some (mainly admin realated) capabilities

diff --git a/admin/admin.php b/admin/admin.php
index eca279916f9a6885962ef8d9818479410371016f..2bcb86cb3da32767e0e6b682059d1672a26bb3a3 100644 (file)
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -1,6 +1,8 @@
 <?PHP // $Id$
       // Admin-only script to assign administrative rights to users
 
+    /// this file is depreciated, assigning of admin is done in admin/roles/assign.php
+
     require_once('../config.php');
     
     define("MAX_USERS_PER_PAGE", 50);
@@ -11,9 +13,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an administrator to use this page.");
-    }
+    require_capability('moodle/user:assign', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!confirm_sesskey()) {
         error(get_string('confirmsesskeybad', 'error'));

diff --git a/admin/backup.php b/admin/backup.php
index 1e757d129fe8f4f75a00013583d5099ffe2879c5..defb1c194b1106fa69de99c163eac6ce044a0763 100644 (file)
--- a/admin/backup.php
+++ b/admin/backup.php
@@ -7,9 +7,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only an admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         error("Site isn't defined!");

diff --git a/admin/calendar.php b/admin/calendar.php
index 625e80f0891a3ddaf33b127a0d42dd964a2a011b..ce929f6f3526e7f11dce024f99f3ba7bd35fdf45 100644 (file)
--- a/admin/calendar.php
+++ b/admin/calendar.php
@@ -6,9 +6,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error('Only administrators can use this page!');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         error('Site isn\'t defined!');

diff --git a/admin/config.php b/admin/config.php
index 6a8676f1ca071ce2840fccd44fb3cc618d32e7c1..6b30e8636186f32247a29c4ad167d11ce153382d 100644 (file)
--- a/admin/config.php
+++ b/admin/config.php
@@ -7,10 +7,7 @@
 
     if ($site = get_site()) {   // If false then this is a new installation
         require_login();
-        $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
-        if (!has_capability('moodle/site:config', $context)) {
-            error('Only the admin can use this page');
-        }
+        require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
     }
 
 /// This is to overcome the "insecure forms paradox"

diff --git a/admin/courses.php b/admin/courses.php
index 4a6816f4d0b09fad892baa1568fd8a0d6d68f7b0..5c4ce1903b94992cd461e884cda1c3012098e4ca 100644 (file)
--- a/admin/courses.php
+++ b/admin/courses.php
@@ -4,16 +4,13 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
-
     if (!$site = get_site()) {
         redirect("index.php");
     }
 
     $stradministration = get_string("administration");
     $strcourses        = get_string("courses");
+    $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
 
     print_header("$site->shortname: $stradministration: $strcourses", "$site->fullname", 
                  "<a href=\"index.php\">$stradministration</a> -> $strcourses");
@@ -26,14 +23,8 @@
                            get_string("adminhelpcourses"));
     $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolmentplugins")."</a></b>",
                            get_string("adminhelpenrolments"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=off&amp;sesskey=$USER->sesskey\">".get_string("assignstudents")."</a></b>",
-                           get_string("adminhelpassignstudents"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=on&amp;sesskey=$USER->sesskey\">".get_string("assignteachers")."</a></b>",
-                           get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=\"11\" width=\"11\" alt=\"\" />");
-    $table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
-                           get_string("adminhelpassigncreators"));
-    $table->data[] = array("<b><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a></b>",
-                           get_string("adminhelpassignadmins"));
+    $table->data[] = array('<b><a href="roles/assign.php?contextid='.$context->id.'">'.
+            get_string('assignsiteroles').'</a></b>', get_string('adminhelpassignsiteroles'));
 
     print_table($table);
 

