$restore_restoreto_options[0] = get_string("currentcoursedeleting");
$restore_restoreto_options[1] = get_string("currentcourseadding");
}
- if (iscreator()) {
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$restore_restoreto_options[0] = get_string("existingcoursedeleting");
$restore_restoreto_options[1] = get_string("existingcourseadding");
$restore_restoreto_options[2] = get_string("newcourse");
error("Category not known!");
}
- if (iscreator()) {
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
if ($categoryedit !== -1) {
$USER->categoryediting = $categoryedit;
}
if ($subcategories = get_records("course_categories", "parent", $category->id, "sortorder ASC")) {
$firstentry = true;
foreach ($subcategories as $subcategory) {
- if ($subcategory->visible or iscreator()) {
+ if ($subcategory->visible or has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$subcategorieswereshown = true;
if ($firstentry) {
echo '<table align="center" border="0" cellspacing="2" cellpadding="4" class="generalbox">';
if (isloggedin() and !isguest() and !has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Print link to request a new course
print_single_button("request.php", NULL, get_string("courserequest"), "get");
}
- if (iscreator()) { // Print link to create a new course
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Print link to create a new course
print_single_button("edit.php", NULL, get_string("addnewcourse"), "get");
}
if (has_capability('moodle/site:approvecourse', get_context_instance(CONTEXT_SYSTEM, SITEID)) and !empty($CFG->enablecourserequests)) {
}
}
- if ($course->category and !isstudent($course->id, $user) and !isadmin()) {
+ if ($course->category and !has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $course->id), $user) and !isadmin()) {
error("This student is not in this course!");
}
- if (iscreator($user)) {
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID, $user))) {
error("You can not login as this person!");
}
require_login();
}
- if (iscreator()) {
+ if (has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
if ($edit !== -1) {
$USER->categoryediting = $edit;
// If the edit mode we are leaving has higher per page than the one we are entering,
$searchform = print_course_search($search, true, "navbar");
- if (!empty($courses) && iscreator()) {
+ if (!empty($courses) && has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$searchform .= update_categories_search_button($search,$page,$perpage);
}
error("Course ID was incorrect (can't find it)");
}
- if (!(isteacheredit($course->id) and iscreator()) and
+ if (!(isteacheredit($course->id) and has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) and
!(isteacheredit($course->id) and !empty($CFG->teacherassignteachers) ) ) {
error("You must be an administrator or course creator to use this page.");
}
add your own if necessary.</li>
<li class="spaced">Each file should include the main config.php file.</li>
<li class="spaced">Each file should check that the user is authenticated correctly,
- using require_login() and isadmin(), isteacher(), iscreator() or isstudent().</li>
+ using the correct has_capability() or required_capability() checks.</li>
<li class="spaced">All access to databases should use the functions in lib/datalib.php
whenever possible - this allows compatibility across a wide range of databases.
You should find that almost anything is possible using these functions. If you must write SQL code then make sure it is: cross-platform; restricted to specific functions
* @param $capabilityname - e.g. mod/choice:readresponses
*/
function get_capability_string($capabilityname) {
-
+
// Typical capabilityname is mod/choice:readresponses
$names = split('/', $capabilityname);
$sqland = "AND ";
}
if (!empty($USER->id)) { // May need to check they are a teacher
- if (!iscreator()) {
+ if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')";
$teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course = c.id";
}
$sqland = "AND ";
}
if (!empty($USER) and !empty($USER->id)) { // May need to check they are a teacher
- if (!iscreator()) {
+ if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')";
$teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course=c.id";
}
$categories = get_records('course_categories', 'parent', $parent, $sort);
}
if ($categories) { /// Remove unavailable categories from the list
- $creator = iscreator();
+ $creator = has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID));
foreach ($categories as $key => $category) {
if (!$category->visible) {
if (!$creator) {
if (defined('MDL_PERFDB')) { global $PERF ; $PERF->dbqueries++;};
/// since we are quering the log table for lastaccess time now, can stop doing this? tables are gone
- if (isstudent($courseid)) {
- $db->Execute('UPDATE '. $CFG->prefix .'user_students SET timeaccess = \''. $timenow .'\' '.
