-
-        return '<form '.$CFG->frametarget.' method="get" action="'.$CFG->wwwroot.'/course/view.php">'.
-               '<div>'.
-               '<input type="hidden" name="id" value="'.$courseid.'" />'.
-               '<input type="hidden" name="edit" value="'.$edit.'" />'.
-               '<input type="hidden" name="sesskey" value="'.sesskey().'" />'.
-               '<input type="submit" value="'.$string.'" />'.
-               '</div></form>';
+    if (!empty($USER->editing)) {
+        $string = get_string('turneditingoff');
+        $edit = '0';
+    } else {
+        $string = get_string('turneditingon');
+        $edit = '1';
     }
+
+    return '<form '.$CFG->frametarget.' method="get" action="'.$CFG->wwwroot.'/course/view.php">'.
+           '<div>'.
+           '<input type="hidden" name="id" value="'.$courseid.'" />'.
+           '<input type="hidden" name="edit" value="'.$edit.'" />'.
+           '<input type="hidden" name="sesskey" value="'.sesskey().'" />'.
+           '<input type="submit" value="'.$string.'" />'.
+           '</div></form>';
 }
 
 /**