diff --git a/admin/creators.php b/admin/creators.php
index 13f4ab337953733dc031d615d5ccf1bea3df64b1..23388005a1429c3864fb540c04de84e8f34ddc50 100755 (executable)
--- a/admin/creators.php
+++ b/admin/creators.php
@@ -1,6 +1,8 @@
 <?PHP // $Id$
       // Admin only script to assign course creator rights to users
-
+    
+    /// this file is depreciated, assigning of course creators is done in admin/roles/assign.php
+    
     require_once('../config.php');
 
     define("MAX_USERS_PER_PAGE", 50);
@@ -11,9 +13,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an administrator to use this page.");
-    }
+    require_capability('moodle/user:assign', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!confirm_sesskey()) {
         error(get_string('confirmsesskeybad', 'error'));

diff --git a/admin/cron.php b/admin/cron.php
index 92342bc1b009d74e47adef822e0f590d17149969..59fdca826e936f867c4d0fb2ed9c045f383f2613 100644 (file)
--- a/admin/cron.php
+++ b/admin/cron.php
@@ -29,7 +29,7 @@
     require_once(dirname(__FILE__) . '/../config.php');
     require_once($CFG->dirroot.'/lib/adminlib.php');
 
-    if (!$alreadyadmin = isadmin()) {
+    if (!$alreadyadmin = has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         unset($_SESSION['USER']);
         unset($USER);
         unset($_SESSION['SESSION']);

diff --git a/admin/dbperformance.php b/admin/dbperformance.php
index abe311bbedb7308f96be7935fc0f6ab791f430e0..fee2c390dcf2e07cba4fdb22ac5d18fc510fe4d3 100644 (file)
--- a/admin/dbperformance.php
+++ b/admin/dbperformance.php
@@ -9,9 +9,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $strdatabaseperformance = get_string("databaseperformance");
     $stradministration = get_string("administration");

diff --git a/admin/delete.php b/admin/delete.php
index 0f068d52a30b56796e44e274e5c3180b45f9be7f..ea524fd08554fa10d7f8299070564b6508384a34 100644 (file)
--- a/admin/delete.php
+++ b/admin/delete.php
@@ -10,9 +10,7 @@
     $sure       = optional_param('sure', 0, PARAM_BOOL);
     $reallysure = optional_param('reallysure', 0, PARAM_BOOL);
 
-    if (!isadmin()) {
-        error('You must be admin to use this script!');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $deletedir = $CFG->dataroot;   // The directory to delete!
 

diff --git a/admin/editor.php b/admin/editor.php
index 37178058e5715ed9a8389fcd4c67585524e7ae8a..0057219b7027c93604457884ae740b7d58ff5cc3 100644 (file)
--- a/admin/editor.php
+++ b/admin/editor.php
@@ -7,9 +7,8 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
+    $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
+    require_capability('moodle/site:config', $context);
 
     if (($data = data_submitted()) && confirm_sesskey()) {
 

diff --git a/admin/health.php b/admin/health.php
index d5886c8f55ea3931c4a31b2460ec880c9fd126dd..12843f9cfe2e33074da7a368c1716b729015fadb 100644 (file)
--- a/admin/health.php
+++ b/admin/health.php
@@ -20,9 +20,7 @@
     $solution = optional_param('solution', 0, PARAM_SAFEDIR); //in fact it is class name alhanumeric and _
 
     require_login();
-    if (!isadmin()) {
-        error('Only the admin can use this page');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $site = get_site();
     $stradmin         = get_string('administration');

diff --git a/admin/innodb.php b/admin/innodb.php
index e5cd323387bd93823e3e72dbf664d495178092b1..ef1285fd8858529976a4a5921e7b2227dc6660b8 100644 (file)
--- a/admin/innodb.php
+++ b/admin/innodb.php
@@ -6,9 +6,7 @@
 
    require_login();
 
