merged fix for MDL-8280, getting rid or moodle/user:editprofile

diff --git a/user/editadvanced.php b/user/editadvanced.php
index 91482f72d50dcbca4ea7a026e9985d32f544cace..42b079614c39c64987fe3a1e846782f00a667d08 100644 (file)
--- a/user/editadvanced.php
+++ b/user/editadvanced.php
@@ -26,7 +26,13 @@
         $user->confirmed = 1;
     } else {
         // editing existing user
-        require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID));
+        
+        if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))
+            && !has_capability('moodle/user:update', get_context_instance(CONTEXT_USER, $id))) {
+            error('nopermission');      
+        }
+        
+        
         if (!$user = get_record('user', 'id', $id)) {
             error('User ID was incorrect');
         }
@@ -138,15 +144,17 @@
             } else {
                 redirect("$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id");
             }
-        } else {
+        } elseif (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
             redirect("$CFG->wwwroot/$CFG->admin/user.php");
+        } else {
+            redirect($CFG->wwwroot . "/user/view.php?id=$id&course={$course->id}");
         }
         //never reached
     }
 
 
 /// Display page header
-    if ($user->id == -1 or ($user->id != $USER->id)) {
+    if ($user->id == -1 or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         $adminroot = admin_get_root();
         if ($user->id == -1) {
             admin_externalpage_setup('addnewuser', $adminroot);
@@ -188,7 +196,7 @@
     $userform->display();
 
 /// and proper footer
-    if ($user->id == -1 or ($user->id != $USER->id)) {
+    if ($user->id == -1 or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
         admin_externalpage_print_footer($adminroot);
     } else if (!empty($USER->newadminuser)) {
         print_footer('none');

diff --git a/user/tabs.php b/user/tabs.php
index 7aba3f3d1f86da2df83facfd1677e8b56b32e613..420546e4ca9a7a0e47bc3618872fcd6d1d31f2cb 100644 (file)
--- a/user/tabs.php
+++ b/user/tabs.php
@@ -99,14 +99,14 @@
             // cannot edit remote users
         }
         else if ((!empty($USER->id) and ($USER->id == $user->id) and !isguest()) or
-            (has_capability('moodle/user:update', $sitecontext) and ($user->id != $mainadmin->id)) ) {
+            ((has_capability('moodle/user:update', $sitecontext) || has_capability('moodle/user:update', $personalcontext)) and ($user->id != $mainadmin->id)) ) {
 
             if(empty($CFG->loginhttps)) {
                 $wwwroot = $CFG->wwwroot;
             } else {
                 $wwwroot = str_replace('http:','https:',$CFG->wwwroot);
             }
-            if (has_capability('moodle/user:update', $sitecontext) and ($user->id==$USER->id or $user->id != $mainadmin->id)) {
+            if ((has_capability('moodle/user:update', $sitecontext) || has_capability('moodle/user:update', $personalcontext))and ($user->id==$USER->id or $user->id != $mainadmin->id)) {
                 $toprow[] = new tabobject('editprofile', $wwwroot.'/user/editadvanced.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile'));
             } else {
                 $toprow[] = new tabobject('editprofile', $wwwroot.'/user/edit.php?id='.$user->id.'&course='.$course->id, get_string('editmyprofile'));

diff --git a/version.php b/version.php
index 1bcad7199273d9e9cb904c4952ffe0b42eb7a891..f0f834a9b10731b9c5cacf45627039aa7c9c057e 100644 (file)
--- a/version.php
+++ b/version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-   $version = 2007021401;  // YYYYMMDD = date
+   $version = 2007021402;  // YYYYMMDD = date
                            //       XY = increments within a single day
 
    $release = '1.9 dev';    // Human-friendly version name