merged fix for MDL-10273, users with no capability should not be able to view New...

diff --git a/calendar/event.php b/calendar/event.php
index 660d97e9db344b03d33387ea6d1b3ed6e6bf07be..a00e7ceb9f0edf55441be3e03e8cf1274966113e 100644 (file)
--- a/calendar/event.php
+++ b/calendar/event.php
@@ -640,24 +640,4 @@ function calendar_add_event_allowed($event) {
             return false;
     }
 }
-
-function calendar_get_allowed_types(&$allowed) {
-    global $USER, $CFG, $SESSION;
-
-    $allowed->user = true; // User events always allowed
-    $allowed->groups = false; // This may change just below
-    $allowed->courses = false; // This may change just below
-    $allowed->site = has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID));
-
-    if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer))) {
-        $course = get_record('course', 'id', $SESSION->cal_course_referer);
-
-        $allowed->courses = array($course->id => 1);
-
-        if($course->groupmode != NOGROUPS || !$course->groupmodeforce) {
-            $allowed->groups = get_groups($SESSION->cal_course_referer);
-        }
-    }
-}
-
 ?>

diff --git a/calendar/lib.php b/calendar/lib.php
index 84aa030a94696ab4cbfeac49713e27d187f4a7a8..d2fa5dd6b71be0215214c96527fceed076f6dc24 100644 (file)
--- a/calendar/lib.php
+++ b/calendar/lib.php
@@ -1543,4 +1543,32 @@ function calendar_set_filters_status($packed_bitfield) {
     return true;
 }
 
+function calendar_get_allowed_types(&$allowed) {
+    global $USER, $CFG, $SESSION;
+    $sitecontext = get_context_instance(CONTEXT_SYSTEM);
+    $allowed->user = has_capability('moodle/calendar:manageownentries', $sitecontext);
+    $allowed->groups = false; // This may change just below
+    $allowed->courses = false; // This may change just below
+    $allowed->site = has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID));
+
+    if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID && has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer))) {
+        $course = get_record('course', 'id', $SESSION->cal_course_referer);
+
+        $allowed->courses = array($course->id => 1);
+
+        if($course->groupmode != NOGROUPS || !$course->groupmodeforce) {
+            $allowed->groups = get_groups($SESSION->cal_course_referer);
+        }
+    }
+}
+
+/**
+ * see if user can add calendar entries at all
+ * used to print the "New Event" button
+ * @return bool
+ */
+function calendar_user_can_add_event() {
+    calendar_get_allowed_types($allowed);
+    return (bool)($allowed->user || $allowed->groups || $allowed->courses || $allowed->site); 
+}
 ?>

diff --git a/calendar/view.php b/calendar/view.php
index 62d094f91460f2f6ed1ad7bf809738028d2990a8..1341b07b3ba3769f25914e290c3ab635beae8f4c 100644 (file)
--- a/calendar/view.php
+++ b/calendar/view.php
@@ -232,7 +232,7 @@ function calendar_show_day($d, $m, $y, $courses, $groups, $users, $courseid) {
     $events = calendar_get_upcoming($courses, $groups, $users, 1, 100, $starttime);
 
     $text = '';
-    if (!isguest() && !empty($USER->id)) {
+    if (!isguest() && !empty($USER->id) && calendar_user_can_add_event()) {
         $text.= '<div class="buttons">';
         $text.= '<form action="'.CALENDAR_URL.'event.php" method="get">';
         $text.= '<div>';
@@ -373,7 +373,7 @@ function calendar_show_month_detailed($m, $y, $courses, $groups, $users, $course
     calendar_events_by_day($events, $m, $y, $eventsbyday, $durationbyday, $typesbyday, $courses);
 
     $text = '';
-    if(!isguest() && !empty($USER->id)) {
+    if(!isguest() && !empty($USER->id) && calendar_user_can_add_event()) {
         $text.= '<div class="buttons"><form action="'.CALENDAR_URL.'event.php" method="get">';
         $text.= '<div>';
         $text.= '<input type="hidden" name="action" value="new" />';
@@ -517,7 +517,7 @@ function calendar_show_upcoming_events($courses, $groups, $users, $futuredays, $
 
     $text = '';
 
-    if(!isguest() && !empty($USER->id)) {
+    if(!isguest() && !empty($USER->id) && calendar_user_can_add_event()) {
         $text.= '<div class="buttons">';
         $text.= '<form action="'.CALENDAR_URL.'event.php" method="get">';
         $text.= '<div>';