-   if (!isadmin()) {
-       error('Admin only');
-   }
+   require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
    print_header("Convert all tables from MYISAM to InnoDB", "Convert all tables from MYISAM to InnoDB", 
                 "Convert all tables from MYISAM to InnoDB");

diff --git a/admin/misc.php b/admin/misc.php
index 16afcc8487beeb60fd629eaf571fb8bb5aa8bcbc..7f714d0f28a0d941e668138d74d16656547ecc95 100644 (file)
--- a/admin/misc.php
+++ b/admin/misc.php
@@ -4,13 +4,11 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
-
     if (!$site = get_site()) {
         redirect("index.php");
     }
+    
+    $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
 
     $stradministration = get_string("administration");
     $strmisc           = get_string("miscellaneous");
@@ -26,14 +24,21 @@
                            get_string("adminhelpsitefiles"));
     $table->data[] = array('<b><a href="stickyblocks.php">'.get_string('stickyblocks','admin')."</a></b>",
                            get_string('adminhelpstickyblocks'));
-    $table->data[] = array('<b><a href="report.php">'.get_string('reports')."</a></b>",
-                           get_string('adminhelpreports'));
+    
+    if (has_capability('moodle/site:viewreports', $context)) {
+        $table->data[] = array('<b><a href="report.php">'.get_string('reports')."</a></b>",
+                            get_string('adminhelpreports'));
+    }
 // to be enabled later
 /*    $table->data[] = array('<b><a href="health.php">'.get_string('healthcenter')."</a></b>",
                            get_string('adminhelphealthcenter'));*/
-    $table->data[] = array('<b><a href="environment.php">'.get_string('environment', 'admin')."</a></b>",
-                           get_string('adminhelpenvironment'));
-    if (file_exists("$CFG->dirroot/$CFG->admin/$CFG->dbtype")) {
+    
+    if (has_capability('moodle/site:config', $context)) {
+        $table->data[] = array('<b><a href="environment.php">'.get_string('environment', 'admin')."</a></b>",
+                            get_string('adminhelpenvironment'));
+    }
+    
+    if (file_exists("$CFG->dirroot/$CFG->admin/$CFG->dbtype") && has_capability('moodle/site:accessdb', $context)) {
         $table->data[] = array('<b><a href="'.$CFG->dbtype.'/frame.php">'.get_string('managedatabase')."</a></b>",
                            get_string('adminhelpmanagedatabase'));
     }

diff --git a/admin/oacleanup.php b/admin/oacleanup.php
index 6ba9634188c79f4940fc4aab4b3b9fb1a1daaf61..8938b1d6bc76a470bb10ec780f6678d7026c4dbd 100644 (file)
--- a/admin/oacleanup.php
+++ b/admin/oacleanup.php
@@ -6,11 +6,8 @@ if (!isset($CFG)) {
 
     require_login();
 
-    if (!isadmin()) {
-        error('You must be an admin to use this script');
-        exit;
-    }
-    
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
+
     print_header_simple('Online Assignment Cleanup','Online Assignment Cleanup', 'Admin');
 
     online_assignment_cleanup(true);

diff --git a/admin/pagelib.php b/admin/pagelib.php
index 2eef6fc227b8404439223e7e038e8485c1a7566f..3065f74107c4832ed56717350c9b58c62380e709 100644 (file)
--- a/admin/pagelib.php
+++ b/admin/pagelib.php
@@ -45,7 +45,7 @@ class page_admin extends page_base {
     // seems reasonable that the only people that can edit blocks on the admin pages
     // are the admins... but maybe we want a role for this?
     function user_allowed_editing() { 
-        return isadmin();
+        return has_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID));
     }
 
