moodlelib: require_login() - rework course/category visibility checks

Reworked the logic of the visibility checks so that we evaluate in a
chain:

   - can view course   (visible or user can see hidden)
   - can view category (visible or user can see hidden)

Without this patch, users that could see hidden categories could not get
into courses inside of them.

While at it, fix reference to the old $USER->switchrole

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 07fa67e787b6d2702aa6cc26ceda3d1e69e501fc..22e0c28db3e2e30420936d24aa89d1528d58ac8a 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1772,13 +1772,28 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null) {
             print_error('nocontext');
         }
 
-        if (empty($USER->switchrole[$context->id]) &&
-            !($COURSE->visible && course_parent_visible($COURSE)) &&
-               !has_capability('moodle/course:viewhiddencourses', get_context_instance(CONTEXT_COURSE, $COURSE->id)) ){
-            print_header_simple();
-            notice(get_string('coursehidden'), $CFG->wwwroot .'/');
-        }
-
+        if (empty($USER->access['rsw'][$context->path])) {
+            //
+            // Spaghetti logic construct
+            // 
+            // - able to view course?
+            // - able to view category?
+            // => if either is missing, course is hidden from this user
+            //
+            // It's carefully ordered so we run the cheap checks first, and the
+            // more costly checks last...
+            //
+            if (! (($COURSE->visible || has_capability('moodle/course:viewhiddencourses', 
+                                                       get_context_instance(CONTEXT_COURSE, 
+                                                                            $COURSE->id)))
+                   && (course_parent_visible($COURSE)) || has_capability('moodle/course:viewhiddencourses', 
+                                                                        get_context_instance(CONTEXT_COURSECAT,
+                                                                                             $COURSE->category)))) {
+                print_header_simple();
+                notice(get_string('coursehidden'), $CFG->wwwroot .'/');
+            }
+        }    
+        
     /// Non-guests who don't currently have access, check if they can be allowed in as a guest
 
         if ($USER->username != 'guest' and !has_capability('moodle/course:view', $context)) {