- 'WHERE course = \''. $courseid .'\' AND userid = \''. $userid .'\'');
- } else if (isteacher($courseid, false, false)) {
- $db->Execute('UPDATE '. $CFG->prefix .'user_teachers SET timeaccess = \''. $timenow .'\' '.
- 'WHERE course = \''. $courseid .'\' AND userid = \''. $userid .'\'');
+ if (!$record = get_record('user_lastaccess', 'userid', $userid, 'courseid', $courseid)) {
+ $record = new object;
+ $record->userid = $userid;
+ $record->courseid = $courseid;
+ $record->timeaccess = $timenow;
+ return insert_record('user_lastaccess', $record);
+ } else {
+ $record->timeaccess = $timenow;
+ return update_record('user_lastaccess', $record);
}
}
}
if ($isteacher) {
$timemidnight = usergetmidnight(time());
$output .= '<a href="'. $CFG->wwwroot .'/course/user.php?id='. $course->id .'&user='. $user->id .'">'. $string->activity .'</a><br />';
- if (!iscreator($user->id) or ($isadmin and !isadmin($user->id))) { // Includes admins
+ if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID, $user->id)) or ($isadmin and !isadmin($user->id))) { // Includes admins
if ($course->category and isteacheredit($course->id) and isstudent($course->id, $user->id)) { // Includes admins
$output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&user='. $user->id .'">'. $string->unenrol .'</a><br />';
}
$publish = "OR publish = '1'";
}
- if (!isadmin()) {
+ if (!has_capability('moodle/course:managequestions', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
$categories = get_records_select("question_categories", "course = '$courseid' $publish", 'parent, sortorder, name ASC');
} else {
$categories = get_records_select("question_categories", '', 'parent, sortorder, name ASC');
print_heading_with_help($txt->importquestions, "import", "quiz");
/// Get all the existing categories now
- if (isadmin()) { // the admin can import into all categories
+ if (has_capability('moodle/course:managequestions', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // the admin can import into all categories
if (!$categories = get_records_select("question_categories", "course = '{$course->id}' OR publish = '1'", "parent, sortorder, name ASC")) {
error("Could not find any question categories!"); // Something is really wrong
}
// Check user admin
require_login();
- if (!isadmin()) {
- error('You need to be an admin user to use this page.', $CFG->wwwroot . '/login/index.php');
- }
+ require_capability('moodle/course:managequestions', get_context_instance(CONTEXT_SYSTEM, SITEID));
if (!$site = get_site()) {
error('Site isn\'t defined!');
if (isset($THEME->chameleonenabled) && $THEME->chameleonenabled) {
- $chameleon_isadmin = isadmin();
+ $chameleon_isadmin = has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
$chameleon_isteacher = false;
if (isset($course->id)) {
$chameleon_courseparam = '?id=' . $course->id;
if (!isteacheredit($chameleon_id)) {
die('CHAMELEON_ERROR Either you are not logged in or you are not allowed to edit this theme');
}
-} else if (!isadmin()) {
+} else if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
die('CHAMELEON_ERROR Either you are not logged in or you are not allowed to edit this theme');
}
echo "</form></td>";
}
*/
- if ((isadmin() and !isadmin($user->id)) or (isteacher($course->id) and isstudent($course->id, $user->id) and ($USER->id != $user->id) and !iscreator($user->id))) {
+ if ((isadmin()
+ and !isadmin($user->id)) or
+ (isteacher($course->id)
+ and isstudent($course->id, $user->id)
+ and ($USER->id != $user->id)
+ and !has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID,$user->id)))) {
+
echo "<td nowrap=\"nowrap\"><form action=\"../course/loginas.php\" method=\"get\">";
echo "<input type=\"hidden\" name=\"id\" value=\"$course->id\" />";
echo "<input type=\"hidden\" name=\"user\" value=\"$user->id\" />";
projects / moodle.git / commitdiff