     // has to be fixed. i know there's a "proper" way to do this

diff --git a/admin/phpinfo.php b/admin/phpinfo.php
index a71cdee7a938aac8f390166cf15ed22e05c6bbe7..8db0fcc8050213a6bf3bf6f4f962dcb83a17c36c 100644 (file)
--- a/admin/phpinfo.php
+++ b/admin/phpinfo.php
@@ -8,9 +8,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$topframe && !$bottomframe) {
         ?>

diff --git a/admin/register.php b/admin/register.php
index be8938c5b2d4291f6cdf702755cff5fce10abc90..bf9ffc834d1bdfdcbfb1206f1d6b54f8afc62828 100644 (file)
--- a/admin/register.php
+++ b/admin/register.php
@@ -5,9 +5,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         redirect("index.php");

diff --git a/admin/replace.php b/admin/replace.php
index 7d56f4227ef6e448fe03038040776f29d1cb1223..35e2507140fe9d4b00c7d98a1cb1ce9e2ccf6398 100644 (file)
--- a/admin/replace.php
+++ b/admin/replace.php
@@ -8,9 +8,7 @@ $replace = optional_param('replace', '', PARAM_RAW);
 
 require_login();
 
-if (!isadmin()) {
-    error("Admins only");
-}
+require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
 ###################################################################
 print_header('Search and replace throughout the whole database', 'Replace text within the whole database');

diff --git a/admin/report.php b/admin/report.php
index 3ba172466d4821ebf5bd9fb3191171703e969b24..c60f0004c97236fb9e0127cf83a1edd69930bf73 100644 (file)
--- a/admin/report.php
+++ b/admin/report.php
@@ -3,9 +3,7 @@
 
     require_once('../config.php');
 
-    if (!isadmin()) {
-        error("You are not allowed to look at this page");
-    }
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $stradmin = get_string('administration');
     $strreports = get_string('reports');

diff --git a/admin/report/courseoverview/index.php b/admin/report/courseoverview/index.php
index 66c8d249cd680966a60fc8285d882197acb9961f..3a9d17da27abb309502b26e7281af7ae33444208 100644 (file)
--- a/admin/report/courseoverview/index.php
+++ b/admin/report/courseoverview/index.php
@@ -13,9 +13,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("This page is for admins only");
-    }
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $course = get_site();
     stats_check_uptodate($course->id);

diff --git a/admin/report/courseoverview/reportsgraph.php b/admin/report/courseoverview/reportsgraph.php
index 1b11bfc81c5ed5b4755ae0f4486ea2087c12f72b..ab3c77c115bd1388301c3d842c7932c2814f93b2 100644 (file)
--- a/admin/report/courseoverview/reportsgraph.php
+++ b/admin/report/courseoverview/reportsgraph.php
@@ -10,10 +10,8 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an admin to use this page");
-    }
-
+    require_capability('moodle/site:viewreports', get_context_instance(CONTEXT_SYSTEM, SITEID));
+    
     stats_check_uptodate($course->id);
 
     $param = stats_get_parameters($time,$report,SITEID,STATS_MODE_RANKED);

diff --git a/admin/report/simpletest/index.php b/admin/report/simpletest/index.php
index a2b289210f8f38ae84287500a4c02b74bc6d8fba..1895aea6955be404fe77d5f23ac11609ad6a4fb4 100644 (file)
--- a/admin/report/simpletest/index.php
+++ b/admin/report/simpletest/index.php
@@ -21,10 +21,7 @@ define('UNITTEST', true);
 $langfile = 'simpletest';
 
 require_login();
-if (!isadmin()) {
-    print_error('Only admins can access this page');
-}
-
+require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 // CGI arguments
 $path = optional_param('path', '', PARAM_PATH);
 $showpasses = optional_param('showpasses', false, PARAM_BOOL);

diff --git a/admin/roles/manage.php b/admin/roles/manage.php
index 88a89318f99589872fc80160a8644ed2d32b15a9..62c13102dad1cc942f117e30a31f47ffe021aa69 100755 (executable)
--- a/admin/roles/manage.php
+++ b/admin/roles/manage.php
@@ -15,14 +15,6 @@
 
     $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
     
-//    if (!isadmin()) {
-//        error('Only admins can access this page');
-//    }
-
-//    if (!$site = get_site()) {
-//        redirect('index.php');
-//    }
-    
     $stradministration = get_string('administration');
     $strmanageroles = get_string('manageroles');
 

diff --git a/admin/site.php b/admin/site.php
index ce06de6b96565bbab28e9d24fbb44404013c6507..98bc9daa8352cd261bbf69d64852789402188e6e 100644 (file)
--- a/admin/site.php
+++ b/admin/site.php
@@ -5,9 +5,7 @@
 
     if ($site = get_site()) {
         require_login();
-        if (!isadmin()) {
-            error("You need to be admin to edit this page");
-        }
+        require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
         $site->format = "social";   // override
     }
 

diff --git a/admin/stickyblocks.php b/admin/stickyblocks.php
index 72a19886269ebb03e5b4d827c5add21f0165bca8..b9a5b8ade70cabebb99dfdbbb468ae464b6642eb 100644 (file)
--- a/admin/stickyblocks.php
+++ b/admin/stickyblocks.php
@@ -24,9 +24,7 @@
 
     require_login();
   
-    if (!isadmin()) {
-        error("Only the admin can use this page");
-    }
+    require_capability('moodle/site:manageblocks', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     // first thing to do is print the dropdown menu
 

diff --git a/admin/timezone.php b/admin/timezone.php
index 66084b93225ad41004dfdb3efddffa8f16065e9a..5fe530b6f7788cc0eddaf04920f7c25c29905b31 100644 (file)
--- a/admin/timezone.php
+++ b/admin/timezone.php
@@ -6,9 +6,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an admin");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     $strtimezone = get_string("timezone");
     $strsavechanges = get_string("savechanges");

diff --git a/admin/upgradeforumread.php b/admin/upgradeforumread.php
index 5cb199c80811bc7a832799414dccbab4faa03121..67711d148e04c2f6d58c9b06d287cad67e5af2c8 100644 (file)
--- a/admin/upgradeforumread.php
+++ b/admin/upgradeforumread.php
@@ -7,11 +7,9 @@
     $confirm = optional_param('confirm', 0, PARAM_BOOL);
 
     require_login();
-
-    if (!isadmin()) {
-        error("You must be an admin to use this script");
-    }
-
+    
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
+    
     if ($CFG->version < 2005042300) {
         error("This script does not work with this old version of Moodle");
     }

diff --git a/admin/upgradelogs.php b/admin/upgradelogs.php
index 5ca3d8ca912efbf9f28d1cda37594f01acb0bd52..b7d0323cfcef674c322594c16423574160623b6c 100644 (file)
--- a/admin/upgradelogs.php
+++ b/admin/upgradelogs.php
@@ -6,9 +6,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("You must be an admin to use this script");
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if ($CFG->version < 2004013101) {
         error("This script does not work with this old version of Moodle");

diff --git a/admin/uploaduser.php b/admin/uploaduser.php
index ffc456cc9904d7d5a9a5caf08d3726fe910f146d..9e86474be6e1f5b27bfb997e69a0c8163e025ad5 100755 (executable)
--- a/admin/uploaduser.php
+++ b/admin/uploaduser.php
@@ -12,9 +12,7 @@ $allowrenames   = optional_param('allowrenames', 0, PARAM_BOOL);
 
 require_login();
 
-if (!isadmin()) {
-    error("You must be an administrator to edit users this way.");
-}
+require_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
 if (! $site = get_site()) {
     error("Could not find site-level course");

diff --git a/admin/users.php b/admin/users.php
index 60c85193a61c69ec69261dc81423057ed3974bdc..81b84e05f9956863456447f8bc6e658e4f166482 100644 (file)
--- a/admin/users.php
+++ b/admin/users.php
@@ -4,9 +4,7 @@
 
     require_login();
 
-    if (!isadmin()) {
-        error("Only admins can access this page");
-    }
+    require_capability('moodle/user:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         redirect("index.php");
@@ -43,14 +41,8 @@
     $table->data[] = array('', '<hr />');
     $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolmentplugins")."</a></b>",
                            get_string("adminhelpenrolments"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=off&amp;sesskey=$USER->sesskey\">".get_string("assignstudents")."</a></b>",
-                           get_string("adminhelpassignstudents"));
-    $table->data[] = array("<b><a href=\"../course/index.php?edit=on&amp;sesskey=$USER->sesskey\">".get_string("assignteachers")."</a></b>",
-                           get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=\"11\" width=\"11\" alt=\"\" />");
-    $table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
-                           get_string("adminhelpassigncreators"));
-    $table->data[] = array("<b><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a></b>",
-                           get_string("adminhelpassignadmins"));
+    $table->data[]= array('<b><a href="roles/assign.php?contextid='.$context->id.'">'.
+            get_string('assignsiteroles').'</a></b>', get_string('adminhelpassignsiteroles'));
 
     print_table($table);
 

diff --git a/admin/utfdbmigrate.php b/admin/utfdbmigrate.php
index fa68b9efdad5999ce101b414a5ea9e21deae8408..b58fbad97c5e2f565b95124908fa5fb0a133921f 100755 (executable)
--- a/admin/utfdbmigrate.php
+++ b/admin/utfdbmigrate.php
@@ -49,9 +49,7 @@
      * End custom lang pack handling      *
      **************************************/
 
-    if (!isadmin()) {
-        error('Only admins can access this page');
-    }
+    require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
 
     if (!$site = get_site()) {
         redirect('index.php');

diff --git a/course/edit.php b/course/edit.php
index 3b1321df4db52600a07bc443cb616f347c455a38..91b6f2900142bcad054a6ad3622277a58ca49d20 100644 (file)
--- a/course/edit.php
+++ b/course/edit.php
@@ -130,10 +130,11 @@
                     $section->id = insert_record("course_sections", $section);
 
                     fix_course_sortorder();
-                    add_to_log(SITEID, "course", "new", "view.php?id=$newcourseid", "$form->fullname (ID $newcourseid)");
+                    add_to_log(SITEID, "course", "new", "view.php?id=$newcourseid", "$form->fullname (ID $newcourseid)")        ;
+                    $context = get_context_instance(CONTEXT_COURSE, $newcourseid);
 
-                    if (isadmin()) { // Redirect admin to add teachers
-                        redirect("teacher.php?id=$newcourseid", get_string("changessaved"));
+                    if (has_capability('moodle/role:assign', $context)) { // Redirect users with assign capability to assign users to different roles
+                        redirect($CFG->wwwroot."/admin/roles/assign.php?contextid=$context->id", get_string("changessaved"));
 
                     } else {         // Add current teacher and send to course
 

diff --git a/course/scales.php b/course/scales.php
index d3f95513d09df7fc73f92830acd636176959f69a..b23729e787807b1de9a355516bdda0e30d077898 100644 (file)
--- a/course/scales.php
+++ b/course/scales.php
@@ -159,7 +159,7 @@
         }
 
         //Check for standard scales
-        if ($scale->courseid == 0 and !isadmin()) {
+        if ($scale->courseid == 0 and !has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             error("Only administrators can edit this scale",$CFG->wwwroot.'/course/scales.php?id='.$course->id);
         }
 
@@ -254,7 +254,7 @@
         }
 
         //Check for standard scales
-        if ($scale->courseid == 0 and !isadmin()) {
+        if ($scale->courseid == 0 and !has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             error("Only administrators can delete this scale",$CFG->wwwroot.'/course/scales.php?id='.$course->id);
         }
 
@@ -436,14 +436,14 @@
                 $line[] = $strstandardscale;
             }
             $buttons = "";
-            if (empty($scales_uses) && ($incustom || isadmin())) {
+            if (empty($scales_uses) && ($incustom || has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
                 $buttons .= "<a title=\"$stredit\" href=\"$path/scales.php?id=$course->id&amp;scaleid=$scale->id&amp;action=edit\"><img".
                             " src=\"$CFG->pixpath/t/edit.gif\" hspace=\"2\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
-                if ($incustom && isadmin()) {
+                if ($incustom && has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                     $buttons .= "<a title=\"$strdown\" href=\"$path/scales.php?id=$course->id&amp;scaleid=$scale->id&amp;action=down&amp;sesskey=$USER->sesskey\"><img".
                                 " src=\"$CFG->pixpath/t/down.gif\" hspace=\"2\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
                 }
-                if (!$incustom && isadmin()) {
+                if (!$incustom && has_capability('moodle/course:managescales', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                     $buttons .= "<a title=\"$strup\" href=\"$path/scales.php?id=$course->id&amp;scaleid=$scale->id&amp;action=up&amp;sesskey=$USER->sesskey\"><img".
                                 " src=\"$CFG->pixpath/t/up.gif\" hspace=\"2\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a> ";
                 }

diff --git a/lib/accesslib.php b/lib/accesslib.php
index b16abb841d77cda94fc9a36a02471e81ca29ab4c..270b96fab74738bb2ba9f241c9b425266b7a182b 100755 (executable)
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -780,7 +780,6 @@ function moodle_install_roles() {
     // Should we delete the tables after we are done? Not yet.
 }
 
-
 /**
  * Assign the defaults found in this capabality definition to roles that have
  * the corresponding legacy capabilities assigned to them.

diff --git a/user/edit.html b/user/edit.html
index f83296a5e7569ac94c653617755d06b2a628ad86..ce835710742a88718be9c5e79506105d4d466f32 100644 (file)
--- a/user/edit.html
+++ b/user/edit.html
@@ -20,7 +20,7 @@
 <form method="post" name="form" enctype="multipart/form-data" action="edit.php">
 <table class="formtable">
 <?php
-if (isadmin()) {
+if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
     $theadmin = get_admin(); // returns false during install
     $adminself = (!empty($theadmin) and ($theadmin->id == $USER->id) and ($USER->id == $user->id));
     echo '<tr>';
@@ -275,7 +275,7 @@ if (isadmin()) {
 
 <?php
     $maxbytes = get_max_upload_file_size($CFG->maxbytes, $course->maxbytes);
-    if (!empty($CFG->gdversion) and $maxbytes and (empty($CFG->disableuserimages) or isadmin())) {
+    if (!empty($CFG->gdversion) and $maxbytes and (empty($CFG->disableuserimages) or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
 ?>
 <tr>
     <th><?php print_string("currentpicture") ?>:</th>
@@ -300,7 +300,7 @@ if (isadmin()) {
     ?>
     </td>
 </tr>
-<?php } else if (empty($CFG->gdversion) and isadmin()) {  ?>
+<?php } else if (empty($CFG->gdversion) and has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {  ?>
 <tr>
     <th><?php print_string("newpicture") ?>:</th>
     <td>
@@ -356,7 +356,7 @@ if (isadmin()) {
     <?php if (isset($err["idnumber"])) formerr($err["idnumber"]); ?>
     </td>
 </tr>
-<?php if (isadmin()) {  ?>
+<?php if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {  ?>
 <tr>
     <th><?php print_string("institution") ?>:</th>
     <td><input type="text" name="institution" size="25" alt="<?php print_string("institution") ?>" maxlength="40" value="<?php p($user->institution) ?>" /> <?php p($teacheronly) ?>

diff --git a/user/edit.php b/user/edit.php
index cb92a27e616b4b60dac8d4f878e40b05f7073bf5..16c38fab7a9ec4e760d8af5b2b9e87b100fb55ca 100644 (file)
--- a/user/edit.php
+++ b/user/edit.php
@@ -36,7 +36,7 @@
     }
 
     if ($USER->id <> $user->id) {    // Current user editing someone else's profile
-        if (isadmin()) {             // Current user is an admin
+        if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Current user can update user profiles
             if ($mainadmin = get_admin()) {        
                 if ($user->id == $mainadmin->id) {  // Can't edit primary admin
                     print_error('adminprimarynoedit');
@@ -143,7 +143,7 @@
             $usernew->username = moodle_strtolower($usernew->username);
         }
 
-        if (!empty($_FILES) and !(empty($CFG->disableuserimages) or isadmin())) {
+        if (!empty($_FILES) and !(empty($CFG->disableuserimages) or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
             error('Users can not update profile images!');
         }
 
@@ -151,7 +151,7 @@
         $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
 
         // override locked values
-        if (!isadmin()) {      
+        if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {      
             $fields = get_user_fieldnames();
             $authconfig = get_config( 'auth/' . $user->auth );
             foreach ($fields as $field) {
@@ -197,7 +197,7 @@
 
             $usernew->timemodified = time();
 
-            if (isadmin()) {
+            if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
                 if (!empty($usernew->newpassword)) {
                     $usernew->password = hash_internal_user_password($usernew->newpassword);
                     // update external passwords
@@ -354,7 +354,7 @@
     }
 
     $teacher = strtolower($course->teacher);
-    if (!isadmin()) {
+    if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         $teacheronly = '('.get_string('teacheronly', '', $teacher).')';
     } else {
         $teacheronly = '';
@@ -362,7 +362,7 @@
 
     include("edit.html");
 
-    if (!isadmin()) {      /// Lock all the locked fields using Javascript
+    if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {      /// Lock all the locked fields using Javascript
         $fields = get_user_fieldnames();
 
         echo '<script type="text/javascript">'."\n";
@@ -403,7 +403,7 @@
 function find_form_errors(&$user, &$usernew, &$err, &$um) {
     global $CFG;
 
-    if (isadmin()) {
+    if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         if (empty($usernew->username)) {
             $err["username"] = get_string("missingusername");
 
@@ -433,7 +433,7 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) {
     if (over_bounce_threshold($user) && $user->email == $usernew->email) 
         $err['email'] = get_string('toomanybounces');
 
-    if (empty($usernew->description) and !isadmin())
+    if (empty($usernew->description) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))
         $err["description"] = get_string("missingdescription");
 
     if (empty($usernew->city))
@@ -457,7 +457,7 @@ function find_form_errors(&$user, &$usernew, &$err, &$um) {
         }
     }
 
-    if (empty($err["email"]) and !isadmin()) {
+    if (empty($err["email"]) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         if ($error = email_is_not_allowed($usernew->email)) {
             $err["email"] = $error;
         }

diff --git a/user/index.php b/user/index.php
index 2c082c45582695716b986af4cdb0de7887714af4..9aeb8811dd4e176062e6a73c43f6195752401b16 100644 (file)
--- a/user/index.php
+++ b/user/index.php
@@ -42,6 +42,19 @@
 
     require_login($course->id);
 
+
+    if ($roles = get_roles_used_in_context($context)) {
+        foreach ($roles as $role) {
+            $options[$role->id] = $role->name;
+        }
+    } else { // no roles yet
+        if (has_capability('moodle/user:assign', $context)) {
+            redirect($CFG->wwwroot.'/admin/roles/assign.php?contextid='.$context->id);  
+        } else {
+            error ('no participants found for this course');  
+        }
+    }
+
     require_capability('moodle/course:viewparticipants', $context);
 
     if (!$course->category) {
@@ -147,14 +160,6 @@
     /*****************************************
      * drop down for swapping between roles  *
      *****************************************/
-     
-    // this needs to check capability too
-
-    if ($roles = get_roles_used_in_context($context)) {
-        foreach ($roles as $role) {
-            $options[$role->id] = $role->name;
-        }
-    }
 
     if (!$roleid) {
         if ($options) {